Windows Support Forum

Win32:Sirefef-PL [Rtk]

Q: Win32:Sirefef-PL [Rtk]

Hi I have been trying to clean up my computer and have been asked to start a new topic The old thread can be found Win32:Sirefef-PL [Rtk] here http www bleepingcomputer com forums t infected-computer-newsfudge-virus entry I have checked the preperation guide and followed the steps however I was unable to enable the firewall because I got this error Win32:Sirefef-PL [Rtk] message Windows Firewall can't change some of your settings Error code x I ran the DDS and here is the log DDS Ver - - - NTFS AMD Internet Explorer BrowserJavaVersion Run by slaney at on - - Microsoft Windows Home Premium GMT AV McAfee VirusScan Enabled Outdated - - EA -ABB - B EB SP Windows Defender Disabled Updated D DDC A- F- fae- E -DA C ACF SP McAfee VirusScan Enabled Updated D B - E- - - C A FW McAfee Personal Firewall Enabled BE ED - A B- FFF- EC-B C Running Processes C Windows system lsm exe C Windows system svchost exe -k DcomLaunch C Windows system svchost exe -k RPCSS C Windows System svchost exe -k LocalServiceNetworkRestricted C Windows System svchost exe -k LocalSystemNetworkRestricted C Windows system svchost exe -k netsvcs C Windows system svchost exe -k LocalService C Program Files Dell DellDock DockLogin exe C Windows system svchost exe -k NetworkService C Program Files Dell Dell Wireless WLAN Card WLTRYSVC EXE C Windows system WLANExt exe C Program Files Dell Dell Wireless WLAN Card bcmwltry exe C Windows System spoolsv exe C Program Files Realtek Audio HDA AERTSr exe C Windows system svchost exe -k apphost C Program Files x Common Files Apple Mobile Device Support AppleMobileDeviceService exe C Program Files x Microsoft BingBar SeaPort EXE C Program Files Bonjour mDNSResponder exe c Program Files WIDCOMM Bluetooth Software btwdins exe C Windows System svchost exe -k LocalServiceNoNetwork C Windows SysWOW svchost exe -k hpdevmgmt C PROGRA COMMON McAfee McProxy McProxy exe C PROGRA McAfee VIRUSS mcshield exe C Program Files x McAfee MSK MskSrver exe C Windows System svchost exe -k HPZ C Windows Microsoft NET Framework v Windows Communication Foundation SMSvcHost exe C Windows System svchost exe -k HPZ C Program Files x SafeConnect scManager sys C Program Files x Dell DataSafe Local Backup sftservice EXE C Windows system svchost exe -k iissvcs C Program Files x Intel Intel Matrix Storage Manager IAANTMon exe C Program Files x McAfee MSC mcmscsvc exe C Windows system svchost exe -k bthsvcs C Windows system wbem wmiprvse exe C PROGRA McAfee VIRUSS mcsysmon exe C Windows Microsoft NET Framework v mscorsvw exe C Windows system svchost exe -k LocalServiceAndNoImpersonation C Windows Microsoft NET Framework v mscorsvw exe C Program Files x Common Files mcafee mna mcnasvc exe C Program Files Windows Media Player wmpnetwk exe C Windows system SearchIndexer exe C Windows system taskhost exe C PROGRA McAfee com Agent mcagent exe C Windows system Dwm exe C Windows Explorer EXE C Program Files x Intel Intel Matrix Storage Manager IAAnotif exe C Program Files Realtek Audio HDA RAVCpl exe C Program Files Synaptics SynTP SynTPEnh exe C Program Files Java jre bin jusched exe C Program Files Dell QuickSet quickset exe C Program Files Dell Dell Wireless WLAN Card WLTRAY EXE C Windows System igfxtray exe C Windows System hkcmd exe C Windows System igfxpers exe C Users slaney AppData Local Google Update GoogleUpdate exe C Program Files WIDCOMM Bluetooth Software BTTray exe C Program Files x HP Digital Imaging bin hpqtra exe C Program Files x SafeConnect scClient exe C Users slaney AppData Roaming Dropbox bin Dropbox exe C Windows system wuauclt exe C Program Files x CyberLink PowerDVD DX PDVDDXSrv exe C Program Files x Dell DataSafe Online DataSafeOnline exe c Program Files WIDCOMM Bluetooth Software BtStackServer exe C Program Files x HP HP Software Update hpwuSchd exe C Program Files x Common Files Java Java Update jusched exe C Program Files Synaptics SynTP SynTPHelper exe D iTunes iTunesHelper exe c Program Files WIDCOMM Bluetooth Software BluetoothHeadsetProxy exe C Program Files iPod bin iPodService exe C Program Files x HP Digital Imaging bin hpqSTE exe C Program Files x HP Digital Imaging bin hpqbam exe C Program Files x HP Digital