Computer Support Forum

Sirefef Trojan ||| Reboot Loop

Question: Sirefef Trojan ||| Reboot Loop

OS - Windows 7 32-bitI have obtained the Sirefef trojan on my laptop and would like assistance in getting rid of it.My situation is very similar to the one found in this topic.I am afraid to use the Internet on my infected laptop, so I hope to use a USB flash drive to solve the problem (as in the above topic).Let's tackle this problem together! You guys are great at what you do, and I admire your expertise. I'm ready to follow your lead!Thanks,Stratego

Relevance 100%
Preferred Solution: Sirefef Trojan ||| Reboot Loop

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

Answer: Sirefef Trojan ||| Reboot Loop

I do not have access to the System Recovery Options because I have misplaced my Windows 7 installation disc.

However, I still managed to use Farbar Recovery Scan Tool, although it was not in a recovery environment.
I think I should be okay.

The following is my FRST.txt:
Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 15-08-2012
Ran by Zack at 15-08-2012 16:40:14
Running from F:\
Service Pack 1 (X86) OS Language: English(US)
Attention: Could not load system hive.ERROR: The process cannot access the file because it is being used by another process.

ATTENTION:=====> THE TOOL IS NOT RUN FROM RECOVERY ENVIRONMENT AND WILL NOT FUNCTION PROPERLY.
============ One Month Created Files and Folders ==============

2012-08-15 16:31 - 2012-08-15 16:40 - 00000000 ____D C:\FRST
2012-08-15 14:31 - 2012-08-15 16:04 - 00000914 ____A C:\Windows\PFRO.log
2012-08-15 14:14 - 2012-08-15 14:14 - 00000000 ____D C:\Users\All Users\ESET
2012-08-15 14:08 - 2012-08-15 14:14 - 00000000 ____D C:\Program Files\ESET
2012-08-15 03:06 - 2012-08-15 16:37 - 00001512 ____A C:\Windows\setupact.log
2012-08-15 03:06 - 2012-08-15 03:06 - 00000000 ____A C:\Windows\setuperr.log
2012-08-14 21:18 - 2012-08-14 21:18 - 00000000 ____D C:\Windows\System32\%APPDATA%
2012-08-09 18:10 - 2012-08-09 18:10 - 00098304 ____A (Sony DADC Austria AG.) C:\Windows\System32\CmdLineExt.dll
2012-08-07 23:20 - 2012-08-07 23:21 - 00000000 ____D C:\Users\Zack\AppData\Local\{444C18B3-E601-48F9-8F3C-E32039587937}
2012-08-07 23:20 - 2012-08-07 23:20 - 00000000 ____D C:\Users\Zack\AppData\Local\{3D76711C-E527-4528-BC03-EE107F1E9789}
2012-08-07 18:57 - 2012-08-07 18:57 - 00000000 ____D C:\Users\Zack\AppData\Local\Apple Computer
2012-08-07 18:55 - 2012-08-07 18:55 - 00000000 ____D C:\Users\Zack\AppData\Roaming\Apple Computer
2012-08-07 18:53 - 2012-08-15 00:31 - 00000000 ____D C:\Users\All Users\Apple Computer
2012-08-07 18:53 - 2012-08-07 18:54 - 00000000 ____D C:\Program Files\QuickTime
2012-08-07 18:50 - 2012-08-07 18:50 - 00000000 ____D C:\Users\Zack\AppData\Local\Apple
2012-08-07 18:49 - 2012-08-07 18:49 - 00000000 ____D C:\Users\All Users\Apple
2012-08-07 18:41 - 2012-08-07 18:48 - 39483256 ____A (Apple Inc.) C:\Users\Zack\Downloads\QuickTimeInstaller.exe
2012-07-19 02:27 - 2012-07-19 02:27 - 00003440 ____A C:\Users\Zack\.recently-used.xbel

============ 3 Months Modified Files ========================

2012-08-15 16:38 - 2011-09-15 13:52 - 00017408 ____A C:\Windows\System32\rpcnetp.exe
2012-08-15 16:38 - 2011-09-14 14:27 - 00058288 ____A (Absolute Software Corp.) C:\Windows\System32\rpcnet.dll
2012-08-15 16:38 - 2009-07-14 00:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-08-15 16:37 - 2012-08-15 03:06 - 00001512 ____A C:\Windows\setupact.log
2012-08-15 16:35 - 2009-07-13 19:11 - 00259072 ____A C:\Windows\System32\services.exe
2012-08-15 16:34 - 2012-04-06 18:06 - 01996453 ____A C:\Windows\WindowsUpdate.log
2012-08-15 16:05 - 2011-09-15 13:53 - 00017408 ____A C:\Windows\System32\rpcnetp.dll
2012-08-15 16:04 - 2012-08-15 14:31 - 00000914 ____A C:\Windows\PFRO.log
2012-08-15 14:15 - 2009-07-14 00:34 - 00019744 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-08-15 14:15 - 2009-07-14 00:34 - 00019744 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-08-15 03:06 - 2012-08-15 03:06 - 00000000 ____A C:\Windows\setuperr.log
2012-08-15 00:59 - 2012-03-02 13:40 - 00702900 ____A C:\Windows\System32\perfh015.dat
2012-08-15 00:59 - 2012-03-02 13:40 - 00136818 ____A C:\Windows\System32\perfc015.dat
2012-08-15 00:59 - 2012-03-02 13:04 - 00623376 ____A C:\Windows\System32\perfh01F.dat
2012-08-15 00:59 - 2012-03-02 13:04 - 00123504 ____A C:\Windows\System32\perfc01F.dat
2012-08-15 00:59 - 2011-05-16 08:24 - 03911108 ____A C:\Windows\System32\PerfStringBackup.INI
2012-08-14 22:23 - 2009-07-14 00:53 - 00032654 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-08-10 15:21 - 2009-07-14 00:57 - 00067584 ___AS C:\Windows\bootstat(45).dat
2012-08-09 18:10 - 2012-08-09 18:10 - 00098304 ____A (Sony DADC Austria AG.) C:\Windows\System32\CmdLineExt.dll
2012-08-07 18:48 - 2012-08-07 18:41 - 39483256 ____A (Apple Inc.) C:\Users\Zack\Downloads\QuickTimeInstaller.exe
2012-08-04 13:38 - 2012-04-06 18:06 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-08-04 13:38 - 2011-05-16 09:40 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-07-19 02:27 - 2012-07-19 02:27 - 00003440 ____A C:\Users\Zack\.recently-used.xbel
2012-07-14 18:43 - 2012-07-14 18:43 - 16559808 ____A (Mozilla) C:\Users\Zack\Downloads\Firefox Setup 13.0.1.exe
2012-07-09 01:17 - 2012-07-09 01:14 - 00069853 ____A C:\Users\All Users\LUInstall.LiveUpdate
2012-06-26 16:24 - 2012-06-26 16:17 - 00000006 ____A C:\Users\Zack\Downloads\settings
2012-06-24 18:45 - 2012-06-24 18:22 - 00000291 ____A C:\Windows\PowerReg.dat
2012-06-10 20:02 - 2011-11-18 12:17 - 00000107 ____A C:\Users\Zack\webct_upload_applet.properties
2012-06-07 22:59 - 2011-09-15 14:28 - 00013160 ____A (Absolute Software Corp.) C:\Windows\System32\Upgrd.exe
2012-06-07 22:59 - 2011-09-14 14:27 - 00058288 ____N (Absolute Software Corp.) C:\Windows\System32\rpcnet.exe
2012-06-04 13:42 - 2010-08-21 17:13 - 00049592 ____A (Absolute Software Corp.) C:\Windows\System32\pkgslv.exe
2012-06-04 13:42 - 2010-08-21 17:13 - 00046008 ____A (Absolute Software Corp.) C:\Windows\System32\pkgmgr.dll
2012-06-03 20:53 - 2012-06-03 20:54 - 00476960 ____A (Sun Microsystems, Inc.) C:\Windows\System32\npdeployJava1.dll
2012-06-03 20:53 - 2012-06-03 20:54 - 00157472 ____A (Sun Microsystems, Inc.) C:\Windows\System32\javaws.exe
2012-06-03 20:53 - 2012-06-03 20:54 - 00149280 ____A (Sun Microsystems, Inc.) C:\Windows\System32\javaw.exe
2012-06-03 20:53 - 2012-06-03 20:54 - 00149280 ____A (Sun Microsystems, Inc.) C:\Windows\System32\java.exe
2012-06-03 20:53 - 2012-01-11 18:01 - 00472864 ____A (Sun Microsystems, Inc.) C:\Windows\System32\deployJava1.dll
2012-05-20 19:15 - 2012-05-20 19:15 - 00446764 __RSH C:\KPRUF
2012-05-19 21:07 - 2011-05-16 09:43 - 00001945 ____A C:\Windows\epplauncher.mif
2012-05-19 20:57 - 2012-05-19 20:57 - 00052156 ____A C:\Windows\System32\Drivers\KmxAgent.asc
2012-05-19 20:55 - 2012-05-19 20:33 - 00006108 ____A C:\Windows\System32\FDInstall.log
ZeroAccess:
C:\Windows\Installer\{67c1ec62-15ba-835a-9e46-e313afe21a1e}
C:\Windows\Installer\{67c1ec62-15ba-835a-9e46-e313afe21a1e}\L
C:\Windows\Installer\{67c1ec62-15ba-835a-9e46-e313afe21a1e}\U
C:\Windows\Installer\{67c1ec62-15ba-835a-9e46-e313afe21a1e}\L\[email protected]

ZeroAccess:
C:\Users\Zack\AppData\Local\{67c1ec62-15ba-835a-9e46-e313afe21a1e}
C:\Users\Zack\AppData\Local\{67c1ec62-15ba-835a-9e46-e313afe21a1e}\@
C:\Users\Zack\AppData\Local\{67c1ec62-15ba-835a-9e46-e313afe21a1e}\L
C:\Users\Zack\AppData\Local\{67c1ec62-15ba-835a-9e46-e313afe21a1e}\U

ZeroAccess:
C:\Windows\assembly\GAC\Desktop.ini

========================= Bamital & volsnap Check ============

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe
[2009-07-13 19:11] - [2012-08-15 16:35] - 0259072 ____A () D41D8CD98F00B204E9800998ECF8427E

C:\Windows\System32\services.exe IS INFECTED. <===== ATTENTION!

C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 32%
Total physical RAM: 3574.04 MB
Available physical RAM: 2424.41 MB
Total Pagefile: 7146.37 MB
Available Pagefile: 5810.44 MB
Total Virtual: 2047.88 MB
Available Virtual: 1962.4 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:298.09 GB) (Free:104.06 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
4 Drive f: () (Removable) (Total:0.95 GB) (Free:0.95 GB) FAT

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 298 GB 1024 KB
Disk 1 Online 973 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 298 GB 31 KB

==================================================================================

Disk: 0
DiskPart has encountered an error: The RPC server is unavailable.
See the System Event Log for more information.

==================================================================================

Partitions of Disk 1:
===============

DiskPart has encountered an error: The RPC server is unavailable.
See the System Event Log for more information.

==================================================================================

Last Boot: 2012-08-10 01:31

======================= End Of Log ==========================

9 more replies
Relevance 74.62%

Hi, I have a problem similar to other recent posts regarding SIREFEF but the advice posted in reply seems specific to that users computer, hence my creating a new post.Yesterday I had to remove a Live Security Platinum infection, and I thought all had gone well, but now whenever I start the computer, Microsoft Security Essentials displays a message saying it has to restart. The computer reboots after a minute or so.I have done a FRST scan:FRST log:Scan result of Farbar Recovery Scan Tool Version: 04-08-2012 01Ran by SYSTEM at 04-08-2012 20:29:29Running from G:\Windows 7 Home Premium (X64) OS Language: English(US) The current controlset is ControlSet001========================== Registry (Whitelisted) =============HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [161304 2010-07-23] (Intel Corporation)HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [386584 2010-07-23] (Intel Corporation)HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [415256 2010-07-23] (Intel Corporation)HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [10920552 2010-06-22] (Realtek Semiconductor)HKLM\...\Run: [ETDWare] %ProgramFiles%\Elantech\ETDCtrl.exe [649608 2010-04-12] (ELAN Microelectronic Corp.)HKLM\...\Run: [Acer ePower Management] C:\Program Files\Packard Bell\Packard Bell Power Man... Read more

Answer:Sirefef trojan and MSE stuck in restart loop

Hi rapidlygoingbald,

Welcome to the forum.

Please tell me if you still need assistance and the condition of the computer is the same. In case you still need assistance but the condition of the computer is changed please post a fresh FRST log with the latest FRST version and update me about the current situation.

2 more replies
Relevance 72.57%

Hello,

I have a Windows 7 Home Premium 64-bit laptop which is infected with the Win32/sirefef.ah trojan. As soon as the Microsoft Security Essentials launces it causes the system to give this error: WINDOWS HAS ENCOUNTERED A CRITICAL PROBLEM AND WILL RESTART AUTOMATICALLY IN ONE MINUTE and then reboots. This happens a regular boot and in safe mode. MSE cannot be uninstalled either. I've read other threads and would like to know when program needs to be run first so i may supply the log files. Your help is apprecaited.

thank you,
-kA

Answer:win32/sirefef.ah trojan (causes one minute reboot)

please run the following:download Farbar Recovery Scan Tool and save it to a flash drive.Plug the flashdrive into the infected PC.Enter System Recovery Options. To enter System Recovery Options from the Advanced Boot Options:Restart the computer.As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.Use the arrow keys to select the Repair your computer menu item.Choose your language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account and click Next.To enter System Recovery Options by using Windows installation disc:Insert the installation disc.Restart your computer.If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.Click Repair your computer.Choose your language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account an click Next.On the System Recovery Options menu you will get the following options:Startup RepairSystem RestoreWindows Complete PC RestoreWindows Memory Diagnostic ToolCommand Prompt[*]Select Command Prompt[*]In the command window type in notepad and press Enter.[*]The notepad opens. Under File menu select Open.[*]Select "Computer" and find your flash drive letter and close the notepad.[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) ... Read more

4 more replies
Relevance 70.93%

I cant reboot my computer without my computer getting to the windows screen and then restarting and going to system restore. I have down MalwareBytes scans and Microsoft Essential Security scans that came up with some trojans. Was told that it was removed but it still happens.

