Computer Support Forum

Sirefef virus/trojan - my PC keep restarting every minute - Win Home Basic 7 - 32Bit

Question: Sirefef virus/trojan - my PC keep restarting every minute - Win Home Basic 7 - 32Bit

Dear all,I'm a new member from a very far away location of yours, and this is my first post. I'm not native English speaker so please forgive me if I use incorrect wordings. I must say that I'm illiterate in computer language, but I'm patient and ready do whatever I've been told to keep my pc 'healthy'. Yesterday my desktop in office was infected by Live Security Platinum (LSP). I was astonished when the rogue said that my pc got 38 virus/malicious programs, I should take action immediately, pay money to get license, blah blah blah... Called my friend seeking for advice but only got answer that I had no choice but to call a computer service company to help me. Ahhh, I was so pissed off & concerned to the worst situation may happen. I went on Microsoft Support Center site for advice & very happeningly found BleepingComputer site, I did all the instructing steps to Remove Live Security Platinum (Uninstall Guide) & it worked. No more thread from LSP, but then my Window Security Essential (WSE) couldn't run, its icon in red.This morning, I had to remove & re-install the WSE. After installing, I ran WSE and then I got 2 message, 1 from WSE and 1 from Notification. The messages are the same content like jtsm in Sirefef virus/trojan - Laptop restarting - Vista 32 bit topic. Right now my desktop is infected by Sirefef Trojan/virus. Please help me get rid of this virus. I don't know how to get & copy the log like jtsm. Please instruct me how to do that so that I can post in here for your checking & advice. Please be noted that my desktop will automatically restart every minute after I log in. My desktop properties:Operating system: Windows 7 Home BasicSystem type: 32-bit Operating SystemProcessor: Pentium® Dual-Core CPU [email protected] 2.60GHzInstalled memory(RAM): 1.00GBThanks a lot for your help & patient

Relevance 100%
Preferred Solution: Sirefef virus/trojan - my PC keep restarting every minute - Win Home Basic 7 - 32Bit

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

Answer: Sirefef virus/trojan - my PC keep restarting every minute - Win Home Basic 7 - 32Bit

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster. NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer. NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.DeFogger:Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will appear Click OKDeFogger may ask you to reboot the machine, if it does - click OKDo not re-enable these drivers until otherwise instructed.Security CheckDownload Security Check by screen317 from here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt; please post the contents of that document.Download DDS:Please download DDS by sUBs from one of the links below and save it to your desktop:
Download DDS and save it to your desktop

Link1
Link2
Link3

Please disable any anti-malware program that will block scripts from running before running DDS.

Double-Click on dds.scr and a command window will appear. This is normal.Shortly after two logs will appear:
DDS.txt Attach.txtA window will open instructing you save & post the logsSave the logs to a convenient place such as your desktopCopy the contents of both logs & post in your next replyinformation and logs:In your next post I need the following

.logs from DDSlet me know of any problems you may have hadGringo

3 more replies
Relevance 133.98%

Dear all,I'm a new member from a very far away location of yours, and this is my first post. I'm not native English speaker so please forgive me if I use incorrect wordings. I must say that I'm illiterate in computer language, but I'm patient and ready do whatever I've been told to keep my pc 'healthy'. Yesterday my desktop in office was infected by Live Security Platinum (LSP). I was astonished when the rogue said that my pc got 38 virus/malicious programs, I should take action immediately, pay money to get license, blah blah blah... Called my friend seeking for advice but only got answer that I had no choice but to call a computer service company to help me. Ahhh, I was so pissed off & concerned to the worst situation may happen. I went on Microsoft Support Center site for advice & very happeningly found BleepingComputer site, I did all the instructing steps to Remove Live Security Platinum (Uninstall Guide) & it worked. No more thread from LSP, but then my Window Security Essential (WSE) couldn't run, its icon in red.This morning, I had to remove & re-install the WSE. After installing, I ran WSE and then I got 2 message, 1 from WSE and 1 from Notification. The messages are the same content like jtsm in Sirefef virus/trojan - Laptop restarting - Vista 32 bit topic. Right now my desktop is infected by Sirefef Trojan/virus. Please help me get rid of this virus. I don't know how to get & copy the log like jtsm did. Please... Read more

Answer:Sirefef virus/trojan - my PC keep restarting every minute - Win Home Basic 7 - 32Bit

Please do the following:download Farbar Recovery Scan Tool and save it to a flash drive.Plug the flashdrive into the infected PC.Enter System Recovery Options. To enter System Recovery Options from the Advanced Boot Options:Restart the computer.As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.Use the arrow keys to select the Repair your computer menu item.Choose your language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account and click Next.To enter System Recovery Options by using Windows installation disc:Insert the installation disc.Restart your computer.If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.Click Repair your computer.Choose your language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account an click Next.On the System Recovery Options menu you will get the following options:Startup RepairSystem RestoreWindows Complete PC RestoreWindows Memory Diagnostic ToolCommand Prompt[*]Select Command Prompt[*]In the command window type in notepad and press Enter.[*]The notepad opens. Under File menu select Open.[*]Select "Computer" and find your flash drive letter and close the notepad.[*]In the command window type e:\frst.exe and press Enter Note: Replace letter e with... Read more

13 more replies
Relevance 114.55%

This is my first post. Thanks in advance for any help you can provide!

The Microsoft Security Essentials icon in the tray turned red, as if the service was turned off. I was having trouble getting it turned back on, so I went to the control panel and uninstalled the service. I downloaded a new copy from the Microsoft website and reinstalled.

Soon after installing, I got a message saying that threats had been cleaned off the computer and then another saying that 2 threats had been quarantined. The threats quarantined were:

Virus:win32/sirefef.R and Trojan:win32/sirefef.AH

As this threat message pops up, I then get a window open telling me that Windows has encountered a critical error and will shut down in one minute.

It restarts, stays on for about 90 seconds, but then shutdowns again with the same message about detecting sirefef.R and .AH

Here are the logs:

Scan result of Farbar Recovery Scan Tool Version: 09-08-2012
Ran by SYSTEM at 11-08-2012 01:07:48
Running from H:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [167960 2011-03-30] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [391704 2011-03-30] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe... Read more

Answer:Sirefef virus/trojan - my PC keep restarting every minute - Win Home Basic 7 - 64bit

Greetings And Welcome To The Forums!!My name is Gringo and I'll be glad to help you with your malware problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At... Read more

16 more replies
Relevance 89.38%

hello everyone i would like to say im new to this this is my first fourm post and english is not my first language anywayi have a problem with my computer as you can see by the topic i ujst had it happened to me yesterday i dont know where it came from all i know is that i cant use my computer anymore i have windows seven ultimate 64 bit will you please help me im not computer savy i do not know how to get any kinds of logs or anything so give me a step by step tutorial pleasei would be more then happy to give you any info on my pc*Moderator Edit: Moved topic from Windows 7 to the more appropriate forum. ~ Queen-Evie*

Answer:Sirefef virus/trojan my computer keeps restarting

Ok, before you try anything else, Boot up your computer while holding down F8. This will bring you to a menu. When you get to there try pressing the arrow keys until you reach the option: Boot windows normally (it may be called other names, but it should say "normal" in it.). If that doesn't work try booting into safe mode and see if it still restarts.

Best of luck--Gilroy

5 more replies
Relevance 88.15%

This is my first post. Thanks in advance for any help you can provide!

This problem is on a Toshiba Satellite A215 running Windows Vista 32-bit version.

The Microsoft Security Essentials icon in the tray turned red, as if the service was turned off. I was having trouble getting it turned back on, so I went to the control panel and uninstalled the service. I downloaded a new copy from the Microsoft website and reinstalled.

Soon after installing, I got a message saying that threats had been cleaned off the computer and then another saying that 2 threats had been quarantined. The threats quarantined were:

Virus:win32/sirefef.R and Trojan:win32/sirefef.AH

As this threat message pops up, I then get a window open telling me that Windows has encountered a critical error and will shut down in one minute.

It restarts, stays on for about 90 seconds, but then shutdowns again with the same message about detecting sirefef.R and .AH

Again, thanks in advance for your help! I'm not very knowledgeable about computers, but I can follow directions!!

Answer:Sirefef virus/trojan - Laptop restarting - Vista 32 bit

Here's the logs:

Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 25-07-2012 01
Ran by SYSTEM at 31-07-2012 00:17:56
Running from F:\
Windows Vista ™ Home Premium (X86) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [RtHDVCpl] RtHDVCpl.exe [x]
HKLM\...\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE [411192 2007-03-29] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe [55416 2006-12-07] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe [448080 2007-06-15] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe [538744 2007-05-22] (TOSHIBA Corporation)
HKLM\...\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe [102400 2007-08-15] (Synaptics, Inc.)
HKLM\...\Run: [NDSTray.exe] NDSTray.exe [x]
HKLM\...\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup [1862144 2007-08-22] (Google)
HKLM\...\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [90112 2006-11-10] ()
HKLM\...\Run: [Sky... Read more

18 more replies
Relevance 83.64%

Please run the following:download Farbar Recovery Scan Tool and save it to a flash drive.Plug the flashdrive into the infected PC.Enter System Recovery Options. To enter System Recovery Options from the Advanced Boot Options:Restart the computer.As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.Use the arrow keys to select the Repair your computer menu item.Choose your language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account and click Next.To enter System Recovery Options by using Windows installation disc:Insert the installation disc.Restart your computer.If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.Click Repair your computer.Choose your language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account an click Next.On the System Recovery Options menu you will get the following options:Startup RepairSystem RestoreWindows Complete PC RestoreWindows Memory Diagnostic ToolCommand Prompt[*]Select Command Prompt[*]In the command window type in notepad and press Enter.[*]The notepad opens. Under File menu select Open.[*]Select "Computer" and find your flash drive letter and close the notepad.[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) ... Read more

Answer:Win64/Sirefef.y sirefef.w sirefef.b present. Laptop keeps rebooting every 1 minute. Firewall cannot turn on

Hi,

Thanks for the reply.

Scan result of Farbar Recovery Scan Tool Version: 25-07-2012 01
Ran by SYSTEM at 29-07-2012 11:19:09
Running from F:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe -set Silent "1" SplashURL "" [1111568 2011-10-08] (Trend Micro Inc.)
HKLM\...\Run: [ETDCtrl] %ProgramFiles%\Elantech\ETDCtrl.exe [2589992 2011-04-12] (ELAN Microelectronics Corp.)
HKLM\...\Run: [AtherosBtStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe" [617120 2011-03-13] (Atheros Commnucations)
HKLM\...\Run: [Trend Micro Client Framework] "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [197152 2011-02-10] (Trend Micro Inc.)
HKLM\...\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
HKLM-x32\...\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\A... Read more

20 more replies
Relevance 82%

Hello,

i post my problem here as it seems the only place where i've found people who actually know what they're talking about. I have a Sony Vaio Laptop running windows 7 64 bit infected with the sirefef virus. Microsoft security essentials shows that it found:

Trojan: Win64/Sirefef
Trojan: Win64/Sirefef.Y
Virus: Win64/Sirefef.B
Trojan: Win64/Sirefef.Z
Trojan: Win64/Sirefef.W

Every time i boot the computer, MSE finds these infections, and prompts me after a minute to restart in order to complete the removal. But every time it reboots, the message is still there. I tried installing Malwarebytes but it won't let me cause it says "access denied" or something like that. Sorry for not providing any more information but i can use my pc for a couple of minutes every time (cause it reboots automatically). I followed your instructions and scanned with DDS. I attach the attach.txt file it generated. I look forward to hearing from you as i really need the laptop for my university studies and i'm in the middle of the exams period. Thank you for your time!

P.S. If i restore my whole system to factory settings, is the problem going to persist? Cause if it's not, i will do it in a heartbeat. Only problem is that i am afraid of infecting my external hard drive (which would be already infected if the virus spreads to external devices). Would that be the case? Will i need to clean my external HDD too?

