TechSpot

Sirefef strikes

Inactive
By Flobble
Aug 14, 2012
  1. So it's got me, and it appears to be using its signature move of shutting the machine down every minute.
    I assume I should just start out the same as everyone else with Fabar? I have the Win7 install disc at least.
    Windows7 SP 1 Home Professional.
    MBam and MSE are installed and have removed a good quantity.
    It's disconnected from networks so it's not going to be downloading any more


    While typing this I have managed to disable MSE and run a MBam scan, so I seem to have control over the system for now. It's not restarted yet. Suggestions? I'm not sure which version of sirefef is active as there are no logs I can access and my memory's a bit wobbly.
     
  2. Flobble

    Flobble TS Rookie Topic Starter

    Update. System is "fine". Too wary of activating MSE or the internet connection, MBam says it's clean, I have access to services and Usuninstall for example again. It's not hiding all that. All this after Windows fixed something after a failed startup. The fail was me rebooting manually and I wasn't around to see the problem or fix, but it certainly went from system repair to desktop at some point.
    I'm not naive enough to think it's gone. I'm pretty sure it's just MSE isn't attacking it and it has no way of acquiring more malware to throw at me. It's dormant.
    Thoughts?
     
  3. Broni

    Broni Malware Annihilator Posts: 47,668   +267

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
     
  4. Flobble

    Flobble TS Rookie Topic Starter

    Thanks! I ended up having a friend in the profession guide me through it as he'd recently removed it elsewhere. Multiple instances of the trojan removed and the virus in the services as well as a password stealer. It took a few hours top confirm it was all clean and a few more to restore the services it had actually uninstalled and corrupted eg firewall and Windows update.
    However it's nice to know there are people around to ask when things really go wrong.
    The most annoying thing is I actually know which website it came from, a respectable one with a hijacked banner ad.
     
  5. Broni

    Broni Malware Annihilator Posts: 47,668   +267

    I'm glad to see you sorted it out :)
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.