Imaging bin hpqgpc exe C PROGRA McAfee MSC mcsvrcnt exe C Program Files x mcafee msc mcupdui exe C Windows System svchost exe -k WerSvcGroup C Windows system wbem wmiprvse exe C Windows System cscript exe Pseudo HJT Report uStart Page hxxp www bing com pc ZUGO amp form ZGAPHP mWinlogon Userinit userinit exe BHO HP Print Enhancer C E- - -BF - C - C Program Files x HP Digital Imaging Smart Web Printing hpswp printenhancer dll BHO Adobe PDF Link Helper DF C-E AD- -A -FA C EBDC - c Program Files x Common Files Adobe Acrobat ActiveX AcroIEHelperShim dll BHO McAfee Phishing Filter B A- - A -B -BE AFE AB - C Program Files x McAfee MSK mskapbho dll BHO C C A-E - b - D - CECB - lt orphaned gt BHO Java Plug-In SSV Helper BB-D F - C-B EB-D DAF D D - C Program Files x Java jre bin ssv dll BHO scriptproxy DB D A - - E -B D- F C - C Program Files x McAfee VirusScan scriptsn dll BHO Windows Live Sign-in Helper D - C - ABF- ECC- C - C Program Files x Common Files Microsoft Shared Windows Live WindowsLiveLogin dll BHO Skype Plug-In AE - E C- ED - F B-F F A - C Program Files x Skype Toolbars Internet Explorer skypeieplugin dll BHO Office Document Cache Handler B F A - E - -BA - B E FF - C Program Files x Microsoft Office Office URLREDIR DLL BHO Bing Bar Helper d ce e -f a- - e- dc f c f - BHO Java Plug-In SSV Helper DBC -A - b-BC - C C C A - C Program Files x Java jre bin jp ssv dll BHO HP Smart BHO Class FFFFFFFF-CF E- F B-BDC - E E A - C Program Files x HP Digital Imaging Smart Web Printing hpswp BHO dll TB Bing Bar dcb -df - - - fa b f - EB HP Smart Web Printing D D - BD - -A -CFC A - C Program Files x HP Digital Imaging Smart Web Printing hpswp bho dll EB HP Smart Web Printing D D - BD - -A -CFC A - C Program Files x HP Digital Imaging Smart Web Printing hpswp bho dll uRun Google Update C Users slaney AppData Local Google Update GoogleUpdate exe c mRun Adobe Reader Speed Launcher c Program Files x Adobe Reader Reader Reader sl exe mRun Dell Webcam Central C Program Files x Dell Webcam Dell Webcam Central WebcamDell exe mode mRun PDVDDXSrv C Program Files x CyberLink PowerDVD DX PDVDDXSrv exe mRun Dell DataSafe Online C Program Files x Dell DataSafe Online DataSafeOnline exe m mRun mcagent exe C Program Files x McAfee com Agent mcagent exe runkey mRun QuickTime Task C Program Files x QuickTime QTTask exe -atboottime mRun HP Software Update C Program Files x HP HP Software Update HPWuSchd exe mRun SunJavaUpdateSched C Program Files x Common Files Java Java Update jusched exe mRun APSDaemon C Program Files x Common Files Apple Apple Application Support APSDaemon exe mRun iTunesHelper D iTunes iTunesHelper exe dRunOnce SPReview C Windows System SPReview SPReview exe sp errorfwlink http go microsoft com fwlink LinkID build StartupFolder C Users slaney AppData Roaming MICROS Windows STARTM Programs Startup Dropbox lnk - C Users slaney AppData Roaming Dropbox bin Dropbox exe StartupFolder C PROGRA MICROS Windows STARTM Programs Startup BLUETO LNK - C Program Files WIDCOMM Bluetooth Software BTTray exe StartupFolder C PROGRA MICROS Windows STARTM Programs Startup HPDIGI LNK - C Program Files x HP Digital Imaging bin hpqtra exe StartupFolder C PROGRA MICROS Windows STARTM Programs Startup SAFECO LNK - C Program Files x SafeConnect scClient exe mPolicies-Explorer NoActiveDesktop dword mPolicies-System ConsentPromptBehaviorAdmin dword mPolicies-System ConsentPromptBehaviorUser dword mPolicies-System EnableUIADesktopToggle dword IE E amp xport to Microsoft Excel - C PROGRA MICROS Office EXCEL EXE IE Se amp nd to OneNote - C PROGRA MICROS Office ONBttnIE dll IE Send image to amp Bluetooth Device - c Program Files WIDCOMM Bluetooth Software btsendto ie ctx htm IE Send page to amp Bluetooth Device - c Program Files WIDCOMM Bluetooth Software btsendto ie htm IE C - CB - a-A C -D FCDDC D - F B - A - F - DB-E F AEC - C Program Files x Windows Live Writer WriterBrowserExtension dll IE A- - f c- - EE C C - E -E D - - C-F F E C - C Program Files x Microsoft Office Office ONBttnIE dll IE FE F- FC - A - -EDE DB C CA - FFFDC -B - AE -AB - D B - C Program Files x Microsoft Office Office ONBttnIELinkedNotes dll IE EA C -E FF- B- -AEC B E - EA C -E FF- B- -AEC B E - C Program Files x Skype Toolbars Internet Explorer