Answer:Win64/Sirefef.y sirefef.w sirefef.b present. Laptop keeps rebooting every 1 minute

Hello and welcome. Please follow these guidelines while we work on your PC:Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I?ve given you the ?All clear.? Absence of symptoms does not mean your machine is clean! Please do not run any scans or install/uninstall any applications without being directed to do so.Please note that the forum is very busy and if I don't hear from you within five days this thread will be closed. Download Farbar Recovery Scan Tool x64 and save it to a flash drive.Plug the flashdrive into the infected PC.Enter System Recovery Options. To enter System Recovery Options from the Advanced Boot Options:Restart the computer.As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.Use the arrow keys to select the Repair your computer menu item.Select US as the keyboard language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account an click Next.To enter System Recovery Options by using Windows installation disc:Insert the installation disc.Restart your computer.If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.Click Repair your computer.Select US as the keyboard language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account an... Read more

2 more replies
Relevance 80.77%

Hello,

I have a Windows 7 Home Premium 64-bit laptop which is infected with the Win32/sirefef.ah trojan. As soon as the Microsoft Security Essentials launces it causes the system to give this error: WINDOWS HAS ENCOUNTERED A CRITICAL PROBLEM AND WILL RESTART AUTOMATICALLY IN ONE MINUTE and then reboots. This happens a regular boot and in safe mode. MSE cannot be uninstalled either. I've read other threads and would like to know when program needs to be run first so i may supply the log files. Your help is apprecaited.

thank you,
-kA

Answer:win32/sirefef.ah trojan (causes one minute reboot)

please run the following:download Farbar Recovery Scan Tool and save it to a flash drive.Plug the flashdrive into the infected PC.Enter System Recovery Options. To enter System Recovery Options from the Advanced Boot Options:Restart the computer.As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.Use the arrow keys to select the Repair your computer menu item.Choose your language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account and click Next.To enter System Recovery Options by using Windows installation disc:Insert the installation disc.Restart your computer.If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.Click Repair your computer.Choose your language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account an click Next.On the System Recovery Options menu you will get the following options:Startup RepairSystem RestoreWindows Complete PC RestoreWindows Memory Diagnostic ToolCommand Prompt[*]Select Command Prompt[*]In the command window type in notepad and press Enter.[*]The notepad opens. Under File menu select Open.[*]Select "Computer" and find your flash drive letter and close the notepad.[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) ... Read more

4 more replies
Relevance 77.49%

Why didn't I come here first? That's what I keep asking. In any event, here's my situation. Several weeks ago, I had something pop up identified as "Live Security Platinum". Knowing it was a virus, I was able to run Malwarebytes and it seemed to get rid of it. Then the computer got caught in this endless loop of the message popping up with "Windows has encountered a critical problem & will restart automatically in one minute. Please save your work now". Sure enough, it cycles and continuously reboots.

MSE always pops up as trying to clean the infection showing as Trojan:Win32/Sirefef.AH
Details show file:C:\Windows\system32\services.exe-> and container file C:\Windows\system32\services.exe

Looking for advice elsewhere, I ran Kapersky Rescue Disk and it seemed to get rid of a few things as well, but the loop remains. I have tried safe mode and unplugging network/internet cable, all to no avail. I then found your site and, I again say why didn't I come here first?!?

I have reviewed many of the logs for similar problems as well as the prep guide and so forth. Here is what I have to report. I tried to turn off windows firewall and it initially came back with the message "Due to an unidentified problem, windows cannot display Windows Firewall Settings." After messing around trying to do some other things, it now says "The Windows Firewall service is not running."... Read more

Answer:One Minute Critical Problem, Sirefef Virus, Vista SP2

Please do the following:Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt start
HKLM\...\Run: [] [x]
C:\Windows\Installer\{b073be15-c1cf-2181-9e6c-84bd04262a1f}
C:\Users\Phil\AppData\Local\{b073be15-c1cf-2181-9e6c-84bd04262a1f}
replace: C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe C:\Windows\System32\services.exe
endNOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating systemNow please enter System Recovery Options then select Command PromptRun FRST (or FRST64 if you have the 64bit version) and press the Fix button just once and wait.The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.Reboot Normally.NEXTRefer to the ComboFix User's Guide Download ComboFix from the following location:

Link

* IMPORTANT !!! Place ComboFix.exe on your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboF... Read more

14 more replies
Relevance 77.49%

1) I have Laptop and PC connected with lan cabel. They are both with Windows Vista Home Basic 32bit.
They both have no problems with internet.
They have the same WORKGROUP names.
Both have real IPs.
I see each other on the Network but i can not connect to them... (it was all OK when I was on XP...)
>When I try to connect from the Laptop to the PC i recive: "Error code 0x80070035", I click on Diagnose and I see this.
I tried to turn off the Firewall and the NOD32 antivirus, but ... nothing changed ....
The Sharing and Discovery Settings are OK, like this.

2) I give share permissions to my network.

3) May be I have to install "Client" for "File and Printer Sharing for Microsoft Networks" but is no listed 'Client' or 'Servise' to use.

4) I found I have to allow permissions in the firewall to some ports like:
-TCP 139
-UDP 137
-UDP 138
-TCP 445
... I did this ...
Give me some help how to manage with my network so I can browse both computers, copy files and so on ...
Thanks in advance

Answer:Home Network Problem on Vista Home Basic 32bit.

I can't help but just wondered why you have made another post not long after your first post with exactly the same question ?

3 more replies
Relevance 76.67%

Hi guys & gals, yup another Nubie, so be gentle with me!
Been following the forum for a few day's - you're 'awesome', really.

I would like to convert my 32bit Home Basic,SR5019UK Presario into a 64bit machine, with Windows 7 Home Premium. Is it possible, am I crazy? Yes, I'm new to computers!

Having checked through the various channels, its possible. But with a M2N68-LA motherboard, 2.5G and 'Basic' other components, I will maybe have to change a few things?

I really would appreciate your feedback and 'constructive advice. As economically as possible, sure, but I realise 'I can't make a silk purse from a sow's ear', as they say, where I live!

So come on guys give us the benefit of all your expertiseee, pleaseee.

Answer:32bit Home Basic into 64bit win.7 Home Premium?

Welcome
Dont guess, dont even rely on us, find out for sure
Free Download PC Upgrade Advisor Windows 7 Hardware Programs Issues

If you do upgrade, do so with the much cheaper upgrade DVD, not the full retail.
http://www.sevenforums.com/tutorials...on.html?filter[2]=General Tips
Follow the above tut and the results are the same

4 more replies
Relevance 76.26%

Hi, Microsoft Security Essentials is reporting a Sirefef.r infection of a Vista Home Basic 32-bit installation. It claims to have cleaned it when I attempt a disinfection but if I run a new scan - whether I have rebooted or not - the thing is reported once more. I am not seeing (yet!) any of the awkward behaviours commons to Sirefef, eg: random and frequent shutdowns. I could do with some help in shifting this thing if anyone is willing?

DDS log

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.6001.18000
Run by David at 13:39:54 on 2012-07-18
Microsoft? Windows Vista™ Home Basic 6.0.6001.1.1252.44.1033.18.2037.1024 [GMT 1:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:&... Read more

Answer:Sirefef.r infection reported - Vista Home Basic

please run the following:download Farbar Recovery Scan Tool and save it to a flash drive.Plug the flashdrive into the infected PC.Enter System Recovery Options. To enter System Recovery Options from the Advanced Boot Options:Restart the computer.As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.Use the arrow keys to select the Repair your computer menu item.Choose your language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account and click Next.To enter System Recovery Options by using Windows installation disc:Insert the installation disc.Restart your computer.If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.Click Repair your computer.Choose your language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account an click Next.On the System Recovery Options menu you will get the following options:Startup RepairSystem RestoreWindows Complete PC RestoreWindows Memory Diagnostic ToolCommand Prompt[*]Select Command Prompt[*]In the command window type in notepad and press Enter.[*]The notepad opens. Under File menu select Open.[*]Select "Computer" and find your flash drive letter and close the notepad.[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) ... Read more

51 more replies
Relevance 75.85%

Hello,

Yesterday my PC was infected with the Live Security Virus. It's an HP desktop running Win Vista Home Premium.

I was able to download AntiMalwarebytes and run it to remove the Live Security Virus.

Afterwards MSE would not run, so I uninstalled it, and reinstalled.

After rebooting, MSE detected the sirefef.ah and sirefef.r viruses, but before it can clean them the PC gives a warning that it had a critical error, and will restart in a minute. It then restarts.

I tried downloading TDSSkiller only a flash drive on this PC (my laptop), plugged it into the infected PC and ran it, but it didn't find anything. Sure enough, it then shut down again.

MSE will detect the viruses, but doesn't have enough time to deal with them.

I'd love some help! What should I try next?

Thanks!
Ian

Answer:Infected with sirefef.ah and sirefef.r after Live Security Update - reboots every minute

Ignore this for now, I've taken the PC into a local shop. I just don't have the time right now to figure this out on my own. I will post any solutions they tell me.

Thanks anyway, I'll be back for other issues I'm sure!

22 more replies
Relevance 75.85%

Referred from here: http://www.bleepingcomputer.com/forums/topic462175.html ~ OBI am running Windows Vista with Microsoft Security Essentials when i first encountered the problem. The virus shutdown MSE and the Microsoft update center, my firewall, etc. I downloaded MBAM, ran the scan, and it caught some files. Disinfected them, rebooted, rescanned, and files appeared again. (while running in safe mode with networking from the point after being infected). I followed the instructions here: http://www.bleepingcomputer.com/virus-removal/remove-security-shield first because this is where I believe all the problems began (that is after my wife clicking on an embedded link within FB). Upon completing the entire process, I noticed I still had the sirefef trojan, sirefef virus, and rootkit 0 access as I was running MSE and MBAM right before getting the "windows (Vista) encountered a critical error and will restart" loop. I have already downloaded frst.exe and ran it thru the usb drive connected to the infected cpu. I do not know what to do from this point on to get my cpu back to "healthy" and virus free status again ??????Running Vista 32 bit

Answer:Security SHield 2012, sirefef trojan, sirefef virus, and rootkit 0 access TROUBLE!

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At... Read more

58 more replies
Relevance 75.03%

Question guys.. now I know some others have said that you can use 32bit vista key installing 64bit vista and it works..

now with home basic 32bit, do you guys think i can use the cd key from my laptop to vista 64bit?
 

Answer:Visa home basic 32bit

You should be able to, assuming you have the media. However, for EULA's sake, some will tell you that you are breaking the EULA if it is an OEM license. Second, if you aren't using it on the laptop, then you'd also be breaking the EULA.
 

5 more replies
Relevance 74.62%

Not sure how issue came into place but my MSE stated it was off. went to turn on and it said the service is not there? i uninstalled it and installed it again and updated the Definitions and it picked up a few Sirefef Virus's. went to remove them and computer shut off, then was unable to keep the computer on for more then 2 min at a time. I kept receiving a system message stating that the system is going to restart in a few min. it would even restart at the sign in screen. i restarted in safemode and was doing the same thing so i was puzzled.. went and did a System startup repair and i seem to have it working and not restarting but im back at where my MSE is stating that, "Couldn't start the Security Essentials service. The specified service does not exist as and installed service."This leaves me in a position that it has not been resolved. DDS.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_33
Run by John at 19:43:20 on 2012-06-26
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2520.1632 [GMT -4:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32&#... Read more

Answer:Infected with Sirefef Trojan & Computer Keeps restarting

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At... Read more

13 more replies
Relevance 74.21%

Hi, Im after buying my first Laptop and was wondering if I could play GTA4 on it????????

My Laptop Specs are;

Brand: Packard Bell
Model: Packard Bell Easy Note MH36-U300 Laptop
Operating System: Genuine Windows Vista Home Basic
Processor Type: Intel Pentium Processor T3400
Graphics card: Intel GMA 4500M
Hard disk capacity: 320GB
RAM capacity: 2GB
Speed: 2.16 GHz
Screen size: 15.4?

The windows website advises that the Minimum System Requirements to run the game are:

Minimum System Requirements

OS: Windows Vista- Service Pack 1 / XP - Service Pack 3
Processor: Intel Core 2 Duo 1.8Ghz, AMD Athlon X2 64 2.4Ghz
Memory: 1.5GB, 16GB Free Hard Drive Space
Video Card: 256MB NVIDIA 7900 / 256MB ATI X1900

Recommended System Requirements
OS: Windows Vista - Service Pack 1 / XP - Service Pack 3
Processor: Intel Core 2 Quad 2.4Ghz, AMD Phenom X3 2.1Ghz
Memory: 2 GB (Windows XP) 2.5 GB (Windows Vista)
18 GB Free Hard Drive Space
Video Card: 512MB NVIDIA 8600 / 512MB ATI 3870

Thanks in advance.... Fingers crossed!!

More replies
Relevance 74.21%

I am new to forums and have a relatively noob level of computer experience so please be nice! I have built a my own pc before but this questions is about my laptop.

I was given a laptop by a family member who lives in spain, I live in the UK. Its an Acer Aspire 5730( i think!) laptop running Vista Home Basic in SPANISH!!!!

I have coped with it since May 2009 but its doing my head in now. I was thinking of rolling back to XP and reinstalling but they dont publish XP drivers for the laptop.

so i wondered as I have a valid product key for Basic Home in Spanish, if i was to install an English version of Vista on the laptop could I use the product key I have (for the spanish version) or will it not work?

obviously i cant simply change language in vista as its Basic and you can only have 1 langauge installed.

sorry if this is very noobish!!

Answer:Vista Home Basic 32bit Laptop help!

hello and welcome

I have never used this but have heard that it works to change the language...Its worth looking at anyway......good luck , Vistalizator - change display language in Windows Vista and Windows 7

3 more replies
Relevance 74.21%

im trying to re install windows on a dell mini inspiron1210 and it stops download and says no device drivers found make sure tht the installation media contains the correct drivers then click ok note:the installation media can be on floppy disk cd dvd or usb flash drive so can anybody help where do i find this drives 

Answer:installing vista home basic 32bit sp1

What do you mean it stops download? EXACTLY how are you trying to install and what are you using as your installation medium?

