Hi all. My situation is a little different (hopefully) than most I'm reading about on here. I have 2 PCs where Malwarebytes Anti-Malware has found sirefef, but I'm not sure the PC's are actively infected.
PC1 is an XP-Pro box built in 2005 and is hobbled for a couple of reasons (1) due to Microsoft techies remotely trashing various areas due to extremely poor performance after Microsoft Security Essentials didn't play nice with something, not really sure what and (2) a failed video card and perhaps some incompatibility between the replacement vid card and something in the PC. PC1 wouldn't boot for a very long time but will boot now. I tried removing things from startup that may have helped. I ran Ccleaner ad Comodo cleaner that may have further trashed parts of the OS. There are some long timeouts, for example if I try to use IE, there is a long timeout, IE never starts, long time later the error message appears to ask if I want to notify MS of the problem. I installed or already had Firefox and it runs fine. MS Sec Essentials Ver 1 ran on this pc for a long time until earlier this year. Ver 2 wouldn't install, ever. I ultimately removed Ver 1 hoping Ver 2 would install if it was a 'fresh' install instead of an over-the-top install. It wouldn't install as fresh either. So I ran this PC for several months occasiional surfing without AV. All my PCs are behind a router. PC1 runs fine wor a while, maybe 2 or 3 hours sometimes, but seems to crash after I press a link to a different page. Seems video card / page draw related to me. So PC1 has issues that may or may not relate to Sirefef. MBAM detects Sirefef in a folder I use to hold downloads, namely in a folder containing newer Nvidia drivers for the vid card; the audio folder of same. The filename is nvax9x.sys. I can provide the full folder structure if it might be helpful. I downloaded TrendMicro Titanium last week on a trial basis, it doesn't detect sirefef. MBAM does. The nvax9x.sys file has a date of 8/13/2003.
PC2 is an XP Pro box I built in 2007 that runs 24/7 as host to a small video security system I built on a whim. Machine runs fine, I believe. It was mysteriously powering off frequently after the last time I cleaned the dust bunnies out of it, then I realized I left out the cooling duct that directs air to the CPU. Once I replace the cooling duct, PC2 almost never powers off (it has once). PC2 is also behind the router. When PC1 was failing, and I got it running after the long time as a non-booter, I copied the data folder from PC1 to PC2. MBAM detects sirefef in the same file, in the data folder location copied from PC1. Same file date. PC2 has MS Sec Essentials Ver 2 with current updates. MSSE doesn't detect Sirefef. MSSE doesn't log any previous detections and deletions of sirefef.
>> So I don't know if these 2 PCs are actually infected or if I'm experiencing a false-positive detection from MBAM. I have a PC3 which is a Win7HP notebook, all updated, with no detections from MBAM or MSSE. I haven't done everything in the 5-step Virus/Spyware/Malware Prelim Removal Instructions because I didn't know if I needed to.
How do I find out for sure if either of the two PCs actually has a sirefef infection?
Thanks in advance to you noble malware warriors.
PC1 is an XP-Pro box built in 2005 and is hobbled for a couple of reasons (1) due to Microsoft techies remotely trashing various areas due to extremely poor performance after Microsoft Security Essentials didn't play nice with something, not really sure what and (2) a failed video card and perhaps some incompatibility between the replacement vid card and something in the PC. PC1 wouldn't boot for a very long time but will boot now. I tried removing things from startup that may have helped. I ran Ccleaner ad Comodo cleaner that may have further trashed parts of the OS. There are some long timeouts, for example if I try to use IE, there is a long timeout, IE never starts, long time later the error message appears to ask if I want to notify MS of the problem. I installed or already had Firefox and it runs fine. MS Sec Essentials Ver 1 ran on this pc for a long time until earlier this year. Ver 2 wouldn't install, ever. I ultimately removed Ver 1 hoping Ver 2 would install if it was a 'fresh' install instead of an over-the-top install. It wouldn't install as fresh either. So I ran this PC for several months occasiional surfing without AV. All my PCs are behind a router. PC1 runs fine wor a while, maybe 2 or 3 hours sometimes, but seems to crash after I press a link to a different page. Seems video card / page draw related to me. So PC1 has issues that may or may not relate to Sirefef. MBAM detects Sirefef in a folder I use to hold downloads, namely in a folder containing newer Nvidia drivers for the vid card; the audio folder of same. The filename is nvax9x.sys. I can provide the full folder structure if it might be helpful. I downloaded TrendMicro Titanium last week on a trial basis, it doesn't detect sirefef. MBAM does. The nvax9x.sys file has a date of 8/13/2003.
PC2 is an XP Pro box I built in 2007 that runs 24/7 as host to a small video security system I built on a whim. Machine runs fine, I believe. It was mysteriously powering off frequently after the last time I cleaned the dust bunnies out of it, then I realized I left out the cooling duct that directs air to the CPU. Once I replace the cooling duct, PC2 almost never powers off (it has once). PC2 is also behind the router. When PC1 was failing, and I got it running after the long time as a non-booter, I copied the data folder from PC1 to PC2. MBAM detects sirefef in the same file, in the data folder location copied from PC1. Same file date. PC2 has MS Sec Essentials Ver 2 with current updates. MSSE doesn't detect Sirefef. MSSE doesn't log any previous detections and deletions of sirefef.
>> So I don't know if these 2 PCs are actually infected or if I'm experiencing a false-positive detection from MBAM. I have a PC3 which is a Win7HP notebook, all updated, with no detections from MBAM or MSSE. I haven't done everything in the 5-step Virus/Spyware/Malware Prelim Removal Instructions because I didn't know if I needed to.
How do I find out for sure if either of the two PCs actually has a sirefef infection?
Thanks in advance to you noble malware warriors.