skypeieplugin dll IE CCA CA-C - ef- - C D F - c Program Files WIDCOMM Bluetooth Software btsendto ie htm IE DDE - C - c - - F B AA - DDE - C - c - - F B AA - C Program Files x HP Digital Imaging Smart Web Printing hpswp BHO dll DPF AD C - E- D -B E - F D - hxxp java sun com update jinstall- -windows-i cab DPF CAFEEFAC- - - -ABCDEFFEDCBA - hxxp java sun com update jinstall- -windows-i cab DPF CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA - hxxp java sun com update jinstall- -windows-i cab TCP NameServer TCP Interfaces D F A- B - C-A B -D F A D DHCPNameServer TCP Interfaces C D C D- - - E B- C A DHCPNameServer TCP Interfaces C D C D- - - E B- C A A D DHCPNameServer TCP Interfaces C D C D- - - E B- C A F F C DHCPNameServer TCP Interfaces C D C D- - - E B- C A E B E F DHCPNameServer TCP Interfaces C D C D- - - E B- C A C E DHCPNameServer TCP Interfaces C D C D- - - E B- C A D F D F DHCPNameServer TCP Interfaces C D C D- - - E B- C A E C DHCPNameServer Filter text xml - E - - D -A - B D E - C Program Files x Common Files Microsoft Shared OFFICE MSOXMLMF DLL Handler skype-ie-addon-data - -D - E -B - B B A - C Program Files x Skype Toolbars Internet Explorer skypeieplugin dll Handler skype com - FFC B - B - DFF- - C DD F D - C Program Files x Common Files Skype Skype COM dll SSODL WebCheck - lt orphaned gt x -BHO McAfee Phishing Filter B A- - A -B -BE AFE AB - C Program Files x McAfee MSK mskapbho dll x -BHO scriptproxy DB D A - - E -B D- F C - C Program Files McAfee VirusScan scriptsn dll x -BHO Office Document Cache Handler B F A - E - -BA - B E FF - C Program Files Microsoft Office Office URLREDIR DLL x -BHO Java Plug-In SSV Helper DBC -A - b-BC - C C C A - C Program Files Java jre bin jp ssv dll x -Run IAAnotif C Program Files x Intel Intel Matrix Storage Manager iaanotif exe x -Run RtHDVCpl C Program Files Realtek Audio HDA RAVCpl exe x -Run SynTPEnh C Program Files x Synaptics SynTP SynTPEnh exe x -Run SunJavaUpdateSched C Program Files Java jre bin jusched exe x -Run QuickSet C Program Files Dell QuickSet QuickSet exe x -Run Broadcom Wireless Manager UI C Program Files Dell Dell Wireless WLAN Card WLTRAY exe x -Run IgfxTray C Windows System igfxtray exe x -Run HotKeysCmds C Windows System hkcmd exe x -Run Persistence C Windows System igfxpers exe x -IE A- - f c- - EE C C - E -E D - - C-F F E C - C Program Files Microsoft Office Office ONBttnIE dll x -IE FE F- FC - A - -EDE DB C CA - FFFDC -B - AE -AB - D B - C Program Files Microsoft Office Office ONBttnIELinkedNotes dll x -IE CCA CA-C - ef- - C D F - c Program Files WIDCOMM Bluetooth Software btsendto ie htm x -DPF AD C - E- D -B E - F D - hxxp java sun com update jinstall- -windows-i cab x -DPF CAFEEFAC- - - -ABCDEFFEDCBA - hxxp java sun com update jinstall- -windows-i cab x -DPF CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA - hxxp java sun com update jinstall- -windows-i cab x -Filter text xml - E - - D -A - B D E - C Program Files Common Files Microsoft Shared OFFICE MSOXMLMF DLL x -Handler skype-ie-addon-data - -D - E -B - B B A - lt orphaned gt x -Handler skype com - FFC B - B - DFF- - C DD F D - lt orphaned gt x -Notify GoToAssist - C Program Files x Citrix GoToAssist G AWinLogon x dll x -Notify igfxcui - igfxdev dll x -SSODL WebCheck - lt orphaned gt FIREFOX FF - ProfilePath - C Users slaney AppData Roaming Mozilla Firefox Profiles myzn ea default FF - prefs js browser startup homepage - hxxp www google com firefox FF - prefs js keyword URL - hxxp www bing com search pc ZUGO amp form ZGAADF amp q FF - prefs js network proxy http - wwwproxy student unimelb edu au FF - prefs js network proxy http port - FF - prefs js network proxy type - FF - component C Program Files x Mozilla Firefox extensions AB CE - - b - A - C BD components SkypeFfComponent dll FF - plugin C PROGRA MICROS Office NPAUTHZ DLL FF - plugin C PROGRA MICROS Office NPSPWRAP DLL FF - plugin C Program Files x Java jre bin new plugin npdeployJava dll FF - plugin C Program Files x Java jre bin plugin npdeployJava dll FF - plugin C Program Files x Java jre bin plugin npjp dll FF - plugin C Program Files x Microsoft Silverlight npctrlui dll FF - plugin C Program Files x Mozilla Firefox plugins npdeployJava dll FF - plugin C Program Files x Windows