5 more replies
Relevance 73.8%

Windows defender came up yesterday and warned me that I have "trojan:Win32/sirefef.O". I cannot remove or quarantine it. Google is redirecting my searches, my computer is doing strange things, and the computer is even shutting down and restarting by itself!

I was directed here from this topic: http://www.bleepingcomputer.com/forums/topic425178.html/page__p__2455470#entry2455470

I was able to run DDS, but I can't get GMER to run! GMER appears like it's going to run, and then it just disappears while on the "checkmark" screen.

PLEASE HELP ME
Here is my DDS log:
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.19048 BrowserJavaVersion: 1.6.0_29
Run by Jeff Admin at 19:52:11 on 2011-10-27
Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.1918.1045 [GMT -5:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\1646864507:2228737693.exe
C:\W... Read more

Answer:trojan:Win32/sirefef.O !!! Redirects and computer restarting!

Hello and Welcome to the forums!My name is Gringo and I'll be glad to help you with your computer problems.Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Run Combofix:You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<Combofix may need to reboot your computer more than once to do its job this is normal.You can download Combofix from one of these links.Link 1Link 2Link 31. Close any open browsers or any other programs that are open.2. Close/disable all anti virus and anti malware programs so they do not interfere with the runn... Read more

22 more replies
Relevance 73.39%

Problem started as Live Platinum fake anti-virus. I thought I successfully removed this with MBAM, etc. But shortly thereafter MSE alerted that it detected Sirefef.R & Sirefef.AH. Now everytime I reboot I get a message the Windows has encountered a critical problem and the computer shuts down after 1 minute. I followed the steps on the Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help, but I am not able to run DDS or GMER scans because the system reboots before they finish. I am stuck!
OS is Windows 7, 32-bit.
Thanks in advance.

Answer:Sirefef.R, Sirefef.AH, computer shuts down after 1 minute

Greetings And Welcome To The Forums!!My name is Gringo and I'll be glad to help you with your malware problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the ... Read more

23 more replies
Relevance 73.39%

greeting,

My computer is not sleeping properely, when I go to bed at night i put the computer to sleep. When I wake up it is already awake. Nobody else lives with me so that is ruled out. When I first got the computer from dell a few years ago, I noticed a error with the sleep feature it would turn on and off many times, this was before I had hooked it up to the internet. Anyhow that issue seems to have went away when I called dell and they came out to fix it. the coumputer was sleeping fine, so I do not understand what I may of did to it. I do have VOIP phone but I have checked that asap after the computer was in sleep mode and I still have dialtone. I thought it might be virus scanner but it was shut off last night and the same issue. I just went and figured out how to fix the hibernation feature since it was deleted and will see if that feature works instead, but if you have any comments please add. My computer is up to date with all the updates minus IE9 beta.

Answer:Vista home basic 32bit sleep problem

Hello Bmarker, and welcome to Vista Forums.

You might check through the items in the tutorial below to see what may have woken your computer up. I would recommend to try the STEP 4 section first to see if it may let you know quicker.

Power Options and Sleep Mode Problems

Hope this helps,
Shawn

15 more replies
Relevance 72.57%

Hey guys, I've got a Dell XPS running Vista SP2 that has the Sirefef virus. Any attempt where I try to clean the computer gives me a "Windows has encountered a critical problem and will restart automatically in one minute." warning.

The following items are detected with Microsoft Security Essentials: Trojan:Win32/Sirefef.AO, AN, AG, AB, AH, and Virus:Win32/Sirefef.R.

I also downloaded Malwarebytes but have had no luck. Can anyone please help me out?

Answer:Sirefef Virus and a restarting computer

Hello,Please follow the instructions in ==>This Guide<== starting at step 6. If you cannot complete a step, skip it and continue.Once the proper logs are created, then post them in a reply to this topic by using the Add Reply button.If you can produce at least some of the logs, then please create the post and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Please note that I am not a member of the Malware Removal Team and will not be assisting you in removing the infection. I'm simply helping you to post the information they need in order to assist you.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.Orange Blossom

34 more replies
Relevance 72.57%

i have a dell inspiron #1545 laptop-running windows vista 32bit w/sp2-using firefox 5.0 browser-i recently did a complete/full re-installation using the windows vista re-installation disc-i have some of the intel drivers & some of the dell drivers installed-i went to device mgr. & found about 10 drivers that say NO DRIVERS INSTALLED- #1)direct memory access controller, #2)high precision event timer, #3)intel ich9 family smbus controller 2930, #4)motherboard resources 2919, #5)ich9m lpc interface controller 2919, #6)numeric data processor  2919, #7)programmable interrupt controller 2919, #8)system board (4 drivers) ms acpi-compliant system, #9)system speakers 2919, #10)system timer 2919-i have my dell drivers & utilities installation disc-I NEED HELP TO INSTALL THESE DRIVERS-Thank You

Answer:install drivers windows vista home basic 32bit

Hi to BleepingComputer,
 
Visit the Dell download page http://www.dell.com/support/home/us/en/04 insert the machine Service Tag and the site will provide a list of drivers specific for your machine. Start by installing the ChipSet driver it will make go away most of those errors.
 
Edit: Is preferable to download the drivers from the website instead of the CD because many times the manufacture provides updated drivers.

1 more replies
Relevance 72.16%

Hello people,

found the forums while browsing the internet for solutions to my problem. This thread here -> http://forums.majorgeeks.com/showthread.php?t=260886 , kind of has very similar problems to mine.

I'm running Windows 7 64-bit Home premium on a Dell laptop and yesterday found out that my firewall has been disabled for unknown period of time and reasons. I tried setting it to default but alas to no success. I also encountered the MSE bug and made the mistake to uninstall then re-install it in vain.

I managed to run Window Defender Offline who detected Sirefef.b trojan but with each restart and scan it finds it again even though I seem to remove it successfully.

I also tried clean Windows boot by disabling start-up items and services but the error message window for forced restart in 1 min persists.

Usually I would try to clean the PC by myself but from all the info I read over the web I was left with the impression that this is something beyond my abilities.

I tried searching for similar topics but the fact a specific fix file is needed I decided to go for a separate topic. Sorry for spam if I did something wrong.

Thanks in advance
 

Answer:Win64/Sirefef.b trojan detected and critical, auto-restarting problem

Welcome to MajorGeeks, AngelHart

Please download Farbar Recovery Scan Tool and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
Restart the computer.
As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
Use the arrow keys to select the Repair your computer menu item.
Choose your language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account and click Next.

To enter System Recovery Options by using Windows installation disc:
Insert the installation disc.
Restart your computer.
If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
Click Repair your computer.
Choose your language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account an click Next.
On the System Recovery Options menu you will get the following options:





Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
Click to expand...


Select Command Prompt
In the command window type in notepad and press Enter.
The notepad opens. Under File menu select Open.
Select "Computer" and find your fla... Read more

21 more replies
Relevance 71.75%

Hello and thanks for taking time to look at this

I have an HP Pavilion dv6 3250 laptop that has gotten infected by the win64sire fef, and I am stuck because I can not get it to stay started long enough to run MalwareByte or any other thing.

I have been reading other posts on the site and have run the Farbar Recovery Scan Tool see log below

Look forward to your help

Scan result of Farbar Recovery Scan Tool Version: 15-07-2012
Ran by SYSTEM at 15-07-2012 17:19:07
Running from H:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2281256 2010-09-13] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-07-22] (IDT, Inc.)
HKLM\...\Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray [1931024 2010-07-19] (Intel® Corporation)
HKLM\...\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background [611896 2010-08-31] ()
HKLM\...\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistan... Read more

Answer:Win64 sirefef virus, continual restarting

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At... Read more

19 more replies
Relevance 71.75%

My Compaq Presario SR2163WM is doing some strange things.
1) If you try to delete a file, it sends it to the recycle bin, but then sits there with the "recycling" window open forever. At least for as long as I let it, which so far has been 2 hours. If you try to cancel or shut down the window, it goes to the "canceling" window and sits there forever. The only way to make it stop is to do a CTRL-ALT-DELETE, go to the Task Manager, and tell it to force shutdown of the process. At that point it shuts down Windows Explorer and restarts it. The file (or files) are deleted, but what is going on?
2) Does the same thing for renaming files. Endless loops unless you force Windows Explorer to close.
This is awkward and time consuming at best.
I did a search for this kind of problem, and the the result I got was to run SFC /SCANNOW to find corrupted or damaged files and then reload them from the original Vista disk. There is no original Vista disk. Computer came without one from Wal Mart. The scan is running as we type, but what can I do if it finds corrupted files?
BTW, I was going to do a System Recover, but I don't know the Administrator password. I never put one in when I got the system, but there seems to one in place. Now what?
Keith

Answer:Is Windows Explorer corrupt on my Vista Home Basic (32bit) system?

When you mention System Recover, are you talking about restoring to a System restore point? If so, you would run that from Safe Mode.

3 more replies
Relevance 71.75%

with VISTA HOME BASIC 32BIT (laptop) may connect WLAN ( Thomson tg585 v7 modem/router) with VISTA 32BIT HOME PREMIUM (desktop) ? May share printer or files Wirelesslyif modem is connected to desktop ?

Basically what ever we do via cables/LAN we may do via wireless/WLAN for networking (with above PCs&Modem) ?

Answer:VISTA HOME BASIC 32BIT - WLAN - share printer or files, can I ?

this woulnt be a problem at all

you can do sharing just like you would wit cables

1 more replies
Relevance 71.75%

I am on Windows Vista Home Basic x86. When I try to restart my computer, I get hung up on the "Shutting down..." screen and I have to turn my computer off by the case, which is very unhealthy. I think shutting down the computer works fine, just restarting is troublesome. The only recent change to my computer is that I installed Sunbelt Personal Firewall. Could my Firewall be somehow blocking a process that lets the restart process go smoothly? I'd really like to fix this.

Answer:Problem Restarting with Vista Home Basic x86

Possibly but it shouldn't I would uninstall the program and then restart your computer and see of it works if not then report back

2 more replies
Relevance 71.75%

I am on Windows Vista Home Basic x86.
When I try to restart my computer, I get hung up on the "Shutting down..." screen and I have to turn my computer off by the case, which is very unhealthy. I think shutting down the computer works fine, just restarting is troublesome.

The only recent change to my computer is that I installed Sunbelt Personal Firewall. Could my Firewall be somehow blocking a process that lets the restart process go smoothly? I'd really like to fix this.
 

Answer:Problem Restarting with Vista Home Basic x86

To determine if this is the problem, disconnect from the internet and uninstall the firewall. Then attempt a restart. If it works then you know it is the problem and you can find an alternative program. If not, then you know it is not the problem and we can assist you to troubleshoot further.
 

1 more replies
Relevance 71.34%

Dell laptop running Vista sp2 was infected with Live Security Platinum virus. Ran Kaspersky TDSS killer which found nothing. Ran Superantispyware and Malwarebytes which both found and removed multiple infections. I then installed Microsoft Security Essentials which immediately found Virus win32/sirefef.r and computer popped up a message saying "Windows has encountered a Critical error and will restart in one minute". Computer is now in a loop of displaying this message and restarting continually. Please help.

Answer:Virus win32/Sirefef.r shutting down and restarting computer

As instructed in other instances exhibiting this problem, here is the FRST log:

Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 10-08-2012
Ran by SYSTEM at 12-08-2012 07:59:25
Running from E:\
Windows Vista ™ Home Premium Service Pack 1 (X86) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe [159744 2007-09-07] (Alps Electric Co., Ltd.)
HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup [13552160 2008-09-25] (NVIDIA Corporation)
HKLM\...\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe [3810304 2008-12-18] (Dell Inc.)
HKLM\...\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s [118784 2007-07-27] (Creative Technology Ltd.)
HKLM\...\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [174872 2007-03-21] (Intel Corporation)
HKLM\...\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe [405504 2007-12-02] (IDT, Inc.)
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2010-11-29] (Apple Inc.)
HKLM\...�... Read more

16 more replies
Relevance 70.93%

Last night, I noticed MSE was not running and I could not update or run a scan. I uninstalled and reinstalled MSE. It scanned and detected Sirefef.R and Sirefef.AH and a message appeared that the computer would shutdown in one minute. The same thing happens in safe mode.

I am unable to run READ AND RUN ME FIRST because of the shutdowns (sending this from another computer).

I ran FRST.exe and have attached the file.

Thanks
 

Answer:Sirefef.R & Sirefef.AH - roboots after 1 minute

Please do the below as we need to locate a backup file to replace an infected one.

Boot to System Recovery Options and run FRST again.
Type the below bolded text in the edit box after "Search:".

services.exe

Then click the Search button.

It will make a log (Search.txt) on the flash drive. Please attach this log to your next reply. (See How to attach)
 

18 more replies
Relevance 68.06%

Title pretty much says it all. Whenever my computer restarts if I don't do anything Microsoft Security Essentials will detect 2 infections, Sirefef.AH and Sirefef.R, and then inform me that I have a minute until the computer shuts down. If I end the process for Microsoft Security Essentials before any detections occur though then I can use my computer like normal. I'm guessing I need to use FRST to replace services.exe like in the other topics exhibiting this behavior, but since I can't interpret the logs I don't know how to fix this myself and admit that I could be way off.