Answer:Everytime I reboot,It doesnt work. Last check sirefef trojan.

Download OTL to your DesktopDouble click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.OTL should now start. Change the following settings
Change Drivers to AllChange Standard Registry to AllUnder File Scans, change File age to 30Under the Custom Scan box paste this in
netsvcs
set /c
/md5start
consrv.dll
UXTHEME.DLL
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
Userinit.exe
Explorer.exe
Winlogon.exe
Regedit.exe
SCLWAPI.dll
/md5stop
%SYSTEMDRIVE%\*.*
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job
%systemroot%\assembly\tmp\U\*.* /s

Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt (first run only). These are saved in the same location as OTL.Please post the contents of the OTL.txt file and attach the Extras.Txt, if any, in your next reply.

24 more replies
Relevance 68.06%

A few days ago, I got the Sirefef.AB and Sirefef.W virus on my computer. I had no idea the severity of my problem until after I reinstalled MSE which has now caused my computer to constantly restart. I have used Farbar to create a FRST.txt and Server.txt file, though I do not know if that will help on this site in the removal of this blasted virus, and I will wait to post it until I have been instructed if I should do so. I really am at a loss here. I am not that great with computers, and could really use some help.

Edit: Added note, for the short while before I reinstalled MSE, I was having redirection problems when clicking on Google links. It also restarts in Safe Mode.

Answer:Sirefef.AB and Sirefef.W for Windows 7 Infected Computer with Constant Reboot

Greetings And Welcome To The Forums!!My name is Gringo and I'll be glad to help you with your malware problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At... Read more

3 more replies
Relevance 67.24%

Looks like I was hit by the TrojanOS/Alureon.A. Last week my Dell Inspiron Laptop (Windows 7 64) shut itself and when I try to start again it went into a indefinite reboot loop. When it boots it receives a startup error and wants to launch startup repair until the message told me that it could not repair automatically.

I read "READ ME FIRST INFO" but I cannot perform any steps as I cannot get it to boot normally. I looked at other forums on my other computer, where I was able to download the Farbar Recovery Scan Tool x64 on my USB drive and run the program. Attached is the FRST.txt log, as requested to another user. Also, I tried to download TDSS Killer from your site on my USB drive but received the following error in command prompt: the subsystem needed to support the image type is not present.

Please help.

Lawrence
 

Answer:Trojan:DOS/Alureon.A - reboot loop

I was able to do a dell datasafe restore before I ran the Farbar recovery tool.
 

9 more replies
Relevance 66.83%

Hello,
This week i have fallen victim to a possible Trojan, which after much research i cannot remedy.
To begin with the symptoms have been; initially desktop frozen, then keyboard and mouse disabled, then upon reboot an infinity loop reboot occurs.

Laptop info:
Windows XP sp2
dell inspiron 16400
intel(R) CPU t2050 @ 1.60GHZ
0.99 GB of RAM

What i have done so far:
I am able to boot in safe mode and the mouse will work until i try to enter txt, then the mouse is disabled and keypad locked(was it always locked?). I have Done research and found that these worms are possible causes.

http://www.symantec.com/security_response/writeup.jsp?docid=2005-062513-4831-99&tabid=3

http://www.symantec.com/security_response/writeup.jsp?docid=2003-071809-4101-99&tabid=3

However whatever steps were necessary to purge have failed( I followed manual registry edit instructions. which led to the revelation that the corrupt files were not even there). I have run Trojan remover, up to date, and continue get these messages flagged up:

-2x In-use/locked file, and

-1x "this file is loaded by a (hidden) services registry key:
\\systemroot\\system32\\drivers\\afd.sys
a file with this name *has not* been found (it may not exist)
The file is loaded by the following registry key:
HKLM\system\currentcontrolset\services\AFD

registry value name: imagepath.

Even after completing the scan process and restarting they remain there, as does the infinity boot-loop. I ran spy bot seek and destroy ... Read more

More replies
Relevance 66.01%

Good day Sir

I am currently using AVG anti-virus. I discovered yesterday that my pc was infected with the above when a pop up appeared from AVG Resident Shield Alert.
Filename : c:\WINDOWS\System32\services.exe
Threat warning: Trojan horse patched_c.LZI detected when open

I searched online & followed to thsi forum. I ran esetscan & found this:
C:\Downloads\Software\apex-video-converter-free.exe multiple threats
C:\WINDOWS\Installer\{9081a400-93a1-c7e5-1756-88339bbd685a}\U\[email protected] Win64/Agent.BA trojan
C:\WINDOWS\Installer\{9081a400-93a1-c7e5-1756-88339bbd685a}\U\[email protected] Win64/Sirefef.AE trojan
C:\WINDOWS\Installer\{9081a400-93a1-c7e5-1756-88339bbd685a}\U\[email protected] a variant of Win32/Sirefef.FD trojan
Operating memory a variant of Win32/Sirefef.EZ trojan
I would appreciatte whatever help in overcoming this threat.

Thank you & looking forward to your advice.
D

Answer:Win64/Agent.BA trojan, Win32/Sirefef.FD trojan & Sirefef.AE trojan

Hello,Please follow the instructions in ==>This Guide<== starting at step 6. If you cannot complete a step, skip it and continue.Once the proper logs are created, then post them in a reply to this topic by using the Add Reply button.If you can produce at least some of the logs, then please create the post and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Please note that I am not a member of the Malware Removal Team and will not be assisting you in removing the infection. I'm simply helping you to post the information they need in order to assist you.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.Orange Blossom

21 more replies
Relevance 64.78%

I installed Microsoft security essential and ran a full scan of the system. But I found out that my windows is attacked by Trojan:win64/Sirefef.W, Trojan:win64/Sirefef.M and Trojan:win32/Sirefef.AK. Microsoft security essentials was unable to remove them. The main issue that I have been facing since this incident is that windows can't update Firewall settings. the following message is displayed "Windows Firewall cant change some of your settings. Error code 0x80070424". Additionally, the antivirus program "Microsoft security essential" keeps on detecting the above mentioned malwares and asks to delete these files. Once deleted it asks for a reboot. After restart again these viruses are re-created and its been happening for the last couple of weeks.sea In order to resolve this issue I searched the internet and found http://www.bleepingcomputer.com so I posted a topic regarding this issue and I have been recieving help from one of your experts. Here's the link of this topic:http://www.bleepingcomputer.com/forums/topic455970.html/page__gopid__2721298#entry2721298Now that problem persists, I have been asked for the elevated help and to post a new topic here. I am glad to know that your team is so dedicated for our help. As I am using 64-bit version of windows so only DDS logs were created. DDS.txt logs are given below and attach.txt is been attached as well.....DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion... Read more

Answer:Infected with Trojan:win64/Sirefef.W, Trojan:win64/Sirefef.M and Trojan:win32/Sirefef.AK

Hello and Welcome to Bleeping Computer!!My name is Gringo and I'll be glad to help you with your malware problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE:... Read more

27 more replies
Relevance 64.78%

found with mse and scanned with malwarebytes no help, just hoping someone can help
 
dds file logs
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16635  BrowserJavaVersion: 1.7.0_09
Run by Sean at 15:38:09 on 2013-08-03
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8141.5674 [GMT -7:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* 1
SP: Windows Defender *Disabled/Updated* 0
SP: Microsoft Security Essentials *Disabled/Updated*

dataLayer.push({'event':'ldfMDL','mdlLocLabel':'forums'});

jQuery(function ($) {
// Load dialog on page load
$(".modal_cbox").modal({
opacity:50,
containerCss:{
backgroundColor:"#c8c9c9",
borderColor:"#5983C3",
height:510,
padding:5,
width:830,
},
onShow: function (dialog) {
$("html,body").css("overflow","hidden");

if( /Android|webOS|iPhone|iPad|iPod|BlackBerry|IEMobile|Opera Mini/i.test(navigator.userAgent) ) {
$('body').css('position','fixed');
}
},
onClose: function (dialog) {
$("html,body").css("overflow","auto");

if( /Android|webOS|iPhone|iPad|iPod|BlackBerry|IEMobile|Opera Mini/i.test(navigator.userAgent) ) {
$('body').css('position','relative');
}

$.modal.close();
}
});
});
9
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k... Read more

Answer:trojan.win64/sirefef.p and trojan.win32/sirefef.ab removal help

Hello silencer626 I would like to welcome you to the Malware Removal section of the forum.Around here they call me Gringo and I will be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the sa... Read more

34 more replies
Relevance 64.78%

Hello! Please Help!

My antivirus started to warn me about blocking stuff a few days ago. I was using Bitdefender Total Security 2012. At first it found the threats and removed them but since this morning it started acting more weird. It wasn't able to remove them. I think it showed among others a trojan.sirefef.fy. I've changed my antivirus with Norton 360 but it didn't solve anything. I've installed Malwarebytes Anti-Malware which found another 2 trojans and rootkit.0Access. A second scan showed nothing. Norton 360 showed 2 threats and removed them. At last I ran Eset Online Scanner which now shows 7 threats. I'm really worried that my pc is compromised. I'm using Windows 7 with Firefox. Windows Update seems to be deactivated too.

Answer:trojan.sirefef.fy, Sirefef.Fd Trojan, rootkit.0Access problem

DownloadTDSSkillerLaunch it.Click on change parameters-Select TDLFS file systemClick on "Scan".Please post the LOG report(log file should be in your C drive) Do not change the default options on scan resultsDownloadaswMBRLaunch it, allow it to download latest Avast! virus definitionsClick the "Scan" button to start scan.After scan finishes,click on Save logPost the log results hereDownloadESET online scannerInstall itClick on START,it should download the virus definitionsWhen scan gets completed,click on LIST of found threatsExport the list to desktop,copy the contents of the text file in your reply

8 more replies
Relevance 64.78%

Hiya,

one half of my PC is a mess....when I run SAS it detects

Adware.Vundo Variant/Resident

Trojan.Vundo-Variant/Small-GEN

Adware.Vundo Variant/Rel

so I send the items to quarantine and reboot like it asks me.

Now the PC won't reboot unless I select safe mode from the options that pop up.

When in safe mode I notice zone alarm total security won't load.

To get the pc to boot I have to restore the items from quarantine....but even now the zone alarm suite will not activate.

I can see zlclient in the task manager but the user interface won't show.

I'm currently on a dual boot and so far vista seems unaffected...but I haven't accessed the other partition yet....

I'm running avira from vista...I was going to ask if it would help with the mess on the other partition but it has just detected a virus:

TR/Crypt.XPACK.Gen not to sure if that is part of the problem.

Any help would be great,

Thanks.
 

Answer:Solved: SAS scan causing reboot loop and blue screen - pls help trojan

Got it sorted...yeah for dual boot
 

1 more replies
Relevance 62.73%

Referred from here: http://www.bleepingcomputer.com/forums/topic462175.html ~ OBI am running Windows Vista with Microsoft Security Essentials when i first encountered the problem. The virus shutdown MSE and the Microsoft update center, my firewall, etc. I downloaded MBAM, ran the scan, and it caught some files. Disinfected them, rebooted, rescanned, and files appeared again. (while running in safe mode with networking from the point after being infected). I followed the instructions here: http://www.bleepingcomputer.com/virus-removal/remove-security-shield first because this is where I believe all the problems began (that is after my wife clicking on an embedded link within FB). Upon completing the entire process, I noticed I still had the sirefef trojan, sirefef virus, and rootkit 0 access as I was running MSE and MBAM right before getting the "windows (Vista) encountered a critical error and will restart" loop. I have already downloaded frst.exe and ran it thru the usb drive connected to the infected cpu. I do not know what to do from this point on to get my cpu back to "healthy" and virus free status again ??????Running Vista 32 bit

Answer:Security SHield 2012, sirefef trojan, sirefef virus, and rootkit 0 access TROUBLE!

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At... Read more

58 more replies
Relevance 62.73%

I use Windows 7 Home Premium 64-bit with Service Pack 1

My antivirus program, ESET Smart Security 5, notified me of the following infection:
7/2/2012 6:24:16 PM Real-time file system protection file C:\Windows\system32\services.exe Win64/Patched.B.Gen trojan unable to clean NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Users\Owner\AppData\Local\Temp\341615390.exe.

As you can see, it was unable to clean the infection. This notification pops up roughly every 15 minutes. When I tell ESET to delete the infected file, it says there was an error when deleting. Also, ESET notified me of the three following infections, and the second two keep returning after deletion:

7/2/2012 6:24:36 PM Real-time file system protection file C:\Windows\Installer\{4d64a181-5ab7-f857-5530-4aa187755236}\n Win64/Sirefef.W trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Users\Owner\AppData\Local\Temp\341615390.exe.

7/2/2012 6:24:36 PM Real-time file system protection file C:\Windows\Installer\{4d64a181-5ab7-f857-5530-4aa187755236}\U\[email protected] Win64/Sirefef.T trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Windows\System32\services.exe.

7/2/2012 6:24:36 PM Re... Read more

Answer:Win64/Patched.B.Gen trojan, Sirefef.AL trojan, and Sirefef.T trojan

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems. Please do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you... Read more

17 more replies
Relevance 61.91%

Hi,
I'm stuck with Microsoft Security Essentials detecting two trojans upon startup:

Trojan:Win32/Sirefef.AB
Trojan:Win64/Sirefef.P

Located in:
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini

I ran everything on the READ & RUN ME (except RootRepeal as I got Windows 7 Professional x64).

I hope I have attached all needed logs.

P.S. I'm pretty sure that the KMService.exe in the MBAM log is a false positive (It's MSOffice activator).
 

Answer:Trojan:Win32/Sirefef.AB + Trojan:Win64/Sirefef.P

Also this:
 

20 more replies
Relevance 61.91%

Hello everyone, sry if i make another post about this virus but as i saw around it sems to be different for everyone (the removing process)

here i am, from italy, praying for someone to help me to remove this, the situation atm it's that on intervals of 3 minutes Microsfot Security Essentials find on my pc this 2 files

Tojan:Win32/Sirefef.AB
Tojan:Win64/Sirefef.P
and i don't know what to do.. anyone that it's able to help me ?

