Inactive Yet another sirefef victim

[peterpaleo]

Like many others, I have a problem with the sirefef rootkit and a rolling Microsoft Security Essentials restart. This seemed like the place to go.

 

[Broni]

Welcome aboard

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=======================================

What Windows version?

 

[peterpaleo]

I'm very sorry for having made this thread before reading the sticky. Unfortunately I used this computer for online banking and college forms, which means they might even have my SSN. If is safe to back anything up before I reinstall Windows 7 64-bit Home Premium or am I SOL?

 

[Broni]

Whatever you back up you have scan before you put it back on fresh install.

Because you're infected with a rootkit make sure you FORMAT hard drive.
If you don't format the rootkit will still be there.
Keep in mind that regular recovery disks which are usually provided when you buy a computer do NOT format hard drive.

Call all your financial institutions right away and make them being aware of your problem.
Change all sensitive passwords right away using GOOD computer.

 

[peterpaleo]

Okay. I'll do that. How do I reformat my hard drive? And ifI have an OEM version of Windows 7, then in this case will Microsoft allow me to reuse my key?

 

[Broni]

If you have genuine Windows 7 DVD see here: http://pcsupport.about.com/od/operatingsystems/ss/windows-7-clean-install-part-1.htm

 

[peterpaleo]

I have done a clean install. The files I backed up are on an external hard drive. How can I scan these files without compromising my computer?

 

[Broni]

Install Panda USB Vaccine, or BitDefender’s USB Immunizer on your computer to protect it from any infected USB device.
Then you're safe to plug your external drive in.

Make sure your Windows is updated, AV installed, firewall is up.

 

[peterpaleo]

I've installed the Panda USB Vaccine.

 

[Broni]

Yes.

 

[peterpaleo]

Sorry. I have my computer vaccinated.

 

[Broni]

That's fine.

 

[peterpaleo]

Okay. Is there a program that I can download to scan the USB drive for the rootkit?

 

[Broni]

Any AV program will do.

 

[peterpaleo]

Okay, I scanned it with AVG and it says it's entirely safe. I can't find any sort of way to dump a log, though.

 

[Broni]

I don't need it.

 

[peterpaleo]

Okay. I guess I'll install Malwarebytes and call it a day.

Thank you so much, Broni. You are a saint.

 

[Broni]

You're very welcome

 

[peterpaleo]

I just did some research and it turns out that sirefef may have created a hidden partition. Is there any way to check for this?

 

[Broni]

If you formatted the drive it's not an issue.

 

[peterpaleo]

I formatted it using the Windows CD, but I've read that the virus can insert itself into the MDR and create hidden partitions as well. Are you sure?

 

[Broni]

If you formatted a whole drive not just one partition you're fine.