On a possibly unrelated note, I've never been able to get ComboFix to run properly. I was asked to use it in a prior help topic on this site but was unable. Since then I've tried several times on my own to make it run to no avail. It always hangs after it informs me that it may take 10 minutes or more for badly infected systems and that text just hangs there even when I leave it on overnight.

I don't really care if ComboFix ever runs on my computer, but I figured it could be a symptom for something else so I'm listing it. Mostly I'd just like to be able to restart my computer without racing to stop processes before it gets stuck in a cycle.

Thanks in advance for whoever decides to help me.

Answer:Infected Sirefef.AH and Sirefef.R, computer keeps restarting

Please run the following:download Farbar Recovery Scan Tool and save it to a flash drive.Plug the flashdrive into the infected PC.Enter System Recovery Options. To enter System Recovery Options from the Advanced Boot Options:Restart the computer.As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.Use the arrow keys to select the Repair your computer menu item.Choose your language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account and click Next.To enter System Recovery Options by using Windows installation disc:Insert the installation disc.Restart your computer.If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.Click Repair your computer.Choose your language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account an click Next.On the System Recovery Options menu you will get the following options:Startup RepairSystem RestoreWindows Complete PC RestoreWindows Memory Diagnostic ToolCommand Prompt[*]Select Command Prompt[*]In the command window type in notepad and press Enter.[*]The notepad opens. Under File menu select Open.[*]Select "Computer" and find your flash drive letter and close the notepad.[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) ... Read more

9 more replies
Relevance 66.01%

Good day Sir

I am currently using AVG anti-virus. I discovered yesterday that my pc was infected with the above when a pop up appeared from AVG Resident Shield Alert.
Filename : c:\WINDOWS\System32\services.exe
Threat warning: Trojan horse patched_c.LZI detected when open

I searched online & followed to thsi forum. I ran esetscan & found this:
C:\Downloads\Software\apex-video-converter-free.exe multiple threats
C:\WINDOWS\Installer\{9081a400-93a1-c7e5-1756-88339bbd685a}\U\[email protected] Win64/Agent.BA trojan
C:\WINDOWS\Installer\{9081a400-93a1-c7e5-1756-88339bbd685a}\U\[email protected] Win64/Sirefef.AE trojan
C:\WINDOWS\Installer\{9081a400-93a1-c7e5-1756-88339bbd685a}\U\[email protected] a variant of Win32/Sirefef.FD trojan
Operating memory a variant of Win32/Sirefef.EZ trojan
I would appreciatte whatever help in overcoming this threat.

Thank you & looking forward to your advice.
D

Answer:Win64/Agent.BA trojan, Win32/Sirefef.FD trojan & Sirefef.AE trojan

Hello,Please follow the instructions in ==>This Guide<== starting at step 6. If you cannot complete a step, skip it and continue.Once the proper logs are created, then post them in a reply to this topic by using the Add Reply button.If you can produce at least some of the logs, then please create the post and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Please note that I am not a member of the Malware Removal Team and will not be assisting you in removing the infection. I'm simply helping you to post the information they need in order to assist you.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.Orange Blossom

21 more replies
Relevance 66.01%

skype runs ok in my VISTA HOME BASIC 32BIT, but icon/shortcut of skype in desktop, do not seem instead shows a small null icon, well what to do to be seen ?

Answer:skype runs ok in my VISTA HOME BASIC 32BIT, but icon/shortcut of skype in desktop, do

Hello Ise,

You might see if creating a new shortcut for it directly from the .exe file of Skype may work instead.

Hope this helps,
Shawn

1 more replies
Relevance 64.78%

Hello!

I'm a new member, and I came upon your site after reading a couple recent threads dealing with the Sirefef virus. I've tried running Microsoft Security Essentials, but my laptop keeps restarting before it has the chance to remove it.

I have the same exact problem as in these two threads:

http://www.bleepingcomputer.com/forums/topic463661.html
http://www.bleepingcomputer.com/forums/topic462717.html

I've tried following them, and have successfully completed the step involving System Recovery Options and frst.exe I'm no technical expert, though, so I don't know what to put in the fixlist.

I'll attach the FRST.txt and Search.txt I've generated from my computer, and hopefully you can get back to me. I really appreciate it!

Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 08-08-2012
Ran by SYSTEM at 08-08-2012 06:33:39
Running from E:\
Windows Vista ™ Business (X86) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.)
HKLM\...\Run: [iSkysoft Helper Compact... Read more

Answer:Sirefef Virus/Trojan Help

Greetings And Welcome To The Forums!!My name is Gringo and I'll be glad to help you with your malware problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At... Read more

20 more replies
Relevance 64.78%

Hi! Had good results with this forum; back again!Working on my nephew's computer, I noticed Google searches were being redirected. Microsoft didn't catch the initial problem so I ran Malwarebytes and Eset Online scanner which found and clean some problems. Rebooted. Microsoft Security Essentials found Sirefef trojan, cleaned and rebooted. Now every I boot the computer it says it will "restart automatically in one minute" (both safe and normal mode)OS is VistaAV is MSEAdvanced Boot options does NOT give me "Repair you computer" optionI do not have the Windows installation disk, although it might be possible to find with a lot of hunting.Please help!(As an aside, the reason I went to my nephew's computer was to check on the router... On my laptop my Symantec Endpoint Protection was giving me popups that it a "port scan attack is logged" coming from the router. Since it was being blocked I figured I would use the other computer to view router's admin page.)

Answer:Sirefef (one minute reboot)

Update:
I booted to safe mode and brought up the task manager with a CTRL-ALT-DEL at the first opportunity. I used the processes tab to locate the MSI process and ended it. This allowed me to run DDS and GMER to get the following logs.

Awaiting help,
Thanks!

.
DDS (Ver_2011-08-26.01) - NTFSx86 MINIMAL
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by COREY at 20:04:59 on 2012-08-12
Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.2047.1652 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\Explorer.EXE
C:\Windows\system32\Taskmgr.exe
C:\Windows\system32\mmc.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.... Read more

33 more replies
Relevance 64.78%

I installed Microsoft security essential and ran a full scan of the system. But I found out that my windows is attacked by Trojan:win64/Sirefef.W, Trojan:win64/Sirefef.M and Trojan:win32/Sirefef.AK. Microsoft security essentials was unable to remove them. The main issue that I have been facing since this incident is that windows can't update Firewall settings. the following message is displayed "Windows Firewall cant change some of your settings. Error code 0x80070424". Additionally, the antivirus program "Microsoft security essential" keeps on detecting the above mentioned malwares and asks to delete these files. Once deleted it asks for a reboot. After restart again these viruses are re-created and its been happening for the last couple of weeks.sea In order to resolve this issue I searched the internet and found http://www.bleepingcomputer.com so I posted a topic regarding this issue and I have been recieving help from one of your experts. Here's the link of this topic:http://www.bleepingcomputer.com/forums/topic455970.html/page__gopid__2721298#entry2721298Now that problem persists, I have been asked for the elevated help and to post a new topic here. I am glad to know that your team is so dedicated for our help. As I am using 64-bit version of windows so only DDS logs were created. DDS.txt logs are given below and attach.txt is been attached as well.....DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion... Read more

Answer:Infected with Trojan:win64/Sirefef.W, Trojan:win64/Sirefef.M and Trojan:win32/Sirefef.AK

Hello and Welcome to Bleeping Computer!!My name is Gringo and I'll be glad to help you with your malware problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE:... Read more

27 more replies
Relevance 64.78%

found with mse and scanned with malwarebytes no help, just hoping someone can help
 
dds file logs
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16635  BrowserJavaVersion: 1.7.0_09
Run by Sean at 15:38:09 on 2013-08-03
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8141.5674 [GMT -7:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* 1
SP: Windows Defender *Disabled/Updated* 0
SP: Microsoft Security Essentials *Disabled/Updated*

dataLayer.push({'event':'ldfMDL','mdlLocLabel':'forums'});

jQuery(function ($) {
// Load dialog on page load
$(".modal_cbox").modal({
opacity:50,
containerCss:{
backgroundColor:"#c8c9c9",
borderColor:"#5983C3",
height:510,
padding:5,
width:830,
},
onShow: function (dialog) {
$("html,body").css("overflow","hidden");

if( /Android|webOS|iPhone|iPad|iPod|BlackBerry|IEMobile|Opera Mini/i.test(navigator.userAgent) ) {
$('body').css('position','fixed');
}
},
onClose: function (dialog) {
$("html,body").css("overflow","auto");

if( /Android|webOS|iPhone|iPad|iPod|BlackBerry|IEMobile|Opera Mini/i.test(navigator.userAgent) ) {
$('body').css('position','relative');
}

$.modal.close();
}
});
});
9
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k... Read more

Answer:trojan.win64/sirefef.p and trojan.win32/sirefef.ab removal help

Hello silencer626 I would like to welcome you to the Malware Removal section of the forum.Around here they call me Gringo and I will be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the sa... Read more

34 more replies
Relevance 64.78%

Hello! Please Help!

My antivirus started to warn me about blocking stuff a few days ago. I was using Bitdefender Total Security 2012. At first it found the threats and removed them but since this morning it started acting more weird. It wasn't able to remove them. I think it showed among others a trojan.sirefef.fy. I've changed my antivirus with Norton 360 but it didn't solve anything. I've installed Malwarebytes Anti-Malware which found another 2 trojans and rootkit.0Access. A second scan showed nothing. Norton 360 showed 2 threats and removed them. At last I ran Eset Online Scanner which now shows 7 threats. I'm really worried that my pc is compromised. I'm using Windows 7 with Firefox. Windows Update seems to be deactivated too.

Answer:trojan.sirefef.fy, Sirefef.Fd Trojan, rootkit.0Access problem

DownloadTDSSkillerLaunch it.Click on change parameters-Select TDLFS file systemClick on "Scan".Please post the LOG report(log file should be in your C drive) Do not change the default options on scan resultsDownloadaswMBRLaunch it, allow it to download latest Avast! virus definitionsClick the "Scan" button to start scan.After scan finishes,click on Save logPost the log results hereDownloadESET online scannerInstall itClick on START,it should download the virus definitionsWhen scan gets completed,click on LIST of found threatsExport the list to desktop,copy the contents of the text file in your reply

8 more replies
Relevance 64.37%

I have the sirefef virus and the computer reboots every minute even in safe mode with networking. I am able to access the task manager but I can not find any process with the trojan name to stop nor can I figure out which process I should stop. Any help would be greatly appreciated.

Answer:trojan virus sirefef removal

Windows 7 Forums the biggest Windows 7 help and support forum, friendly help and many Windows 7 tutorials that will help you get the most out of Microsofts new Windows 7 Operating System. - Search Results for sirefef virus
------------------------------------------------------------
This would be a great place to start

4 more replies
Relevance 64.37%

I can not get rid of this virus. I have used Microsoft Security Essential, Malwarecity's how to remove zeroaccess rootkitsirefef from your PC as easy as 123 and Mcafee's RootkitRemover. After running the Malwarecity, my computer slowed down drastically. I tried to use System Restore restoring to a date prior to my virus problem and that failed. I can not get on Internet Explorer. I am able to use Google Chrome. I ran another quick scan using Microsoft Security Essential which didn't detect anything. However, my computer is still running very slow. I don't know what else to do. Would you be able to offer me some advice?
Thank you!
Becky

Answer:Trojan:Win32/Sirefef.AC Virus

I apologize...operating system in Windows XP

1 more replies
Relevance 64.37%

Hi there,

I am operating on Windows 7, 64 bit and clicked on a google image that linked to a Trojan Virus Sirefef or a virus of similar spelling that I have now possibly removed.

I have used Malwarebytes to run a scan of my computer and remove the Sirefef virus but I am not sure if there is any damage to files or malicuous virus hidden or left on my system. I have been receiving mixed advice from friends and then I was refered to this site - awesome site!

One friend said I could do a system back track 1 week to remove the virus, others mentioned wiping my complete hard drive. I would like the adivse from a staff member of this site please?

I currently get the message C:\Users\Andy Whitting\AppData\Roaming\Xiva\xiaft.exe in the Microsoft Security Essentials Pop Up every time I turn on the PC. It says Security Essentials detected items on your PC that it doesnt recognize. By sending these files listed below, you can help Microsoft analysts determine whether these items are malicious.

I have read through a previous post but as I have already run the Malwarebytes program intially I would really apeciate help to remove the remaining parts of the virus and check that my PC is ok.

Thank you so much in advance.