EDIT: i'm running Windows 7 ultimate edition 64 bit service pack 1
 

Answer:Trojan:Win32/Sirefef.AB + Trojan:Win64/Sirefef.P NEED HELP PLEASE!

anyone that can help me ? that thing it's stealing all my passwords!
 

2 more replies
Relevance 61.91%

Hi, I'm from Portugal and I'm getting frustrated because I can't remove this virus.

Microsoft Security Essentials is finding 2 files I can't remove when I reboot the computer. When I reboot, MSE continues to find those files.

I'm running Windows 7 Home Premium Edition 64 bit service pack 1.

Please help me!

Answer:Trojan:Win32/Sirefef.AB and Trojan:Win64/Sirefef.P

Help me, please. I don't know what to do.

60 more replies
Relevance 61.91%

Hi there i kept getting a virus that AVG couldn't remove, which AVG wouldn't stop popping up about, so i tried a different anti virus software MSE, which seemed to have i would believe half fixed the problem as symptoms from the virus before like redirected webpages etc MSE managed to stop however MSE is having trouble dealing with Trojan:Win64/sirefef.M and Trojan:Win32/sirefef.AK, now i saw a topic posted about the win32 1 which suggested to using combofix, which this site stats do not use unless asked too, so i wanted to do things by the book (or you guys about the problem) i have used combofix before on the same machine to remove another virus before a while ago (maybe a year ago?). a Step by step method of removing the virus' and what the virus' actually do so i know how bad it is for future reference. Thank you.Using an AZUS ROG laptop with windows 7.Edit: Moved topic from Windows 7 to the more appropriate forum. ~ Animal

Answer:Trojan:Win64/sirefef.M and Trojan:Win32/sirefef.AK

DownloadTDSSkillerLaunch it.Click on change parameters-Select TDLFS file systemClick on "Scan".Please post the LOG report(log file should be in your C drive) DownloadaswMBRLaunch it, allow it to download latest Avast! virus definitionsClick the "Scan" button to start scan.After scan finishes,click on Save logPost the log results hereDownloadESET online scannerInstall itClick on START,it should download the virus definitionsWhen scan gets completed,click on LIST of found threatsExport the list to desktop,copy the contents of the text file in your reply

15 more replies
Relevance 61.91%

Hello everyone, sry if i make another post about this facking virus but as i saw around it sems to be different for everyone (the removing process)

here i am, from italy, praying for someone to help me to remove this facking bleep, the situation atm it's that on intervals of 3 minutes Microsfot Security Essentials find on my pc this 2 files

Tojan:Win32/Sirefef.AB
Tojan:Win64/Sirefef.P
and i don't know what to do.. anyone that it's able to help me ?

EDIT: i'm running Windows 7 ultimate edition 64 bit service pack 1

Answer:Trojan:Win32/Sirefef.AB + Trojan:Win64/Sirefef.P NEED HELP PLEASE!

anyone that can help me ? that thing it's stealing all my passwords!

4 more replies
Relevance 61.91%

Hi guys,

I'm running Windows 7 64bit OS. I recently found that Microsoft Security Essentials wasn't running and I had to reinstall it. Once I did it found these trojans.
I did a bit of research and read some other posts but it looks like there is a detailed and unique fix for each person.

I think I have done everything in the READ AND RUN ME thread, and I hope I have attached all the correct logs as requested.

The only problems I had were with MGTools. I got the following errors:
"The ordinal 1108 could not be located in the dynamic link library WSOCK32.dll"
and
"Application has generated an exception that could not be handled.

Process id=0xac8 (2760), Thread id=0xce4 (3300)"

Thanks for your time.

Cheers
 

Answer:Trojan: Win32/Sirefef.AB and Trojan: Win64/Sirefef.P

Rescan with HitmanPro.
Choose to Delete these files if they are detected:

C:\$Recycle.Bin\S-1-5-18\$f6a6e0a66969d09ba37420a38f97ea5e\n
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini

Ignore all other detections.
Afterwards, click the Next button.
HitmanPro may want to reboot the PC in order for the changes to take affect, please do so.

Double-click RogueKiller.exe to run. (Vista/7 right-click and select Run as Administrator)
When it opens, press the Scan button
Now click the Registry tab and locate these detections:

[RUN][BLACKLIST DLL] HKLM\[...]\Run : THXCfg64 (C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64) -> FOUND
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-21-360523327-522932163-1323501305-1000\$f6a6e0a66969d09ba37420a38f97ea5e\n.) -> FOUND
[HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-18\$f6a6e0a66969d09ba37420a38f97ea5e\n.) -> FOUND
[HJ INPROC][ZeroAccess] HKLM\[...]\InprocServer32 : ... Read more

11 more replies
Relevance 60.68%

Hi,
I have recently changed AV probrams from Eset nod 32 to Microsoft Security Essentials.

Upon running a scan with MSE, it has detected two trojans,
Trojan:Win32/Sirefef.AB
Trojan:Win64/Sirefef.P

Located in:
C:\Windows\assembly\GAC_32\Desktop.ini

I have gone through READ & RUN ME.
I did not run RootRepeal as I have Windows ultimate x64.
ComoboFix and TDSSKiller did not create log files.

TDSSKiller did find 2 threats and attempt to delete, upon reboot Windows because stuck in loading.

Thanks in advance
 

Answer:Trojan:Win32/Sirefef.AB & Win64/Sirefef.P

Currently reviewing those logs and will get back to you as soon as possible.
 

2 more replies
Relevance 60.68%

Microsoft Security Essentials keeps reporting this Trojan and quarantines it. After attempts to remove the file, It keeps reappearing. It shows a file location that I am unable to find on my system C:\WINDOWS\Installer\{c9895293-dd75-a99b-8995-cba2d2461db3}\U\[email protected]
Now I am getting a warning about VirTool Win32/Obfuscator.XQ @ C:\WINDOWS\Installer\{c9895293-dd75-a99b-8995-cba2d2461db3}\n However, this file cannot be located wither. There is no C:\Windows\Install directory.
Also Combofix loads and starts then it crashes. Disappears from file manager and splash screen disappears -- The program literally stops running.


DDS Text File Contents:
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
Run by Estelle Clark at 2:59:47 on 2012-05-19
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2423.1353 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Nero\Tools\InCD\InCDSrv.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\SUPERAntiSp... Read more

Answer:Infected with Trojan:Win32/Sirefef.AG and Sirefef.I

Hello and Welcome to Bleeping Computer!!My name is Gringo and I'll be glad to help you with your computer problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE:... Read more

4 more replies
Relevance 58.63%

Hello, MSE had a message that said detected and cleaned virus and in the history came up Trojan:win32/sirefef.ak
.am
.ag
/sirefef and then proceeded to say remove.
kept getting the MSE logo spinning and saying cleaning and then same viruses would be in history
I used malwarebytes and it found the four aswell and cleaned them but I feel something is still there and runnin in the background because when I reboot my desktop icons keep resetting if I change them. Need help

Thanks
LR

what do you need for me to run a log to show the computer status?

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.12.09

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Roger Trudel :: ROGERTRUDEL-PC [administrator]

12/06/2012 6:25:09 PM
mbam-log-2012-06-12 (18-25-09).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 280359
Time elapsed: 15 minute(s), 32 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)... Read more

Answer:Trojan: win32/sirefef.ak & am & ag and sirefef

Hello and welcome to the forums!My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. I'll be addressing you by your username, if you'd like me to address you by something else, please let me know!I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
If I instruct you to download a specific tool in which you already have, please delete ... Read more

28 more replies
Relevance 57.81%

Hi,

I want to thank in advance whoever decides to help me and also apologize in advance if I'm not as tech savvy as many of the people who come to this site/forum for help. I believe I have sort of Sirefef infection that's causing my windows to continuously restart. I've seen it in a few different topics here so I'm hoping it's fixable.

At the beginning of the week I had trouble with google searches redirecting me and used malwarebytes and thought I had resolved the problem but it began doing it again just yesterday. My friend suggested I download Microsoft Security Essentials since I had no antivirus. I did and scanned and found sirefef but when it tried to clean it a small window popped up that said Windows has encountered a critical error and will restart. Now it does this every time I turn it on, restarting about a minute or two after it loads up. MSE keeps detecting sirefef and trying to clean it when it loads as well.

Since I can't even turn it on it seems, I can't provide a log at the moment but I did download farbar as that appears to be the first step I've seen on many of these similar problems. I have not run it however as I don't want to mess things up any further by stumbling on blindly.

Answer:Sirefef?/Windows restart loop

Greetings And Welcome To The Forums!!My name is Gringo and I'll be glad to help you with your malware problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At... Read more

28 more replies
Relevance 56.99%

Good Morning

As of last night AVG Anti Virus has been detecting the threat - Win32\Sirefef. Unfortunately since this time I have also started receiving the error message "Windows has encountered a critical error and must restart". AVG has also pointed to C:\Windows\System32\Services.exe.

The operating system is Vista 32 bit. Apologies for the lack of information and not posting the DDS and GMER logs but the PC will not stay powered on long enough to run any logging,scan or program. I get a maximum of 90 seconds from windows logon before I receive the message "Windows has encountered a critical error and must restart". Even without logging on to Windows, the PC still reboots.

I have tried booting into Safe Mode (with and without Networking) but still have the same issue.Another point to note is that the Windows firewall has been disabled and would not let me enable it again. As a rule I would have re-installed Windows Vista but this is not an option on this PC.

I have never encountered a virus like this.I find it intriguing and frustrating! So here I am asking the experts, your advice would be greatly appreciated.

Many Thanks

Ashley

Answer:Infected with Win32\Sirefef, PC in rebooting loop

Please do the following:download Farbar Recovery Scan Tool and save it to a flash drive.Plug the flashdrive into the infected PC.Enter System Recovery Options. To enter System Recovery Options from the Advanced Boot Options:Restart the computer.As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.Use the arrow keys to select the Repair your computer menu item.Choose your language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account and click Next.To enter System Recovery Options by using Windows installation disc:Insert the installation disc.Restart your computer.If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.Click Repair your computer.Choose your language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account an click Next.On the System Recovery Options menu you will get the following options:Startup RepairSystem RestoreWindows Complete PC RestoreWindows Memory Diagnostic ToolCommand Prompt[*]Select Command Prompt[*]In the command window type in notepad and press Enter.[*]The notepad opens. Under File menu select Open.[*]Select "Computer" and find your flash drive letter and close the notepad.[*]In the command window type e:\frst.exe and press Enter Note: Replace letter e with... Read more

2 more replies
Relevance 56.99%

Help, my computer automatiquely reboot after 1 minute.
MSSE say sirefef infection

here the FRST.TXT file.

Thanks

Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 20-07-2012 01
Ran by W7 at 23-07-2012 09:11:53
Running from C:\
Service Pack 1 (X86) OS Language: French Standard
Attention: Could not load system hive.Erreur?: Le processus ne peut pas acc?der au fichier car ce fichier est utilis? par un autre processus.

ATTENTION:=====> THE TOOL IS NOT RUN FROM RECOVERY ENVIRONMENT AND WILL NOT FUNTION PROPERLY.
============ One Month Created Files and Folders ==============

2012-07-23 09:35 - 2012-07-23 09:11 - 00000000 ____D C:\FRST
2012-07-23 09:12 - 2012-07-23 09:12 - 00043480 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\yyhuknpj.sys
2012-07-23 09:08 - 2012-07-23 09:08 - 00043480 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\guwslplh.sys
2012-07-23 08:24 - 2012-07-23 08:24 - 00000000 ____D C:\Users\Public\Desktop\CC Support
2012-07-23 08:19 - 2012-07-23 08:36 - 00000000 ____D C:\Windows\erdnt
2012-07-22 23:32 - 2012-07-22 23:32 - 00892164 ____A (Farbar) C:\FRST.exe
2012-07-22 23:05 - 2012-07-23 08:36 - 00000000 ___SD C:\32788R22FWJFW
2012-07-22 23:03 - 2012-07-23 08:36 - 00000000 ____D C:\Qoobox
2012-07-22 23:02 - 2012-07-22 23:02 - 04582474 ____R (Swearware) C:\Users\W7\Desktop\z.exe
2012-07-22 21:22 ... Read more

Answer:HELP Sirefef reboot

ATTENTION:=====> THE TOOL IS NOT RUN FROM RECOVERY ENVIRONMENT AND WILL NOT FUNTION PROPERLY.FRST needs to be run from the Recovery environmentplease follow these directionsdownload Farbar Recovery Scan Tool and save it to a flash drive.Plug the flashdrive into the infected PC.Enter System Recovery Options. To enter System Recovery Options from the Advanced Boot Options:Restart the computer.As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.Use the arrow keys to select the Repair your computer menu item.Choose your language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account and click Next.To enter System Recovery Options by using Windows installation disc:Insert the installation disc.Restart your computer.If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.Click Repair your computer.Choose your language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account an click Next.On the System Recovery Options menu you will get the following options:Startup RepairSystem RestoreWindows Complete PC RestoreWindows Memory Diagnostic ToolCommand Prompt[*]Select Command Prompt[*]In the command window type in notepad and press Enter.[*]The notepad opens. Under File menu select Open.[*]Select "Computer... Read more

2 more replies
Relevance 56.99%

Windows Vista 32 bit on a dell computer, we got this nasty virus that kept telling us that windows will restart in 60 seconds, making it very hard to stop.

we rebooted in safe mode and even in safe made it still rebooted after a short time with networking or without. Even the command line safe mode got this message, and no amount of shutdown -a would stop it.

By perusing your excellent forums, we were able to restore to a sysstem snapshot from the top thing in safe mode F8 and get rid of the reboot, and we got some files off with malware bytes, but then the virus attacked and disabled malware bytes.

Because we think this may be a java exploit, we killed all the jre, and the computer runs ok, but we would really like to clean it up.

Attached are dds logs and gmer logs.

Answer:sirefef ac ag reboot

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.===Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofixLink 1Link 2* IMPORTANT !!! Save ComboFix.exe to your DesktopIMPORTANT....1. Close any open browsers.2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.3. Do not install any other programs until this if fixed.How to : Disable Anti-virus and Firewall...http://www.bleepingcomputer.com/forums/topic114351.htmlDouble click on ComboFix.exe & follow the prompts. When finished, it will produce a report for you. Please post the C:\ComboFix.txt Note:Do not mouse click ComboFix's window while it's running. That may cause it to stallNote: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.htmlNote: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.===Third party programs if not up to date can be the ca... Read more

5 more replies
Relevance 56.99%

Before anything, thank you for your help.

