Computer Support Forum

Sirefef.ab and Sirefef.p Removal complications

Question: Sirefef.ab and Sirefef.p Removal complications

I've been noticing that randomly websites were opening pop-ups (advertisements) and that internet was running slow...decided to run MSE and noticed it was turned off. So I enabled it and immediately it displayed a threats detected message identifying Sirefef.ab (C:\Windows\assembly\GAC_32\Desktop.ini) and Sirefef.p (C:\Windows\assembly\GAC_64\Desktop.ini). After several removal attempts each of which resulted in Windows displaying a message that windows has encountered an unexpected error and will restart in a minute...I gave up on MSE.

After fooling around with other anti-virals i.e. Ad-aware, Malware bytes etc...I gave ComboFix a try and I've attached the log file. I think combofix screwed something up as I can't run any program anymore...everytime I start a program I get a message saying "Illegal operation attempted on a registry key that has been marked for deletion". What should I do now? ComboFix log file is attached.

Thanks!

Relevance 100%
Preferred Solution: Sirefef.ab and Sirefef.p Removal complications

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

Answer: Sirefef.ab and Sirefef.p Removal complications

Ok...so combofix had already removed quite a lot of stuff. I went ahead and removed the top two drivers as well - the ones with randomly generated names. Reboot my computer and everything seemed fine, all programs running fine as well. So I re-installed MSE and ran a full-scan, it identified the sames files in assembly folder and a few others, removed those files...another reboot and everything has been fine since then. No program crashes, slow internet or pop-ups.

3 more replies
Relevance 79.46%

Please run the following:download Farbar Recovery Scan Tool and save it to a flash drive.Plug the flashdrive into the infected PC.Enter System Recovery Options. To enter System Recovery Options from the Advanced Boot Options:Restart the computer.As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.Use the arrow keys to select the Repair your computer menu item.Choose your language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account and click Next.To enter System Recovery Options by using Windows installation disc:Insert the installation disc.Restart your computer.If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.Click Repair your computer.Choose your language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account an click Next.On the System Recovery Options menu you will get the following options:Startup RepairSystem RestoreWindows Complete PC RestoreWindows Memory Diagnostic ToolCommand Prompt[*]Select Command Prompt[*]In the command window type in notepad and press Enter.[*]The notepad opens. Under File menu select Open.[*]Select "Computer" and find your flash drive letter and close the notepad.[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) ... Read more

Answer:Win64/Sirefef.y sirefef.w sirefef.b present. Laptop keeps rebooting every 1 minute. Firewall cannot turn on

Hi,

Thanks for the reply.

Scan result of Farbar Recovery Scan Tool Version: 25-07-2012 01
Ran by SYSTEM at 29-07-2012 11:19:09
Running from F:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe -set Silent "1" SplashURL "" [1111568 2011-10-08] (Trend Micro Inc.)
HKLM\...\Run: [ETDCtrl] %ProgramFiles%\Elantech\ETDCtrl.exe [2589992 2011-04-12] (ELAN Microelectronics Corp.)
HKLM\...\Run: [AtherosBtStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe" [617120 2011-03-13] (Atheros Commnucations)
HKLM\...\Run: [Trend Micro Client Framework] "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [197152 2011-02-10] (Trend Micro Inc.)
HKLM\...\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
HKLM-x32\...\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\A... Read more

20 more replies
Relevance 78.01%

Hello,

i post my problem here as it seems the only place where i've found people who actually know what they're talking about. I have a Sony Vaio Laptop running windows 7 64 bit infected with the sirefef virus. Microsoft security essentials shows that it found:

Trojan: Win64/Sirefef
Trojan: Win64/Sirefef.Y
Virus: Win64/Sirefef.B
Trojan: Win64/Sirefef.Z
Trojan: Win64/Sirefef.W

Every time i boot the computer, MSE finds these infections, and prompts me after a minute to restart in order to complete the removal. But every time it reboots, the message is still there. I tried installing Malwarebytes but it won't let me cause it says "access denied" or something like that. Sorry for not providing any more information but i can use my pc for a couple of minutes every time (cause it reboots automatically). I followed your instructions and scanned with DDS. I attach the attach.txt file it generated. I look forward to hearing from you as i really need the laptop for my university studies and i'm in the middle of the exams period. Thank you for your time!

P.S. If i restore my whole system to factory settings, is the problem going to persist? Cause if it's not, i will do it in a heartbeat. Only problem is that i am afraid of infecting my external hard drive (which would be already infected if the virus spreads to external devices). Would that be the case? Will i need to clean my external HDD too?

Answer:Win64/Sirefef.y sirefef.w sirefef.b present. Laptop keeps rebooting every 1 minute

Hello and welcome. Please follow these guidelines while we work on your PC:Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I?ve given you the ?All clear.? Absence of symptoms does not mean your machine is clean! Please do not run any scans or install/uninstall any applications without being directed to do so.Please note that the forum is very busy and if I don't hear from you within five days this thread will be closed. Download Farbar Recovery Scan Tool x64 and save it to a flash drive.Plug the flashdrive into the infected PC.Enter System Recovery Options. To enter System Recovery Options from the Advanced Boot Options:Restart the computer.As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.Use the arrow keys to select the Repair your computer menu item.Select US as the keyboard language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account an click Next.To enter System Recovery Options by using Windows installation disc:Insert the installation disc.Restart your computer.If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.Click Repair your computer.Select US as the keyboard language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account an... Read more

2 more replies
Relevance 105.78%

I've found similar problems on these forums and would greatly appreciate a Fixlist.txt
Please and Thank you as always.
 

Answer:Sirefef.P and Sirefef.AB Removal Needed

Welcome to Major Geeks!

We need some additional information to replace an infected system file.

Boot to System Recovery Options and run FRST again.
Type the below bolded text in the edit box after "Search:".

services.exe

Then click the Search button.

It will make a log (Search.txt) on the flash drive. Please attach this log to your next reply. (See How to attach)
 

7 more replies
Relevance 104.96%

A few days ago I started having issues with Google redirecting me to random ad websites, as well as Flash Player update popups. I updated my Microsoft Security Essentials, and since then it has been warning me with the presence of the file names in the topic title, and giving me the option to remove them. I select the removal option and everything is fine for a time but then MSE pops up again warning me of the same files. Anything you could do to help me get rid of these is greatly appreciated.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_25
Run by Dave at 14:15:54 on 2012-04-03
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.4031.2141 [GMT 10:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\... Read more

Answer:Infected With Alureon.FP, Sirefef.B, Sirefef.W, Sirefef.AB & Sirefef.J

Download aswMBR ( 511KB ) to your desktop.Double click the aswMBR.exe icon to run itIf you can have an open Internet connection, allow it to download the latest Avast engine detections.If avast! antivirus is already installed, just do the next step.Click the Scan button to start the scanOn completion of the scan, click the save log button, save it to your desktop and post it in your next reply.In addition, aswMBR will produce a copy of the boot sector, MBR.dat, on your desktop. Attach this file to a reply.

3 more replies
Relevance 104.96%

My security alert says I have these four viruses and all attempts to clean them using microsoft forefront client security have failed. Besides, the computer shuts down every couple of minutes. Please help, I am frustrated.

Answer:Please help me rid my laptop of win32/sirefef.an, sirefef, sirefef.ao, and sirefef.ag

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At... Read more

23 more replies
Relevance 104.55%

Good morning and thank you for what you do.

On May 6th my laptop was hit with SMART HDD. I went straight to the "Am I Infected" forum, posted the problem and followed the "Remove SmartHDD Uninstall Guide" with the help of a BC Advisor. It seemed ok for a few days and I got most of my icons back.

On May 16th Microsoft Security Essentials popped up a notice saying it wasn't turned on. Absolutely couldn't get it to start without uninstalling and re-installing it. On install it ran a scan and found no threats, but later found & quarantined Trojan:Win32/Sirefef.AG and Trojan:Win32/Sirefef.I At the same time, the Windows Firewall became disabled and would not be turned on. I returned to the forum with my original BC Advisor and ran TDSSkiller and GMER and posted the log report. When I had internet connection MSE would quarantine Trojan:Win32/Sirefef.I and Trojan:Win32/Sirefef.AG at a rate of one every two minutes. The screen also said Recommended Action: Remove this software immediately. Items: file:C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U\[email protected] and file:C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U\[email protected] I hit "remove all" every time it appeared. BC Advisor responded "That?s a new variant of zero access" "We need advanced tools" and told me to read the preparation guide and post a topic here.

I have followed ... Read more

Answer:Infected: New Variant of Zero Access, Sirefef.AG,Sirefef.I,Sirefef.P

Hi,

Do you have an empty USB flash drive?
We can try an alternative method.

Regards,
Georgi

more replies
Relevance 99.63%

found with mse and scanned with malwarebytes no help, just hoping someone can help
 
dds file logs
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16635  BrowserJavaVersion: 1.7.0_09
Run by Sean at 15:38:09 on 2013-08-03
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8141.5674 [GMT -7:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* 1
SP: Windows Defender *Disabled/Updated* 0
SP: Microsoft Security Essentials *Disabled/Updated*

dataLayer.push({'event':'ldfMDL','mdlLocLabel':'forums'});

jQuery(function ($) {
// Load dialog on page load
$(".modal_cbox").modal({
opacity:50,
containerCss:{
backgroundColor:"#c8c9c9",
borderColor:"#5983C3",
height:510,
padding:5,
width:830,
},
onShow: function (dialog) {
$("html,body").css("overflow","hidden");

if( /Android|webOS|iPhone|iPad|iPod|BlackBerry|IEMobile|Opera Mini/i.test(navigator.userAgent) ) {
$('body').css('position','fixed');
}
},
onClose: function (dialog) {
$("html,body").css("overflow","auto");

if( /Android|webOS|iPhone|iPad|iPod|BlackBerry|IEMobile|Opera Mini/i.test(navigator.userAgent) ) {
$('body').css('position','relative');
}

$.modal.close();
}
});
});
9
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k... Read more

Answer:trojan.win64/sirefef.p and trojan.win32/sirefef.ab removal help

Hello silencer626 I would like to welcome you to the Malware Removal section of the forum.Around here they call me Gringo and I will be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the sa... Read more

34 more replies
Relevance 98.81%

Need help. I have 2 computers 1 active and other one is older. The one computer that is active family uses alot. This computer has a big issue.

When you start windows vista in safe mode or regular, it will shut down in 4 minutes when you see the desktop shown. I tried system restore on a 2 month date to hopefully to clean it up, but it did not work. Mircosoft security doesn't detect it until it reaches the 4 minute mark.

The computer gives a pop up window says "windows occurred a problem and will shut down." I tracked the problem and found win32/Sirefef.AB, Sirefef.r , Sirefef.AH.
All was detected on this computer. I tried to put in a malware detector on it, within the 2 minute mark before it shuts down, but it doesn't make it. So I am using my old computer for investigating. Files are backed up in full.

This old computer has Avast pro, Spybot, and malware bytes anti malware. I just recently took the hard drive out(from the infected computer) and placed it in a exo case to see if I can fix it that way with this old computer. Please help before I get deeper in a hole.
 

Answer:Never faced this issue before,can someone help.I have Sirefef.r sirefef.ah sirefef.ab

10 more replies
Relevance 97.99%

Hello. I've been reading up on the forums of a lot of cases of this sirefef virus floating about and of course I happened to get it. I'm running Windows 7 64 bit. I read the initial instructions and ran the Farbar Recovery Scan tool and have gotten my initial FRST.txt file and was hoping someone could take a look and help me get a fix txt to get rid of it. I'll just copy and paste the file and attach it incase someone wants to pull it of to look closer. Thanks!
 

Answer:Sirefef.AB and Sirefef.P removal help

Not sure if I made a mistake or not when posting, I figured I would wake up today to atleast one response. Let me know please everyone.
 

2 more replies
Relevance 97.99%

I have an HP laptop with this nasty little bug. Since it reboots every 60 seconds or so it is a pain to fix. The FRST file is attached. Any help is appreciated!

Wammer
 

Answer:Help with removal of sirefef.r/sirefef.ah

Search.txt attached also.
 