Live Photo Gallery NPWLPG dll FF - plugin C Users slaney AppData Local Google Update npGoogleUpdate dll FF - plugin C Users slaney AppData Roaming Mozilla plugins npgoogletalk dll FF - plugin C Users slaney AppData Roaming Mozilla plugins npgtpo dautoplugin dll FF - plugin C Users slaney AppData Roaming Mozilla plugins npo d dll FF - plugin C Windows SysWOW Macromed Flash NPSWF dll FF - plugin D iTunes Mozilla Plugins npitunes dll FF - ExtSQL HIDDEN - - smartwebprinting hp com C Program Files x HP Digital Imaging Smart Web Printing MozillaAddOn SERVICES DRIVERS R mfehidk McAfee Inc mfehidk C Windows System drivers mfehidk sys - - R btwl cap Bluetooth L CAP Service C Windows System drivers btwl cap sys - - R CtClsFlt Creative Camera Class Upper Filter Driver C Windows System drivers CtClsFlt sys - - R IntcHdmiAddService Intel reg High Definition Audio HDMI C Windows System drivers IntcHdmi sys - - R mfeavfk McAfee Inc mfeavfk C Windows System drivers mfeavfk sys - - R mfesmfk McAfee Inc mfesmfk C Windows System drivers mfesmfk sys - - R RTL Realtek NT Driver C Windows System drivers Rt win sys - - S mfebopk McAfee Inc mfebopk C Windows System drivers mfebopk sys - - S mferkdk McAfee Inc mferkdk C Windows System drivers mferkdk sys - - S netw v Intel reg Wireless WiFi Link Series Adapter Driver for Windows Vista Bit C Windows System drivers netw v sys - - S RSUSBSTOR RtsUStor Sys Realtek USB Card Reader C Windows System drivers RtsUStor sys - - Created Last - - ----a-w- C Windows System drivers en-US wdf sys mui - - ----a-w- C Windows System Wdfres dll - - ----a-w- C Windows System drivers Wdf sys - - ----a-w- C Windows System drivers WdfLdr sys - - -------- d-----w- C Windows System SPReview - - -------- d-----w- C Windows System EventProviders - - ----a-w- C Windows System atmlib dll - - ----a-w- C Windows SysWow atmlib dll - - ----a-w- C Windows System atmfd dll - - ----a-w- C Windows SysWow atmfd dll - - ----a-w- C Windows System drivers WUDFPf sys - - ----a-w- C Windows System drivers WUDFRd sys - - ----a-w- C Windows System WUDFSvc dll - - ----a-w- C Windows System WUDFPlatform dll - - ----a-w- C Windows System WUDFCoinstaller dll - - ----a-w- C Windows System WUDFx dll - - ----a-w- C Windows System WUDFHost exe - - ----a-w- C Windows System mstscax dll - - ----a-w- C Windows SysWow mstscax dll - - ----a-w- C Windows System tsgqec dll - - ----a-w- C Windows SysWow tsgqec dll - - ----a-w- C Windows System aaclient dll - - ----a-w- C Windows SysWow aaclient dll - - ----a-w- C Windows SysWow tzres dll - - ----a-w- C Windows System tzres dll - - ----a-w- C Windows System win k sys - - ----a-w- C Windows System dpnet dll - - ----a-w- C Windows System kerberos dll - - ----a-w- C Windows SysWow kerberos dll - - ----a-w- C Windows System drivers bthport sys - - ----a-w- C Windows System win spl dll - - ----a-w- C Windows System spoolsv exe - - ----a-w- C Windows splwow exe - - ----a-w- C Windows SysWow win spl dll - - ----a-w- C Windows System crypt dll - - ----a-w- C Windows SysWow crypt dll - - ----a-w- C Windows System cryptsvc dll - - ----a-w- C Windows SysWow cryptsvc dll - - ----a-w- C Windows System cryptnet dll - - ----a-w- C Windows SysWow cryptnet dll - - -------- d-----w- C ProgramData Malwarebytes' Anti-Malware portable - - -------- d-----w- C Users slaney MBAM ARK - - -------- d-----w- C Users slaney New Folder - - -------- d-----w- C Program Files x ESET - - -------- d-----w- C ProgramData c - f - e -af a-b f adfd - - ----a-w- C Windows System drivers mbam sys - - -------- d-----w- C Program Files x Malwarebytes' Anti-Malware - - -------- d-----w- C Users slaney AppData Local Programs Find M - - ----a-w- C Windows SysWow msclmd dll - - ----a-w- C Windows System msclmd dll - - ----a-w- C Windows SysWow FlashPlayerCPLApp cpl - - ----a-w- C Windows SysWow FlashPlayerApp exe - - ----a-w- C Windows System drivers ntfs sys - - ----a-w- C Windows System ntoskrnl exe - - ----a-w- C Windows System csrsrv dll - - ----a-w- C Windows SysWow ntkrnlpa exe - - ----a-w- C Windows SysWow ntoskrnl exe - - ----a-w- C Windows SysWow apisetschema dll - - ----a-w- C Windows System smss exe FINISH Sounds like a nasty infeection I look forward to getting rid of it Thanks for your help popdog