I have a net-book that is infected with variants of sirefef as reported by MSE. Upon power-up, the computer loads, and reboots in a loop every 60 seconds or so. When I log in, I can get very little done (as in running utilities) before the system has a critical error and reboots.

I tried to complete the README. Installed ccleaner. (system rebooted) Ran CCLeaner, system rebooted before the scan could complete.

Downloaded (RougeKiller, Malwarebytes, Hitman Pro, and MG tools) from a working computer, moved to usb drive, copied to correct locations on infected pc. (working between reboots)

Ran RougeKiller: System rebooted during scan, no log.
Ran MalwareBytes: System rebooted during scan, just after I was able to get scan to start, no log.
Ran HitMan Pro: System rebooted during scan, no log.

Ran MGtools: this is the only one that produced a log. I don't know if the program finished, the cmd window did not close and did not have a "completed" message when the computer rebooted. (I did make the mistake of running this twice (after a reboot), contrary to the instructions. I have included both logs as a precaution. Log Attached

Thank you again for your help,
Greg
 

Answer:sirefef and 60 second reboot

As soon as you boot into windows, open a command prompt and type in:
shutdown /a

Now see if you can run the scans.
 

11 more replies
Relevance 56.58%

Hello,

Problem description:

Noticed that the Microsof Security Essentials suite (and the firewall) was disabled, and could not be restarted ("The specified service does not exist as an installed program."); after uninstalling and reinstalling the MSE application, the computer would boot and almost immediately shut down (a dialog box would warn of shut-down in 1 minute); I did a restore and the shut-down warning stopped, but MSE was disabled again and uninstalling/reinstalling would produce the same problem.

Next step was to download and run Malwarebytes - log as follows:

////////////////////////////////////////////////////////////////////////////

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.07.09.08

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
CC2 :: CC2-PC [administrator]

7/16/12 6:41:40 AM
mbam-log-2012-07-16 (06-41-40).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 195899
Time elapsed: 4 minute(s), 57 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

File... Read more

Answer:Infected with Trojan.0access / Trojan.Dropper.BCMiner / Trojan.Sirefef

Please run the following:download Farbar Recovery Scan Tool and save it to a flash drive.Plug the flashdrive into the infected PC.Enter System Recovery Options. To enter System Recovery Options from the Advanced Boot Options:Restart the computer.As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.Use the arrow keys to select the Repair your computer menu item.Choose your language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account and click Next.To enter System Recovery Options by using Windows installation disc:Insert the installation disc.Restart your computer.If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.Click Repair your computer.Choose your language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account an click Next.On the System Recovery Options menu you will get the following options:Startup RepairSystem RestoreWindows Complete PC RestoreWindows Memory Diagnostic ToolCommand Prompt[*]Select Command Prompt[*]In the command window type in notepad and press Enter.[*]The notepad opens. Under File menu select Open.[*]Select "Computer" and find your flash drive letter and close the notepad.[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) ... Read more

12 more replies
Relevance 56.58%

Hi all, installing the latest insider build it downloaded OK, was going through the upgrade,
restarted a couple of times. Then it got to 75 %, restarted again. You see the small blue Windows
logo on the screen, and the small spinning progress indicator for about 15 seconds. Then it restarts
and repeats.

I was able to get into the recovery environment to run Chkdsk, but this has not
affected the situation. I have not attempted anything else, I wanted to see
if the forum had developed any consensus for this type of situation.

Appreciate any assistance.

More replies
Relevance 56.58%

What a fantastic resource! Our old Dell is infected, Security Essentials lists Sirefef, sirefef.R, and sirefef.AC before the computer restarts itself with the "Critical Error!" etc.

The contents from the log file from running Farbar Recovery Scan Tool are below. Hopefully this is enough to get started? Any help at all that you can give me is much appreciated. Thank you in advance!

Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 20-07-2012 01
Ran by SYSTEM at 22-07-2012 13:10:48
Running from G:\
Windows Vista ™ Home Premium (X86) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe [17920 2007-05-24] ( )
HKLM\...\Run: [RtHDVCpl] RtHDVCpl.exe [x]
HKLM\...\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start [81920 2005-02-16] (InstallShield Software Corporation)
HKLM\...\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup [221184 2006-10-03] (Macrovision Corporation)
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE [x]
HKLM\...\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe"... Read more

Answer:Sirefef, .R, and .AC - caught in startup loop, Windows Vista 32

Please do the following:Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt start
0 pwhsugq; C:\Windows\System32\drivers\mbji.sys [x]
2012-07-15 14:46 - 2012-07-15 15:02 - 00000000 ____D C:\Users\All Users\036DFF98030516F319D56AA82F3B707C
2012-07-15 14:46 - 2012-07-15 14:46 - 00000000 ____D C:\Users\SarahT\AppData\Local\{E09A8F02-CECE-11E1-8270-B8AC6F996F26}
C:\Windows\Installer\{5e1e789d-502f-3ee0-68d6-c56f063b8d8d}
C:\Users\SarahT\AppData\Local\{5e1e789d-502f-3ee0-68d6-c56f063b8d8d}
endNOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating systemNow please enter System Recovery Options then select Command PromptRun FRST (or FRST64 if you have the 64bit version) and press the Fix button just once and wait.The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.While you are still booted into System Recovery Options run FRST.

Type the following in the edit box after "Search:" so it looks like this:

Search: services.exe

Click Search button and post the log it makes to you... Read more

6 more replies
Relevance 56.17%

Hi all, i'm new to the community here so that's my first post unfortunatelly. Well the problem started with windows firewall being disabled and i was getting and error. So i decided to install mse when the reboots started... Is there a "fast" solution? my system is w7 x64 and i have bitdefender security center..

Any help you could provide would be appreciated a great deal.

Thanks in advance.

Apostolis

Answer:Sirefef.y infection and reboot every 60 sec

Doing a little research i found what has to be done with Farbar so i did that and i will post the log file.

Scan result of Farbar Recovery Scan Tool Version: 17-06-2012 04
Ran by SYSTEM at 18-06-2012 13:50:46
Running from G:\
Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2417032 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [BDAgent] "C:\Program Files\Bitdefender\Bitdefender 2012\bdagent.exe" [1067256 2012-04-01] (Bitdefender)
HKLM\...\Run: [ProfilerU] C:\Program Files\Saitek\SD6\Software\ProfilerU.exe [310272 2010-07-29] (Saitek)
HKLM\...\Run: [SaiMfd] C:\Program Files\Saitek\SD6\Software\SaiMfd.exe [158208 2010-07-29] (Saitek)
HKLM\...\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
HKLM-x32\...\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [WindowsLiveDeviceIntegrator] C:\Program Files (x86)\Windows Live\Device Integrator\wldi.e... Read more

14 more replies
Relevance 56.17%

Hi! Had good results with this forum; back again!Working on my nephew's computer, I noticed Google searches were being redirected. Microsoft didn't catch the initial problem so I ran Malwarebytes and Eset Online scanner which found and clean some problems. Rebooted. Microsoft Security Essentials found Sirefef trojan, cleaned and rebooted. Now every I boot the computer it says it will "restart automatically in one minute" (both safe and normal mode)OS is VistaAV is MSEAdvanced Boot options does NOT give me "Repair you computer" optionI do not have the Windows installation disk, although it might be possible to find with a lot of hunting.Please help!(As an aside, the reason I went to my nephew's computer was to check on the router... On my laptop my Symantec Endpoint Protection was giving me popups that it a "port scan attack is logged" coming from the router. Since it was being blocked I figured I would use the other computer to view router's admin page.)

Answer:Sirefef (one minute reboot)

Update:
I booted to safe mode and brought up the task manager with a CTRL-ALT-DEL at the first opportunity. I used the processes tab to locate the MSI process and ended it. This allowed me to run DDS and GMER to get the following logs.

Awaiting help,
Thanks!

.
DDS (Ver_2011-08-26.01) - NTFSx86 MINIMAL
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by COREY at 20:04:59 on 2012-08-12
Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.2047.1652 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\Explorer.EXE
C:\Windows\system32\Taskmgr.exe
C:\Windows\system32\mmc.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.... Read more

33 more replies
Relevance 56.17%

Please run the following:download Farbar Recovery Scan Tool and save it to a flash drive.Plug the flashdrive into the infected PC.Enter System Recovery Options. To enter System Recovery Options from the Advanced Boot Options:Restart the computer.As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.Use the arrow keys to select the Repair your computer menu item.Choose your language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account and click Next.To enter System Recovery Options by using Windows installation disc:Insert the installation disc.Restart your computer.If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.Click Repair your computer.Choose your language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account an click Next.On the System Recovery Options menu you will get the following options:Startup RepairSystem RestoreWindows Complete PC RestoreWindows Memory Diagnostic ToolCommand Prompt[*]Select Command Prompt[*]In the command window type in notepad and press Enter.[*]The notepad opens. Under File menu select Open.[*]Select "Computer" and find your flash drive letter and close the notepad.[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) ... Read more

Answer:Win64/Sirefef.y sirefef.w sirefef.b present. Laptop keeps rebooting every 1 minute. Firewall cannot turn on

Hi,

Thanks for the reply.

Scan result of Farbar Recovery Scan Tool Version: 25-07-2012 01
Ran by SYSTEM at 29-07-2012 11:19:09
Running from F:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe -set Silent "1" SplashURL "" [1111568 2011-10-08] (Trend Micro Inc.)
HKLM\...\Run: [ETDCtrl] %ProgramFiles%\Elantech\ETDCtrl.exe [2589992 2011-04-12] (ELAN Microelectronics Corp.)
HKLM\...\Run: [AtherosBtStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe" [617120 2011-03-13] (Atheros Commnucations)
HKLM\...\Run: [Trend Micro Client Framework] "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [197152 2011-02-10] (Trend Micro Inc.)
HKLM\...\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
HKLM-x32\...\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\A... Read more

20 more replies
Relevance 55.76%

Got another one for you... Can't stay logged into windows because of a critical error, and rebooting 1 minute later.Here is my frst.txt content...Scan result of Farbar Recovery Scan Tool Version: 25-07-2012 01Ran by SYSTEM at 27-07-2012 20:21:28Running from I:\Windows 7 Home Premium (X64) OS Language: English(US) The current controlset is ControlSet001========================== Registry (Whitelisted) =============HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7981088 2009-07-20] (Realtek Semiconductor)HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup [16333856 2009-07-14] (NVIDIA Corporation)HKLM\...\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui [190472 2009-09-16] (Logitech Inc.)HKLM\...\Run: [EKAIO2StatusMonitor] C:\Windows\system32\spool\DRIVERS\x64\3\EKAiO2MUI.exe [3240448 2011-12-10] (Eastman Kodak Company)HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35696 2009-02-27] (Adobe Systems Incorporated)HKLM-x32\...\Run: [ABNotify] C:\Program Fi... Read more

Answer:Another Sirefef Infection/1 minute reboot

Please do the following:Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt start
1 evrhwdch; \??\C:\Windows\system32\drivers\evrhwdch.sys [x]
2012-07-27 17:17 - 2012-07-27 17:17 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.2243DA0DB5B173E7
2012-07-27 17:17 - 2012-07-27 17:17 - 00050392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\wwogfass.sys
2012-07-27 15:35 - 2012-07-27 15:35 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.2BADF4F3E3ADF4FB
2012-07-27 15:20 - 2012-07-27 15:20 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3BADF02DBC08DE8D
2012-07-23 11:00 - 2012-07-23 11:00 - 00311296 ____A C:\Users\Courtney_2\AppData\Local\plogolc.exe
C:\Windows\Installer\{4935c656-a5da-c5b8-8fc3-b9e67597a38b}
C:\Users\Courtney_2\AppData\Local\{4935c656-a5da-c5b8-8fc3-b9e67597a38b}
replace: C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe C:\Windows\System32\services.exe
... Read more

13 more replies
Relevance 55.76%

I am having the same trouble as many others. Can't do anything cause computer restarts every minute. Here are my FRST logs. Thank you in advance for the help.

Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 25-07-2012 01
Ran by SYSTEM at 25-07-2012 13:18:19
Running from F:\
Windows 7 Professional (X86) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [141848 2009-09-08] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [174104 2009-09-08] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [151064 2009-09-08] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s [7739936 2009-09-16] (Realtek Semiconductor)
HKLM\...\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe" [159456 2011-08-05] (Microsoft Corporation)
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)
HKLM\...&#... Read more

Answer:Sirefef Infection/1 minute reboot

Greetings And Welcome To The Forums!!My name is Gringo and I'll be glad to help you with your malware problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At... Read more

5 more replies
Relevance 55.76%

hello guys

really hope one of the experts can help me with this! malwarebytes found the 3 trojans on my computer today. i have tried following the path where affected by unhiding registery files etc but wont let me delete

anyone have any ideas how i get rid of these?

thanks in advance

dom

Answer:Trojan.0access, trojan.dropper.bc miner and trojan sirefef

apols im not trying to 'bump' - just seen i need gto post these logs

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18882
Run by Administrator at 21:42:27 on 2012-07-02
.
============== Running Processes ===============
.
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uWindow Title = Internet Explorer Provided By Sky Broadband
uDefault_Page_URL = hxxp://www.sky.com
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=71&bd=PRESARIO&pf=laptop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=71&bd=PRESARIO&pf=laptop
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: Reganam Toolbar: {db9d7a78-a76c-4bf2-97c6-258925ee1542} - c:\program files\reganam\tbRega.dll
uURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files\utorrentcontrol2\prxtbuTo0.dll
uURLSearchHooks: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\pc tools\pc tools security\bdt\PCTBrowserDefender.dll
mURLSearchHooks: Reganam Toolbar: {db9d7a78-a76c-4bf2-97c6-258925ee1542} - c:\program files\reganam\tbRega.dll
mURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files\utorrentcontrol2\prxtbuTo0... Read more

36 more replies
Relevance 54.94%

Hello,

i post my problem here as it seems the only place where i've found people who actually know what they're talking about. I have a Sony Vaio Laptop running windows 7 64 bit infected with the sirefef virus. Microsoft security essentials shows that it found:

Trojan: Win64/Sirefef
Trojan: Win64/Sirefef.Y
Virus: Win64/Sirefef.B
Trojan: Win64/Sirefef.Z
Trojan: Win64/Sirefef.W

Every time i boot the computer, MSE finds these infections, and prompts me after a minute to restart in order to complete the removal. But every time it reboots, the message is still there. I tried installing Malwarebytes but it won't let me cause it says "access denied" or something like that. Sorry for not providing any more information but i can use my pc for a couple of minutes every time (cause it reboots automatically). I followed your instructions and scanned with DDS. I attach the attach.txt file it generated. I look forward to hearing from you as i really need the laptop for my university studies and i'm in the middle of the exams period. Thank you for your time!