8 more replies
Relevance 97.99%

Hello, I hope you can help me with this virus/malware or what it is

My computer has been infected with the viruses "Sirefef.R & Sirefef.AH", and Microsoft Security Essentials has been reinstalled duo to it not working after the infection (It did'nt help though). Every the i restart my computer, it results in this warning that the computer will shut down in a minute, and it does.

Answer:Sirefef.R & Sirefef.AH removal

Greetings And Welcome To The Forums!!My name is Gringo and I'll be glad to help you with your malware problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the ... Read more

28 more replies
Relevance 97.99%

I am working on a system that reports having the sirefef.R and sirefef.AH trojan. I have removed the drive and scanned it with another computer with several different AV removal software programs until it reported the drive was clean. Once I put the drive back into the computer and booted, I get the same trojans reported and the computer keeps rebooting.

I ran FRST.exe and below are the results. Please Help!!

[edit] Inline log attached.[/edit]

 

Answer:sirefef.R and sirefef.AH Removal Help

Welcome to Major Geeks!

Please see number 5 in the below link.

Forum Rules and Guidelines

We require all logs to be attachments. Also please don't use such a small font. We read tons of messages and logs per day and our eyes take a beating.





luv2golf67 said:





I have removed the drive and scanned it with another computer with several different AV removal software programs until it reported the drive was clean.Click to expand...

The were all incorrect.

We need to get some additional information inorder to work up a proper fix as we need to replace at least one system file. Also make sure that all scans are run on the drive having the problem ( i.e., do not put the drive into another PC to run any scans unless requested. ).

Please run MGtools as requested in the below and attach the C:\MGlogs.zip file we need.

Using MGtools

 

1 more replies
Relevance 97.99%

So these two things keep popping up, I've tried almost every other antivirus and malware removal, even tried deleting it from (C:\Windows\assembly\GAC_32\Desktop.ini and C:\Windows\assembly\GAC_64\Desktop.ini) using hiren. I don't seem to have any "issues" it just I would remove it and then after a couple of hours it'll show up again on MSE. MBAM doesn't detect anything anymore and so does every other scanner. Help?Hijack ThisLogfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:37:38 AM, on 6/2/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Realtek\LanOptimizer\LanOptimizer.exe
C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Mionix\NAOS 5000 Laser Gaming Mouse\NAOS_Monitor.EXE
C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTSS.exe
C:\Users\Byron\AppData\Loca... Read more

Answer:Sirefef.AB and Sirefef.P Removal

Hi,Please do the following:Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".Copy/paste the text inside the Codebox below into notepad:Here's how to do that:Click Start > Run type Notepad click OK.This will open an empty notepad file:Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')http://www.bleepingcomputer.com/forums/topic455612.html

Collect::
c:\windows\system32\drivers\gifgohrw.sys
c:\windows\system32\drivers\mjknrfuj.sys
c:\windows\system32\drivers\dciifivj.sys
c:\windows\system32\drivers\quribcyz.sys

DirLook::
c:\programdata\~0

FCopy::
c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe | c:\windows\system32\services.exe

Driver::
crqwrzkr

ClearJavaCache::
Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')Save this file to your desktop, Save this as "CFScript"Here's how to do that:1.Click File;2.Click Save As... Change the directory to your desktop;3.Change the Save as type to "All Files&qu... Read more

10 more replies
Relevance 94.71%

Hello all,

I'm a first time poster here and have come here looking for help in resolving my infection issue. I followed the directions in the read first thread and will post my logs. I am / was experiencing the following issues:


Firefox would redirect to various pages such as newsfudge.com. Since proceeding through the read first post, and also running goored? I have not noticed this recently.
Sometimes browsing seems to be incredibly slow, possibly related to the redirections.
Since attempting to troubleshoot this issue (Microsoft Security Essentials), it is believed that this is causing the following issue:

! You are about to be logged off
Windows has encountered a critical probelm and will restart automatically in one minute. Please save your work now.

If I let the computer restart itself, then this will keep happening. I have learned to "interrupt" it by running a normal restart after the message pops up. So far everytime the computer comes back I won't get the message. If I restart again, it will happen again. I haven't noticed anything in particular relating to this in the system log.

While not experiencing problems with the programs to resolve issues like this, I have noted that it has prevented me from patching games such as Rift. I believe this is related.
While working in safemode sometimes I noticed Adobe Flash 11.3 installer would frequently run trying to get me to install it. I do believe there was a massive security thr... Read more

Answer:Win32/Sirefef.AB & Win64/Sirefef.P; Browser Redirection, Windows Critical, Restarts

Re: Win32/Sirefef.AB & Win64/Sirefef.P; Browser Redirection, Windows Critical, Restar

Welcome to Major Geeks!


Rescan with HitmanPro, when it finds services.exe - Virus, allow it to Replace by clicking the down arrow next to the detection and choosing Replace.

Also allow Hitman to delete the C:\Windows\assembly\GAC_32\Desktop.ini piece of the infection
Afterwards, click the Next button.
HitmanPro may want to reboot the PC in order for the changes to take affect, please do so.
Reboot back into normal Windows and run another scan with HitmanPro and then attach the latest hitmanpro.zip log.
Also do the below:

Delete the below folders if found:
C:\Windows\installer\{5efa2d27-76c5-fff1-abd3-fdc5fc0c9d41}
C:\Users\Administrator\AppData\Local\{5efa2d27-76c5-fff1-abd3-fdc5fc0c9d41}


Download the current version of MGtools and save it to your root folder. Overwrite your previous MGtools.exe file with this one.

Run MGtools.exe ( Note: If using Vista or Win7, make sure UAC is still disabled. Also don't double click on it, use right click and select Run As Administrator )


Now attach the below log:

C:\MGlogs.zip
Make sure you tell me how things are working now!
 

1 more replies
Relevance 94.71%

Hello,

Yesterday my PC was infected with the Live Security Virus. It's an HP desktop running Win Vista Home Premium.

I was able to download AntiMalwarebytes and run it to remove the Live Security Virus.

Afterwards MSE would not run, so I uninstalled it, and reinstalled.

After rebooting, MSE detected the sirefef.ah and sirefef.r viruses, but before it can clean them the PC gives a warning that it had a critical error, and will restart in a minute. It then restarts.

I tried downloading TDSSkiller only a flash drive on this PC (my laptop), plugged it into the infected PC and ran it, but it didn't find anything. Sure enough, it then shut down again.

MSE will detect the viruses, but doesn't have enough time to deal with them.

I'd love some help! What should I try next?

Thanks!
Ian

Answer:Infected with sirefef.ah and sirefef.r after Live Security Update - reboots every minute

Ignore this for now, I've taken the PC into a local shop. I just don't have the time right now to figure this out on my own. I will post any solutions they tell me.

Thanks anyway, I'll be back for other issues I'm sure!

22 more replies
Relevance 94.71%

Referred from here: http://www.bleepingcomputer.com/forums/topic462175.html ~ OBI am running Windows Vista with Microsoft Security Essentials when i first encountered the problem. The virus shutdown MSE and the Microsoft update center, my firewall, etc. I downloaded MBAM, ran the scan, and it caught some files. Disinfected them, rebooted, rescanned, and files appeared again. (while running in safe mode with networking from the point after being infected). I followed the instructions here: http://www.bleepingcomputer.com/virus-removal/remove-security-shield first because this is where I believe all the problems began (that is after my wife clicking on an embedded link within FB). Upon completing the entire process, I noticed I still had the sirefef trojan, sirefef virus, and rootkit 0 access as I was running MSE and MBAM right before getting the "windows (Vista) encountered a critical error and will restart" loop. I have already downloaded frst.exe and ran it thru the usb drive connected to the infected cpu. I do not know what to do from this point on to get my cpu back to "healthy" and virus free status again ??????Running Vista 32 bit

Answer:Security SHield 2012, sirefef trojan, sirefef virus, and rootkit 0 access TROUBLE!

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At... Read more

58 more replies
Relevance 94.3%

A few days ago, I got the Sirefef.AB and Sirefef.W virus on my computer. I had no idea the severity of my problem until after I reinstalled MSE which has now caused my computer to constantly restart. I have used Farbar to create a FRST.txt and Server.txt file, though I do not know if that will help on this site in the removal of this blasted virus, and I will wait to post it until I have been instructed if I should do so. I really am at a loss here. I am not that great with computers, and could really use some help.

Edit: Added note, for the short while before I reinstalled MSE, I was having redirection problems when clicking on Google links. It also restarts in Safe Mode.

Answer:Sirefef.AB and Sirefef.W for Windows 7 Infected Computer with Constant Reboot

Greetings And Welcome To The Forums!!My name is Gringo and I'll be glad to help you with your malware problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At... Read more

3 more replies
Relevance 93.48%

I went through the other threads and noticed a fix.txt is needed to repair my brother's computer. I used the frst64 to aquire the two logs attached to this message. Any chance someone can help us? Let me know if you need anything else. His computer starts up and then shuts down before much can be done so I don't have a normal log for you, but I will see what I can get for you.

Thanks!
Scott

View attachment FRST.txt



View attachment Search.txt
 

Answer:win32/sirefef.ab and win64/sirefef.p infection fix.txt needed

You did not run it properly as indicative by the contents of the log. You need to do it again according to these instructions and you must NEVER follow a fix tailored especially for someone else.

For 32-bit (x86) systems download Farbar Recovery Scan Tool and save it to a flash drive.
For 64-bit (x64) systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
Restart the computer.
As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
Use the arrow keys to select the Repair your computer menu item.
Choose your language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account and click Next.

To enter System Recovery Options by using Windows installation disc:


Insert the installation disc.
Restart your computer.
If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
Click Repair your computer.
Choose your language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account an click Next.
On the System Recovery Options menu you will get the following options:





Startup Repair
Sys... Read more

11 more replies
Relevance 93.48%

Hello Helper--First, thank you so much for your help. I hope this is not overly-thorough...My topic title reflects what has been found on my machine using a variety of tools-- but i still don't trust my machine is clean. I want to avoid reinstalling Windows since i don't have a current image disk, and have a lot of stuff installed. [Lesson learned: keep a current image disk on hand] ----> here's what happened: I updated Skype via a pop up window that appeared after closing my connection [to Skype]. Soon thereafter ESET [my antivirus] notified me it had quarantined a variant of the Win32 Sirefef.DN trojoan. I immediately Googled this and found i was continually redirected to a random Yellow Pages webpage. The only other strange symptom I had noticed until this point was that back on Dec 5 Defender notified me it had found Sirefef.J-- I wondered how that could have happened and found my firewall had been turned off. I reset it back to on, and had not noticed anything else weird until the skype incident above on Dec 28. ---> here's brief and likely sequentially inexact description of what i did to clean my machine-- i don't remember the order in which i did all these things and can't remember which tools found what, as i sat for ~ 20 hours straight working on it. But this is sort of what i did: Scanned with ESET - ESET reported it found this in operating memory: \GLOBAL??\fd4f11f3\Windows\SNtUninstall\KB60604S�... Read more

Answer:Sirefef variant.dn / Sirefef.J /Sirfef.B / 0 Access root kit

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about the Windows version you are using: What we in particular need to know is version, edition and if it is a 32bit or a 64bit system. [/b]If you are unsure about any of these caracteristics, just let us know and we'll help you figuring it out. Please also tell us if you have your Windows CD/DVD handy.Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about y... Read more

53 more replies
Relevance 92.25%

Ladies and Gentlemen of the VTSM forum,

I need help. I thought I had a pretty simple rootkit infection, but tdsskiller/mbam has proven ineffective. MSE is able to identify and ostensibly remove the infection, but doing so makes the computer unbootable and system repair unable to complete, forcing a system restore to the infected state. Infection extends back to the oldest restore point. Win7 64 bit, running MSE and MS firewall with mbam for antimalware. SFC/scannow shows clear. google redirects on firefox and chrome, occasional slowdowns, windows defender is unable to start on boot, otherwise the system seems to be running fine. No rootkits recognized by tdsskiller. As mentioned in the title, MSE shows win32/conedex.b, win32/sirefef.p, win64/sirefef.m, and win64/sirefef.e

Here's the DDS log. Please let me know what else I should supply. Thank you in advance!