Andy

Answer:Trojan Virus Sirefef Need help to remove please

DownloadTDSSkillerLaunch it.Click on change parameters-Select TDLFS file systemClick on "Scan".Please post the LOG report(log file should be in your C drive) Do not change the default options on scan resultsDownloadaswMBRLaunch it, allow it to download latest Avast! virus definitionsClick the "Scan" button to start scan.After scan finishes,click on Save logPost the log results hereDownloadESET online scannerInstall itClick on START,it should download the virus definitionsWhen scan gets completed,click on LIST of found threatsExport the list to desktop,copy the contents of the text file in your reply

45 more replies
Relevance 64.37%

How can I remove this virus manually. I cannot afford to pay to have it removed.

Answer:trojan/virus win32/sirefef.ah

Please follow the instructions in ==>This Guide<== starting at Step 6. If you cannot complete a step, skip it and continue.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

1 more replies
Relevance 64.37%

I have a Sony vaio laptop that is running on Vista home premium. I've been having severe issues with my computer and because I'm not savvy in this area I don't know if all of these things are related or not. The first problem I had a few weeks ago was some windows platinum virus scanner that I don't remember downloading. It kept telling me it found threats on my computer but it wouldn't remove them unless I purchased the program. I used super anti spyware to remove it. I think I ran malware bytes after as well.Then I immediately had a new problem with what I came to learn was called a redirecting virus. Super anti spyware and malware bytes couldn't get rid of it but every time I ran them they'd find more and more threats and tracking cookies. I tried something called tddskiller? I don't think it did anything... It always told me there was no threats found.Hubby tried doing a system restore but it tells us that it was unsuccessful creating a shadow? I don't know what that meant.My well meaning parents told me about windows security essentials, saying this is the only program I'll need and it helped them when my mom was having similar problems. I downloaded this last night, and now my computer won't quit restarting unless I run it in safe mode, where I then tried to uninstall wse so I could at least run it in safe mode with networking. Well the wse won't let me uninstall. Edited to add: the severe threat it keeps restarting to try... Read more

Answer:Redirecting virus? sirefef? Trojan?

Latest version of TDSSkiller should find it.Boot into safemode with networkingDownloadTDSSkillerLaunch it.Click on change parameters-Select TDLFS file systemClick on "Scan".Please post the LOG report(log file should be in your C drive) Do not change the default options on scan resultsDownloadaswMBRLaunch it, allow it to download latest Avast! virus definitionsClick the "Scan" button to start scan.After scan finishes,click on Save logPost the log results hereDownloadESET online scannerInstall itClick on START,it should download the virus definitionsWhen scan gets completed,click on LIST of found threatsExport the list to desktop,copy the contents of the text file in your reply

74 more replies
Relevance 64.37%

Hi Guys,

My friend brought a laptop with Live Security Platinum Virus. I was able to remove it and even got a few good clean scans back from Malwarebytes and Spybot, then, all of a sudden, MSE started detecting win64/sirefef.y and it would reboot the computer after 1 minute. It keeps cycling like that in Safe mode as well. MSE detects it, tried to remove it, then it reboots. I can't run any tests or scans or disable it. I tried to use system restore, but it reboots the computer before I can kick start it.

I saw people posting logs here and getting a custom script to fix the issue. Any help would be greatly appreciated. Here is my FRST log. Thank you very much!

Scan result of Farbar Recovery Scan Tool Version: 19-06-2012
Ran by user at 19-06-2012 14:54:23
Running from E:\
Service Pack 1 (X64) OS Language: English(US)
Attention: Could not load system hive.ERROR: The process cannot access the file because it is being used by another process.

ATTENTION:=====> THE TOOL IS NOT RUN FROM RECOVERY ENVIRONMENT AND WILL NOT FUNTION PROPERLY.
============ One Month Created Files and Folders ==============

2012-06-19 14:54 - 2012-06-19 14:54 - 00000000 ____D C:\FRST
2012-06-19 14:24 - 2012-06-19 14:24 - 00005520 ____A C:\Windows\WindowsUpdate.log
2012-06-19 13:42 - 2012-06-19 14:53 - 00001344 ____A C:\Windows\setupact.log
2012-06-19 13:42 - 2012-06-19 13:42 - 00000000 ____A C:\Windows\setuperr.log
2012-06-16 20:30 - 2012-06-17... Read more

Answer:win64/sirefef.y Trojan Virus

Hello shvidky and welcome to the forums!My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. I'll be addressing you by your username, if you'd like me to address you by something else, please let me know!I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
If I instruct you to download a specific tool in which you already have, please... Read more

13 more replies
Relevance 64.37%

I am having the same trouble as many others. Can't do anything cause computer restarts every minute. Here are my FRST logs. Thank you in advance for the help.

Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 25-07-2012 01
Ran by SYSTEM at 25-07-2012 13:18:19
Running from F:\
Windows 7 Professional (X86) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [141848 2009-09-08] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [174104 2009-09-08] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [151064 2009-09-08] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s [7739936 2009-09-16] (Realtek Semiconductor)
HKLM\...\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe" [159456 2011-08-05] (Microsoft Corporation)
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)
HKLM\...&#... Read more

Answer:Sirefef Infection/1 minute reboot

Greetings And Welcome To The Forums!!My name is Gringo and I'll be glad to help you with your malware problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At... Read more

5 more replies
Relevance 64.37%

Hi, im new to this forum. I think I have the exact same problem as in this post:
http://www.bleepingcomputer.com/forums/topic455881.html

But I thought it would be better to post a new topic, correct me if im wrong.

My computer boot, and after a few seconds it says that it found a potential risk "Sirefef", and after 1 minute it reboots.
Any help is appreciated!

Attached you find scan results from Farbar Recovery Tool.

Answer:Sirefef with automatic reboots after 1 minute

This post can ble closed, I think I solved the problem by doing the same steps as in the duplicate post.

2 more replies
Relevance 64.37%

Got another one for you... Can't stay logged into windows because of a critical error, and rebooting 1 minute later.Here is my frst.txt content...Scan result of Farbar Recovery Scan Tool Version: 25-07-2012 01Ran by SYSTEM at 27-07-2012 20:21:28Running from I:\Windows 7 Home Premium (X64) OS Language: English(US) The current controlset is ControlSet001========================== Registry (Whitelisted) =============HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7981088 2009-07-20] (Realtek Semiconductor)HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup [16333856 2009-07-14] (NVIDIA Corporation)HKLM\...\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui [190472 2009-09-16] (Logitech Inc.)HKLM\...\Run: [EKAIO2StatusMonitor] C:\Windows\system32\spool\DRIVERS\x64\3\EKAiO2MUI.exe [3240448 2011-12-10] (Eastman Kodak Company)HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35696 2009-02-27] (Adobe Systems Incorporated)HKLM-x32\...\Run: [ABNotify] C:\Program Fi... Read more

Answer:Another Sirefef Infection/1 minute reboot

Please do the following:Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt start
1 evrhwdch; \??\C:\Windows\system32\drivers\evrhwdch.sys [x]
2012-07-27 17:17 - 2012-07-27 17:17 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.2243DA0DB5B173E7
2012-07-27 17:17 - 2012-07-27 17:17 - 00050392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\wwogfass.sys
2012-07-27 15:35 - 2012-07-27 15:35 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.2BADF4F3E3ADF4FB
2012-07-27 15:20 - 2012-07-27 15:20 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3BADF02DBC08DE8D
2012-07-23 11:00 - 2012-07-23 11:00 - 00311296 ____A C:\Users\Courtney_2\AppData\Local\plogolc.exe
C:\Windows\Installer\{4935c656-a5da-c5b8-8fc3-b9e67597a38b}
C:\Users\Courtney_2\AppData\Local\{4935c656-a5da-c5b8-8fc3-b9e67597a38b}
replace: C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe C:\Windows\System32\services.exe
... Read more

13 more replies
Relevance 64.37%

Hello, this is my first time in this forum. My first indication of a problem with my computer was that MSE was not started, and would not start when I attempted to do so. I uninstalled MSE, and then reinstalled it. During the quick scan it attempted during the installation, it let me know it found the serious threat of Sirefef.AH. I told it to remove the problem and it began to do so, but before it was done, a windows message popped up: "Windows has encountered a critical problem and will restart in automatically in one minute. Please save your work." I then have approximately 60 seconds to do anything before the computer reboot itself. Now, it is giving me this error and reboot every time I restart the computer. It does this even in safe mode. I did manage to download the TDSSKILLER .zip file to my phone, then copied the file to the infected computer, extracted it, got it installed and started the scan before the computer rebooted itself.

I have searched through this forum for help but I can seem to find anyone else with the problem of having only a 60 second window to fix this malware issue.

I am running Windows 7 on a 32-bit system. Thank you in advance for your help!!

Answer:Sirefef.AH with automatic reboots after 1 minute

Lets give it a try. You will need a USB Flash drive.For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.Plug the flashdrive into the infected PC.Enter System Recovery Options. To enter System Recovery Options from the Advanced Boot Options:Restart the computer.As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.Click on Repair your computer menu item.Select US as the keyboard language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account and click Next.On the System Recovery Options menu you will get the following options:Startup RepairSystem RestoreWindows Complete PC RestoreWindows Memory Diagnostic ToolCommand PromptSelect Command PromptIn the command window type in notepad and press Enter.The notepad opens. Under File menu select Open.Select "Computer" and find your flash drive letter and close the notepad.In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.The tool will start to run.When the tool opens click Yes to disclaimer.Press Scan button.It will make a log (FRST.txt) in the flash drive. Please copy and paste it to your reply.

27 more replies
Relevance 63.55%

Just as the topic indicates. I noticed a thread someone else was infected as well. Looked like the resolution involved user specific variables so any help would be appreciated!!

Windows 7 64bit

Answer:Caught the "trojan sirefef" virus -- Need help removing

DownloadTDSSkillerLaunch it.Click on change parameters-Select TDLFS file systemClick on "Scan".Please post the LOG report(log file should be in your C drive) DownloadaswMBRLaunch it, allow it to download latest Avast! virus definitionsClick the "Scan" button to start scan.After scan finishes,click on Save logPost the log results hereDownloadESET online scannerInstall itClick on START,it should download the virus definitionsWhen scan gets completed,click on LIST of found threatsExport the list to desktop,copy the contents of the text file in your reply

45 more replies
Relevance 63.55%

Since a couple of days, Microsoft Security Essentials has been giving alerts about Trojan.Win32(and 64)/Sirefef.(various shit)

Says it succeeds in removing them but they return every couple of minutes. Reboot after removal didn't help a thing, nor running Malwarebytes and TDSSkiller.

Any advice? Preferably some fancy combofix method with logs, conventional antivirus solutions haven't shown to help so far.

Thanks in advance!

Answer:Trojan.Sirefef virus, problems removing it

  
Quote: Originally Posted by iDennisW


Since a couple of days, Microsoft Security Essentials has been giving alerts about Trojan.Win32(and 64)/Sirefef.(various shit)

Says it succeeds in removing them but they return every couple of minutes. Reboot after removal didn't help a thing, nor running Malwarebytes and TDSSkiller.

Any advice? Preferably some fancy combofix method with logs, conventional antivirus solutions haven't shown to help so far.

Thanks in advance!


Try running Malwarebytes in Safe Mode and be sure to remove everything that comes up (make sure their checkboxes are enabled) Also, clear out all of your browser's cache. In Internet Explorer, click on the gear in the top right and select internet options. Then, find where it says browsing history in the middle of the page and click on delete. In the window that pops up, check all of the checkboxes except the one at the top that says "preserve favorite's website data" and select delete.

3 more replies
Relevance 63.55%

When I clicked on a tutorial link for sewing, I received a notice that I was infected with "Rootkit.sirefef.spy and Trojan Virus found on System 32 NT Kernel".  Another pop up box said "Windows Defender Error Code 0x80073afc" and some other information but could not read it all because another popup box that wanted me to click "Okay" was covering part of it.  I didn't want to click okay, so I restarted my computer as I could not close Windows.
 
I briefly used the pc after this, mostly to visit this site, and Microsoft's site, and it seems to run okay.  I also ran Malwarebytes Anti-malware scanner which showed 0 infections.  Microsoft site recommended downloading their "Microsoft Safety Scanner" from another computer and running it.  Do you think this will actually work?
 
Thank you for any advice.
 
 

Answer:Not sure if I'm infected - Rootkit.sirefef.spy & Trojan virus

Hello,with a rootkit infection we should get a deeper look. Please follow this Preparation Guide and post in a new topic.Let me know if all went well.

3 more replies
Relevance 63.55%

My computer has been shutting down suddenly each morning for the past couple weeks. While investigating the issue I noticed that Windows Update and Windows Firewall were turned off. After visiting Microsoft's Support area I was able to get Windows Update working, but after running a Windows Security Essentials Scan and removing the only virus it found (Trojan:Win64/sirefef.e) My computer restarted to a blue screen of death that said "Stop: C0000135 The program can't start because %hs is missing frmo your computer. Try reinstalling the program to fix this problem"

When I restarted again Windows Startup tool came up and had me restore back to when it was working....which of course also restored the virus.

I've looked around on the internet for a couple hours tonight and haven't found a solution. Tech Guys helped me once in the past and hoping someone is available to help again.

Thanks in advance!
HiJack this log below.