Relevancy 100%
Preferred Solution: Win32:Sirefef-PL [Rtk]

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/directdownload.php. (This link will automatically start a download of Reimage that you can save to your computer.)

A: Win32:Sirefef-PL [Rtk]

Hello popdog I would like to welcome you to the Malware Removal section of the forum.Around here they call me Gringo and I will be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.-AdwCleaner-Please download AdwCleaner by Xplode onto your desktop.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click on Delete.Confirm each time with Ok.Your computer will be rebooted automatically. A text file will open after the restart.Please post the content of that logfile with your next answer.You can find the logfile at C:\AdwCleaner[S1].txt as well.-Junkware-Removal-Tool-Please download Junkware Removal Tool to your desktop.Shut down your protection software now to avoid potential conflicts.Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".The tool will open and start scanning your system.Please be patient as this can take a while to complete depending on your system's specifications.On completion, a log (JRT.txt) is saved to your desktop and will automatically open.Post the contents of JRT.txt into your next message.When they are complete let me have the two reports and let me know how things are running.Gringo

http://www.bleepingcomputer.com/forums/t/496974/win32sirefef-pl-rtk/
Relevancy 72.24%

Ladies is win32/sirefef.p, win64/sirefef.m, combination me win32/conedex.b, killing and win64/sirefef.e and Gentlemen win32/conedex.b, win32/sirefef.p, win64/sirefef.m, and win64/sirefef.e combination is killing me of the VTSM forum I need help I thought I had a pretty simple rootkit infection but tdsskiller mbam has proven ineffective MSE is able to identify and ostensibly remove the infection but doing so makes the computer unbootable and system repair unable to complete forcing a system restore to the infected state Infection extends back to the oldest restore point Win bit running MSE and MS firewall with mbam for antimalware SFC scannow shows clear google redirects on firefox and chrome occasional slowdowns windows win32/conedex.b, win32/sirefef.p, win64/sirefef.m, and win64/sirefef.e combination is killing me defender is unable to start on boot otherwise the system seems to be running fine No rootkits recognized by tdsskiller As mentioned in the title MSE shows win conedex b win sirefef p win sirefef m and win sirefef e Here s the DDS log Please let me know what else I should supply Thank you in advance DDS Ver - - - NTFSAMD Internet Explorer BrowserJavaVersion Run by wstrawn at on - - Microsoft Windows Ultimate GMT - AV Microsoft Security Essentials Enabled Updated Copyright SP Microsoft Security Essentials Enabled Updated Copyright SP Windows Defender Disabled Updated Copyright Running Processes C Windows system wininit exe C Windows system lsm exe C Windows system svchost exe -k DcomLaunch C Windows Microsoft Net Framework v WPF PresentationFontCache exe C Windows system svchost exe -k RPCSS C Program Files Microsoft Security Client Antimalware MsMpEng exe C Windows system atiesrxx exe C Windows System svchost exe -k LocalServiceNetworkRestricted C Windows System svchost exe -k LocalSystemNetworkRestricted C Windows system svchost exe -k netsvcs C Windows System DriverStore FileRepository stwrt inf amd neutral cbec a d cf STacSV exe C Windows system svchost exe -k LocalService C Windows system svchost exe -k NetworkService C Windows System spoolsv exe C Windows system svchost exe -k LocalServiceNoNetwork C Program Files Novell Client XTier Services XTSvcMgr exe C Windows System DriverStore FileRepository stwrt inf amd neutral cbec a d cf AESTSr exe C Program Files x Common Files Apple Mobile Device Support AppleMobileDeviceService exe C Program Files Bonjour mDNSResponder exe C Program Files WIDCOMM Bluetooth Software bin btwdins exe C Program Files Novell Client cusrvc exe C Windows system svchost exe -k LocalServiceAndNoImpersonation C WINDOWS SYSTEM SPOOL DRIVERS X LXDDserv exe C WINDOWS SYSTEM LXDDCOMS EXE C Windows system svchost exe -k imgsvc C Program Files x Spybot - Search amp Destroy SDWinSec exe C Program Files Microsoft Security Client Antimalware NisSrv exe C Windows system svchost exe -k bthsvcs C Windows system atieclxx exe C Windows system taskhost exe C Windows system Dwm exe C Windows Explorer EXE C Program Files Synaptics SynTP SynTPEnh exe C Program Files IDT WDM sttray exe C Program Files Dell QuickSet quickset exe C Program Files x Lexmark Series lxddmon exe C Program Files x Lexmark Series lxddamon exe C Program Files Synaptics SynTP SynTPHelper exe C Program Files Microsoft Security Client msseces exe C Windows system SearchIndexer exe C Windows system wbem wmiprvse exe C Program Files x Skype Phone Skype exe C Program Files WIDCOMM Bluetooth Software BTTray exe C Program Files Rainmeter Rainmeter exe C Program Files WIDCOMM Bluetooth Software BtStackServer exe C Windows System svchost exe -k LocalServicePeerNet C Prey platform windows cron exe C Program Files Immunet Protect iptray exe C Program Files WIDCOMM Bluetooth Software BluetoothHeadsetProxy exe C Program Files x ATI Technologies ATI ACE Core-Static MOM exe C Program Files x iTunes iTunesHelper exe C Program Files iPod bin iPodService exe C Program Files x ATI Technologies ATI ACE Core-Static CCC exe C Program Files x Common Files Appl... Read more

A:win32/conedex.b, win32/sirefef.p, win64/sirefef.m, and win64/sirefef.e combination is killing me

Hi Weeps!My secret agent name on the forums is SweetTech (you can call me Agent ST for short), it's a pleasure to meet you. I'll be addressing you by your username, if you'd like me to address you by something else, please let me know!I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)

Because of this, you must reply within 3 days failure to reply will result in the topic being closed! I like chocolate chip cookies.Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system or even taking your computer into a repair shop.

Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data and have means of backing up your data available.____________________________________________________It appears you're infected with an infection known as ZeroAccess.ZeroAccess (Max++) Rootkit (aka: Sirefef) is a sophisticated rootkit that uses advanced technology to hide its presence in a system and can infect both x86 and x64 platforms. ZeroAccess is similar to the TDSS rootkit but has more self-protection mechanisms that can be used to disable anti-virus software resulting in "Access Denied" messages whenever you run a security application. For more specific information about this infection, please refer to:Dissecting the ZeroAccess RootkitZeroAccess / Max++ / Smiscer Crimeware RootkitMAX++ sets its sights on x64 platformsZeroAccess (Max++) RootkitZeroAccess Gets Another UpdateZeroAccess – an advanced kernel mode rootkitNEXT: One or more of the identified infections is a backdoor trojan and password stealer.This type of infection allows hackers to access and remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.If you do any banking or other financial transactions on the PC or if it contains any other sensitive information, then from a clean computer, change all passwords where applicabl... Read more

http://www.bleepingcomputer.com/forums/t/443095/win32conedexb-win32sirefefp-win64sirefefm-and-win64sirefefe-combination-is-killing-me/
Relevancy 70.95%