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
Run by wstrawn at 16:51:52 on 2012-02-17
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4061.1285 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* / Copyright 4
SP: Microsoft Security Essentials *Enabled/Updated* / Copyright 3
SP: Windows Defender *Disabled/Updated* / Copyright 2
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch... Read more

Answer:win32/conedex.b, win32/sirefef.p, win64/sirefef.m, and win64/sirefef.e combination is killing me

Hi Weeps!My secret agent name on the forums is SweetTech (you can call me Agent ST for short), it's a pleasure to meet you. I'll be addressing you by your username, if you'd like me to address you by something else, please let me know!I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
If I instruct you to download a specific tool in which you already have, please delete the copy that you... Read more

37 more replies
Relevance 91.84%

Hello. I have an XP machine, pretty old though works (except it is slow...probably some other residual trojan issues). I need your help!! Please assist.

I have Microsoft Security Essentials and MalwareBytes Anti-Malware on my machine. MSE detected the Sirefef.ac and Sirefef.ah trojans/viruses several days ago. It removed them. Then they appeared again and were removed again. This occurs every day. (FYI, MSE is always on and does an automatic daily scan. MBAM is run by me manually every serveral days.)

Over the weekend, I tried using various add'l software to get rid of these items & others though at the end of the day, it situation remains as noted above. Very frustrated that I can't do this on my own and am worried about my computer security. (I believe I used Eset, Kapersky TDSS killer, ccleaner, & itMan Pro)

First, if the sirefef items show as being removed, is my computer safe to use or should I turn it off? When I do get on the internet (when MSE shows all clean and green status), I do get to my default site, msnbc, can get to other sites, and don't get redirected.

I searched and found what seems like exactly the same problem in your forum.

topic450849 raised by MarkP, helped out by Broni, &
its successor topic, topic451285 helped out by Gringo.

Should I just follow and replicate what was noted on those forums or wait and follow specific instructions?

Thanks so much for trying to help me out!!

Kind regards,

Davidad

Answer:XP Infected w/ sirefef.ac & sirefef.ah & need help to permanently remove

Please follow the instructions in ==>This Guide<== starting at Step 6. If you cannot complete a step, skip it and continue.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

9 more replies
Relevance 91.84%

My computer is restarting every minute due to "critical error" because of Sirefef. I went ahead and got both FRST.txt and Search.txt for services.exe which I will post below. Also, I want to know if it is likely that Sirefef might spread through USB stick or my home network to another Win 7 computer? I am guessing I got infected from a fake adobe flashplayer update, is that right?

Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 16-07-2012 01
Ran by SYSTEM at 19-07-2012 22:44:46
Running from G:\
Windows 7 Ultimate (X86) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [SunJavaUpdateSched] [x]
HKLM\...\Run: [LogMeIn Hamachi Ui] [x]
HKLM\...\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [931200 2012-03-26] (Microsoft Corporation)
HKU\CompooterUser\...\Run: [DAEMON Tools Lite] [x]
HKU\CompooterUser\...\Run: [Steam] [x]
HKU\CompooterUser\...\Run: [uTorrent] [x]
HKU\CompooterUser\...\Winlogon: [Userinit] [x]
HKU\CompooterUser\...\Winlogon: [Shell] [x]
HKU\Default\...\Run: [Sidebar] [x]
HKU\Default\...\Winlogon: [Userinit] [x]
HKU\Default\...\Winlogon: [Shell] [x]
HKU\Default User\...\Run: [Sidebar] [x]
HKU&#... Read more

Answer:Sirefef.R and Sirefef.AH infection with forced restart

Greetings And Welcome To The Forums!!My name is Gringo and I'll be glad to help you with your malware problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At... Read more

6 more replies
Relevance 91.84%

Computer wasn't showing up on the local network, firewall was complaining it couldn't start and the service was missing. Function Discovery Resource Publication was refusing to start too. Skimmed some blogs, ran Combofix and let it do its thing (realise that I probably shouldn't have been so cavalier now) and the computer restarted and reappeared on the network. The firewall sprang back into life, windows downloaded several updates and security essentials detected Win32/Sirefef!cfg in two locations and Win64/Sirefef.AC in another. These were quarantined and deleted. Ran Malwarebytes antimalware which detected a couple of other things in install files (not running) and removed them. I subsequently ran combofix /uninstall and the computer seems to be behaving itself, but I want to be sure that I've actually removed the infection. DDS log below, many thanks in advance:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16455 BrowserJavaVersion: 1.6.0_35
Run by daniel at 21:23:25 on 2012-12-10
Microsoft Windows 7 Enterprise 6.1.7601.1.1252.44.1033.18.8183.5735 [GMT 0:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows&... Read more

Answer:sirefef.ac and sirefef!cfg infection - firewall and various other services were gone

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your malware problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the top o... Read more

16 more replies
Relevance 91.84%

I recently downloaded a file and was later infected by Win32/Sirefef.AB and Win64/Sirefef.P viruses. Any help in resolving this issue would be greatly appreciated.
 

Answer:Infected with Win32/Sirefef.AB and Win64/Sirefef.P. Help

Welcome to MajorGeeks, Yellow77

Please download Farbar Recovery Scan Tool and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
Restart the computer.
As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
Use the arrow keys to select the Repair your computer menu item.
Choose your language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account and click Next.

To enter System Recovery Options by using Windows installation disc:


Insert the installation disc.
Restart your computer.
If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
Click Repair your computer.
Choose your language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account an click Next.
On the System Recovery Options menu you will get the following options:





Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
Click to expand...


Select Command Prompt
In the command window type in notepad and press Enter.
The notepad opens. Under File menu select Open.
Select "Computer" and f... Read more

3 more replies
Relevance 91.84%

Title pretty much says it all. Whenever my computer restarts if I don't do anything Microsoft Security Essentials will detect 2 infections, Sirefef.AH and Sirefef.R, and then inform me that I have a minute until the computer shuts down. If I end the process for Microsoft Security Essentials before any detections occur though then I can use my computer like normal. I'm guessing I need to use FRST to replace services.exe like in the other topics exhibiting this behavior, but since I can't interpret the logs I don't know how to fix this myself and admit that I could be way off.

On a possibly unrelated note, I've never been able to get ComboFix to run properly. I was asked to use it in a prior help topic on this site but was unable. Since then I've tried several times on my own to make it run to no avail. It always hangs after it informs me that it may take 10 minutes or more for badly infected systems and that text just hangs there even when I leave it on overnight.

I don't really care if ComboFix ever runs on my computer, but I figured it could be a symptom for something else so I'm listing it. Mostly I'd just like to be able to restart my computer without racing to stop processes before it gets stuck in a cycle.

Thanks in advance for whoever decides to help me.

Answer:Infected Sirefef.AH and Sirefef.R, computer keeps restarting

Please run the following:download Farbar Recovery Scan Tool and save it to a flash drive.Plug the flashdrive into the infected PC.Enter System Recovery Options. To enter System Recovery Options from the Advanced Boot Options:Restart the computer.As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.Use the arrow keys to select the Repair your computer menu item.Choose your language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account and click Next.To enter System Recovery Options by using Windows installation disc:Insert the installation disc.Restart your computer.If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.Click Repair your computer.Choose your language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account an click Next.On the System Recovery Options menu you will get the following options:Startup RepairSystem RestoreWindows Complete PC RestoreWindows Memory Diagnostic ToolCommand Prompt[*]Select Command Prompt[*]In the command window type in notepad and press Enter.[*]The notepad opens. Under File menu select Open.[*]Select "Computer" and find your flash drive letter and close the notepad.[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) ... Read more

9 more replies
Relevance 91.84%

Microsoft Security Essentials keeps reporting this Trojan and quarantines it. After attempts to remove the file, It keeps reappearing. It shows a file location that I am unable to find on my system C:\WINDOWS\Installer\{c9895293-dd75-a99b-8995-cba2d2461db3}\U\[email protected]
Now I am getting a warning about VirTool Win32/Obfuscator.XQ @ C:\WINDOWS\Installer\{c9895293-dd75-a99b-8995-cba2d2461db3}\n However, this file cannot be located wither. There is no C:\Windows\Install directory.
Also Combofix loads and starts then it crashes. Disappears from file manager and splash screen disappears -- The program literally stops running.


DDS Text File Contents:
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
Run by Estelle Clark at 2:59:47 on 2012-05-19
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2423.1353 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Nero\Tools\InCD\InCDSrv.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\SUPERAntiSp... Read more

Answer:Infected with Trojan:Win32/Sirefef.AG and Sirefef.I

Hello and Welcome to Bleeping Computer!!My name is Gringo and I'll be glad to help you with your computer problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE:... Read more

4 more replies
Relevance 91.84%

Hello. My antivirus picked up these two and I was wondering if anyone could help me remove them. I tried using dds to send you logs but no attach or dds txt pops up after using it,and I'm an amateur when using computers so I have no idea how to find those logs if they exist somewhere in my system. Hope someone can help.

Answer:win64 sirefef -btt and win32 sirefef - a detected

Hello SONYAns I would like to welcome you to the Malware Removal section of the forum.Around here they call me Gringo and I will be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same",... Read more

4 more replies
Relevance 91.84%

Hello,

Microsoft Security Essentials is notifying me that Win32/Sirefef.AB and Win64/Sirefef.P are potential threats, but of course trying to remove them does nothing.

Attached is my Farbar Recovery Scan Tool log. Thanks in advance for any help!

Answer:Win32/Sirefef.AB and Win64/Sirefef.P Infection

Hello user314159 and welcome to the forums!My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. I'll be addressing you by your username, if you'd like me to address you by something else, please let me know!I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
If I instruct you to download a specific tool in which you already have, ple... Read more

4 more replies
Relevance 91.84%

Hi,
I have recently changed AV probrams from Eset nod 32 to Microsoft Security Essentials.

Upon running a scan with MSE, it has detected two trojans,
Trojan:Win32/Sirefef.AB
Trojan:Win64/Sirefef.P

Located in:
C:\Windows\assembly\GAC_32\Desktop.ini

I have gone through READ & RUN ME.
I did not run RootRepeal as I have Windows ultimate x64.
ComoboFix and TDSSKiller did not create log files.

TDSSKiller did find 2 threats and attempt to delete, upon reboot Windows because stuck in loading.

Thanks in advance
 

Answer:Trojan:Win32/Sirefef.AB & Win64/Sirefef.P

Currently reviewing those logs and will get back to you as soon as possible.
 

2 more replies
Relevance 91.84%

Hello everyone,I just discovered this forum while searching for a fix to my problem. I stumbled upon this post [Thread @ Bleepingcomputer] and he has the exact same problem as I have, even though the name is different. It seems his problem was fixed through a few custom actions a member suggested to him, and I figured I was SOL with my problem and would need the help. So thanks in advance to whoever ends up helping me!So my PC was running a bit slow, but the thing that ticked me off was this popup that kept appearing randomly, even once triggering on youtube.com, a site which has never generated popups in the recent past. This nagged me so I launched MBAM and it found something called Trojan.Dropper.BCMiner and it failed to remove it after asking for a reboot. So I try a bunch of stuff, I don't really remember all I did since I fired in no precise order, ComboFix (which didn't start at first, but it did once I rebooted into safe mode later in the process), the kaspersky malware tool I've seen suggested a lot here(I don't remember the exact name), MBAM, a MSSE scan and SUPERAntiMalware. All of them failed at doing anything good. I also ran the avast MBR fix tool to no avail, it actually blue screened my PC.After I started reading on the topic linked earlier, I ran almost the exact same procedure, up to getting a FRST log, which I now do have. In the end, I'm having the same problem I had at the beginning, MSSE is crazy about the two desktop.ini files in... Read more

Answer:Infected with Win32/Sirefef.P and Win64/Sirefef.AB

Hi,I'd like to see an updated FRST log:download Farbar Recovery Scan Tool and save it to a flash drive.(you need the 64bit version)Plug the flashdrive into the infected PC.Enter System Recovery Options. To enter System Recovery Options from the Advanced Boot Options:Restart the computer.As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.Use the arrow keys to select the Repair your computer menu item.Choose your language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account and click Next.To enter System Recovery Options by using Windows installation disc:Insert the installation disc.Restart your computer.If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.Click Repair your computer.Choose your language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account an click Next.On the System Recovery Options menu you will get the following options:Startup RepairSystem RestoreWindows Complete PC RestoreWindows Memory Diagnostic ToolCommand Prompt[*]Select Command Prompt[*]In the command window type in notepad and press Enter.[*]The notepad opens. Under File menu select Open.[*]Select "Computer" and find your flash drive letter and close the notepad.[*]In the command window type e:\frst.... Read more

14 more replies
Relevance 91.84%

Hi guys,

Since yesterday I'm getting alerts from Microsoft Security Essentials about trojans in C:\Windows\assembly\GAC_32\Desktop.ini and C:\Windows\assembly\GAC_64\Desktop.ini

First I tried bootable live CDs from AVG and Dr.Web, scanned and cleaned PC with Microsoft Security Essentials, after it didn't helped, smoked Google a little and found your forum.