DDS Lob further below.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:54:38 PM, on 1/5/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Users\WA1\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe
C:\Program Files (x86)\Common Files\I... Read more

Answer:Trojan:Win64/sirefef.e Virus Removal

11 more replies
Relevance 63.55%

Fool that I am, I tried to torrent a program (I know, I know), and now my browser (Chrome) redirects to 'www.trovi.com.' I read the comments for the torrent file a little closer, find somebody's antivirus pinged 'trojan Dropper Win32/Sirefef.B'. 
 
I followed Microsoft's removal instructions to no avail. I've updated and run Microsoft Security Essentials, Microsoft Safety Scanner and Malwarebytes, none of them pick this thing up. Please help!

Answer:Virus! Maybe trojan Dropper Win32/Sirefef.B. Please help!

Hello and welcome ZRRDownload TDSSKiller and save it to your desktop.Extract (unzip) its contents to your desktop.Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.If an infected file is detected, the default action will be Cure, click on Continue.If a suspicious file is detected, the default action will be Skip, click on Continue.It may ask you to reboot the computer to complete the process. Click on Reboot Now.If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here....ADW CleanerPlease download AdwCleaner by Xplode and save to your Desktop.Double-click on AdwCleaner.exe to run the tool.Vista/Windows 7/8 users right-click and select Run As Administrator.Click on the Scan button.AdwCleaner will begin...be patient as the scan may take some time to complete.After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.After reviewing the log, click on the Clean button.Press OK when asked to close all programs and follow the onscreen prompts.Press OK again to allow AdwCleaner to restart the computer and complete the removal process.After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.Copy a... Read more

11 more replies
Relevance 63.55%

Hi, folks. I'm from Brazil and I had the same problem as kesposito. I was searching for a solution on the web and I found this site and read this topic.I noticed there was a successful, but complex and long procedure which I coudn't follow, and the instructions were given to that specific case, so I decided to join BleepingComputer and create this topic. I'd like to receive instructions to have a removal of the virus (sirefef.AH).Just a question: I'm using my desktop computer to write this post; the infected computer is a laptop. Master Surgeon General said that a USB Flash drive would be needed. Mine was connected to the laptop after it was infected. Is it OK if I use that flash drive?Thank you in advance for help.

Answer:Sirefef.AH with automatic reboots after 1 minute (part 2)

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the ... Read more

63 more replies
Relevance 62.73%

I was directed to this forum to get assistance with my issue. I have a [email protected] Virus known as: Rootkit.ZeroAccess, Trojan.Sirefef. After running all of this stuff below I still get warning of infection. HELP! =)

Symantec and Malwarebytes have all come back clean. I've run the TDS Killer, that came back clean. I've run the SUPERantispyware, that came back clean.

these are the results from the GMER I ran:
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-06-05 16:51:21
Windows 6.1.7601 Service Pack 1
Running: gmer.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\c0f8dae5104a
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\c0f8dae5104a (not active ControlSet)

---- EOF - GMER 1.0.15 ----

These are the results from the DDS Tool I ran:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.4.1
Run by cwallace at 8:31:14 on 2012-06-06
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8073.5686 [GMT -7:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C... Read more

Answer:I have a [email protected] Virus known as: Rootkit.ZeroAccess, Trojan.Sirefef

I just ran ComboFix here is the log: Note*** after i ran it, it rebooted my computer, and created a log (below). however, i then went to use the internet and found out that every application said that the 'registry had been tag for deletion" and didnt work. so i manually restarted and everything seems to work. I don't know if it cured my virus yet.

ComboFix 12-06-06.02 - cwallace 06/06/2012 9:49.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8073.5947 [GMT -7:00]
Running from: c:\users\cwallace\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GVOLM3WY\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\Windows\Templates\ScorecardTemplate-Matrix.htm
c:\users\Administrator\Desktop\Setup.exe
c:\users\cwallace\AppData\Local\{872f14e... Read more

21 more replies
Relevance 62.73%

I was using my grandmother's computer tonight and somehow infected by Live Security Platinum. I used Malwarebytes to remove it by following the directions here.It appeared to work, but after restarting my computer, I keep getting the error, "Windows has encountered a critical problem and will restart automatically in one minute." I open up Microsoft Security Essentials to see what is causing the problem, and the two programs "Win64/Sirefef.Y" and "Win64/Sirefef.B" are labeled as dangerous. MSE cannot scan the computer quickly enough to remove those programs before the computer is restarted. Details provided by MSE shows that "file:C:\Windows\system32\services"I have seen other questions about this problem, but I wasn't able to find anything for Vista, only Windows 7. The solution also appears very specific in each case, with much pasting of results, so I didn't want to mess up my grandmother's computer by following directions that were not exactly correct. I have another computer and USB drive available. Thanks in advance for the help!

Answer:Windows Vista will restart automatically in one minute, and I have sirefef

Greetings And Welcome To The Forums!!My name is Gringo and I'll be glad to help you with your malware problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At... Read more

3 more replies
Relevance 62.73%

I use Windows 7 Home Premium 64-bit with Service Pack 1

My antivirus program, ESET Smart Security 5, notified me of the following infection:
7/2/2012 6:24:16 PM Real-time file system protection file C:\Windows\system32\services.exe Win64/Patched.B.Gen trojan unable to clean NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Users\Owner\AppData\Local\Temp\341615390.exe.

As you can see, it was unable to clean the infection. This notification pops up roughly every 15 minutes. When I tell ESET to delete the infected file, it says there was an error when deleting. Also, ESET notified me of the three following infections, and the second two keep returning after deletion:

7/2/2012 6:24:36 PM Real-time file system protection file C:\Windows\Installer\{4d64a181-5ab7-f857-5530-4aa187755236}\n Win64/Sirefef.W trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Users\Owner\AppData\Local\Temp\341615390.exe.

7/2/2012 6:24:36 PM Real-time file system protection file C:\Windows\Installer\{4d64a181-5ab7-f857-5530-4aa187755236}\U\[email protected] Win64/Sirefef.T trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Windows\System32\services.exe.

7/2/2012 6:24:36 PM Re... Read more

Answer:Win64/Patched.B.Gen trojan, Sirefef.AL trojan, and Sirefef.T trojan

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems. Please do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you... Read more

17 more replies
Relevance 62.32%

Hello all, Through various Google searches involving my problem, this appears to be the best forum to post on, so here I go. I am running Windows 7 x64 and will outline the following:1) I noted that I began getting various browser redirects from sites when searching through Google (I have not checked if this was elsewhere). The browser would redirect me to websites such as newsfudge.com.2) From this point I decided to attempt to run some scans. I had Microsoft Security Essentials installed however noted that it claims the service isn't running. When attempting to enable the service, it stated the service was not installed.- This was rectified. I uninstalled and reinstalled the application successfully.3) Upon attempting to run both Malwarebytes and MSE (Security Essentials from here on out), I would reboot into the computer and began to notice that I would get a dialogue box that would explain my computer is about to be logged off because of a critical error.- Attempting to restore "Last known good configuration" did not resolve this.- This does not occur while in Safe Mode, which is where I am posting this topic.- I haven't been able to find a specific error within the System Logs so if there should be one stated please tell me what to look for.- I believe this occurs when MSE detects several infections, which appear to be different variants of sirefef.-- The last two variants of sirefef detected by MSE are: Trojan:Win32/Sirefef.AB and Trojan:Win64/Sirefef.... Read more

Answer:Windows 7: Reboots after 1 minute, browser redirects, sirefef variants

Hi,Please do the following:download Farbar Recovery Scan Tool and save it to a flash drive.Plug the flashdrive into the infected PC.Enter System Recovery Options. To enter System Recovery Options from the Advanced Boot Options:Restart the computer.As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.Use the arrow keys to select the Repair your computer menu item.Choose your language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account and click Next.To enter System Recovery Options by using Windows installation disc:Insert the installation disc.Restart your computer.If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.Click Repair your computer.Choose your language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account an click Next.On the System Recovery Options menu you will get the following options:Startup RepairSystem RestoreWindows Complete PC RestoreWindows Memory Diagnostic ToolCommand Prompt[*]Select Command Prompt[*]In the command window type in notepad and press Enter.[*]The notepad opens. Under File menu select Open.[*]Select "Computer" and find your flash drive letter and close the notepad.[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64... Read more

30 more replies
Relevance 62.32%

Hello everyone, this is a repost of a thread from a few years ago.

Through various Google searches involving my problem, this appears to be the best forum to post on, so here I go. I am running Windows 7 x64 and will outline the following:

1) I noted that I began getting various browser redirects from sites when searching through Google (I have not checked if this was elsewhere). The browser would redirect me to websites such as newsfudge.com.
2) From this point I decided to attempt to run some scans. I had Microsoft Security Essentials installed however noted that it claims the service isn't running. When attempting to enable the service, it stated the service was not installed.
- This was rectified. I uninstalled and reinstalled the application successfully.
3) Upon attempting to run both Malwarebytes and MSE (Security Essentials from here on out), I would reboot into the computer and began to notice that I would get a dialogue box that would explain my computer is about to be logged off because of a critical error.
- Attempting to restore "Last known good configuration" did not resolve this.
- The same dialogue box pops up when I try to restart in Safe Mode, I am currently posting this from my work computer.
- I haven't been able to find a specific error within the System Logs so if there should be one stated please tell me what to look for.
- I believe this occurs when MSE detects several infections, which appear to be different variants of sirefef.
-... Read more

Answer:Windows 7: Reboots after 1 minute, browser redirects, sirefef variants

Greetings And Welcome To The Forums!!My name is Gringo and I'll be glad to help you with your malware problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the ... Read more

3 more replies
Relevance 62.32%

Hi, Last night I was browsing the internet and attempted to download something from a website that seemed legitimate, but when I went to scan the file with MSE, I was shocked to find that MSE was turned off, and I could not get it to work again.
I forget the exact error displayed, but I immediately disconnected the internet, uninstalled MSE, and then re-installed, reconnected to the net, updated MSE and was immediately confronted with a security warning that my system was infected with "Sirefef.Y".

MSE tried to clean the infection, but before it could complete the process, I recieved a Windows Critical error, stating that my system has encountered a problem and will automatically restart in 60 seconds, which it did.
This is a cycle that continues to occur, and pretty much immediately after boot, which gives me very little time to do anything about the problem.
Please help!

I am running Windows 7 Home Premium 64bit.

I have tried starting the computer in safe mode but get the same problem - each time I receive the Windows error and the system reboots
Any help you could provide would be appreciated a great deal.

Thanks in advance.

RK.

Answer:Sirefef infection - Computer restarts in 1 minute everytime I boot it

download Farbar Recovery Scan Tool and save it to a flash drive.(you need the 64bit version)Plug the flashdrive into the infected PC.Enter System Recovery Options. To enter System Recovery Options from the Advanced Boot Options:Restart the computer.As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.Use the arrow keys to select the Repair your computer menu item.Choose your language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account and click Next.To enter System Recovery Options by using Windows installation disc:Insert the installation disc.Restart your computer.If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.Click Repair your computer.Choose your language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account an click Next.On the System Recovery Options menu you will get the following options:Startup RepairSystem RestoreWindows Complete PC RestoreWindows Memory Diagnostic ToolCommand Prompt[*]Select Command Prompt[*]In the command window type in notepad and press Enter.[*]The notepad opens. Under File menu select Open.[*]Select "Computer" and find your flash drive letter and close the notepad.[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst6... Read more

8 more replies
Relevance 61.91%

Hi guys,

I'm running Windows 7 64bit OS. I recently found that Microsoft Security Essentials wasn't running and I had to reinstall it. Once I did it found these trojans.
I did a bit of research and read some other posts but it looks like there is a detailed and unique fix for each person.

I think I have done everything in the READ AND RUN ME thread, and I hope I have attached all the correct logs as requested.

The only problems I had were with MGTools. I got the following errors:
"The ordinal 1108 could not be located in the dynamic link library WSOCK32.dll"
and
"Application has generated an exception that could not be handled.

Process id=0xac8 (2760), Thread id=0xce4 (3300)"

Thanks for your time.

Cheers
 

Answer:Trojan: Win32/Sirefef.AB and Trojan: Win64/Sirefef.P

Rescan with HitmanPro.
Choose to Delete these files if they are detected:

C:\$Recycle.Bin\S-1-5-18\$f6a6e0a66969d09ba37420a38f97ea5e\n
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini

Ignore all other detections.
Afterwards, click the Next button.
HitmanPro may want to reboot the PC in order for the changes to take affect, please do so.