When I try to turn Windows firewall on off I get the message quot Due to an unidentified Win64:Sirefef-A[Trj], Win32:Malware-gen Infected w/ Win32:Sirefef-AD[Rtk], problem Windows cannot display Windows firewall settings The Security Service center cannot be started I cannot install cumulative security update for IE I was getting redirected to different websites in new windows when surfing I recently removed AVG and installed Avast I also recently updated JAVA and removed old JAVA stuff Avast keeps indicating it has blocked Infection - Win Sirefef-A Trj Object - Infection - Win Sirefef-AD Rtk Object - cb Infection - Win Malware-gen Object - I have scanned w Avast Avast also did a Infected w/ Win64:Sirefef-A[Trj], Win32:Sirefef-AD[Rtk], Win32:Malware-gen boot scan Malwarebytes and SuperAntiSpyware and nothing has changed except Infected w/ Win64:Sirefef-A[Trj], Win32:Sirefef-AD[Rtk], Win32:Malware-gen the redirect seems to have stopped I tried the gmer scan three times and each time it resulted in a blue screen All I could read on the screen was uwldypow sys Anyway the DDS file - DDS Ver - - - Infected w/ Win64:Sirefef-A[Trj], Win32:Sirefef-AD[Rtk], Win32:Malware-gen NTFSx Internet Explorer BrowserJavaVersion Run by JIM at on - - Microsoft Windows Vista Home Premium GMT - AV AVG Anti-Virus Free Edition Enabled Updated A B -DEE -F A-FBCD-ADB C F SP AVG Anti-Virus Free Edition Enabled Updated E A -F D -F D -C D- C DBE F D SP Windows Defender Disabled Updated D DDC A- F- fae- E -DA C ACF Running Processes C Windows system wininit exe C Windows system lsm exe C Windows system svchost exe -k DcomLaunch C Windows system svchost exe -k rpcss C Windows System svchost exe -k LocalServiceNetworkRestricted C Windows System svchost exe -k LocalSystemNetworkRestricted C Windows system svchost exe -k netsvcs C Windows system svchost exe -k GPSvcGroup C Windows system SLsvc exe C Windows system svchost exe -k LocalService C Windows system svchost exe -k NetworkService C Program Files AVAST Software Avast AvastSvc exe C Windows System spoolsv exe C Program Files SUPERAntiSpyware SASCORE EXE C Program Files Symantec LiveUpdate ALUSchedulerSvc exe C Windows System svchost exe -k LocalServiceNoNetwork C Program Files Common Files Symantec Shared PIF B E DD - - c -B F- F FCA A PIFSvc exe C Program Files Microsoft SQL Server MSSQL MSSQL Binn sqlservr exe C Program Files Linksys Wireless-N Network Monitor NICServ exe C Program Files Microsoft SQL Server Shared sqlbrowser exe C Program Files Microsoft SQL Server Shared sqlwriter exe C Windows system svchost exe -k imgsvc C Program Files Sony VAIO Event Service VESMgr exe C Program Files Common Files Sony Shared VAIO Entertainment Platform VCSW VCSW exe C Windows system taskeng exe C Windows System svchost exe -k WerSvcGroup C Windows system SearchIndexer exe C Windows system Dwm exe C Windows Explorer EXE C Windows system DRIVERS xaudio exe C Windows system WUDFHost exe C Program Files Common Files Sony Shared VAIO Entertainment Platform VzCdb VzCdbSvc exe C Program Files Sony VAIO Event Service VESMgrSub exe C Program Files Common Files Sony Shared VAIO Entertainment Platform VzCdb VzFw exe C Windows system taskeng exe C Program Files Sony VAIO Update VAIOUpdt exe C Program Files Sony Wireless Switch Setting Utility Switcher exe C Program Files Apoint Apoint exe C Program Files Sony ISB Utility ISBMgr exe C Windows System mobsync exe C Program Files Common Files Real Update OB realsched exe C Program Files Common Files Symantec Shared PIF B E DD - - c -B F- F FCA A PIFSvc exe C Windows System igfxpers exe C Windows system igfxext exe C Program Files ScanSoft OmniPageSE OpWareSE exe C Program Files Linksys Wireless-N Network Monitor WPC N exe C Windows system igfxsrvc exe C Program Files TextBridge Pro Millennium Bin InstantAccess exe C Program Files Sony VAIO Power Management SPMgr exe C Windows System hkcmd exe C Windows system taskeng exe C Program Files AVAST Software Avast AvastUI exe C Program ... Read more