Read "READ & RUN ME", and here are the log files.

Huge thanks in advance
 

Answer:Trojans: Win32/Sirefef.AB and Win64/Sirefef.P

and here are 3 other logs..
 

4 more replies
Relevance 91.84%

Avast keeps detecting Win32:Sirefef-B, Win64:Sirefef-A, and sometimes Win32:Malware-gen.  Multiple scans detect & quarrantine files, but the trojan warning keeps popping up.  My friend ran ComboFix on it & claims that everything is fine now, but I'm concerned that he shouldn't have run ComboFix yet and also that it may not have actually removed this infection.  Here is my log from DDS.txt:
 
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16506
Run by Michael Calhoun at 0:57:18 on 2013-10-07
Microsoft® Windows Vista™ Home Basic   6.0.6002.2.1252.1.1033.18.3034.1819 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\bcmwltry.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\Intuit\... Read more

Answer:Infected with Win32:Sirefef-BTT & Win64:Sirefef-A

Hello troyman5150 I would like to welcome you to the Malware Removal section of the forum.Around here they call me Gringo and I will be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the sam... Read more

16 more replies
Relevance 91.84%

Problem started as Live Platinum fake anti-virus. I thought I successfully removed this with MBAM, etc. But shortly thereafter MSE alerted that it detected Sirefef.R & Sirefef.AH. Now everytime I reboot I get a message the Windows has encountered a critical problem and the computer shuts down after 1 minute. I followed the steps on the Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help, but I am not able to run DDS or GMER scans because the system reboots before they finish. I am stuck!
OS is Windows 7, 32-bit.
Thanks in advance.

Answer:Sirefef.R, Sirefef.AH, computer shuts down after 1 minute

Greetings And Welcome To The Forums!!My name is Gringo and I'll be glad to help you with your malware problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the ... Read more

23 more replies
Relevance 91.84%

Yes I have the dreded infection and have downloaded the frst64.exe and will run it to get the log files...
Any other directions or advice would be great

Not sure if this is the correct place to post virus infection requests...if not please direct me to the correct place...I do have the frst.txt file for my issue to upload when necessary.

Thanks
Russ

Answer:Win32/sirefef.AB / win64/sirefef.P infection

Read the guide here on preparing logs

http://www.bleepingcomputer.com/forums/topic34773.html

and create a topic here

http://www.bleepingcomputer.com/forums/forum22.html

You can also post the FRST log

Good luck

1 more replies
Relevance 88.15%

I keep getting hit by the same trojans and trend micro keep telling me that it deletes malicious software that has titles like [email protected] and [email protected] But the files keep coming back, and trend micro makes me restart to get rid of them, or other files, sometimes. There was also one file that Trend micro couldn't get rid of and I have no idea what that was. Please help.
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.0.0
Run by DAvid at 18:18:23 on 2012-07-09
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1526.996 [GMT -4:00]
.
AV: Trend Micro Titanium *Enabled/Updated* {7D2296BC-32CC-4519-917E-52E652474AF5}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe
C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.ex... Read more

Answer:TROJ_ZEROA.DUKKS, SIREFEF.DD, SIREFEF.QY

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At... Read more

23 more replies
Relevance 88.15%

Hello kind removal helpers,
I have an XP SP2 installation that was infected with sirefef, sirefef.AG and .AL. Forefront theoretically removed them after much trying, but now I cannot install any Microsoft update and would like to get this machine to SP3.Downloaded the installer but it failes with 'The requested lookup key was not found in any active activation context' Service Pack 3
". Tried the fix in 949377, but cannot even download the fix. I cannot connect to any shares to get the file from there either.
Please advice as to what I can do to get this thing cleaned up. Appreciate it.
 

Answer:recovery and repair from sirefef, sirefef.AG and AL

Download Security Check from here or here and save it to your Desktop. Double-click SecurityCheck.exe Follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt; please post the contents of that document.NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderOther ServicesPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply. Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeClick Go and post the result. Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.* Double-click mbam-setup.exe and follow the prompts to install the program.* At the end, be sure a checkmark is placed next to Update Malwarebytes' Ant... Read more

1 more replies
Relevance 88.15%

My computer has the dreaded sirefef! I'm running Windows Vista Home Basic Service Pack 2. 32 bit.

A few weeks ago Microsoft security essentials (mse) stopped running. I tried to start it again but a message came up stating that the program didn't exist as an installed service. I also noticed that windows defender was off and it also claims it doesn't exist as an installed service (error 0x80070424). When I tried to reinstall windows defender, it popped up a message "Windows Defender does not need to be installed because it is included with windows vista. You can access it from the control panel."

The other day I decided to try to get Security Essentials running again by uninstalling it and reinstalling it. It worked and began to scan my computer. It found two threats: sirefef.AH and sirefef.R . I clicked clean threats and mse started cleaning them. HOWEVER, sometime after I got mse running again, I got a notice that read: "Windows has encountered a critical error and will automatically restart in one minute. Please save you work now." My computer restarted and I got that notice again. I tried safe mode and I still got that message and force restart, but it happened slower. In safe mode I ran mse again, it saw the same threats, I clicked clean, and It claimed they were cleaned (I know they aren't).

Eventually I chose the option "Repair Computer" from the F8 menu and went to a restore point 2 weeks earlier. (But not without ... Read more

Answer:sirefef.ah and sirefef.r have infected my laptop!

I'd like to see the comboFix log as well pleaseIt can be found at C:\combofix.txt (older logs at C:\qoobox\combofix2.txt)then please do the following:download Farbar Recovery Scan Tool and save it to a flash drive.Plug the flashdrive into the infected PC.Enter System Recovery Options. To enter System Recovery Options from the Advanced Boot Options:Restart the computer.As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.Use the arrow keys to select the Repair your computer menu item.Choose your language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account and click Next.To enter System Recovery Options by using Windows installation disc:Insert the installation disc.Restart your computer.If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.Click Repair your computer.Choose your language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account an click Next.On the System Recovery Options menu you will get the following options:Startup RepairSystem RestoreWindows Complete PC RestoreWindows Memory Diagnostic ToolCommand Prompt[*]Select Command Prompt[*]In the command window type in notepad and press Enter.[*]The notepad opens. Under File menu select Open.[*]Select "Computer" ... Read more

16 more replies
Relevance 88.15%

Hi

A friend of mine brought his pc to me. When I opened it after 1-2 minutes windows showed an error and said that pc will restart itself 1 minute later.
I have Microsoft Security Essentials. At the time i see the error Security Essentials briefs me about the virus. It happens at the same time. Virus container file is system32/services.exe.

I only have 2 logs because i had no time before it reboots. Sorry about my english.

Thanks.
 

Answer:Sirefef.r Sirefef.ah (PC Boot itself in 1-2 minutes)

Hello there. Your English is just fine.


This indicates you did not run the tool correctly. Follow the instructions further below to do so.





ATTENTION:=====> THE TOOL IS NOT RUN FROM RECOVERY ENVIRONMENT AND WILL NOT FUNCTION PROPERLY.Click to expand...

For 32-bit (x86) systems download Farbar Recovery Scan Tool and save it to a flash drive.
For 64-bit (x64) systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
Restart the computer.
As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
Use the arrow keys to select the Repair your computer menu item.
Choose your language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account and click Next.

To enter System Recovery Options by using Windows installation disc:


Insert the installation disc.
Restart your computer.
If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
Click Repair your computer.
Choose your language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account an click Next.
On the System Recovery Opti... Read more

9 more replies
Relevance 88.15%

The computer has run slowly for about a week now. Ran Malware Bytes and Microsoft Security Essentials. It picks up Sirefef.E and Sirefef.D and quarantines and removes it. It comes back within minutes. So frustrating and I am worried about other damage it may be doing!

Firefox will also randomly open a webpage - eminentsearch or Lycos or some other odd search page.

I appreciate any help you can offer!!!

Answer:sirefef.d and sirefef.e and eminentsearch redirect

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/427706 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

8 more replies
Relevance 88.15%

Hello,

I'm infected with two versions of Sirefef (AC and AH). Windows Security Essentials pops up a message that one of them was found. The virus is always in a *.dll file in C:/Windows/System32. WSE doesn't manage to remove it completely.
I also have a Redirecter, that opens FireFox tabs, when I search for something on Google. It mostly opens this site: http://nutritioncuisine.com/videos/?src=113636&utm_source=AD_113636_5_304654&utm_medium=cpv&utm_campaign=NCvideosCPV113594 (You probably should not open this without an script blocker...), but this virus isn't even found by WSE....

I'm using Windows Vista Home Basic SP2.

Please help me. I don't know what to do to remove the viruses.

Florian

Answer:Im infected with Sirefef.AH & Sirefef.AC and a Redirecter...

DownloadTDSSkillerLaunch it.Click on change parameters-Select TDLFS file systemClick on "Scan".Please post the LOG report(log file should be in your C drive) Please download GMER from here(doesnot work on 64 bit OS)http://www2.gmer.net/download.phpTemporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.GMER will open to the Rootkit/Malware tab and perform an automatic Full Scan when first run. (do not use the computer while the scan is in progress)If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.Now click the Scan button. If you see a rootkit warning window, click OK.When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.Click the Copy button and paste the results into your next reply. DownloadaswMBRLaunch it, allow it to download latest Avast! virus definitionsClick the "Scan" button to start scan.After scan finishes,click on Save logPost the log results here

1 more replies
Relevance 88.15%

Last night, I noticed MSE was not running and I could not update or run a scan. I uninstalled and reinstalled MSE. It scanned and detected Sirefef.R and Sirefef.AH and a message appeared that the computer would shutdown in one minute. The same thing happens in safe mode.

I am unable to run READ AND RUN ME FIRST because of the shutdowns (sending this from another computer).

I ran FRST.exe and have attached the file.

Thanks
 

Answer:Sirefef.R & Sirefef.AH - roboots after 1 minute

Please do the below as we need to locate a backup file to replace an infected one.

Boot to System Recovery Options and run FRST again.
Type the below bolded text in the edit box after "Search:".

services.exe

Then click the Search button.

It will make a log (Search.txt) on the flash drive. Please attach this log to your next reply. (See How to attach)
 

18 more replies
Relevance 88.15%

Hello,

I've been infected with Sirefef for a week now, tried system restore, Full system scans in safe mode, tdss killer, numerous Sirefef removal tools from Kaspersky, Eset, Symantec to no avail. MS SE still founds Sirefef reincarnations from time to time.

please help!