P.S. If i restore my whole system to factory settings, is the problem going to persist? Cause if it's not, i will do it in a heartbeat. Only problem is that i am afraid of infecting my external hard drive (which would be already infected if the virus spreads to external devices). Would that be the case? Will i need to clean my external HDD too?

Answer:Win64/Sirefef.y sirefef.w sirefef.b present. Laptop keeps rebooting every 1 minute

Hello and welcome. Please follow these guidelines while we work on your PC:Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I?ve given you the ?All clear.? Absence of symptoms does not mean your machine is clean! Please do not run any scans or install/uninstall any applications without being directed to do so.Please note that the forum is very busy and if I don't hear from you within five days this thread will be closed. Download Farbar Recovery Scan Tool x64 and save it to a flash drive.Plug the flashdrive into the infected PC.Enter System Recovery Options. To enter System Recovery Options from the Advanced Boot Options:Restart the computer.As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.Use the arrow keys to select the Repair your computer menu item.Select US as the keyboard language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account an click Next.To enter System Recovery Options by using Windows installation disc:Insert the installation disc.Restart your computer.If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.Click Repair your computer.Select US as the keyboard language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account an... Read more

2 more replies
Relevance 54.94%

Hi, I'm Kattie. My problem is with my Dell netbook (Inspiron Mini 1012 I think) with Windows 7 Starter.

Honestly, I have no idea where to begin. A few months ago, I contracted a pretty terrible virus that pretty much wiped out my netbook and entirely thwarted any of my attempts at fixing it. I don't remember how at this point, but before it became completely inaccessible, I somehow figured out that it was the sirefef virus. I got a mini-scan to bring up sirefef.exe or something similar, I really don't remember at this point. But the symptoms seem to match other reports, so unless I can figure out otherwise, I think it's safe to assume that sirefef was the beginning of the problem.

Now, when this first happened, I found other people's methods for posting logs and getting fixes, and that was my initial plan for repair, but I just generally ended up procrastinating it, and now, I have a completely different problem and have no idea how to even begin to solve it.

I'm really not sure when this happened or if it's even the result of the virus at all (though I assume it is), but my netbook is now stuck in the most irritating reboot loop that I can just not seem to get out of. I'm really not sure what details to mention here, so it'd probably just be better to ask me specific questions, but I'll explain as well as I can for now.

I was having a reboot problem when first infected, but it had a lag of 60-90 seconds, which meant I could ac... Read more

Answer:Continual Reboot After Virus (Possibly Sirefef?)

I'll report this topic to appropriate helpers.
Hold on....

86 more replies
Relevance 54.94%

Hi Everyone

I have a Lenovo Laptop running Windows 7 Pro x64
It is infected with Sirefef
I have used FRST64 to get the txt files
They will be posted below
Please help right the fixlist.txt

Regards
Michael Tiemann
The IT Bunch

Answer:Sirefef Virus Computer Reboot 60 Secs

Scan result of Farbar Recovery Scan Tool Version: 25-07-2012 01
Ran by SYSTEM at 30-07-2012 19:08:08
Running from G:\
Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2741544 2011-04-07] (Synaptics Incorporated)
HKLM\...\Run: [Lenovo EE Boot Optimizer] C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe [114688 2011-11-17] (Lenovo)
HKLM\...\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [9753024 2011-11-17] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [5908928 2011-11-17] (Lenovo(beijing) Limited)
HKLM\...\Run: [IgfxTray] C:\windows\system32\igfxtray.exe [170264 2012-02-14] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\windows\system32\hkcmd.exe [398616 2012-02-14] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\windows\system32\igfxpers.exe [440600 2012-02-14] (Intel Corporation)
HKLM\...\Run: [nseapc] "C:\Windows\System32\rundll32.exe" "C:\Users\Scott.AAS\AppData\Roaming\nseapc.dll",Resize ... Read more

3 more replies
Relevance 54.94%

Hi,
 
I tried the search but couldn’t find any threads about Trojan:Win32/Sirefef.AB and Trojan:Win32/Sirefef.AN. I apologise in advance if this is not the place to post this.
 
I’m running an old Hp Pavilion using Windows XP. Yesterday my computer was attacked by a virus that disabled Microsoft Security Essentials, breaking the desktop shortcut and making it unusable. I found that using a trial version of hitmanPro that the virus disables and redirects Microsoft Security Essentials’s files. However because the trial period was over I was unable to repair it.  I performed a system restore in safe mode. The restore “failed” but it partially “fixed” Microsoft Security Essentials. Immediately after, I ran a quick scan using Malwarebytes in safe mode with networking. It found a vendor called Rootkit.0Access that it was unable to remove, even after a few repeated quick scans. I downloaded and attempted to use the the Malwarebytes Anti-Rootkit tool but was unable to get it to work. I then searched the internet about the file and found that TDSS Killer could help. After running TDSS Killer and restarting in normal mode it managed to fix the issue and Microsoft Security Essentials notified that the computer was infected and gave the option to clean. After cleaning it gave the option to restart the computer. After restarting it found and two files called Trojan:Win32/Sirefef.AB and Trojan:Win32/Sirefef.AN under the "All detecte... Read more

Answer:Trojan:Win32/Sirefef.AB and Trojan:Win32/Sirefef.AN files

Hello moe, please run these next. Try all from Normal mode unless you cannot run them, then use safe mode with networking.Please download Rkill by Grinler and save it to your desktop.Link 1Link 2Double-click on the Rkill desktop icon to run the tool.If using Vista, right-click on it and Run As Administrator.A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.If not, delete the file, then download and use the one provided in Link 2.If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.If the tool does not run from any of the links provided, please let me know....Run TDSS againDownload TDSSKiller and save it to your desktop.Extract (unzip) its contents to your desktop.Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.If an infected file is detected, the default action will be Cure, click on Continue.If a suspicious file is detected, the default action will be Skip, click on Continue.It may ask you to reboot the computer to complete the process. Click on Reboot Now.If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here....Last run ESET.Hold down Control and click o... Read more

4 more replies
Relevance 54.12%

Hello, my mother's laptop is infected with these startup viruses. I downloaded Malwarebytes, and The Cleaner to remove them, but upon startup, they keep coming back. I was hoping to remove them with The Cleaner, but they keep coming back.

Answer:Trojan.Small, Trojan.Sirefef, and Rootkit0.access Removal

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Please take note:If you have since resolved the original problem you were having, we would appreciate you letting us know. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
If you are unsure about any of these characteristics just post what you can and we will guide you.Please tell us if you have your original Windows CD/DVD available.If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply'... Read more

2 more replies
Relevance 54.12%

Please help!  I felt compelled to be a “good Samaritan” today, and advise a well-known UK Political Party that all the roadside advertising boards they had put up over the weekend in my village had been stolen during the night! Therefore with good intentions, I visited their website and on clicking to get their local contact details received an alert from Trend Micro that it had detected and quarantined the MAL_Xin12 virus
 
At the time I was remotely linked by my laptop (HP ProBook) to my desktop (Dell Vostro 460) as I’m not well so was working from my bed. An Adobe PDF exe then launched and knowing not to allow it to run I tried to shut this down using the X, but it simply wouldn’t work and just kept popping back up. So, i hauled myself out of bed and went to the Vostro and disconnected the remote link. I stopped the PDF process from Task Manager and shut the whole computer down then rebooted. On restarting my sound card was knocked out and then Windows Defender reported that it had detected and quarantined WIN32/Sirefef. There was no other suffix, just that.  I immediately telephoned the Political Party to advise them that their website was infecting their visitors and whilst doing this, Defender automatically removed the Sirefef. I then started scanning with SuperAntiSpyware and MBAM (which I use regularly) and googled both viruses as I was not familiar with either. I was horrified with what I learned.
 
SAS found nothing... Read more

Answer:MAL_Xin12, Win32/Sirefef, Trojan.0Access & Trojan.FakeMS

Hello WSKI would like to welcome you to the Malware Removal section of the forum.Around here they call me Gringo and I will be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this... Read more

30 more replies
Relevance 54.12%

Hi my name is Mike and I recently scanned my computer with mbam and found: Trojan.small, Trojan.Sirefef, Rootkit.0Access. I quickly deleted them after the scan, restarted and found my desktop icons moved around and my color scheme changed. I have not had any serious issues yet and would like to prevent any ASAP. My antivirus also popped up while I was scanning with mbam informing me of an infection. I have used p2p (utorrent) and this is likely the cause of it. The last time I used utorrent was about Tuesday so this is likely when it started. I have read the pinned post on p2p and how it can infect my computer and I have taken this into consideration. I have also noticed that while scanning with mbam in Safe Mode it does not find anything, but when in regular mode it does.

I have used TDSSKILLER, ccleaner, mbam so far...nothing. Mbam seems to find some files created by something else, which on deletion and restart, reappear.
At one point my buddy told me to download Microsoft Security Essentials. I did and ran a scan. The infection didn't like that and proceeded to bring up, "Windows has encountered a critical problem and will restart automatically in one minute. Please save your work now", then kept restarting. I tried many ways to figure out what was happening but then just decided to uninstall Microsoft Essentials and it stopped.

I followed steps 6-9 in the guide, attached my logs hope that helps.

I have Windows 7 Ultimate 32bit. Any help would be much ap... Read more

Answer:Infected w/ Trojan.small, Trojan.Sirefef, Rootkit.0Access

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At... Read more

22 more replies
Relevance 54.12%

Hi my name is Mike and I recently scanned my computer with mbam and found: Trojan.small, Trojan.Sirefef, Rootkit.0Access. I quickly deleted them after the scan, restarted and found my desktop icons moved around and my color scheme changed. I have not had any serious issues yet and would like to prevent any ASAP. My antivirus also popped up while I was scanning with mbam informing me of an infection. I have used p2p (utorrent) and this is likely the cause of it. The last time I used utorrent was about Tuesday so this is likely when it started. I have read the pinned post on p2p and how it can infect my computer and I have taken this into consideration. Any help from here on out would be much appreciated. I have also noticed that while scanning with mbam in Safe Mode it does not find anything, but when not in Safe Mode it does.

I have Windows 7 32bit Ultimate

used: Mbam, tdsskiller, ccleaner.

Thank you

-Mike

Answer:Infected w/ Trojan.small, Trojan.Sirefef, Rootkit.0Access

Please follow the instructions in ==>This Guide<== starting at Step 6. If you cannot complete a step, skip it and continue.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

7 more replies
Relevance 54.12%

Yesterday I ran Malwarebytes anti-malware and Microsoft Security essentials on my netbook(an eMachines eM25 Intel(R) Atom(TM) Cpu @1.6GHz, 32bit windows 7 starter).

While running MSE my computer slowed and a pop up appeared titled "You are about to be logged off" stating "Windows has encountered a critical problem and will restart automatically in one minute. Please save your work". My computer then restarted. It is stuck in this loop of restarting now and is only on for about 2 minutes each time. While it was on i hurried up and wrote down what problems malwarebytes and MSE found.

Malwarebytes
Rootkit.0access C:\\Windows\Installer\{1aeff516-31d-268-a0c7-502804609106}\n\U\[email protected]

Trojan.Zaccess HKCU\Software\Classes\CLSID\{42AEDC87-2188-441FD-B9A3-0C966FEABEC1}\INRROCSERV32

Microsoft Security Essentials
Trojan Win32\sirefef with multiple different ending like .R and .H

Any information would be extremely helpful.
 

Answer:Rootkit.0access, Trojan.zaccess, Trojan win32/sirefef

Please follow these instructions:

READ & RUN ME FIRST. Malware Removal Guide

If you can't stay booted up for any length of time, try working in safe mode.
 

14 more replies
Relevance 53.71%

Hi,

I was hit by Live Security Platinum. I managed to uninstall it manually, but then my PC started rebooting after one minute. I solved that with Windows Defender Offline, and cleaned up Sirefef with Malwarebytes. Malwarebytes and MSE says that I'm clean, but I cannot start Windows Firewall or Windows Updates.

I got various error messages when trying to start WF, so I installed ZoneAlarm's firewall. WF is listed in Services, but when I try to start it, it says Windows could not start the Windows Firewall on Local Computer.(Edit: I followed the suggestions from http://social.technet.microsoft.com/Forums/en/w7itprosecurity/thread/5366225a-46e7-4d6c-a389-8bd18a5c3aad and it works now!)

When I try to run Windows Update it says that Windows could not search for new updates with a 80244018 error. But when I try to search from Microsoft Updates it finds 18 updates. However, when I try to install them, they all fail and it says Some updates were not installed with a 80246008 error. (Edit: I stopped the service and renamed Windows\SoftwareDistribution. I am now able to update from MS Updates, but not from sys admin.)

I'm running Win7-64. I'm in the process of moving, so I don't have my Win7 DVD, but I have the files on my backup drive, so maybe I can make a bootable DVD or USB.

I delete old restore points with CCcleaner, but always keep one. But now I don't see any, so maybe Sirefef delete that one, too?

Here is DDS.txt. I wasn't abl... Read more

Answer:Cleaned Sirefef and auto reboot, but can't start firewall and updates

Hi,

I've managed to sort out most of my problems. The remaining Windows Updates problem was actually caused by some old registry entries from when I once joined a domain.

But when I had solved that, I realized that I couldn't start the Security Center from the Action Center. But http://windowsxp.mvps.org/helpsvcfix.htm fixed that.

So now everything SEEMS to work and be clean, but I would be grateful if you could please take a quick look at the log file to see if there's anything.that looks like a leftover from the Trojan.

Thanks!