A:Infected w/ Win64:Sirefef-A[Trj], Win32:Sirefef-AD[Rtk], Win32:Malware-gen

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster. NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer. NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.Security CheckDownload Security Check by screen317 from here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt; please post the contents of that document.Run Combofix:You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<Combofix may need to reboot your computer more than once to do its job this is normal.You can download Combofix from one of these links.Link 1Link 2Link 3 1. Close any open browsers or any other programs that are open.2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.Double click on combofix.exe & follow the prompts. When finished, it will produce a report for you. Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stallNote 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer"information and logs"In your next post I need the following
Log from Combofixlet me know of any problems you may have had
How is the computer doing now?Gringo

http://www.bleepingcomputer.com/forums/t/458839/infected-w-win64sirefef-atrj-win32sirefef-adrtk-win32malware-gen/
Relevancy 67.94%

following instructions from my previous posting at first the tools seemed to clear the search engine redirection win32/sirefef.ac win32/sirefef.ah and trojans? redirecting but GMER still shows a problem win32/sirefef.ac and win32/sirefef.ah redirecting trojans? Tech decided to send me to this forum and I win32/sirefef.ac and win32/sirefef.ah redirecting trojans? started again with step on the guide DDS worked well Tried to run GMER with the new instructions and it stops after about min Attempts to sneak the GMER through with a scrambled name failed So I ran it for min and stopped the scan and that is what I am posting If it runs long enough the virus apparently stops the scan and I have a gray screen and have to turn off the laptop and turn it back on and try again I ran CD emulation disable and it said quot finished quot but I can t tell if I had anything to disable since I got no further instruction from that program Laptop seems to be working well with no redirection but tech thinks the virus is still present DDS DDS Ver - - - NTFSx Internet Explorer Run by MARK at on - - Microsoft Windows XP Professional GMT - AV AVG Anti-Virus Free Disabled Outdated DDD - FF- F- E B- D D BF AV Microsoft Security Essentials Disabled Updated EDB FA - B - AFA- C D- CCA Running Processes C WINDOWS system svchost -k DcomLaunch svchost exe C Program Files Microsoft Security Client Antimalware MsMpEng exe C WINDOWS System svchost exe -k netsvcs C WINDOWS system svchost exe -k WudfServiceGroup C Program Files Intel Wireless Bin EvtEng exe C Program Files Intel Wireless Bin S EvMon exe C Program Files CheckPoint SecuRemote bin SR Service exe C Program Files CheckPoint SecuRemote bin SR Watchdog exe svchost exe svchost exe C Program Files Lavasoft Ad-Aware aawservice exe C WINDOWS Explorer EXE C Program Files CheckPoint SecuRemote bin SR GUI Exe C WINDOWS system spoolsv exe svchost exe C Program Files TOSHIBA TOSHIBA Controls TFncKy exe C WINDOWS system TDispVol exe C WINDOWS system igfxtray exe C WINDOWS system igfxpers exe C WINDOWS ehome ehtray exe C Program Files Toshiba Toshiba Applet thotkey exe C Program Files Synaptics SynTP SynTPEnh exe C Program Files ltmoh Ltmoh exe C WINDOWS AGRSMMSG exe C Program Files TOSHIBA ConfigFree NDSTray exe C Program Files Toshiba Tvs TvsTray exe C Program Files TOSHIBA TOSHIBA Zooming Utility SmoothView exe C Program Files Synaptics SynTP Toshiba exe C WINDOWS system dla DLACTRLW exe C Program Files Intel Wireless bin ZCfgSvc exe C Program Files Intel Wireless Bin ifrmewrk exe C WINDOWS system rmctrl exe C WINDOWS system TPSBattM exe C Program Files QuickTime qttask exe C WINDOWS system hphmon exe C Program Files Winamp winampa exe C Program Files Common Files AOL ee AOLSoftware exe C Program Files Microsoft Security Client msseces exe C Program Files HP HP Software Update HPWuSchd exe C Program Files MSN Toolbar Platform mswinext exe C Program Files Common Files Java Java Update jusched exe C Program Files SUPERAntiSpyware SASCORE EXE C Program Files Ask com Updater Updater exe C Program Files a-squared Free a service exe C program files real realplayer update realsched exe C Program Files TOSHIBA TOSCDSPD toscdspd exe C Program Files Microsoft ActiveSync wcescomm exe C Program Files Common Files AOL ACS AOLAcsd exe C Program Files Common Files AOL TopSpeed aoltsmon exe C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe C Program Files TOSHIBA ConfigFree CFSvcs exe C WINDOWS system DVDRAMSV exe C WINDOWS eHome ehRecvr exe C WINDOWS eHome ehSched exe C WINDOWS system ctfmon exe C PROGRA MICROS rapimgr exe C WINDOWS system svchost exe -k hpdevmgmt C Program Files Java jre bin jqs exe C WINDOWS System svchost exe -k HPZ C WINDOWS svcs exe C Program Files PdaNet for Android PdaNetPC exe C WINDOWS System svchost exe -k HPZ C Program Files Intel Wireless Bin RegSrvc exe C Program Files Microsoft Search Enhancement Pack SeaPort SeaPort exe svchost exe C WINDOWS system svchost ... Read more

A:win32/sirefef.ac and win32/sirefef.ah redirecting trojans?