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by The Great Dark Lord at 2:12:28 on 2012-07-01
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8159.4495 [GMT 4.5:30]
.
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Wind... Read more

Answer:Sirefef.P Win32 / Sirefef.Y Win64

Hi,Please run the following:Download Farbar Recovery Scan Tool and save it to a flash drive.Plug the flashdrive into the infected PC.Restart your computer and tap F8 to bring up the Advanced Menu, then click Repair your computerFollow the prompt to enter keyboard input method, and then the prompt to enter a password. If the machine does not have a password, simply click Enter.In the next menu, use the arrow keys on the keyboard to highlight Command Prompt and press Enter.In the command window type in notepad and press Enter. The notepad opens. Under File menu select Open. Select "Computer" and find your flash drive letter and close the notepad. In the command window type e:\frst64.exe and press Enter. Note: Replace letter e with the drive letter of your flash drive.The tool will start to run. When the tool opens click Yes to disclaimer. Uncheck the Whitlelist boxes next to Registry, Services, Drivers, and known DLL's Place a check next to List Drivers MD5 Press Scan button. It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

33 more replies
Relevance 88.15%

Hello, MSE had a message that said detected and cleaned virus and in the history came up Trojan:win32/sirefef.ak
.am
.ag
/sirefef and then proceeded to say remove.
kept getting the MSE logo spinning and saying cleaning and then same viruses would be in history
I used malwarebytes and it found the four aswell and cleaned them but I feel something is still there and runnin in the background because when I reboot my desktop icons keep resetting if I change them. Need help

Thanks
LR

what do you need for me to run a log to show the computer status?

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.12.09

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Roger Trudel :: ROGERTRUDEL-PC [administrator]

12/06/2012 6:25:09 PM
mbam-log-2012-06-12 (18-25-09).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 280359
Time elapsed: 15 minute(s), 32 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)... Read more

Answer:Trojan: win32/sirefef.ak & am & ag and sirefef

Hello and welcome to the forums!My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. I'll be addressing you by your username, if you'd like me to address you by something else, please let me know!I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
If I instruct you to download a specific tool in which you already have, please delete ... Read more

28 more replies
Relevance 88.15%

I noticed that my desktop icons stopped saving their size and position. This set off personal alarms about my computer so I decided to run a full AVG scan. Completed the AVG scan and it got rid of things, but my desktop icons still kept behaving abnormally.Decided to try MSE (uninstalled AVG), and that did a full scan and identified the Sirefef virus.Now everytime I boot and everytime I open firefox or do anything internet related, it pops with two warnings about Sirefef AB and P infecting the Desktop.ini files in the file:C:\Windows\assembly\GAC_32\ folders. Removal does nothing.Ran a MBAM quick scan and detected a Trojac.Dropper.BCMiner which I tried to remove and it just comes back.I run W7-64bit so I did not create a GMER log. I posted a bunch of logs from the tools I've seen other people have the poster's run, so I could cover all the bases with one swoop. Thanks in advance and I appreciate any help.-----------------------------DDS pasted below -----------------------------.DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_32Run by CCM at 16:59:48 on 2012-06-02.============== Running Processes ===============..============== Pseudo HJT Report ===============.BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dllBHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-... Read more

Answer:Sirefef.AB / Sirefef.P - Desktop.ini Infections

Hi,Please run the following:download Farbar Recovery Scan Tool and save it to a flash drive.(you need the 64bit version)Plug the flashdrive into the infected PC.Enter System Recovery Options. To enter System Recovery Options from the Advanced Boot Options:Restart the computer.As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.Use the arrow keys to select the Repair your computer menu item.Choose your language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account and click Next.To enter System Recovery Options by using Windows installation disc:Insert the installation disc.Restart your computer.If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.Click Repair your computer.Choose your language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account an click Next.On the System Recovery Options menu you will get the following options:Startup RepairSystem RestoreWindows Complete PC RestoreWindows Memory Diagnostic ToolCommand Prompt[*]Select Command Prompt[*]In the command window type in notepad and press Enter.[*]The notepad opens. Under File menu select Open.[*]Select "Computer" and find your flash drive letter and close the notepad.[*]In the command window type e:\frst.exe (for x64 bi... Read more

12 more replies
Relevance 88.15%

MSE informs me of the presence of 3 Trojans:

Win32/Sirefef
Win32/Sirefef.AG
Win32/Sirefef.AL

MSE is quarantining these items and reports that they have been removed; however they have not. They provoke a response from MSE about once every 4 minutes (all 3 reappear simultaneously). MSE quarantines and then "removes" but the removal is not successful. I first noticed the MSE activity shortly after restarting the computer yesterday. Other items were detected at this time and appear to have been successfully removed - I think there were 2 other items - and I think their names were "FavPak" or similar and something with "adware" in its name.
The 3 Sirefef items continue to appear in MSE log every 4 minutes or so (simultaneously).
My machine is running Vista Home Premium (and that is about the extent of my knowledge).

I followed the trail from MSE to Microsoft help pages to Bleeping Computer (a well-trodden path I guess).
I am not particularly computer literate but I am able to follow complex instructions precisely.

Grateful for any assistance that you can give,

Thanks,

Phil

Answer:Sirefef, Sirefef.AG and Sirefef.AL infection

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your malware problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the top o... Read more

24 more replies
Relevance 86.51%
Question: Sirefef Removal!

Help guys, BitDefender just alerted me about being infected by the Sirefef trojan. These are the two particular variants BitDefender can't seem to remove:

*Sirefef.A - C:/Windows/System32/services.exe
*Sirefef.GY - C:/Windows/Installer/{84d3bf12-3c1a-e026-8b4e-76a071be099b}/U/[email protected]

Any idea how I can remove this bugger? Running Windows 8 Consumer Preview x64

Answer:Sirefef Removal!

Since this is a rootkit, the best/safest option would be a clean install.

You can try this tool - TDSSKiller

Anti-rootkit utility TDSSKiller

When the removal tool first launches, make sure to click on "Change parameters" & check all the boxes.

You could try the Windows 8 Recovery Options also:

http://www.dedoimedo.com/computers/w...-recovery.html

6 more replies
Relevance 86.51%

So, I happened to stumble on the wrong website last night. Right upon accessing it I got a popup warning from windows firewall, immediately after I got an Adobe flash player update. Not thinking clearly, I agreed and the update got half way through until I realized it may have been triggered from the website. From there I restarted my computer and now its stuck in a constant reboot cycle. Its visa 64 bit, asus laptop.

I started reading other guides which instruct people to try to enter "recovery mode" but my computer doesn't have that as an option in the f8 menu. Furthermore, I only have a Restore disk that will wipe the whole computer. Ideally, I'd like to get back up and running instead of a format simply because I've got a couple of projects I'm working on.

What would be the best place to start consider I can only boot to windows for 1 minute or less and the "shutdown -a" option doesn't work. I tried booting to a BARTPE cd I had lying around but after the WINXP logo comes up it immediately gives me the BSOD. I do have a ubuntu cd available that I've been using to try and cure myself wtih.

I'll gladly give a donation to anyones paypal account that can help me get back up and runnign as soon as possible.
Thanks in advance!

Answer:Sirefef.y and B - removal help

please run the following:download Farbar Recovery Scan Tool and save it to a flash drive.Plug the flashdrive into the infected PC.Enter System Recovery Options. To enter System Recovery Options from the Advanced Boot Options:Restart the computer.As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.Use the arrow keys to select the Repair your computer menu item.Choose your language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account and click Next.To enter System Recovery Options by using Windows installation disc:Insert the installation disc.Restart your computer.If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.Click Repair your computer.Choose your language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account an click Next.On the System Recovery Options menu you will get the following options:Startup RepairSystem RestoreWindows Complete PC RestoreWindows Memory Diagnostic ToolCommand Prompt[*]Select Command Prompt[*]In the command window type in notepad and press Enter.[*]The notepad opens. Under File menu select Open.[*]Select "Computer" and find your flash drive letter and close the notepad.[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) ... Read more

2 more replies
Relevance 86.51%
Question: Sirefef removal

...

Answer:Sirefef removal

???

26 more replies
Relevance 86.51%
Question: Sirefef.B Removal

Hi, I noticed you guys were helping out others with this virus. I scoured the Internet, tried using Malwarebytes and MSE in Safe Mode, and then stumbled upon a VERY interesting ESET tool:

http://kb.eset.com/esetkb/index?page=content&id=SOLN2895
So I used that. Seemed like the problems were gone. However, after a few minutes, MSE gave me a big warning message about it still existing. I found some random folder in the Public Desktop folder under Users, and deleted it.

Warning gone.

Currently doing a full scan with MSE. No idea if it'll be helping at all.

I noticed you guys used that FRST tool. Should I be doing the same and posting the logs here, as others did, or no?

Thanks in advance for any help! I'm tech-savvy and careful, but have no idea how this one got onboard.

Also, I'm leaving the full MSE scan on while I sleep. So if I don't respond for some hours - that's why! I'll be sure to check this ASAP, however.
 

Answer:Sirefef.B Removal

Nobody? That full MSE scan found three more items, and I removed them. THen during lunch I did a full Malwarebytes scan, and it found two more.

So far everything is running well, but I don't know if there's hidden stuff going on.
 

6 more replies
Relevance 86.51%
Question: Sirefef Removal

Hello everyone,

To get right to the heart of the situation I am posting here in seek of professional assistance in removing the Sirefef virus from my PC as it appears this one is far beyond my capabilities and that I would also need help with a unique fixlist. I noticed many individuals were receiving excellent assistance here and the tools required are ones that I have no experience with so I must unfortunately get in line. I'm a bit overwhelmed so I will try to break this down a bit...


Symptoms/Culprits/Information
I am at a bit of a disadvantage because I have absolutely no clue when I contracted the virus simply because there were no obvious symptoms. My PC was not running slow nor having any abnormal reactions. The only out of the ordinary occurance was a strange windows error I had never seen before popping up once two days before my finding this issue and once the day before.

I was doing a normal restart and upon checking the task manager I saw something by the name of "beacucqitear.exe" running, it had not been present before the restart or any time prior to that. Without thinking much of it I deleted it from my system manually, after googling it I tried to check on windows defender and found it not working. I downloaded Microsoft Safety Scanner to do a quick scan and it found both Sirefef.B and Sirefef.Y. It "removed" them and upon its completion I ran a full scan and it gathered up many more hits including Sirefef!cfg, P, AB, M, ... Read more

Answer:Sirefef Removal

Save fixlist.txt to your flash drive.

You should now have both fixlist.txt and FRST.exe on your flash drive.
Now reboot back into the System Recovery Options as you did previously.
Run FRST and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt).
Please attach this to your next message. (See how to attach)

Now boot into normal Windows can continue with the below.
Running MGTools.
 

6 more replies
Relevance 86.51%

help removal of this virus it is a pain in the butt
 

Answer:sirefef.r removal help

Welcome to MajorGeeks, phreakazoyd

Boot to System Recovery Options and run FRST again.
Type the below bolded text in the edit box after "Search:".

services.exe

Then click the Search button.

It will make a log (Search.txt) on the flash drive. Please attach this log to your next reply. (How to attach)
 

3 more replies
Relevance 85.69%

using windows 8. unable to remove winnt/sirefef.j malicious program. windows defender keeps detecting it. deletes it. but to it comes back again. so its an infinite loop- defender detecting-deleting-detecting. never ending processing. defender is updated. anti-malware bytes software is installed, but it doesn't detect it. what ti do? google search didn't help. installed many softwares mention in google but didn't work out

Answer:winNT/sirefef.j removal

Welcome aboard  Your type of infection requires elevated help. Please follow the instructions in THIS GUIDE starting at Step 6. If you cannot complete a step, skip it and continue.Once the proper logs are created, then make a NEW TOPIC and post it HERE. Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

1 more replies
Relevance 85.69%

Hi there,

So let me start off by saying yes, I know I brought this upon myself. I have heard mixed reviews over registry cleaners however my computer was booting progressively slower (around 5 mins most recently) so I installed RegCure on my computer to see if it would improve my computers performance (I do use quite a lot of different software, much of it which I have cleaned out and I thought maybe some remnants of them were still in the registry slowing my boot times).

After running RegCure, my computer did boot faster, however this has appeared to come at a price. Immediately, my anti-virus software (F-Secure Client Security 8.01 build 133) notified me of a malfunction it was having and that it was no longer able to connect to its online server to update. I thought perhaps maybe something in the registry cleanup process was moved that wasn?t supposed to be moved. However, things progressively continued to change on the computer. Soon F-Secure was shut down completely and Windows Defender notified me that F-Secure was no longer operational. This is when I started to think this was more than a registry error. After this Windows Defender would pop up every now and then and say it had found ?Trojan Downloader:Win32/Renos.JM? but it could never quarantine or delete this. I tried to run various different antivirus scans, both downloadable and online versions (F-Secure Easy Clean, Kaspersky Virus Removal Tool, F-Secure Online Scanner). Both the F-Secure Easy Clean ... Read more

Answer:Trojan.Sirefef.A - Need Help with Removal

Bump please, 72 hours

19 more replies
Relevance 85.69%

Per boopme:
Hello having run ComboFix we need to see that and a DDS log.