3 more replies
Relevance 53.71%

Hey guys, I got this virus somehow. rarely happens. I tried running combofix and it says "the subsytem needed to support the image type is not present." I have tried everything I can. I am attaching the FRST logs. I would GREATLY appreciate some help on this. I cant get it to stop rebooting. Ive done alot of stuff with F8. tried recovery cd's I made specifically for this kind of thing and those dont even work. FAIL on MS part. so I have to rely on other sources. and you guys have never failed. me. Again my up most gratitude if you would look into these logs and see if something can be fixed.

Thank you so much.
Regards Dean.

Typing on a laptop. not easy.
 

Answer:Virus:win64/sirefef.B + Firewall Disabled + Constant Reboot. Cannot fix.

I think I fixed it I really have no idea how. but its not rebooting anymore. My firewall is back. I ran combofix after the PC would stay on. Running MS Safety scanner which found the virus's in the 1st place. I am just happy I can back up files at least. A combo of this site and others helped me. I wish I had more info for others. persistance on trying different stuff.

I hope this thread can be closed. Waiting for final scan.

fixed
 

2 more replies
Relevance 53.71%

I started having a problem with one of my computers this morning.
What looked like the Adobe Updater came up already downloading, and now the computer restarts by itself after about 2 minutes.
Security Essentials says it's Win64\sirefef.P, but the computer restarts before I can do anything, or before any programs can get rid of it.

I've ran the recommended programs, but the computer restarts before most of them can finish.

Here are the files from the programs that have finished or nearly finished.

Thanks in advance for any help.
 

Answer:Malware causing system to reboot? Possibly Win64\sirefef.P

Found out how to properly run FRST64, the correct log is attached.
 

2 more replies
Relevance 53.71%

I have the following recurring malware, according to Avira AntiVir. I attached the gmer log as per the prep guide. Running DDS hangs the whole computer. I'm using WinXP Home.
Could you help to fix this issue? Thanks!

Virus or unwanted program 'BDS/ZAccess.V [backdoor]'
detected in file 'C:\WINDOWS\Installer\{a0afe051-a965-fa01-755d-d36c15b0d64e}\U\[email protected]

Virus or unwanted program 'TR/ATRAPS.Gen2 [trojan]'
detected in file 'C:\WINDOWS\Installer\{a0afe051-a965-fa01-755d-d36c15b0d64e}\U\[email protected]

Virus or unwanted program 'TR/ATRAPS.Gen [trojan]'
detected in file 'C:\WINDOWS\Installer\{a0afe051-a965-fa01-755d-d36c15b0d64e}\U\[email protected]

Virus or unwanted program 'TR/Sirefef.P.389 [trojan]'
detected in file 'C:\WINDOWS\Installer\{a0afe051-a965-fa01-755d-d36c15b0d64e}\n

Virus or unwanted program 'TR/Sirefef.P.389 [trojan]'
detected in file 'C:\Documents and Settings\LIQUID\Local Settings\Application Data\{a0afe051-a965-fa01-755d-d36c15b0d64e}\n

Virus or unwanted program 'TR/Winwebsec.A.3416 [trojan]'
detected in file 'C:\System Volume Information\_restore{00A0FBA4-8A7B-4558-BAF6-C51A17F285BD}\RP347\A0040155.exe

Answer:[email protected] BDS/ZAccess.V, [email protected] TR/ATRAPS.Gen2.Trojan, [email protected] TR/ATRAPS.Gen.Trojan, n TR/Sirefef.P.389 Trojan

Hi,

Have you been able to take a look at this? I don't think gmer found any malware from what I've been able to discern. Looks like it just found the Spybot Resident hooks.

I saw other posts with similar threats, where they used ComboFix, TDSSKiller, aswMBR. Should I try these tools first?

20 more replies
Relevance 53.3%

I've had problem with TrojanOS/Alureon.E for some time now, microsoft security essentials keeps showing up and can't seem to remove it. Also had trojan:win32/sirefef for some time with the same problem as Alureon.E, but it's just gone for now, at least it doesn't show in microsoft security essentials anymore. Is this anything you could help me with?

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 06:08:36, on 2012-11-18
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16455)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Users\Marcus\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Users\Marcus\AppData\Roaming\Spotify\spotify.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Marcus\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://se.msn.com/?ocid=OIE9MSE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h... Read more

Answer:PC slow, Trojan:DOS/Alureon.E possible trojan:win32/sirefef

16 more replies
Relevance 53.3%

Hi guys,
 
I'm way in over my head here. I accidentally unleashed some foul demon on my computer. By being an idiot most likely. I can't reenable my firewall and f-secure keeps finding new vira with the names indicated in the title. Is anyone able to help me out? Anything would be immensely appreciated.
 
Best wishes,
Ragian
 
dds
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16720  BrowserJavaVersion: 10.45.2
Run by Rasmus at 13:39:51 on 2013-11-17
.
============== Running Processes ================
.
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files (x86)\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files (x86)\F-Secure\Common\FSMA32.EXE
C:\Program Files (x86)\F-Secure\Common\FSHDLL32.EXE
C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files (x86)\F-Secure\ORSP Client\fsorsp.exe
C:\Program Files (x86)\F-Secure\Common\FNRB32.EXE
C:\Program Files (x86)\F-Secure\Common\FIH32.EXE
C:\Program Files (x86)\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files (x86)\F-Secure\Anti-Virus\fsav32.exe
C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
C:\Program Files (x86)\Outlook on the Desktop\OutlookDesktop.exe
C:\Users\Rasmus\AppData\Roaming\Spotify\... Read more

Answer:heur.trojan.sirefef & trojan.generic.9819927

Hello Ragian I would like to welcome you to the Malware Removal section of the forum.Around here they call me Gringo and I will be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", ... Read more

22 more replies
Relevance 53.3%

I got a nasty rootkit a few days ago, showed up as sirefef.xx , there was multiple. That was with mse. Another one showed up when i scanned with mbam called trojan.dropper.bcminer, plus one or 2 others. I read up on sirefef right when i was first redirected on ie, then shut off my internet when i learned what it was. Been off for a few days. Did a few things to try and rid myself of it from what i read, now it doesn't show up but i know it leaves some things behind the scenes. Plus i can't reenable windows firewall, and a message pops up every time i restart windows saying c:\users\mika\appdata\roaming\hfgob.dll could not be found.

So theres still some residual crap.

I read through the guidelines and did the malware removal guide. This is the last thing i did before i had that message still coming up and checked windows firewall. So i'm looking for some assistance, it would be greatly appreciated..

--------

Shit, i thought i attached the logs. I'm not sure what to do if this mistake happens, i'll wait for a reply.
--------
Ok, i figured it out, but the hitmanpro.xml can't upload for some reason, is it suppost to be in notepad?
 

Answer:sirefef, trojan.dropper.bcminer, trojan.agent

Please download ComboFix to your desktop and run it. Do not do anything while it runs. Attach the log when it is finished.
 

10 more replies
Relevance 52.89%

I used to think that I knew quite a bit about how to properly maintain a healthy computer. But that was until my laptop became infested with these trojans and whatever else they are. It started out with a couple notifications from my AVG and this was not out of the ordinary. My internet started acting up and booting me offline every 30 minutes or so. Then the websites that I was trying to look at were "redirected" to http://bts.scour.com/index.html?3. I thought I'd be smart and block bts.scour.com in my Internet Options but it simply chose another route. So I blocked that site. Then it sent in another reroute site. These sites remind me of popups or those annoying "scan your computer for faster service" sites. Y'know the ones that would entice you to scan your computer and make you believe there was something wrong with your computer, but there wasn't.(that is until you scanned with their program and it would take control of your computer at the worst of times.) The Trojan Horse Back Door Generic 15 made its entrance right after the "bt.scour" did. AVG 's only option was to ignore it, but I still wasnt worried.Everytime I blocked at redirect, the more intense the attack on my computer became. I gradually lost control of my computer. When I thought I should check Windows firewall, it was to late for any security measures. It was turned off and when I tried to turn it back on, it would give me an error(0x8000ffff). It wou... Read more

Answer:HELP!! UNINVITED GUESTS: Lune.Sirefef.A,Trojan horse Patched_C.LYU, Trojan horse Generic_r,Trojan horse Back Door Gener...

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the ... Read more

13 more replies
Relevance 52.48%

A few days ago I started having issues with Google redirecting me to random ad websites, as well as Flash Player update popups. I updated my Microsoft Security Essentials, and since then it has been warning me with the presence of the file names in the topic title, and giving me the option to remove them. I select the removal option and everything is fine for a time but then MSE pops up again warning me of the same files. Anything you could do to help me get rid of these is greatly appreciated.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_25
Run by Dave at 14:15:54 on 2012-04-03
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.4031.2141 [GMT 10:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\... Read more

Answer:Infected With Alureon.FP, Sirefef.B, Sirefef.W, Sirefef.AB & Sirefef.J

Download aswMBR ( 511KB ) to your desktop.Double click the aswMBR.exe icon to run itIf you can have an open Internet connection, allow it to download the latest Avast engine detections.If avast! antivirus is already installed, just do the next step.Click the Scan button to start the scanOn completion of the scan, click the save log button, save it to your desktop and post it in your next reply.In addition, aswMBR will produce a copy of the boot sector, MBR.dat, on your desktop. Attach this file to a reply.

3 more replies
Relevance 52.48%

My security alert says I have these four viruses and all attempts to clean them using microsoft forefront client security have failed. Besides, the computer shuts down every couple of minutes. Please help, I am frustrated.

Answer:Please help me rid my laptop of win32/sirefef.an, sirefef, sirefef.ao, and sirefef.ag

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At... Read more

23 more replies
Relevance 52.48%

Yesterday we had a Windows XP Antivirus Pro 2012 issue. I was using AVG Free and everything was locking up. Installed Bitdefender 2012 and that seemed to take care of the Windows XP Antivirus Pro problem but now Bitdefender keeps finding these two trojans in the C:\RECYCLERS folder. I've had these two alerts come up three times today and each time Bitdefender says it deletes them. After doing some research on the Sirefef.MC trojan, it looks like I need some serious help. Below are the logs.
I'm not sure why a lot of the backslashes are showing up as \. They look normal in the text file.
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24
Run by Owner at 0:33:21 on 2012-12-13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.302 [GMT -7:00]
.
AV: Bitdefender Antivirus *Enabled/Updated* {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
FW: Bitdefender Firewall *Enabled*
.
============== Running Processes ================
.
C:\Program Files\Bitdefender\Bitdefender 2012\vsserv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
C:\WINDOWS\System32\spool\DRIVERS\... Read more

Answer:Trojan.Sirefef.MC and Trojan.Generic.8305353

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your malware problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the top o... Read more

18 more replies
Relevance 52.48%

Eset identifies the following threat:
Object: C:\WINDOWS\SYSTEM32\SERVICES.EXE
Threat: Win64/Patched.B.Gen trojan

I've tried Malware Bytes a few times and it identifies Rootkit.0Access but even after rebooting the problem returns.

Eset has also flagged the sirefef.al trojan.

Please note I'm corresponding with you on a different computer, but I have network access to the infected computer and am able to copy log files and software tools back and forth. Your help is greatly appreciated!

The DDS.txt log is here:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Owner at 13:20:06 on 2012-07-24
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8191.6250 [GMT -7:00]
.
AV: ESET NOD32 Antivirus 5.0 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 5.0 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvc... Read more

Answer:Patched.B.Gen trojan & sirefef.al trojan infection

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At... Read more

18 more replies
Relevance 52.48%

Good morning and thank you for what you do.

On May 6th my laptop was hit with SMART HDD. I went straight to the "Am I Infected" forum, posted the problem and followed the "Remove SmartHDD Uninstall Guide" with the help of a BC Advisor. It seemed ok for a few days and I got most of my icons back.

On May 16th Microsoft Security Essentials popped up a notice saying it wasn't turned on. Absolutely couldn't get it to start without uninstalling and re-installing it. On install it ran a scan and found no threats, but later found & quarantined Trojan:Win32/Sirefef.AG and Trojan:Win32/Sirefef.I At the same time, the Windows Firewall became disabled and would not be turned on. I returned to the forum with my original BC Advisor and ran TDSSkiller and GMER and posted the log report. When I had internet connection MSE would quarantine Trojan:Win32/Sirefef.I and Trojan:Win32/Sirefef.AG at a rate of one every two minutes. The screen also said Recommended Action: Remove this software immediately. Items: file:C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U\[email protected] and file:C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U\[email protected] I hit "remove all" every time it appeared. BC Advisor responded "That?s a new variant of zero access" "We need advanced tools" and told me to read the preparation guide and post a topic here.

I have followed ... Read more

Answer:Infected: New Variant of Zero Access, Sirefef.AG,Sirefef.I,Sirefef.P

Hi,

Do you have an empty USB flash drive?
We can try an alternative method.

Regards,
Georgi

more replies
Relevance 50.84%
Question: Os Reboot Loop

I have a Dell 8400 using XP Professional that constantly reboots, even when I select
to reboot in safe mode. Previously, I was trying to uninstall Kasperksy v8.0 Beta
Internet Security.

When I try to repair the OS using the Boot Disk, I get the Blue Screen of Death, when
using CHKDSK /R.

Any suggestions to get back into windows?

