TechSpot

[CLOSED] MSE says services.exe infected with Sirefef.R but cannot disinfect

By Fidro
Jul 30, 2012
Topic Status:
Not open for further replies.
  1. Hi all,

    First, I must admit I've always used a lot of your recommendations but as a guest, that is viewing only this forum...

    Second, I'd just like to say hi to everyone (y) and hope you people can help me ;)


    My PC (Windows 7 SP1 x86) got somehow infected with "Live Security Platinum" : a really pain actually as it deactivates your AV and Firewall then simulates it's an AV but prevents you opening many applications. I understood from many forums that it was a rogue and I use RogueKiller to remove it : it sounded like it worked! But I couldn't activate some services, like Windows Update, Security Center and MSE couldn't start properly...

    Only then I started wondering, how did it get on my machine? Well, again made some researches and found out it usually comes from a trojan?

    I updated MalwareBytes' to latest and did a full scan : it also removed some other traces.

    I manage to uninstall and reinstall MSE, update it and it warned about "services.exe" beeing infected with "Sirefef.R" and apparently cured it but another warning about "services.exe" came with it saying it was infected with "Sirefef.AH" and wanted to quarantine it ... almost done reading when, BEEP, computer restarts!

    And now I only have 1 minute or 2 each time I boot, get the MSE warnings and then it reboots again.

    I then booted into command prompt via System Repair (F8 at boot) & used FRST.exe to do a scan then a search of "services.exe" (please find attached files FRST.txt and Search.txt).


    Hope I did the good procedures :confused:


    I'd be glad if anyone can help otherwise I guess I'll have to reformat :oops:



    Cheers,
    Fidro
     

    Attached Files:

  2. Fidro

    Fidro TS Rookie Topic Starter

    OK, here's what I did as a next step...

    WARNING: do not use the file provided as it won't resolve your problem and will just make things worse!

    I created the attached "fixlist.txt" file by deducting from other threads :)

    Is there any chance someone could have quick look just to know if I'm going in the right direction?



    Thanks,
    Fidro
     

    Attached Files:

  3. Fidro

    Fidro TS Rookie Topic Starter

    And here's the "Fixlog.txt" *nerd*
     

    Attached Files:

  4. Fidro

    Fidro TS Rookie Topic Starter

    And no reboot !!!

    WOW, starting to enjoy this, LOL!

    Well, I guess the next step is ComboFix from BleepingComputer.com ... will keep you informed and update this post (#4) instead of creating new posts in the same thread where nobody except me replied (for the time being of course) :D
     
  5. Fidro

    Fidro TS Rookie Topic Starter

    Can't seem to be able to edit the post...

    Anyways, here's the log of "ComboFix.txt" !

    Going for an ESET Online Scanner ==> [ ]
     

    Attached Files:

  6. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    O...kay...stop there. Potentially dangerous creating your own fixes. You may trust yourself, but if you're going to ask for help here, you'll have my guidance, or I'll just trash the topic.

    Please uninstall ComboFix:

    To uninstall ComboFix

    • Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
    • In the field, type in ComboFix /uninstall
    [​IMG]

    (Note: Make sure there's a space between the word ComboFix and the forward-slash.)

    • Then, press Enter, or click OK.
    • This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.

    Since you didn't need our help anyway, this topic will be closed.
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.