Please go here....
Preparation Guide ,do steps 6 - 9.

Create a DDS log and post it in the new topic explained in step 9 which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
Skip the GMER step and instead post the ComboFix log you have.

Let me know if that went well.

DDS LOG:
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24
Run by UCA at 13:49:43 on 2012-03-09
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2003.1496 [GMT -6:00]
.
AV: AVG Internet Security 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: AVG Firewall *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
c:\windows\nldrv\003\stacsv.exe
svchost.exe
C:\WINDOWS\system32\netdde.exe
C:\Program Files\Common Files\Apple\Mobile... Read more

Answer:From No Internet after Sirefef Removal

Good evening.

Can you post exactly what issues you are now having with the PC. Please give any file names that your security programs may be flagging as infected, if you have them, as well as the generic infection names.

1 more replies
Relevance 85.69%

Good morning, all!
 
It seems this virus is the next cool thing as most of the machines we've seen in our office have severe damage and traces listing 0Access/Sirefef.  It also seems the malware comes bundled with a faux-Anti-Virus program, "System Care" (A fake AV that seems to be months old.) We've noticed some of the damage that comes with 0Access and Sirefef is severe services issues, missing or corrupted.  I just wanted to put this on the site (As I use Bleeping Computer for a lot of referencing but I don't see this in the downloads section)
 
http://kb.eset.com/esetkb/index?page=content&id=SOLN2895&locale=en_US
 
Eset has a reset to the services damaged by the malware as well as a quick trick to help fix the Windows Defender issue that comes about with the malware.  We've used it on the last couple machines and applications like "RKill" and a proprietary PXE no longer list issues related to base services, and the services have returned to the services.msc list.
 
(Must run in CMD with switch "/r")
 
Bit Defender also has a removal tool,
 
http://www.bitdefender.com/free-virus-removal/
 
I hope this helps those select few that become infected with the malware and they're able to remove and repair the OS without having to restore!
 
Thanks,
Nick

More replies
Relevance 85.69%

Hello, i have SUPERAntispyware installed and it found Conserv.dll sirefef as a trojan virus which needs to be removed. Unfortunately upon removal windows wont load and the system restore loads up and puts everything back to how it was.

Please let me know if anything else is required, I fully appreciate in advance any help you can provide in getting rid of the mcnasty

Please see below log per prep guide:


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Administrator at 0:42:29 on 2012-07-14
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.5119.2941 [GMT 1:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32�... Read more

Answer:Consrv.dll sirefef removal

Hi,Please run the followingRefer to the ComboFix User's Guide Download ComboFix from the following location:

Link

* IMPORTANT !!! Place ComboFix.exe on your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
You can get help on disabling your protection programs here
Double click on ComboFix.exe & follow the prompts.Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

---------------------------------------------------------------------------------------------
Ensure your AntiVirus and AntiSpyware applications are re-enabled.

---------------------------------------------------------------------------------------------NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

12 more replies
Relevance 85.69%

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows XP Professional, Service Pack 3, 32 bit
Processor: Intel(R) Pentium(R) 4 CPU 3.20GHz, x86 Family 15 Model 6 Stepping 5
Processor Count: 1
RAM: 1501 Mb
Graphics Card: ATI Radeon Xpress 1100, 128 Mb
Hard Drives: C: Total - 76245 MB, Free - 9139 MB;
Motherboard: Dell Inc., 0UP453
Antivirus: Microsoft Security Essentials, Updated: Yes, On-Demand Scanner: Disabled

Need assistance in removing Sirefef.DA trojan found by Eset Online Scanner. Below is HJT log and Eset Scanner.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:18:09 PM, on 12/20/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Funk Software\Proxy Host\ph32svc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\... Read more

More replies
Relevance 85.69%

Hello,

Running Win7x64 and my father's computer is stuck in a MSE bootloop due to the sirefef trojan. I was able to get him to run FRST64.exe and the two logs that I usually see requested are attached below. Can someone make me a fixlist.txt? I really appreciate the help! This is the most devious virus I've ever had to deal with (and he has had many of them!).

As a result of the boot loop, I currently have about 60 seconds once the computer boots up before it tells me a critical error has been found and forces a restart. Is there any way to just disable this from happening? It even happens in safe mode. I even disabled MSE, and it still happens.

-ferrox
 

Answer:Sirefef Trojan Removal Help!

Welcome to MajorGeeks, ferrox

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Attached is fixlist.txt

Save fixlist.txt to your flash drive.
You should now have both fixlist.txt and FRST64.exe on your flash drive.

Now re-enter System Recovery Options.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt).
Please attach this to your next message. (How to attach)

Now attempt to boot normally.
 

2 more replies
Relevance 85.69%

Hi,I have been infected with Sirefef.AP and I think this has installed at least one other trojan, ZeroAccess. I have been infected with ZeroAccess before, but CatByte helped me remove it. Sophos detected Sirefef and ZeroAccess and now my browser stops responding if used for a few minutes and I can't open task manager or do anything without a forced shut down. I have a Windows 7 64 bit (didn't run GMER) Lenovo Ideapad Y450. I used the clean up option with the files that were quarantined in Sophos (windows.ini infected with Sirefef.AP) and deleted an intellidownload.vfd file, but didn't delete services.exe (infected by ZeroAccess). The files no longer show up in Sophos after the restart, but might after a system scan. Here is my DDS Log:DDS Log.DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1Run by David Abram at 9:42:12 on 2012-08-15Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3933.2480 [GMT -7:00].AV: Sophos Anti-Virus *Enabled/Updated* {479CCF92-4960-B3E0-7373-BF453B467D2C}SP: Sophos Anti-Virus *Enabled/Updated* {FCFD2E76-6F5A-BC6E-49C3-843740C13791}SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.============== Running Processes ===============.C:\windows\system32\wininit.exeC:\windows\system32\lsm.exeC:\windows\system32\svchost.exe -k DcomLaunchC:\windows\system32\svchost.exe -k RPCSSC:\windows\Syste... Read more

Answer:Removal of Sirefef.AP and ZeroAccess

Hello dabram, Welcome to Bleeping Computer.
My name is fireman4it and I will be helping you with your Malware problem.

Please take note of some guidelines for this fix:
Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

Finally, please reply using the ADD REPLY button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
I will be analyzing your log. I will get back to you with instructions.Do you have a USB Flash Drive you can use?

14 more replies
Relevance 85.69%

Earlier, about 3 hours ago I guess, I started hearing advertisements from my speakers which weren't emanating from anywhere I could figure out. Realising I had a virus I opened Microsoft Security Essentials, however I was unable to use it as the virus had disabled it-- same with my firewall. I reset my computer to stop the ads, de-installed and re-installed MSE and it's been working since then. At first I did the "first timer" scan and it picked up loads of files, however three of them (sirefef.ak, sirefef.m, and sirefef.w) kept coming back every 3-4 minutes. (Perhaps the others too, I've been using quick scan to delete them over and over while I've puzzled over the issue.)

I looked up help guides and most of them said basically the same instructions, however those have failed to work for me. I've tried to find specific malicious entries in my registry but they weren't there. I've tried using other security software, namely Avast, Malwarebytes, and programs purportedly made specifically for my issue called TDSSKiller and ESETSirefefRemover both of which could not identify the virus let alone remove it.

It's worth noting I can't open/use/reactivate Windows Firewall, probably needs some registry fixing, but I'm not so bothered about that until the virus is gone.

I haven't had another bout of ad spam since the first (I assume because I keep deleting the three listed files) but the trojan clearly isn't gone.... Read more

Answer:Sirefef.ak removal issues.

Update-- MSE just detected two new files, sirefef.p and sirefef.ab, and it cleaned them and I reset and apparently they should be gone now. The truth remains to be seen, as .m .ak and .w are still coming back.
 

3 more replies
Relevance 85.69%

EDIT:MOVED from XP to Am I InfectedNew member, not sure where exactly to post this:I have a friends Dell 5500 lattitude laptop. It was given to me in hopes of getting rid of a virus. Well, the virus is gone, however I cannot connect to the internet. I have done all I can think of to fix this (Nuke and pave are not an option, as I have no XP disc, except for an old 98-to-XP upgrade disc), and it seems something is blocking IE/firefox from the wire and wireless, as I am showing a connection, yet cannot obtain IP, gateway addys, etc. The following is what I have done so far:The usual MSE and Mbam scans, Combofix, Filepig, Tdsskiller, WinsockLSPfix, off with the restore, safe modes, Etc. Reinstalled all drivers from the dell site, even copied and pasted my entire Windows/system32 drivers folder from my XP machine to his. Have no other ideas on things to try. anyone have any suggestions? All other things on the computer work perfect.

Answer:No internet after Sirefef.b removal

go into IE, Tools, Internet options, Connections, Lan Settings, is the box checked for Use a proxy server for your Lan, if it is checked, uncheck it and you should be good.
Dave

10 more replies
Relevance 85.69%

Hello I've recently been infected with the win32/sirefef.ez or sometimes .ev trojan and cant remove it with eset security 5. Eset recognizes it but cant remove it. It's also shut down my windows firewall and doesnt allow me to update eset or windows. It also mentions something about desktop.ini please help!! thank you!!

Answer:win32/sirefef.ez removal

I tried to download dds but no response when i click the downlooad link

10 more replies
Relevance 84.87%

Hello I'm trying to help remove the sirefef.y virus from a laptop. I have the attached files from FRST and the search. The laptop is running win7 64. Please let me know what other info you need. Thank you for your help
Jay
 

Answer:win64 sirefef.y removal request

Welcome to MajorGeeks, Jay

You did a bit of researching I see :-D

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Attached is fixlist.txt

Save fixlist.txt to your flash drive.
You should now have both fixlist.txt and FRST64.exe on your flash drive.

Now re-enter System Recovery Options.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt).
Please attach this to your next message. (How to attach)

Now attempt to boot normally and remember to attach your Fixlog.txt

>>> Now continue with this procedure: How to Remove TrojanOS/Alureon.A <<<
 

11 more replies
Relevance 84.87%

After removing Trojan.sirefef (thanks to combofix) I am unable to connect to the internet (whether it be wired or wireless).My responses may be delayed due to the fact that I have to access a different computer (or iPhone) to post.Farbar Service Scanner log:Attempt to access Yahoo IP returned error: Yahoo IP is unreachableAttempt to access Yahoo.com returned error: Other errorsWindows Firewall:=============Firewall Disabled Policy: ==================System Restore:============System Restore Disabled Policy: ========================Other Services:==============sharedaccess Service is not running. Checking service configuration:The start type of sharedaccess service is set to AutoThe ImagePath of sharedaccess service is OK.The ServiceDll of sharedaccess service is OK.File Check:========C:\Windows\System32\nsisvc.dll => MD5 is legitC:\Windows\System32\drivers\nsiproxy.sys => MD5 is legitC:\Windows\System32\dhcpcore.dll => MD5 is legitC:\Windows\System32\drivers\afd.sys => MD5 is legitC:\Windows\System32\drivers\tdx.sys => MD5 is legitC:\Windows\System32\Drivers\tcpip.sys => MD5 is legitC:\Windows\System32\dnsrslvr.dll => MD5 is legitC:\Windows\System32\mpssvc.dll => MD5 is legitC:\Windows\System32\bfe.dll => MD5 is legitC:\Windows\System32\drivers\mpsdrv.sys => MD5 is legitC:&#... Read more

Answer:No internet after removal of Trojan.sirefef

Please download MINITOOLBOX and run it. Checkmark following boxes: Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Users, Partitions and Memory sizeList Devices (problems only) Click Go and post the result.

32 more replies
Relevance 84.87%

Hi

Could someone please help me create a fixlist and guide me through the removal of this nasty trojan? I've looked at similar posts and have attached the FRST and SEARCH text files. Thank you!!

-A.
 