Double-click RogueKiller.exe to run. (Vista/7 right-click and select Run as Administrator)
When it opens, press the Scan button
Now click the Registry tab and locate these detections:

[RUN][BLACKLIST DLL] HKLM\[...]\Run : THXCfg64 (C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64) -> FOUND
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-21-360523327-522932163-1323501305-1000\$f6a6e0a66969d09ba37420a38f97ea5e\n.) -> FOUND
[HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-18\$f6a6e0a66969d09ba37420a38f97ea5e\n.) -> FOUND
[HJ INPROC][ZeroAccess] HKLM\[...]\InprocServer32 : ... Read more

11 more replies
Relevance 61.91%

Hello everyone, sry if i make another post about this facking virus but as i saw around it sems to be different for everyone (the removing process)

here i am, from italy, praying for someone to help me to remove this facking bleep, the situation atm it's that on intervals of 3 minutes Microsfot Security Essentials find on my pc this 2 files

Tojan:Win32/Sirefef.AB
Tojan:Win64/Sirefef.P
and i don't know what to do.. anyone that it's able to help me ?

EDIT: i'm running Windows 7 ultimate edition 64 bit service pack 1

Answer:Trojan:Win32/Sirefef.AB + Trojan:Win64/Sirefef.P NEED HELP PLEASE!

anyone that can help me ? that thing it's stealing all my passwords!

4 more replies
Relevance 61.91%

Hi there i kept getting a virus that AVG couldn't remove, which AVG wouldn't stop popping up about, so i tried a different anti virus software MSE, which seemed to have i would believe half fixed the problem as symptoms from the virus before like redirected webpages etc MSE managed to stop however MSE is having trouble dealing with Trojan:Win64/sirefef.M and Trojan:Win32/sirefef.AK, now i saw a topic posted about the win32 1 which suggested to using combofix, which this site stats do not use unless asked too, so i wanted to do things by the book (or you guys about the problem) i have used combofix before on the same machine to remove another virus before a while ago (maybe a year ago?). a Step by step method of removing the virus' and what the virus' actually do so i know how bad it is for future reference. Thank you.Using an AZUS ROG laptop with windows 7.Edit: Moved topic from Windows 7 to the more appropriate forum. ~ Animal

Answer:Trojan:Win64/sirefef.M and Trojan:Win32/sirefef.AK

DownloadTDSSkillerLaunch it.Click on change parameters-Select TDLFS file systemClick on "Scan".Please post the LOG report(log file should be in your C drive) DownloadaswMBRLaunch it, allow it to download latest Avast! virus definitionsClick the "Scan" button to start scan.After scan finishes,click on Save logPost the log results hereDownloadESET online scannerInstall itClick on START,it should download the virus definitionsWhen scan gets completed,click on LIST of found threatsExport the list to desktop,copy the contents of the text file in your reply

15 more replies
Relevance 61.91%

Hello everyone, sry if i make another post about this virus but as i saw around it sems to be different for everyone (the removing process)

here i am, from italy, praying for someone to help me to remove this, the situation atm it's that on intervals of 3 minutes Microsfot Security Essentials find on my pc this 2 files

Tojan:Win32/Sirefef.AB
Tojan:Win64/Sirefef.P
and i don't know what to do.. anyone that it's able to help me ?

EDIT: i'm running Windows 7 ultimate edition 64 bit service pack 1
 

Answer:Trojan:Win32/Sirefef.AB + Trojan:Win64/Sirefef.P NEED HELP PLEASE!

anyone that can help me ? that thing it's stealing all my passwords!
 

2 more replies
Relevance 61.91%

Hi, I'm from Portugal and I'm getting frustrated because I can't remove this virus.

Microsoft Security Essentials is finding 2 files I can't remove when I reboot the computer. When I reboot, MSE continues to find those files.

I'm running Windows 7 Home Premium Edition 64 bit service pack 1.

Please help me!

Answer:Trojan:Win32/Sirefef.AB and Trojan:Win64/Sirefef.P

Help me, please. I don't know what to do.

60 more replies
Relevance 61.91%

Hi,
I'm stuck with Microsoft Security Essentials detecting two trojans upon startup:

Trojan:Win32/Sirefef.AB
Trojan:Win64/Sirefef.P

Located in:
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini

I ran everything on the READ & RUN ME (except RootRepeal as I got Windows 7 Professional x64).

I hope I have attached all needed logs.

P.S. I'm pretty sure that the KMService.exe in the MBAM log is a false positive (It's MSOffice activator).
 

Answer:Trojan:Win32/Sirefef.AB + Trojan:Win64/Sirefef.P

Also this:
 

20 more replies
Relevance 60.68%

I have a HP laptop with windows vista and have Mico Trend antivirus protection. The other day Micro Trend program stated I had a trojan virus sirefef DD. & sirefef sls. Micro Trand program could not remove virus. The virus has turned off the Micro trend Firewall and has also turned off Windows Defender and windows firewall. I download ,malwarebytes program and a registry cleaning program. Malwarebytes and the registry cleaner cleaned several files, but still I can not turn the firewalls back on. I repeated the cleaning and found more files to clean and delete, still not able to turn on firewall. Any ideas on how to fix the problem
 

Answer:trojan virus Sirefef disabled windows defender & Micro Trend f firewall

Hi Waltfult and welcome to TSG. My name is Mark and I will be helping you.

Using Malwarebytes was a good move but running a Registry Cleaner is not. Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable. They are never used for Malware and should only ever be used if you have a high level of knowledge with regard to the system registry.

Please run another scan with Malwarebytes and post the log as follows:

Please run Malwarebytes and post the log as follows:

Open Malwarebytes and allow it to update with the latest definitions, then run a Quick Scan.
When finished, a message box will say "The scan completed successfully. Click Show Results to display all objects found".
Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
Make sure that everything is checked and then click Remove Selected.
When removal is completed, a log report will open in Notepad.
The log is automatically saved and can be viewed by clicking the Logs tab .
Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
Exit Malwarebytes when done.
If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If ask... Read more

2 more replies
Relevance 60.68%

Hi,
I have recently changed AV probrams from Eset nod 32 to Microsoft Security Essentials.

Upon running a scan with MSE, it has detected two trojans,
Trojan:Win32/Sirefef.AB
Trojan:Win64/Sirefef.P

Located in:
C:\Windows\assembly\GAC_32\Desktop.ini

I have gone through READ & RUN ME.
I did not run RootRepeal as I have Windows ultimate x64.
ComoboFix and TDSSKiller did not create log files.

TDSSKiller did find 2 threats and attempt to delete, upon reboot Windows because stuck in loading.

Thanks in advance
 

Answer:Trojan:Win32/Sirefef.AB & Win64/Sirefef.P

Currently reviewing those logs and will get back to you as soon as possible.
 

2 more replies
Relevance 60.68%

Microsoft Security Essentials keeps reporting this Trojan and quarantines it. After attempts to remove the file, It keeps reappearing. It shows a file location that I am unable to find on my system C:\WINDOWS\Installer\{c9895293-dd75-a99b-8995-cba2d2461db3}\U\[email protected]
Now I am getting a warning about VirTool Win32/Obfuscator.XQ @ C:\WINDOWS\Installer\{c9895293-dd75-a99b-8995-cba2d2461db3}\n However, this file cannot be located wither. There is no C:\Windows\Install directory.
Also Combofix loads and starts then it crashes. Disappears from file manager and splash screen disappears -- The program literally stops running.


DDS Text File Contents:
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
Run by Estelle Clark at 2:59:47 on 2012-05-19
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2423.1353 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Nero\Tools\InCD\InCDSrv.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\SUPERAntiSp... Read more

Answer:Infected with Trojan:Win32/Sirefef.AG and Sirefef.I

Hello and Welcome to Bleeping Computer!!My name is Gringo and I'll be glad to help you with your computer problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE:... Read more

4 more replies
Relevance 60.68%

help me plz, virus has been detected almost every second or so in AVG scan and it keeps making copies of itself....i'm now running hijackthis and here are the specs.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:50:16 AM, on 4/6/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
C:\Program Files\VMware\VMware Workstation\hqtray.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\Grisoft\AVG7\avgw.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files\Grisoft\AVG7\avgwb.dat
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Grisoft\AVG7\avgvv.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,St... Read more

Answer:HELP VIRUS LOP every minute(found in AVG evey minute) using hijackthis HELP!!!PLZ

Hi Welcome to TSG!!
Please download Malwarebytes Anti-Malware from Here or Here
Double Click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform Quick Scan, then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy the entire report and paste it in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
 

1 more replies
Relevance 59.86%

Hi,
I have been having a lot of problems with my computer with Windows Vista Home Basic. First, I had a virus called Vista Security 2012. I had this all cleaned up by microsft. Next, after Microsoft cleaned out the virus the computer has sat at the Dell startup screen for 4-5 minutes now it does this everytime it boots up. Next, after log in and everything all the icons are all big and some icons even move around after boot up. Last, right after log in I get a Windows Defender error the error is: Application failed to initalize: 0x80070006. The handle is invalid. This is a family members computer. They said they shut down sometimes by holding down the power button. I think that is a possible part of the problem. I now have the computer at my home.

Please help,
Thanks

Answer:Windows Vista Home Basic Problems Is the virus still there

Sounds like your system is still infected. I suggest you post in the Am I Infected forum.

3 more replies
Relevance 59.04%

my norton anti virus is expired i dont have a money to up date that.so plzzzzzzzz some on say to me which anti virus is good avg free edition2012avg anti virus professional 2012avira antivir personal free antivirusavg internet security 2012and from where i should download this safe and free and can some one tell me how can i download free 3d themes for windows7 and for clean and fix my pc error what should i do can i chose one of thispc tools antivirus freeremove it pro 4 senorton power eraserplzzzzzzz some one help me help

Answer:Which anti virus is good for my hp pavilion g6 windows 7 home basic?

My current package:Microsoft Security EssentialsSuperAntiSpywareMalwarebytesWin PatrolAll free..and effective.

3 more replies
Relevance 59.04%

My deskop is running on Windows 7 64-Bit
I believe that my laptop may have contracted the malware when I downloaded a "new" update for Adobe Flash Player, but im not sure
Live security was installed on my computer and I was able to remove it after using malwarebytes in safe mode. Now when I boot up my computer microsoft security essentials says I have a system failure and I have to restart, this happens everytime I boot up even in safe mode.
This is my log
 

Answer:computer keeps restarting after one minute

Welcome to Major Geeks!

Please observe the guidelines about attaching logs >> Forum Rules and Guidelines

We will need another log before we can workup a fix.

Boot to System Recovery Options and run FRST again.
Type the below bolded text in the edit box after "Search:".

services.exe

Then click the Search button.

It will make a log (Search.txt) on the flash drive. Please attach this log to your next reply. (See How to attach)
 

1 more replies
Relevance 59.04%

Hello,
This morning I was planning on downloading a patch for the demo of PES 2013, and I looked at one of the screenshots in the comments.
It was really a picture but looks like it also had malware in it.
At first I got the problem of something called Live Security Platinum. Some fake program trying to force me to buy their products. It also disabled many features in my PC.
Eventually I got rid of it by running malwarebytes in safemode, then I had a new problem when I returned to normal mode. I reinstalled Microsoft Security Essentials and got this message saying "Windows has encountered a critical problem and will shut down in 1 minute, please save your work".

Ever since then, I didn't manage to fix the problem. Few times before the shutdown MSE detected a trojan called sirefef, but when I clicked show details and chose "remove" for both trojans, the process took too long and the computer restarted as usual.
This happens in safemode as well.

I tried to use the option called "Disable windows restart in case of critical warnings" or something along those lines (Found in the booting menu when I press F8 on loading).

I also tried various tools, something with a panda ZAccess tool, and more types of removers, no luck (or took over a minute).
I figured if I manage to prevent the shutdown, ill be able to fix it, but using "shutdown.exe -a" does not work to abort the shut down.

Some details, my PC is a desktop running v... Read more

Answer:Computer restarting after a minute

For 32-bit (x86) systems download Farbar Recovery Scan Tool and save it to a flash drive.
For 64-bit (x64) systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
Restart the computer.
As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
Use the arrow keys to select the Repair your computer menu item.
Choose your language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account and click Next.

To enter System Recovery Options by using Windows installation disc:


Insert the installation disc.
Restart your computer.
If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
Click Repair your computer.
Choose your language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account an click Next.
On the System Recovery Options menu you will get the following options:





Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
Click to expand...


Select Command Prompt
In the command window type in notepad and press Enter.
The notepa... Read more

3 more replies
Relevance 58.63%

Hello, MSE had a message that said detected and cleaned virus and in the history came up Trojan:win32/sirefef.ak
.am
.ag
/sirefef and then proceeded to say remove.
kept getting the MSE logo spinning and saying cleaning and then same viruses would be in history
I used malwarebytes and it found the four aswell and cleaned them but I feel something is still there and runnin in the background because when I reboot my desktop icons keep resetting if I change them. Need help

Thanks
LR

what do you need for me to run a log to show the computer status?

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.12.09

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Roger Trudel :: ROGERTRUDEL-PC [administrator]

12/06/2012 6:25:09 PM
mbam-log-2012-06-12 (18-25-09).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 280359
Time elapsed: 15 minute(s), 32 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)... Read more

Answer:Trojan: win32/sirefef.ak & am & ag and sirefef

Hello and welcome to the forums!My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. I'll be addressing you by your username, if you'd like me to address you by something else, please let me know!I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
If I instruct you to download a specific tool in which you already have, please delete ... Read more

28 more replies
Relevance 58.63%

my system restarting after 2 minute how to solve this?I think its cause of virus.... because before this problem some of other programmes stop workingand saved setup files icons changed and not opening up

Answer:my system restarting after 2 minute how to solve this

Hellowhat about in safe mode?.. F8 key for safe modeEdit: check whether your processor is hot!message edited by Dashing_star

3 more replies
Relevance 58.63%

Hey!

