TechSpot

Yet another sirefef victim

Inactive
By peterpaleo
Aug 9, 2012
  1. Like many others, I have a problem with the sirefef rootkit and a rolling Microsoft Security Essentials restart. This seemed like the place to go.
  2. Broni

    Broni Malware Annihilator Posts: 46,765   +254

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =======================================

    What Windows version?
  3. peterpaleo

    peterpaleo TS Rookie Topic Starter

    I'm very sorry for having made this thread before reading the sticky. Unfortunately I used this computer for online banking and college forms, which means they might even have my SSN. If is safe to back anything up before I reinstall Windows 7 64-bit Home Premium or am I SOL?
  4. Broni

    Broni Malware Annihilator Posts: 46,765   +254

    Whatever you back up you have scan before you put it back on fresh install.

    Because you're infected with a rootkit make sure you FORMAT hard drive.
    If you don't format the rootkit will still be there.
    Keep in mind that regular recovery disks which are usually provided when you buy a computer do NOT format hard drive.

    Call all your financial institutions right away and make them being aware of your problem.
    Change all sensitive passwords right away using GOOD computer.
  5. peterpaleo

    peterpaleo TS Rookie Topic Starter

    Okay. I'll do that. How do I reformat my hard drive? And ifI have an OEM version of Windows 7, then in this case will Microsoft allow me to reuse my key?
  6. Broni

    Broni Malware Annihilator Posts: 46,765   +254

  7. peterpaleo

    peterpaleo TS Rookie Topic Starter

    I have done a clean install. The files I backed up are on an external hard drive. How can I scan these files without compromising my computer?
  8. Broni

    Broni Malware Annihilator Posts: 46,765   +254

  9. peterpaleo

    peterpaleo TS Rookie Topic Starter

    I've installed the Panda USB Vaccine.
  10. Broni

    Broni Malware Annihilator Posts: 46,765   +254

  11. peterpaleo

    peterpaleo TS Rookie Topic Starter

    Sorry. I have my computer vaccinated.
     
  12. Broni

    Broni Malware Annihilator Posts: 46,765   +254

    That's fine.
  13. peterpaleo

    peterpaleo TS Rookie Topic Starter

    Okay. Is there a program that I can download to scan the USB drive for the rootkit?
  14. Broni

    Broni Malware Annihilator Posts: 46,765   +254

    Any AV program will do.
  15. peterpaleo

    peterpaleo TS Rookie Topic Starter

    Okay, I scanned it with AVG and it says it's entirely safe. I can't find any sort of way to dump a log, though.
  16. Broni

    Broni Malware Annihilator Posts: 46,765   +254

    I don't need it.
  17. peterpaleo

    peterpaleo TS Rookie Topic Starter

    Okay. I guess I'll install Malwarebytes and call it a day.

    Thank you so much, Broni. You are a saint.
  18. Broni

    Broni Malware Annihilator Posts: 46,765   +254

    You're very welcome [​IMG]
  19. peterpaleo

    peterpaleo TS Rookie Topic Starter

    I just did some research and it turns out that sirefef may have created a hidden partition. Is there any way to check for this?
  20. Broni

    Broni Malware Annihilator Posts: 46,765   +254

    If you formatted the drive it's not an issue.
  21. peterpaleo

    peterpaleo TS Rookie Topic Starter

    I formatted it using the Windows CD, but I've read that the virus can insert itself into the MDR and create hidden partitions as well. Are you sure?
  22. Broni

    Broni Malware Annihilator Posts: 46,765   +254

    If you formatted a whole drive not just one partition you're fine.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.