Answer:Sirefef Removal: Fixlist request

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Attached is fixlist.txt

Save fixlist.txt to your flash drive.
You should now have both fixlist.txt and FRST.exe on your flash drive.

Now re-enter System Recovery Options.
Run FRST and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt).
Please attach this to your next message. (How to attach)

Now attempt to boot normally.

-------------------

Now run FRST like you did the first time and attach the log please.
 

7 more replies
Relevance 84.87%

Currently i am using winodws xp sp3 and am having some trouble removing the sirefef family of viruses... please advise... ive tried everything i can think of, but would appreciate some assitance from more experienced people. i have noticed other people have had the same problems and this forum seems to be the best place to post regarding this topic. if you need any info from my PC let me know and i will post away... thanks in advance*Moderator Edit: Moved topic from XP to the more appropriate forum. ~ Queen-Evie*

Answer:sirefef trojan/malware removal

Hello,I will be helping you with your problems. Please be patient while I assist you.Some points for you to keep in mind while I am helping you to make things go easier and faster for both of us Please do NOT run, install or uninstall any programs, unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability. Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post. Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process. Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the top of your post, click on the Watch Topic Butt... Read more

18 more replies
Relevance 84.87%

how do you remove this trojan. W.E. cleans it but doesn't keep it from coming back?ThanksHermanEdit: Moved topic from XP to the more appropriate forum. ~ Animal

Answer:trojan: win32/sirefef removal

Please follow the instructions in ==>This Guide<== starting at Step 6. If you cannot complete a step, skip it and continue.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

1 more replies
Relevance 84.87%

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows XP Professional, Service Pack 3, 32 bit
Processor: Intel(R) Core(TM)2 Duo CPU E7400 @ 2.80GHz, x86 Family 6 Model 23 Stepping 10
Processor Count: 2
RAM: 2046 Mb
Graphics Card: ATI Radeon HD 3450, 512 Mb
Hard Drives: C: Total - 152546 MB, Free - 114131 MB;
Motherboard: Dell Inc., 0N185P
Antivirus: ESET NOD32 Antivirus 4.0, Updated: Yes, On-Demand Scanner: Enabled

Log from ESET Scan:

Operating memory \GLOBAL??\7571a07c\WINDOWS\$NtUninstallKB54541$\1970380924\Desktop.ini - Win32/Sirefef.DN trojan - cleaned by deleting [1]
Operating memory svchost.exe(1236) - a variant of Win32/Sirefef.DT trojan - unable to clean
C:\WINDOWS\system32\drivers\netbt.sys - Win32/Sirefef.DA trojan - unable to clean
 

Answer:Win32/Sirefef.DT Trojan Removal Help

16 more replies
Relevance 84.87%

I have the sirefef virus and the computer reboots every minute even in safe mode with networking. I am able to access the task manager but I can not find any process with the trojan name to stop nor can I figure out which process I should stop. Any help would be greatly appreciated.

Answer:trojan virus sirefef removal

Windows 7 Forums the biggest Windows 7 help and support forum, friendly help and many Windows 7 tutorials that will help you get the most out of Microsofts new Windows 7 Operating System. - Search Results for sirefef virus
------------------------------------------------------------
This would be a great place to start

4 more replies
Relevance 84.87%

Hi everyone. Long time lurker, first time poster

I'm currently on Windows Vista Ultimate, Service Pack 2 and according to Windows Defender (the only anti-virus/anti-malware software that lets me scan the entire way through - all the other softwares i've recently installed mysteriously quits mid-scanning), I'm infected with Trojandropper:win32/sirefef.B

Clicking "remove" within Windows Defender of course, doesn't do anything (significant). Upon reboot and re-scanning, the same virus/malware is discovered again.

Current Windows Defender report is as follows:
--
Category:
Trojan Dropper

Description:
This program is dangerous and installs other programs.

Advice:
Remove this software immediately.

Resources:
driver:
Wanarpv6

driver:
Wanarp

driver:
cdrom

file:
C:\Windows\system32\DRIVERS\wanarp.sys

file:
C:\Windows\system32\DRIVERS\cdrom.sys
--

Apparently this doesn't mean much since everytime I 'remove' and reboot, the infected driver and files change to something else.

From quick Google searches, it seems that I'm dealing with some kind of "rootkit" type malware. Is this correct? and if yes, do I have hope in returning my system back to its glorious self without the last and final resort of reformating?

thanks heaps in advance!

Answer:Removal of Trojandropper:win32/sirefef.B

Hello and welcome. IOmoved you to the Am I Infected forum from Vista.Next run MBAM (MalwareBytes):Please download Malwarebytes Anti-Malware and save it to your desktop.Download Link 1Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.
For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives sele... Read more

9 more replies
Relevance 84.87%

I am running Microsoft Security Essentials, and it has removed the sirefef.b, fakerean, patchload.0 and also says that zeroaccess was found on my computer too. Would like to remove the virus versus reinstall operation system.

Thanks for your help.

Here is my hijack this file.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:43:39 PM, on 12/9/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17103)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\IObit\Advanced SystemCare 4\PMonitor.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\MSN Toolbar\Platform\4.0.0379.0&#... Read more

Answer:Help sirefef.b and zeroaccess Virus Removal

Hello and welcome. Please follow these guidelines while we work on your PC:Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I?ve given you the ?All clear.? Absence of symptoms does not mean your machine is clean! Please do not run any scans or install/uninstall any applications without being directed to do so.Any underlined text in my posts indicates a clickable link.If you have any questions at all, please stop and ask before proceeding. Please download DDS by sUBs from one of the following links and save it to your desktop.DDS.scrDDS.comDDS.pifDisable any script blocking protection (How to Disable your Security Programs)Double click DDS icon to run the tool (may take up to 3 minutes to run)When done, DDS.txt will open.After a few moments, attach.txt will open in a second window.Save both reports to your desktop.---------------------------------------------------Post the contents of the DDS.txt report in your next replyAttach the Attach.txt report to your post by scroling down to the Attachments area and then clicking Browse. Browse to where you saved the file, and click Open and then click UPLOAD. Download GMER Rootkit Scanner from here to your desktop. Double click the exe file. If asked to allow gmer.sys driver to load, please consent . If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.

Click the image to enlarge it
In the right panel, you will see several boxes ... Read more

2 more replies
Relevance 84.87%

Hi, could someone please send me a fixlist for:

Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 16-07-2012 01
Ran by SYSTEM at 19-07-2012 15:00:39
Running from F:\allen
Windows 7 Ultimate (X86) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [141848 2009-09-23] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [173592 2009-09-23] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [150552 2009-09-23] (Intel Corporation)
HKLM\...\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE [180224 2010-04-12] (PowerISO Computing, Inc.)
HKLM\...\Run: [Adobe Acrobat Speed Lau... Read more

Answer:Sirefef Removal: Fixlist Request

HiPlease do the following:Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt start
HKLM\...\Run: [] [x]
C:\Windows\Installer\{56d724f6-104e-c6ae-9eaa-507405a27c8d}
C:\Users\Karen\AppData\Local\{56d724f6-104e-c6ae-9eaa-507405a27c8d}
C:\Windows\assembly\GAC\Desktop.ini
replace: C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe C:\Windows\System32\services.exe
endNOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating systemNow please enter System Recovery Options then select Command PromptRun FRST (or FRST64 if you have the 64bit version) and press the Fix button just once and wait.The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.Reboot Normally.NEXTRefer to the ComboFix User's Guide Download ComboFix from the following location:

Link

* IMPORTANT !!! Place ComboFix.exe on your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the... Read more

2 more replies
Relevance 84.87%

Anyone know how to get rid of this nasty Trojan WIN64 Sirefef-A it seems to have disabled Update and Windows Firewall & Security Centre. Managed to get Avast and Comodo Firewall on but rest don't work.

Answer:Trojan WIN64 Sirefef-A removal

Microsofts Malware Protection Center says that the antivirus definitions may be able to detect and prevent WIN64 Sirefef, but nothing is mentioned about its removal.

Win32/Sirefef is a dangerous threat that uses advanced stealth techniques in order to hinder its detection and removal. Particular variants of Win32/Sirefef may also make lasting changes to your computer that will NOT be restored - some system files may be irrevocably corrupted and essential security services may be disabled. Due to the severe consequences associated with this threat, you may need to reinstall your Windows operating system and other computer programs, and restore your files and data from backup if your computer is infected with any of the following Sirefef variants.

See if you can do a system restore to a prior good point - or even restore the PC to factory condition. That may be the easiest option right now.
Or else, clean up your PC junk using the Disk Cleanup tool, and see if you can schedule a a full in-depth boot-time scan of your Avast. Maybe that will help.
Microsoft's Answer Desk is another option you may want to consider - but thats a paid option.

2 more replies
Relevance 84.87%

My Wife's laptop is having major issues. Lava soft ad-ware can detect the Trojans but can not remove them.

Answer:Need help with Generic.bt and sirefef Trojan removal.

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your malware problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the top o... Read more

3 more replies
Relevance 84.87%

I did a search and followed instructions found in this thread:http://www.computerhope.com/forum/index.php?topic=124946.0After scanning in safe mode, mbam found 3 infected files. I deleted all. While running mbam in normal mode, Security Essentials detected the Win32/sirefef.AC and .AH several times. After mbam finished, the report showed no malicious items found. I still have the virus. I saved logs if you need them.Jim

Answer:Win32/Sirefef.AC and .AH removal help needed

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer. 1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.2. The fixes are specific to your problem and should only be used for this issue on this machine.3. If you don't know or understand something, please don't hesitate to ask.4. Please DO NOT run any other tools or scans while I am helping you.5. It is important that you reply to this thread. Do not start a new topic.6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.7. Absence of symptoms does not mean that everything is clear.If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line. *************************************************************************Please post whatever logs you have plus these.SUPERAntiSpywareIf you already have SUPERAntiSpyware be sure to check for u... Read more

9 more replies
Relevance 84.46%

Hello and Welcome to Bleeping Computer!!My name is Gringo and I'll be glad to help you with your malware problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At t... Read more

Answer:win32/sirefef.ab, win64/sirefef.p and win64/sirefef.m

Hi Gringo
Thanks for your help. my firewall is down and i am lost on what to do. i have done what you asked and hope its ok.
what is this sirefef ? seems like it wants to stay.

Scan result of Farbar Recovery Scan Tool Version: 16-05-2012
Ran by SYSTEM at 16-05-2012 19:15:34
Running from F:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [10151968 2010-05-20] (Realtek Semiconductor)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
HKLM-x32\...\Run: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [113296 2010-03-29] (NEC Electronics Corporation)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\... Read more

8 more replies
Relevance 83.64%

Hello,

Please help. I have computer that has win64 sirefef and my computer reboots every 60 seconds.

I have booted in recovery console and ran FRST64 and created the FRST.txt

I would like to request a fixlist.txt script to "fix"

Thank you,
Chad
 

Answer:win64 sirefef removal fixlist.txt request

Save fixlist.txt to your flash drive.

You should now have both fixlist.txt and FRST.exe on your flash drive.
Now reboot back into the System Recovery Options as you did previously.
Run FRST and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt).
Please attach this to your next message. (See how to attach[/URL])

Now boot into normal Windows can continue with the below.

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista or Win7, don't double click, use right click and select Run As Administrator).

Then attach the below logs:
* Fixlist log
* C:\MGlogs.zip
Make sure you tell me how things are working now!
 

3 more replies
Relevance 83.64%

My computer has been shutting down suddenly each morning for the past couple weeks. While investigating the issue I noticed that Windows Update and Windows Firewall were turned off. After visiting Microsoft's Support area I was able to get Windows Update working, but after running a Windows Security Essentials Scan and removing the only virus it found (Trojan:Win64/sirefef.e) My computer restarted to a blue screen of death that said "Stop: C0000135 The program can't start because %hs is missing frmo your computer. Try reinstalling the program to fix this problem"

When I restarted again Windows Startup tool came up and had me restore back to when it was working....which of course also restored the virus.

I've looked around on the internet for a couple hours tonight and haven't found a solution. Tech Guys helped me once in the past and hoping someone is available to help again.