Answer:Os Reboot Loop

Error message on the BSOD?How To Disable Automatic Reboot Option - http://www.datapath.co.uk/how%20to%204.htm How To Disable Automatic Reboot Option - http://www.datapath.co.uk/how%20to%204.htm Louis

1 more replies
Relevance 50.84%

After running a Java update my PC was infected with XP SECURITY ALERT, scanned hdd with A-Squared Free and quarantined infections found, restarted so I could run a Malwarebytes AntiMalware scan but pc rebooted at Windows XP screen. Tried booting to Safe Mode but pc just restarts after loading MUP.SYS - there is no BSOD.PC is now stuck in the reboot loop - I "disabled auto-restart on system failure" and got BSOD with following error: " *** STOP: 0X0000007E (0XC0000005, 0XB7BD5980, 0XB84C3528, 0XB84C3224) *** SNAPMAN.SYS - Address B7BD5980 base at B7BBD000, DateStamp 45265dbe "Pulled drive from PC, attached to laptop and ran MAM scan which found nothing. I'm not running McAfee either, so it's not that particular problem.After several hours of Google searching I tried a repair install (files & settings on hdd are needed), installation deleted the std set of files and reinstalled new ones, saved the settings and rebooted to continue installation, BUT on restart XP returns to reboot loop!Getting a little frantic now, I work freelance and need the PC up and running as soon as poss. I have a spare hdd but I don't really want to have to go through the pain and time of a clean install.Before anyone suggests it, PC is backed up regularly with Acronis True Image 9, but when trying a Restore via Acronis Ulitmate BootCD I get "Archive is corrupt" error!!!!PC is a Dell Dimension E521 running XP Pro (SP3) with a 400gb s... Read more

Answer:XP Pro SP3 reboot loop

Hi, Dogspods Lets give this a try. You will need a flash drive to move information from the sick computer to a working computer. It is the only way we can see the progress of our actions. Save these instructions in your flash drive as a text file (use notepad) so you can have access to these while in an external environment (PE).Here is what you need to do.Two programs to downloadFirst Download ISOBurner. Click Here for ISOBurner Instructions. Install the program, and follow the next set of steps. SecondDownload OTLPE.iso and burn to a CD using ISO Burner. NOTE: This file is 276.7MB in size so it may take some time to download.When downloaded double click and this will then open ISOBurner to burn the file to CDBoot the Non working computer using the boot CD you just created.In order to do so, the computer must be set to boot from the CD firstNote : For information click hereYour system should now display a REATOGO-X-PE desktop.Double-click on the OTLPE icon.When asked "Do you wish to load the remote registry", select YesWhen asked "Do you wish to load remote user profile(s) for scanning", select YesEnsure the box "Automatically Load All Remaining Users" is checked and press OKOTL should now start. Change the following settingsChange Drivers to AllChange Standart Registry to AllUnder the Custom Scan box paste this in/md5starteventlog.dllscecli.dllnetlogon.dllcngaudit.dllsceclt.dllntelogon.dlllogevent.dlliaStor.sysnvstor.sysatapi.sysIdeChnDr.sy... Read more

2 more replies
Relevance 50.84%
Question: Reboot Loop

I recently reformatted both of my HDD and reinstalled two different partitions on one drive, one for school (required anti-virus, Clean Access, yada yada) and one for home use that I tweak and game with. I use Windows XP Pro on both partitions.

Just last week I got a very strange error. When I restart my computer, it will restart loop. That is, it loads the default partition (the school one) and when it hits the "Welcome" screen it pauses for an abnormally long time, about 10 seconds longer than the "Welcome" screen is normally up, does not play the Windows startup theme, and then restarts. The screen goes flat black for a few seconds right before it does. It isn't a projected black, but the screen actually turns off. I also hear my entire system reboot (peripherals restarting and what not). Most of my system lights on my computer stay on during the transition from "Welcome" screen to reboot (ie. Power/power plug/HDD LEDs).

This loop can continue for more than an hour, BUT on a rare occasion it does actually boot and load. I have done several chkdsks, I have scanned with AVG and Ad-Aware, and I have cleaned up all of my temp/cache folders as well as Defragging the HDD. I am all out of ideas. Fortunately the home use partition of XP has started working just fine at school without all the required bells and whistles.

I'm getting Linux installed on a third partition tonight just for fun and if I can find a way to play World of Warcraft ... Read more

Answer:Reboot Loop

Could be a driver error, but my bet's on faulty memory. Get a Linux boot CD and run memtest for a few hours.
 

8 more replies
Relevance 50.84%
Question: reboot loop

Hi, I'm running win7 64 on a quad core with 8 gig of ram.
on booting my system the windows logo starts to animate, it gets to the point where the four colors are about to join together and then the system reboots. I've run repair, it told me it could not automatically repair startup. i've looked at the error log, it reads as follows:

Problem signature:
Problem Event Name: StartupRepairOffline
Problem Signature 01: 6.1.7600.16385
Problem Signature 02: 6.1.7600.16385
Problem Signature 03: unknown
Problem Signature 04: 0
Problem Signature 05: AutoFailover
Problem Signature 06: 1
Problem Signature 07: BadDriver
OS Version: 6.1.7600.2.0.0.256.1
Locale ID: 1033
I've tried sfc /scannow
I've tried rebuilding the mbr and bcd

cannot get in to windows in safe mode.
I've reset the bios to defaults.
I've run a ram test.

anyone any ideas?
Cheers.

Answer:reboot loop

Hi sled



   Note
You will need a USB flash drive
Farbar Tool

Download Farbar Recovery Scan Tool from below on a non infected PC
For 32-bit (x86) systems
Farbar Recovery Scan Tool and save it to a flash drive.
For 64-bit (x64) systems
Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
Restart the computer.
As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
Use the arrow keys to select the Repair your computer menu item.
Select US as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
Insert the installation disc.
Restart your computer.
If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
Click Repair your computer.
Select US as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair

System Restore

Windows Complete PC Restore

Windows Memory Diagnostic Tool

Command Prompt

Select... Read more

1 more replies
Relevance 50.84%
Question: Reboot loop, help

Alright, so my pc has been on the fritz since last August, when I woke up and found my desktop stuck in a reboot loop. Since then, I've been trying everything under the sun to fix the issue except a repair shop, because I really don't want to have to pay for it if I don't need to. Every time I try to run a repair or start it in safe mode, it just freezes up. When the repair actually decides to start, it's cut off by the reboot loop. When I try to reboot it with a disc, it gives me a blue screen with suggestions that didn't work. I don't know much about tech, and I really didn't know where else to go. The pc is an ibuypower running on Windows 7. If you need any more info, just ask.

Answer:Reboot loop, help

Hi there,We will need more advanced tools than what we can use here to fix this issue.Please follow the instructions in ==>This Guide<== starting at Step 6. If you cannot complete a step, skip it and continue.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.Regards,Alex

5 more replies
Relevance 50.84%
Question: Reboot loop

Hi there, i recently installed AVG free anti-virus, and soon after i installed it, i got a message saying something like "trojan alert, in c:\windows\system32\winlogon.exe" so i clicked move to vault and it sid i have to reboot so i did... once it came to the boot screen, my comp froze then flashes the BSOD and restarts. Then i tried a repair install with the win xp cd ... but now after i reboot it says setup is being restarted... then flashes the BSOD and restarts.

When i try booting into safe mode i get a dialogue box saying something like "windows setup cannot continue in safe mode" so im stuck here. I also tried copying winlogon.exe off of the cd using recovery console but to no avail.

Any help would be appreciated, Thnx
 

More replies
Relevance 50.84%
Question: Reboot loop?

So I booted up my PC today and every single time it would get past the windows loading screen, a BSOD would flash on the screen for a split second and reboot. I tried booting into safe mode and that would not work either.

The next step I figured would be to format and do a clean install, but here's the thing... Windows didn't even recognize my partition! It has my other 2 HDDs but not my Windows 7 partition. The HDD in question shows up in BIOS, but not in Windows. So, should I just get a new HDD?

EDIT: Forgot to mention, but Startup Repair didn't help either, as it just hung/froze.

Answer:Reboot loop?

At first you try Startup Repair .

If you dont have the windows 7 installation disk, download Windows 7 System Recovery Disk to run it .

Post back the results .

3 more replies
Relevance 50.84%

So today I decided my PC was running to slow and I had to much trash on my PC. Gave me the idea to start over and only install the programs in currently using and so forth and yada yada. I reset it with the built in Windows 10 tool. I wanted everything gone so J choose that option and I choose the next option for keeping it and not recycling it. And goes on its way. Did the same thing from when I got the upgrade. The while it was installing either the dog or the cat stepped on the power strip... I fixed the power problem and turned back on the power to the PC. Then I started getting the white box error and it kept restarting. So I found one of the many shift 10 vids to change the file from 1 to 3. Then now it restarts and goes to 64% and restarts endlessly. I'm so lost and I very much need my computer for school and for work. Please someone help me or link me somewhere I can get help. I believe if I'm fast enough I can I can access the bios. It just loads so fast.
 

More replies
Relevance 50.84%
Question: Reboot Loop

Hey all, having an issue with my comp. First I ran into the nice Windows/System32/Config/System file missing or corrupt error. No clue what caused it and got tired of trying to fix it as it was the second time it has happened in the last few months. So I reloaded Windows XP on the comp.

It came up fine, found the folder after it came up with my important docs in it. Downloaded AVG and SuperAntiSpyware which I normally run. It ran fine last night, today I restarted the comp, and now it is caught into a reboot loop. It doesn't matter if I do it in Normal, last good config, or safe mode, the results are the same. Windows splash screen comes up, then it reboots.

Would love to drop Vista on it since my new laptop came with it (least I could try a whole new set of problems), but apparently it has this "Restore your system without discs" thing on the laptop. Cause I guess they assume I trust Microsoft so much that I don't need a physical disk. So no clue how to get the software off there and on to my desktop. Last I knew you could use the same windows software on one laptop and one desktop.

Anyway any help to get this machine up and running again would be grateful.
 

Answer:Reboot Loop

You can run one copy of Windows if you have one license for it. I don't know of any provision that has ever said you can run it on one desktop and one laptop.

Since you must have an XP install disc try booting with that CD and doing a Repair installation. Reboot loops are generally due to corrupt system files, but malware can cause it in some cases.
 

1 more replies
Relevance 50.84%
Question: Win 2K reboot loop

So one of the computers here at work got a virus. Big deal. Went down the list of the repair and delete. OK fine. Please restart your computer. OK. Now that's all it does. It has Win2000 on it. I get the 2K splash screen, and a very fast blue background, then reboot. Same issue with safe mode. It starts to load drivers, gets to one that says c:\system32\drivers\agp400.sys, pauses for a few seconds, then the blue background flash, then reboot. Stops at the same place every time. This computer hasn't had any hardware changes. Ever. It has current MS patches and current virus updates. I thought maybe bad RAM, memtest won't run on the thing. I changed the boot order and it still bypasses the floppy. Cleared the CMOS, changed the RAM with a stick I know is good. Same results. This is weird because it worked fine this morning, then poof. It IS connected to the internet, but the only users on it are me and one other person. It rarely if ever visits a web site except for updates. It's a Compaq 800Mhz, 256 MB RAM. It is used only to connect to our AS 400. But without it, we are screwed if there is a problem with the 400. So, any ideas? Formatting is a problem. It NEEDS to be done and upped to XP, but we would need corporate approval and also other software that they don't allow us here to install. Fun huh?

Edit: We don't have a copy of Win2K here to do a repair install either. I have one of my own, but will it accept it since it would have a different CD key?

Answer:Win 2K reboot loop

Yea you have alot of problems

Usually here where I am, we just restore the workstation back to a good state using Ghost. As we already have the image and all necessary application install so a virus recovery make's it easier. Might just be hardware related to. Why would it be bypassing the floppy, unless the floppy is dead also or part of the motherboard.

4 more replies
Relevance 50.84%
Question: Reboot da Loop

My friends computer (which I have been tasked with fixing) is stuck in a reboot loop. Right after the Windows splash screen it just starts all over again. Safe mode get stuck on the agp440 driver. I have tried every option under F8 with no success. I have went into the recovery console and rebuilt the boot sector/MBR and about every other option it allows. I have even tried Microsofts answer (875350), although i now know this pc is not on sp2. I am getting ready to do a repair install and as a last ditch effort i thought i would check here for any ideas. As far as what started the issue, I have no clue, my friend says she thinks she caught a virus. Don't even know what leads her to that suspicion.
Suggestions???
 

Answer:Reboot da Loop

I had this problem on a Dell(Whic I Hate). But unfouruatly for you i cnat help you because the computer had nothing on it so i just reinstalled the OS. but try recovery console. It is a very powerful tool
 

3 more replies
Relevance 50.84%
Question: Help: Reboot loop

Need some help, computer stuck in reboot loop. Obviously when I 'disable automatic restart on sys failure' it doesn't reboot, I get the blue screen tell me about system failure, and identifies the file "ntfs.sys" in C:\WINDOWS\system32\drivers as the problem.

Not sure if it means anything but two other files dvkpo.sys and aec.sys in the same system32\drivers folder appear to have been modified at around the time of the first system failure.

I'm able to get in using safe mode and have been trying a few things from various forums but so far no luck. I may have had a virus at the time of the first system failure, have since run malwarebytes and AVG found some infections and got rid of them.

Running chkdsk has not helped

Disabling some startup items by running msconfig hasn't yet helped

Disabling drivers for nvidia screen hasn't

Next step I'm planning is either to clean and change over some hard drive ports or to repair or restore windows with the XP disk. Probably like this: http://www.computerhope.com/issues/ch000876.htm. Is it advisable to back up files before doing this? (i understand it's always good to back up, but i'm wondering if there is a specific threat)

Obviously I don't understand a lot of what I'm talking about, just wondering if anyone out there far smarter than me has any advise.

Thanks
 

Answer:Help: Reboot loop

hi yes its adviseable to back up your files which you can do from safe mode, clearly you do understand a lot about what you are doing, dont put yourself down!
a repair installation should do the trick, there is a possibility that the file has been bllocked by your anti spy, maybe a flse positive so I would turn off/tempory your anti spy suite before you do the repair
http://www.michaelstevenstech.com/XPrepairinstall.htm
http://www.online-tech-tips.com/com...ssing-or-corrupt-ntfssys-error-in-windows-xp/
 

1 more replies
Relevance 50.84%
Question: reboot loop

I am working on my daughters laptop. Dell Inspiron 5160 with Windos XP. Not sure of what SP is installed. It all of a sudden started to reboot continuously. I can not get into safemode, boot menu, nothing. I have tried to put in Dell restore CD to try repair but wont see CD drive either. Was goingto take out cmos and put back but as of yet havent found Cmos Batt. I removed the hard drive but still same problem. I cant get to anything to make any kind of repair. Any thoughts would be appreciated.

Bruce
 

Answer:reboot loop

12 more replies
Relevance 50.84%
Question: reboot loop

I'm stuck in an endless shut-down followed by begin to re-boot; shut-down, begin to reboot; etc loop.

Last time this happened I tried system restore TWICE and went all the way back until just after XP installation.
Still no better.

I can get into safe mode, but other than doing a system restore, I don't know what to do.

Nothing is connected except a ps2 keyboard
and a ps2 mouse.
No sound,
No internet cable to the DSL modem.