Wanted to clean my brothers computer before school begins because it was very slow. During that found that windows update, MS Security Essentials and firewall are not working. It said that the services aren't running.
So I uninstalled and reinstalled MSSE and it couldn't update itself but found a trojan called Sirefef.A and Sirefef.AB and maybe other versions too. But during cleaning windows started to restart itself saying that there was a critical error and it will restart in 60seconds. Now can't do anything anymore and I have 2 options - reinstall windows or get it working somehow before next week

Answer:Infected with Sirefef & keeps restarting after 60 sec

Greetings And Welcome To The Forums!!My name is Gringo and I'll be glad to help you with your malware problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the ... Read more

26 more replies
Relevance 58.63%

Hello Bleeping Computer Experts:This forum was highly recommended by a good friend of mine. Looks like I'm yet another victim of the nefarious Sirefef. Microsoft Security Essentials tells me I'm infected with many variants of Sirefef, including Sirefef.R, Sirefef.AB, and Sirefef.AH (among others).Consequently, my PC is now stuck in the error loop of restarting every 60 seconds, even in safe mode. The error message I receive is: "Windows has encountered a critical problem and will restart automatically in one minute. Please save your work now."I tried to abort the system shutdown via command prompt: "shutdown a/", but that didn't work. Therefore, I'm stuck in this restart loop and unable to troubleshoot/proceed further without assistance.The infected PC is an older Dell Inspiron 6000, running Windows 7, 32 bit. (Plse let me know if you need more info from me to get started).I've read the Welcome Guide, I have a clean PC and new USB stick ready, and I'm ready to work together to kill this unwelcome intruder and restore my PC to proper health. I look forward to your replies and step-by-step guidance. Thanks!ND_Fan

Answer:Sirefef - PC Keeps Restarting - Plse Help

Greetings And Welcome To The Forums!!My name is Gringo and I'll be glad to help you with your malware problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At... Read more

20 more replies
Relevance 58.22%

As the title says, my PC will go from Windows Aero to Windows Basic 1 minute after being switched on. I have tried to turn aero back on from settings, but the option for peek is greyed out and the option for aero isn't in the performance tab. DWM is running and restarting it doesn't fix anything. I can't play any games as this issue also makes games stutter to the point of it being unplayable. Uninstalling and reinstalling the graphics drivers also didn't fix it.

Basically, Windows boots up, everything loads that needs to load, then the screen flickers and it switches to Basic.

Answer:PC changes to windows Basic 1 minute after turning on, aero forced off

Have you tried running WEI (Windows Experience Index) again? Sometimes when a driver has been updated or changed, Windows may require you to run it again.

This guide should help: Windows Experience Index - Update or Refresh Score

9 more replies
Relevance 57.4%

hello
i was hacked with the pc antispyware 2010 a few days ago
i've had to clean it out several times with malwarebytes
then i got another message saying i have 2 trojans and my computer kept shutting down every minute or so
it said c:\windows\system\32\services.exe terminited unexpectly with staus code 1073741819
i download and ran autoruns but still having the same problem
can you help me
thanks

Answer:computer keeps restarting every minute with status code 1073741819

Hi,I'm going to redirect you to the HijackThissection of this forum. This, because it's a deeper infection.Read this page and follow it's steps: http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/Please give them a link to this topic.Good luck.

1 more replies
Relevance 56.99%

Hi, I'm new hear and also Dutch, so forgive me for my bad spelling and gramatically incorrect sentences. I do not do it on purpose offcourse.

After I followed the basic tutorial before posting my hijackthis-log I noticed that IE didn't work properly anymore. On some pages it just stops loading, on others (all of them) javascripts don't work anymore while in my internet-tools active scripting and applets are enabled.

Do you understand...!?

Another little question, everybody seems to have MSN-viruses... I see the sentence 'do you want to be an MSN-hacker too then' etc. very often in conversations. Now I am worried to get affected too.

The spyware I got on my computer (it was really a lot and most of it was gone allready using spywaredoctor, ad-aware SE and spybot s&d) when I was 'defragmenteren' (don't know the English word...) and frogot to shut down my internet-connections. A programme (probably the one wich I downloaded when somebody sent me a link to a page and I accepted downloading 'handcuffs.piff' I did so while it was a friend of mine. After downloading it sent the same link to all my online contacts and shutted down MSN) well.. that programme I guess set all the ports open and when I woke op the other morning it was full of spyware. Really thirty or fourty programmes... (that moment I hadn't got a firewall) now I've got Zonelab.

And a third... This is what I get when I open the add/remove ... Read more

Answer:IE stops working properly after doing Basic Spyware, Trojan And Virus Removal

I read that problems are being treated within just an hour... too bad, I'm already allmost at the bottom of the page without any solution... Is de main part of this forum sleeping by now?!
 

15 more replies
Relevance 56.58%

Hello,

Problem description:

Noticed that the Microsof Security Essentials suite (and the firewall) was disabled, and could not be restarted ("The specified service does not exist as an installed program."); after uninstalling and reinstalling the MSE application, the computer would boot and almost immediately shut down (a dialog box would warn of shut-down in 1 minute); I did a restore and the shut-down warning stopped, but MSE was disabled again and uninstalling/reinstalling would produce the same problem.

Next step was to download and run Malwarebytes - log as follows:

////////////////////////////////////////////////////////////////////////////

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.07.09.08

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
CC2 :: CC2-PC [administrator]

7/16/12 6:41:40 AM
mbam-log-2012-07-16 (06-41-40).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 195899
Time elapsed: 4 minute(s), 57 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

File... Read more

Answer:Infected with Trojan.0access / Trojan.Dropper.BCMiner / Trojan.Sirefef

Please run the following:download Farbar Recovery Scan Tool and save it to a flash drive.Plug the flashdrive into the infected PC.Enter System Recovery Options. To enter System Recovery Options from the Advanced Boot Options:Restart the computer.As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.Use the arrow keys to select the Repair your computer menu item.Choose your language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account and click Next.To enter System Recovery Options by using Windows installation disc:Insert the installation disc.Restart your computer.If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.Click Repair your computer.Choose your language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account an click Next.On the System Recovery Options menu you will get the following options:Startup RepairSystem RestoreWindows Complete PC RestoreWindows Memory Diagnostic ToolCommand Prompt[*]Select Command Prompt[*]In the command window type in notepad and press Enter.[*]The notepad opens. Under File menu select Open.[*]Select "Computer" and find your flash drive letter and close the notepad.[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) ... Read more

12 more replies
Relevance 56.58%

I am currently operating in safe mode and I have run BitDefender online scan and McAfee online scan. BitDefender identified various viruses but I believe failed to remedy one or more. The most prevelant one which might be causing my problem is a Trojan with a file name wscsvc32.exe. I am unable to boot in normal mode. Thus far, I have tried to run several programs which I have come to find out will not run while I am in safe mode. When I try to boot in normal mode, a blue screen appears and says "dumping to disk" among other things. I believe this is called a minidump and I have tried to look at how to repair from such an occurrence. I am really in the dark on this one. Im not sure if this enough information to get started, but please let me know anything I can do. I cannot even run a Hijack This log due to safe mode operation.Edit: Moved topic from Vista to the more appropriate forum. ~ Animal

More replies
Relevance 56.58%

I upgraded to Windows 8 on 11/18 and started having problems where explorer.exe is restarting every minute or so. Here is the error from the event log:
Faulting application name: explorer.exe, version: 6.2.9200.16433, time stamp: 0x50763312
Faulting module name: ntdll.dll, version: 6.2.9200.16420, time stamp: 0x505ab405
Exception code: 0xc000071f
Fault offset: 0x000000000011808f
Faulting process id: 0x12c8
Faulting application start time: 0x01cdc8c32effec36
Faulting application path: C:\Windows\explorer.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: 9220779c-34b6-11e2-be72-e06995f1e71a
Faulting package full name:
Faulting package-relative application ID:
I worked with Microsoft Tech Support for 4 days and ended up doing a clean install of Windows 8.  I had been told by Microsoft that they would escalate me to Tier 2, but they called back and said it was an HP/Hardware issue and I would have to
work with them.  Chatted with HP, they said it was an OS issue.
Anyone have any thoughts?Dan

Answer:explorer.exe is crashing/restarting every minute - faulting module ntdll.dll

If clean install an OS reproduce the problem , it is a problem with something other than Windows. It could be HP driver or hardware.
If pssoble, try install Windows 8 in the same model as your PC and see if same issue happens, if the issue didn't reproduce, it is hardware issue.

37 more replies
Relevance 56.58%

On Tuesday morning around 8:15 I got a little dialog box that stated (as close as I can recall) that Windows had encountered a critical problem and would restart in one minute, and that I should save my work. When I clicked my start button I saw that the restart option was grayed out, so I just had to sit there and wait for the restart to happen. Once it did and the computer was back, everything seemed normal. I looked in the Event Viewer and the nearest thing I could find to a cause was something about lsass.exe having stopped working. Also, later I noticed in the Windows update control panel that Windows Defender had updated itself at 8 AM that morning (at least according to my OS).

Relevant details: Windows 7 Ultimate 64bit- I was running Firefox, iTunes and Steam at the time. My antivirus program is avast! free version. Everything is updated. My version of Java was one revision out of date (7 update 4 instead of 5--since fixed). I use FoxIt Reader and not Adobe so that's not a vector. I ran a full Malwarebytes scan and found nothing. Also ran TDSSkiller.exe and found no problems.

There has been no strange behavior since the forced reboot, and there were Windows updates installed yesterday, and everything seems to be behaving properly, but on another forum I frequent someone said this might be a rootkit, so I'm paranoid. Is there something I can do to be sure?

Answer:Win7 "critical error" restarting in 1 minute message--infection?

It looks like ZeroAccess rootkit.Please follow the instructions in ==>This Guide<== starting at Step 6. If you cannot complete a step, skip it and continue.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

2 more replies
Relevance 56.58%

i got a hp all in one and i have to reinstall everything again.
this is the scenario:
new hdd and i have to install 32 or 64.

Answer:how do i tell if serial key win 7 basic is 64 or 32bit?

Call Microsoft's toll free and ask.

9 more replies
Relevance 56.17%

I recently downloaded the Sims 3 Pets from Origin. Think it's possibly not a coincidence that when I searched through the similar topics for the virus that people had the Sims 3 in their files. I checked the file location for something MalwareBytes picked up and it was created the day I downloaded this game. I can't seem to get rid of this virus. Microsoft Security Essentials, Windows Firewall and Windows Update will not turn on. When I scan with M Security Essentials and with M Security Scanner it gets to a certain point and then comes up saying there is a critical error and the laptop will restart in one minute. What can I do to get rid of this virus? I've uninstalled M Security Essentials now and have installed MalwareBytes. My details are:

64 Bit Operating System
Dell Inspiron N7010
Windows 7 Home Premium

The same restarting seems to happen on MalwareBytes. It's got to the same file on a quick scan three times:

C:\Windows\Installer\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\U

There are three files inside:

[email protected]
[email protected]
[email protected]

Once it's identified it, it says it urgently needs to restart.

Microsoft Security Essentials identified it as Win64/Sirefef.B

From MalwareBytes:

Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.11.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Bethany :: BETHANY-PC [administrator]

Protection: Disabled

11/08/2012 19:46:55
... Read more

Answer:Win64/Sirefef.B - MSE, Windows Firewall, Windows Update will not turn on - Restarts every minute when attempt to use M Security...

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At... Read more

29 more replies
Relevance 56.17%

Hi all,

After restarting my computer today, I noticed Microsoft Security Essentials wasn't running.

After I reinstall WSE, updated it, and start scanning, it stumble on 4 Sirefef files (.AH,.A and so forth).

This force my PC to keep restarting in 60 seconds ever since.

Any advice on how to fix this abomination?

I used ASUS G74SX and Window 7 32bit, btw.

Answer:Sirefef detection. Constant restarting PC (using Window Security Essential).

Greetings And Welcome To The Forums!!My name is Gringo and I'll be glad to help you with your malware problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At... Read more

24 more replies
Relevance 55.76%

KERNAL_DATA_INPAGE_ERROR

stop: 0x0000007A (0xC042BBF8, 0xC000000E, 0x09DE7860, 0x8577F000)

Storport.sys - address 8577F000 base at 85474A000, datestamp 47918f7D

have been receiving this bsod for quite some time done research tried downloading the microsoft KB929777 update and it said it wasn't compatible with my system. Checked with dell for all updates did them all but the BIOS update. This occurs randomly with no apprent cause. Left the computer running the night before no programs open just the regular stuff in the systray in the morning boom there it was again. Any assistance with this would be great

More replies