Thanks in advance!
HiJack this log below.

DDS Lob further below.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:54:38 PM, on 1/5/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Users\WA1\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe
C:\Program Files (x86)\Common Files\I... Read more

Answer:Trojan:Win64/sirefef.e Virus Removal

11 more replies
Relevance 83.64%

I have computer that has win64 sirefef.p (ZeroAcess)
I have booted in recovery console and ran FRST64 and created the FRST.txt

I would like to request a fixlist.txt script to "fix"

Thanks.
 

Answer:win64 sirefef.p removal fixlist.txt request

Welcome to MajorGeeks, theknack

Boot to System Recovery Options and run FRST again.
Type the below bolded text in the edit box after "Search:".

services.exe

Then click the Search button.

It will make a log (Search.txt) on the flash drive. Please attach this log to your next reply. (How to attach)
 

5 more replies
Relevance 83.64%

I have tried to remove sirefef.r with Malwarebytes and have been unsuccessful. I have attached the FRST.txt log file from running Farbar recovery scan tool. I'm looking for a FRSTFIX.txt for this. Any help is greatly appreciated.
 

Answer:Sirefef.r Removal needed FRST.txt logs

Please download ComboFix to your desktop and run it. Do not do anything while it runs. Attach the log when it is finished.
 

1 more replies
Relevance 83.64%

I installed Microsoft security essential and ran a full scan of the system. But I found out that my windows is attacked by Trojan:win64/Sirefef.W, Trojan:win64/Sirefef.M and Trojan:win32/Sirefef.AK. Microsoft security essentials was unable to remove them. The main issue that I have been facing since this incident is that windows can't update Firewall settings. the following message is displayed "Windows Firewall cant change some of your settings. Error code 0x80070424". Additionally, the antivirus program "Microsoft security essential" keeps on detecting the above mentioned malwares and asks to delete these files. Once deleted it asks for a reboot. After restart again these viruses are re-created and its been happening for the last couple of weeks.sea In order to resolve this issue I searched the internet and found http://www.bleepingcomputer.com so I posted a topic regarding this issue and I have been recieving help from one of your experts. Here's the link of this topic:http://www.bleepingcomputer.com/forums/topic455970.html/page__gopid__2721298#entry2721298Now that problem persists, I have been asked for the elevated help and to post a new topic here. I am glad to know that your team is so dedicated for our help. As I am using 64-bit version of windows so only DDS logs were created. DDS.txt logs are given below and attach.txt is been attached as well.....DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion... Read more

Answer:Infected with Trojan:win64/Sirefef.W, Trojan:win64/Sirefef.M and Trojan:win32/Sirefef.AK

Hello and Welcome to Bleeping Computer!!My name is Gringo and I'll be glad to help you with your malware problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE:... Read more

27 more replies
Relevance 83.23%

When I try to turn Windows' firewall on/off, I get the message "Due to an unidentified problem, Windows cannot display Windows firewall settings.

The Security Service center cannot be started.

I cannot install cumulative security update for IE8.

I was getting redirected to different websites in new windows when surfing.

I recently removed AVG and installed Avast. I also recently updated JAVA and removed old JAVA stuff.

Avast keeps indicating it has blocked:

Infection - Win64:Sirefef-A[Trj]
Object [email protected]

Infection - Win32:Sirefef-AD[Rtk]
Object - [email protected]

Infection - Win32:Malware-gen
Object - [email protected]

I have scanned w/ Avast (Avast also did a boot scan), Malwarebytes, and SuperAntiSpyware, and nothing has changed except the redirect seems to have stopped.

I tried the gmer scan three times and each time it resulted in a blue screen. All I could read on the screen was uwldypow.sys.

Anyway the DDS file -

DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18882 BrowserJavaVersion: 10.5.1
Run by JIM at 21:05:10 on 2012-06-29
Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.1.1033.18.1013.170 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:&... Read more

Answer:Infected w/ Win64:Sirefef-A[Trj], Win32:Sirefef-AD[Rtk], Win32:Malware-gen

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At... Read more

30 more replies
Relevance 83.23%

Hello! Please Help!

My antivirus started to warn me about blocking stuff a few days ago. I was using Bitdefender Total Security 2012. At first it found the threats and removed them but since this morning it started acting more weird. It wasn't able to remove them. I think it showed among others a trojan.sirefef.fy. I've changed my antivirus with Norton 360 but it didn't solve anything. I've installed Malwarebytes Anti-Malware which found another 2 trojans and rootkit.0Access. A second scan showed nothing. Norton 360 showed 2 threats and removed them. At last I ran Eset Online Scanner which now shows 7 threats. I'm really worried that my pc is compromised. I'm using Windows 7 with Firefox. Windows Update seems to be deactivated too.

Answer:trojan.sirefef.fy, Sirefef.Fd Trojan, rootkit.0Access problem

DownloadTDSSkillerLaunch it.Click on change parameters-Select TDLFS file systemClick on "Scan".Please post the LOG report(log file should be in your C drive) Do not change the default options on scan resultsDownloadaswMBRLaunch it, allow it to download latest Avast! virus definitionsClick the "Scan" button to start scan.After scan finishes,click on Save logPost the log results hereDownloadESET online scannerInstall itClick on START,it should download the virus definitionsWhen scan gets completed,click on LIST of found threatsExport the list to desktop,copy the contents of the text file in your reply

8 more replies
Relevance 82.82%

I've seen posts here and people have been successful in retrieving internet connection after a Sirefef removal. I'm having the same problem.
 
Heres a FFS.txt just taken.
 
Farbar Service Scanner Version: 03-03-2013
Ran by Rowland (administrator) on 02-04-2013 at 10:26:35
Running from "F:\"
Windows 7 Home Premium Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Dnscache Service is not running. Checking service configuration:
The start type of Dnscache service is OK.
The ImagePath of Dnscache service is OK.
The ServiceDll of Dnscache service is OK.
Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.
tdx Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open tdx registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open tdx registry key. The service key does not exist.

Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Attempt to access Google IP returned error.
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo IP returned error.
Attempt to access Yahoo.com returned error: Other errors

Windows Firewall:
=============
Firewall Disabled Policy:
==================

System Restore:
============... Read more

Answer:Sirefef removal leading to internet connection problem

Both wired and wireless dont work. It can pick up the connection to the router but doesnt connect to the internet.
 
Windows 7

9 more replies
Relevance 82.82%

I need some software or manual cmd prompt commands to remove this virus family. I'm really worried about my banking...

I'll generate the reports soon for my parents arn't allowing me to Turn On the laptop.

Laptop Details -
Model - Satellite A105-S2071
Operating System - Microsoft Windows XP Professional SP3 x86

Thanks in advance,
Network

Answer:Servere Trojan:Win32/Sirefef Removal Help Needed

Hello and Welcome to TSF.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

One or more of the identified infections is a backdoor trojan/rootkit.

This type of infection allows hackers to remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Please refer to Microsoft's Online Safety article for tips on creating a strong password.

Do not change passwords or do any transactions from the infected computer until it has been cleaned.

------------------------------------------------------

We want all our members to perform the steps outlined here:

NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help - Tech Support Forum

After running through all the steps, you shall have a proper set ... Read more

2 more replies
Relevance 81.59%

My Windows 7 (32bit) machine is infected with both Sirefef-A(trj) and Sirefef-AO(rtk). I've attached my FRST logs. Any help is greatly appreciated.
 

Answer:Sirefef-A and Sirefef-AO Virus

Welcome to Major Geeks!

You did not run FRST properly!!!!! It must be run from the system recovery environment. You need to run those scans again but this time from the system recovery environment.

Notice the below error message that was in your log



ATTENTION:=====> THE TOOL IS NOT RUN FROM RECOVERY ENVIRONMENT AND WILL NOT FUNTION PROPERLY.Click to expand...

The below explains the process.

Please do the below so that we can boot to System Recovery Options to run a scan.

For 32-bit (x86) systems download Farbar Recovery Scan Tool and save it to a flash drive.
For 64-bit (x64) systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options from the Advanced Boot Options:

Restart the computer.
As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
Use the arrow keys to select the Repair your computer menu item.
Select US as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account an click Next.

On the System Recovery Options menu you will get the following options:



Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command PromptClick to expand...


Select Command Prompt
In the command window type in notepad and press Enter.
The notepad opens. Under File menu select Open.
Select "Com... Read more

12 more replies
Relevance 81.59%

Hey! Out of nowhere an install window appeared showing some kind of "Security Shield". As soon as I noticed that, I tried to run MSE to no avail, as it had been corrupted. The Firewall was disabled as well and I couldn't re-enable it. I was able to install MSE again, so I ran that and Malwarebytes. Both detected Sirefef.AK and Sirefef.G, they supposedly removed it but it's still there, because if I run the scans again it still shows up. Here are my logs.
Thanks for the help!
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.1.0
Run by Koala at 17:41:08 on 2012-05-24
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.56.3082.18.2814.811 [GMT -4:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\... Read more

Answer:Can't remove Sirefef.AK and Sirefef.G

Hello and Welcome to Bleeping Computer!!My name is Gringo and I'll be glad to help you with your computer problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE:... Read more

32 more replies
Relevance 81.59%

Hello!

Recently I discovered Microsoft Security Essentials and Windows Defender had been disabled on my computer (Windows 7 64-bit) and I couldn't turn them back on. Running Malwarebytes revealed an infection of Rootkit.0Access. MBAM couldn't remove it, but I tried running TDSSKiller and it was able to remove the infected files.

After restarting, I ran TDSSKiller again and it came up clean. Then I ran Malwarebytes again and now it was reporting the presence of two trojans, Win64/Sirefef.Y and Win64/Sirefef.B. Malwarebytes couldn't remove the trojans, and at this point I checked Microsoft Security Essentials and noticed it still wouldn't turn back on. I uninstalled MSE, downloaded a fresh copy, and reinstalled it. At this point it started to work correctly, found the trojans and tried to remove them... and then of course I found myself constantly restarting the way it seems many people with this malware have been

Any advice would be appreciated. I haven't been able to run the utilities asked for in the Malware Removal Guide, change settings, etc. due to the way the computer keeps restarting. (I see it's being asked that people disable Daemon Tools, which I do have installed and can't get to right now, argh.) Please note I have a second clean laptop available that I can make use of and I can burn DVDs, but I have no flash drives available.

Thank you very much!
 

Answer:Sirefef.Y and Sirefef.B on Win7 64-bit

Welcome to MajorGeeks, datenshi

Please download Farbar Recovery Scan Tool and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
Restart the computer.
As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
Use the arrow keys to select the Repair your computer menu item.
Choose your language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account and click Next.

To enter System Recovery Options by using Windows installation disc:
Insert the installation disc.
Restart your computer.
If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
Click Repair your computer.
Choose your language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account an click Next.
On the System Recovery Options menu you will get the following options:





Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
Click to expand...


Select Command Prompt
In the command window type in notepad and press Enter.
The notepad opens. Under File menu select Open.
Select "Computer" and find your fla... Read more

9 more replies
Relevance 81.59%

Today I noticed that my computer has been infected with the sirefef.b and sirefef.y viruses. I currently have McAfee and today I installed microsoft security essentials and thats when it stated that they were there. The only way i could stop my computer from restarting every minute and try to find a way to fix this was to uninstall MSE. Can you help me remove these viruses?

Answer:How do I remove sirefef.b and sirefef.y?

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At... Read more

48 more replies
Relevance 81.59%

I have been infected with these Trojans and my computer restarts after 60 seconds regardless of user or safe mode. Mbam does not detect it, but Microsoft security essentials does. Could I get some help on how to not have an expensive paperweight?Edit: Moved topic from Windows 7 to the more appropriate forum. ~ Animal

Answer:bleeping sirefef.ab and sirefef.p

Restart the PCPress F8 on bootupSelect REPAIR YOUR COMPUTERClick on REPAIROn the System Recovery Options menu you will get the following options:Startup RepairSystem RestoreWindows Complete PC RestoreWindows Memory Diagnostic ToolCommand PromptCan you get to this screen?If yesSelect System restoreIf you have restore point before you installed microsoft security essentials restore it or if you have restore point before you were infected would be fine

33 more replies