The last time I rebooted successfully,
everything seemed alright except my internet connection was gone
(on that computer only - not on this other one that is ethernet-cabled to the same DSL modem.

You're going to ask me what I installed that caused this problem.
Answer: Not much!
I was downloading and installing add-ons to a simulation that writes NOTHING to the registry.
That program has run fine on this computer and others of mine - for years.

I have not even installed the new video card yet.

There is nothing on this computer but
adobe,
flash player;
IE7,
usb keyboard (currently unplugged);
Norton Internet Security;
Firefox (been running fine);
an image viewing program
I have used on this and other computers for years,
(VuePro77).
(I just uninstalled that just to see if it helps and will try rebooting before posting this).


and the files installed after the last successful reboot, while trying to regain my internet connection;
which include Microsoft NET FRAMEWORK 2.0
(installed by the DSL modem pro... Read more

Answer:reboot loop

You keep saying ,"After Sp3", so don't install Sp3.

11 more replies
Relevance 50.84%
Question: Reboot Loop

I have a machine running Windows XP pro that, after a power outage, is in a reboot loop. I can get to the screen that lets me choose Safe mode etc, but it will not boot into any mode. I have checked the hardware and it seems to be fine. HELP!
Thanks.
R
 

More replies
Relevance 50.84%
Question: Reboot loop

Ive recently reset my windows and now when i try and start my pc it just keeps loading, black screen, loading, black screen and as long as I have it on it keeps doing this. Please help
 

Answer:Reboot loop

How did you do this reset?
 

2 more replies
Relevance 50.84%

I'm running an IBM with XP Pro and an intel p4 processor. My system had locked up during the day and on reboot it goes into a page about experiencing a problem and would I like to
start in safe mode
safe mode with network
safe with command

Last known good
Start normal

Any one just sets it back into a loop to this same page. I've pressed F8 during this session and when I 'disable auto restart' a message stating
"un mountable boot volume"
0x000000ed
0x83771900
0x0000009c
message comes up on the blue screen

Any help is obviously appreiciated

Thx

T

Answer:Help with reboot loop????

Hello knightxv,

Here are some steps that you can try to correct your problem.

http://www.pchell.com/support/unmoun...otvolume.shtml

http://support.microsoft.com/kb/555302

8 more replies
Relevance 50.84%
Question: reboot loop

Sorry if this has been discussed already but I could not find an answer to my problem.

I have a desktop with xp pro sp3 and it keeps rebooting after displaying the windows XP screen for a few minutes ( it never reaches the welcome screen).

It does not let me choose to start in safe mode or any other mode.....I am not even able to move the cursor or ''highlighter'' up or down----the same goes for, after hitting F8, the advanced options....i cannot select anything.

When I am in the BIOS, I have no restrictions as far as selecting stuff and/or using my keyboard.

I already tried to boot from my set up cd, but nothing. When it asks me to press any key to boot from Cd, it does nothing...it does not accept any key that I am pressing.

I am lost at this point...is there anything that I can do? I mean, it doesn't even let me boot from a CD.....how would I even be able to reinstall or repair?? Any help is appreciated

Answer:reboot loop

If you have PS/2 ports on the back, try using a PS/2 keyboard. If not try a different USB keyboard and try it in the back USB port of the comptuer.
Boot off of the Windows Disc Or download the Recovery Console ISO. Burn it to CD with IMGBurn Boot off of the newly created CD and get to the Recovery Console. Here type chkdsk /R and press enter. The Check Disk utility will try and fix any file errors.
You can also download the ISO image for Drive Fitness Test in my signature and burn the image to a CD using IMGBurn and boot off of the newly created CD and run the short and extended tests on the HDD to test the integrity of the drive.

7 more replies
Relevance 50.84%
Question: Reboot Loop

Every once in awhile my computer would just reboot for no reason. Sometimes once a day, sometimes more or sometimes not at all.

I checked and my cpu fan was dirty so I cleaned it (with air) and when I turned it back on my C drive was no longer available, only the secondary storage drive (no OS). I took out the C drive and put it in another computer and it was showing as not formatted. I put it back and reformatted.

I downloaded the drivers etc and everything was fine until I plugged in the secondary storage drive. Within 2 minutes the computer started a reboot loop. I unplugged the storage drive but it is still doing it. I can't get the computer to come on at all now it's in a constant reboot loop.

I'm not sure what this could be. The fans all seem to be working ok. I reset the bios to the default values before this happened.....could it be that? I'm not sure what to try next.

Thanks.

Windows 2000
1024 RAM
 

Answer:Reboot Loop

This page will give you all of the information you need for any type of installation with Windows 2000

http://www.windows2000.windowsreinstall.com/
 

1 more replies
Relevance 50.84%
Question: Reboot Loop

Some executable file was launch and it shutdown my computer and now it reboots constantly. I tried going into safe mode and it tries to load the .sys files but then reboots. I put the infected drive into another computer and tried to boot it from there to check if the power supply was at fault but it constantly rebooted in my uninfected pc. Any suggestions?

Answer:Reboot Loop

If you think that the drive contains an infection...installing it as the boot drive was a mistake.

In any case, you cannot expect a boot drive from System A...to work on System B, the drivers and settings are completely different.

I suggest attaching it as a secondary drive...and then running appropriate AV and Malwarebytes on the drive, to reduce/refute the threat of infection.

After that, I would run the chkdsk /r command on that drive, from the 2d system, with the drive still attached as a secondary drive.

Louis

3 more replies
Relevance 50.84%
Question: Reboot loop

I was trying to get my sister's computer running. It is the worst case I have ever seen. It was giving me pop-ups trying to open control panel. It will not let me run Spybot, Malwarbytes anti malware. Folder options are gone from control panel, among other things. I tried a to run these programs. Went into safe mode.....would not let me run them there. I downloaded CCleaner in safe mode and ran the cleaner.(not registry cleaner) Now it's stuck in a reboot loop. What can I do to get it back to at least booting? Any help would be great. Never seen this before.

This is XP media center edition

When I first got there it was popping up "my documents" from a user who didn't even use the computer about every 5 minutes.

Answer:Reboot loop

That sound pretty bad. I don't know exactly what you have but I often use HiJackthis to solve odd virus/security breaches on pcs.

And if your not able to boot at LEAST into safe mode:

1-looks like you'll have to scan it with another computer.

or

2-backup the important information and re-install

4 more replies
Relevance 50.84%
Question: XP Reboot loop.

My friend's windows XP was running very slowly so I stripped it back of all unneccessary programs and reloaded the XP software from a legal disk.
It seemed to be working until it shut itself down and is now stuck on a loop I can't get anywhere near the desktop but can get into the bios. I have tried reseting the computer from there but it continues on the loop automatically reseting what I have done. The CD has worked before so I don't think it was that which caused the fault. Any ideas on how to fix the problem will be greatly appreciated.
 

More replies
Relevance 50.84%
Question: Reboot loop!

Hi guys!

Got a new acer aspire wsmi 9302 on friday, and today it went into a seemingly endless reboot loop. I do get it to boot all the way into windows, but after a short while (seconds) I get this warning message:

"The system i shutting down. Please save all work in progress and log off. Any unsaved changes will be lost. This shutdown was initiated by NT AUTHORITY\SYSTEM.

Time before shutdown: 00:00:05

Reboot caused by the ALLAIR clusterCATSIP alias daemon due to an ip conflict."

Can any of you please help me? This is so darn frustrating...

catsma

Oh, forgot to say that I'm using windows xp home edition!
 

Answer:Reboot loop!

6 more replies
Relevance 50.84%

Hello all, this is my first post here. Anyway I have an IBM dektop PC 1.4 P3, 256RAM, 40g WD HDD internal NIC/video/sound running XP. I am woriking on this for a co-worker (personal favor). Anyway, the PC is cought in a constant reboot loop, it'll get to the "loading wondows" screen and reboot. I have tried another HDD with a known good OS and it does the same thing. Also the HDD from the IBM reboots in the same place on a different, known good PC? I put in an old HDD and installed XP and wont boot either? Everything seems to post fine and all hardware is seen in the BIOS. One thing that concerns me is that a few of the capacitors in the MB seem to have started to "leak"

Id appreciate any help or suggestions you can offer me. Thanks.

Chuck

Answer:PC in a reboot loop?

The KGS was not the same make/model of PC and shows no capacitor leakage. I cant see any identification on the MB, but the PC is a type: 2254, model: H2U, config ID: CF33266.

3 more replies
Relevance 50.84%
Question: Loop Reboot?

I've been experiencing this problem for a while now and I really don't know how to fix this I Think it's called loop reboot? My computer will start up and go to the windows loading screen where it's suppose to lead you to the log in screen but it dosnt pass the loading part it will keep rebooting. I've tried all the basic things I know like trying to start it in safety mode but it will still have the same problem as starting it normally it will keep rebooting. I've got a windows disk but I do not know when it's suppose to start when I turn my computer or if theres a key I'm suppose to push because I can't enter into my windows. please help me thank you.
 

Answer:Loop Reboot?

10 more replies
Relevance 50.84%
Question: win xp reboot loop

hello,
i just installed win 98 and win xp dual boot on my pc.
win 98 starts just fine but when i try win xp it either keeps on rebooting my pc without any error screen or it goes to win xp startup screen and does not go any further. if i try safe mode or other options my pc restarts.
please help.

Answer:win xp reboot loop

I know windows has a feature where the PC will auto restart if there is a flaw in the system. R-Click my computer and choose properties --->then select advanced---->choose settings where it says startup and recovery---->and then de-select automatic restart and apply the changes.
If this is the issue you should recieve an error message instead of having your PC restart.

Hopefully I am "wrong" so this doesn't turn into a major problem.

Good luck.

Red

2 more replies
Relevance 50.84%
Question: Reboot loop

We recently moved once we got to another apartment plugged in the computer and the screen when I black then we took out the video card and tried it that way and it worked now the other problem is it'll load up Windows and run for about 2 minutes and then reboot and continuously do this also I just put in a new CPU fan and heat sink.

More replies
Relevance 50.84%
Question: Reboot loop

Computer was running slow, did a reset on it. My 8 year old turned it off mid way and an error message popped up. I hit the F8 button, typed in regdit, changed from 1 to 3 and the error message went away. Now it is stuck on a rebooting loop. It comes a screen where it is resetting and it's at 64%, seconds later it cuts back off and starts up, back the 64% and cuts back off. Nothing I have tried is working. I cannot stop this loop. Any help please!!!!

More replies
Relevance 50.84%
Question: reboot loop

I recently had to get a new screen for my gateway laptop (p6822). The screens been broken for a few years. When i turn it on it keeps going to a screen that asks me how i want to start up windowsXP my options are safe mode, safe mode with networking, safe mode with command prompt, startup Windows normally, or go to the last known good configuration. no matter which option I pick it goes right back to the beginning and goes right back to this page how can I fix this problem after the time runs out it flashes a blue screen for a quick second and then just starts right back over reboot reboot reboot reboot reboot. I can get into the BIOS and the boot sections but I don't know much about computers and I don't want to mess anything up so I kind of need a quick run through on how to do this or what to do once I get into the settings
 

More replies
Relevance 50.84%
Question: reboot loop

I have a dell inspiron E1505. It was running really slow and the internet kept cutting out. I am currently on a different computer because now after i ran a scan and found over 800 infected files i went through and deleted them all, and then restarted my computer and now it is in a restart loop. The dell screen comes on then goes to the menu of starting it normally or in safe mode. And after every option i try it goes to the windows screen then flashes then starts back at the dell screen. No matter which option i pick it does that. I have even tried restarting it from the last known good configuration and it still does not work. I have left it off for a few days to. Now i don't know what to do. If you could help me i would appreciate it. Thank You

Answer:reboot loop

Do you recall the infections?

Can you try Safe Mode via F8 after the Dell Logo?

81 more replies
Relevance 50.84%
Question: XP reboot loop

Hi, I have an issue with XP. I turn the PC on and it gets as far as the loading XP screen, then it reboots. This loop continues indefinitely until I turn the PC off. I have tried loading in all the various safe mode options and with the last know good config, but no joy.

This happened after I downloaded and installed a few things. It's a new PC, so I downloaded and installed Firefox, Thunderbird, AVG Free, then as Firefox was jamming up I downloaded IE 8. And then rebooted it and got stuck in this endless loop.

As it is a new PC I am happy enough to scratch it and reinstall everything, but would prefer to avoid that if possible. And would prefer to know what the problem is so I can avoid it happening again. Any advice would be much appreciated. Thanks.

Answer:XP reboot loop

We will have to create a small 'fix CD' to solve this problem.Please download RC.ISO and save it somewhere you can find it.Also download MagicISO and install it.Start MagicISO. You should see a window informing you about the full version of MagicISO.In the bottom right select Try It! and the program will open.Click on File and then on Open and navigate to the RC.ISO file you downloaded. Select it, and click Open.First, we'll need to add a clean version of userinit.exe to the current RC.ISOIn the upper right pane, double click on the i386 folder.Right click in the upper right pane and select Add Files...Navigate to C:\Windows\System32 and select userinit.exeThen click Open to add userinit.exe to the CD image.Click File and select Save As...Name the file RCplus and save it somewhere you can find it.Next, we'll need to burn the newly created image to a disk that we can use to fix the problem.Put a blank CD-R disk in your CD burner and close the tray. If an AutoPlay window opens, close it.Click on Tools and select Burn CD/DVD with ISO.... A window will appear.Click on the little folder to the right of CD/DVD Image File then navigate to the newly created RCplus.iso Image file and click Open.In the CD/DVD Writing Speed drop-down menu choose the 8X setting.Under Format make sure that Mode 1 is selected.And finally, click on the Burn it! button to burn RCplus.iso to disk.Once the disk is burned, put it in the machine you want to fix and restart it.Bo... Read more

1 more replies
Relevance 50.84%
Question: reboot loop.

i have a tyan tiger k8w s2875 with 2 amd opteron 240, i did a format and a reinstall of window xp pro. the problem is just as i reach the login screen it reboots and then gets caught in a loop of this. I can access windows in safemode and thought i might have to install the divers, but am having trouble finding them and knowing which one's i might need. Help?

Answer:reboot loop.

Have you tried what was suggested in Your Other Thread ?

1 more replies