Hello and Welcome to Bleeping Computer!!My name is Gringo and I'll be glad to help you with your computer problems. Please do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster. NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer. NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.:multiple Anti Virus programs: It looks like you are operating your computer with multiple Anti Virus programs running in memory at once: <insert av's> Anti-virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash. Please remove all but one of them.Security CheckDownload Security Check by screen317 from here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt; please post the contents of that document.Run Combofix:You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<Combofix may need to reboot your computer more than once to do its job this is normal.You can download Combofix from one of these links.Link 1Link 2Link 3 1. Close any open browsers or any other programs that are open.2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.Double click on combofix.exe & follow the prompts. When finished, it will produce a report for you. Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stallNote 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer"information and lo... Read more

http://www.bleepingcomputer.com/forums/t/451285/win32sirefefac-and-win32sirefefah-redirecting-trojans/
Relevancy 67.94%

I seemed to have picked this up last night So far all I've done is when my anti-virus detects it I've been moving it to anti-virus chest When I ran the full scan [Trj], [Trj], Win32:Sirefef-BTT Win64:Sirefef-A Win32:Malware-gen though it said it doesn't detect anything Any help would be greatly appreciated DDS Win32:Sirefef-BTT [Trj], Win64:Sirefef-A [Trj], Win32:Malware-gen Ver - - - NTFS x Internet Explorer BrowserJavaVersion Run by Toni at on - - Microsoft Windows Starter GMT - AV avast antivirus Enabled Updated C D F - -E C- AA- DAD F SP avast antivirus Enabled Updated C E - -EBB - A A- CA AE B B SP Windows Defender Enabled Updated D DDC A- F- fae- E -DA C ACF SP IObit Malware Fighter Disabled Updated A AC - B - - A- C BB D Running Processes C Windows system wininit exe C Windows system lsm exe C Program Files IObit Advanced SystemCare ASCService exe C Windows system atiesrxx exe C Windows system atieclxx exe C Program Files Alwil Software Avast aswUpdSv exe C Program Files Alwil Software Avast ashServ exe C Windows system Dwm exe C Windows Explorer EXE C Program Files Alwil Software Avast ashDisp exe C Program Files Logitech Logitech WebCam Software LWS exe C Program Files Lexmark S -S Series ezprint exe C Program Files Lexmark S -S Series lxeamon exe C Program Files Common Files Spigot Search Settings SearchSettings exe C Program Files iTunes iTunesHelper exe C Program Files Common Files Wondershare Wondershare Helper Compact WSHelper exe C Program Files real realplayer Update realsched exe C Program Files Samsung Kies External FirmwareUpdate KiesPDLR exe C Program Files Samsung Kies KiesTrayAgent exe C Program Files SUPERAntiSpyware SUPERANTISPYWARE EXE C Program Files Common Files Logishrd LQCVFX COCIManager exe C Windows System spoolsv exe C Program Files IObit IObit Malware Fighter IMFsrv exe C Windows system taskhost exe C Program Files SUPERAntiSpyware SASCORE EXE C Program Files Common Files Adobe ARM armsvc exe C Program Files Common Files Apple Mobile Device Support AppleMobileDeviceService exe C Windows system taskeng exe C Program Files IObit Smart Defrag SmartDefrag exe C Program Files Application Updater ApplicationUpdater exe C Program Files Bonjour mDNSResponder exe C Program Files WIDCOMM Bluetooth Software bin btwdins exe C Windows system FsUsbExService Exe C Program Files Intel Intel reg Management Engine Components LMS LMS exe C Program Files Common Files LogiShrd LVMVFM LVPrcSrv exe C Windows system spool DRIVERS W X lxeaserv exe C Windows system lxeacoms exe C Program Files RealNetworks RealDownloader rndlresolversvc exe C Program Files IObit IObit Malware Fighter IMF exe C Program Files USTechSupport SchedulerService SchedulerService exe C Program Files Yahoo SoftwareUpdate YahooAUService exe C Program Files Alwil Software Avast ashWebSv exe C Program Files Alwil Software Avast ashMaiSv exe C Program Files iPod bin iPodService exe C Windows system SearchIndexer exe C Windows System WUDFHost exe C Program Files Windows Media Player wmpnetwk exe C Windows Microsoft Net Framework v WPF PresentationFontCache exe C Program Files Intel Intel reg Management Engine Components UNS UNS exe C Program Files Mozilla Firefox firefox exe C Program Files RealNetworks RealDownloader recordingmanager exe C Program Files Mozilla Firefox plugin-container exe C Windows system Macromed Flash FlashPlayerPlugin exe C Windows system Macromed Flash FlashPlayerPlugin exe C Users Toni Downloads FRST exe C Windows system notepad exe C Windows system notepad exe C Windows system SearchProtocolHost exe C Windows system SearchFilterHost exe C Windows system conhost exe C Windows system wbem wmiprvse exe C Windows system svchost exe -k DcomLaunch C Windows system svchost exe -k RPCSS C Windows System svchost exe -k LocalServiceNetworkRestricted C Windows System svchost exe -k LocalSystemNetworkRestricted C Windows system svchost exe -k netsvcs C Windows system svchost exe -k LocalService C Windows system svchost exe -k NetworkServi... Read more

A:Win32:Sirefef-BTT [Trj], Win64:Sirefef-A [Trj], Win32:Malware-gen

Good evening.  Download TDSSKiller.zip from Kaspersky from here and save it to your Desktop. You will then need to extract the file(s) from the zipped folder. To do this: Right-click on the zipped folder and from the menu that appears, click on Extract All...In the Extraction Wizard window that opens, click on Extract and the contents should appear in a new window. Please close all open programs as this may result in a reboot being necessary.Double click TDSSKiller.exe to begin.Click Change parameters and check the two boxes under Additional Options and then click OK.Click Start scan and allow the tool to do just that.One the scan has completed, if the tool has identified anything allow it to carry out it's default action(s) - you'll need to click Continue where appropriate.Finally, if it prompts you to reboot your machine, please click Reboot Now and ensure that your machine does so.The log that the tool creates will be located at the root of you hard drive as C:\TDSSKiller.Version_Date_Time_log.txt. - i'd like a copy of the contents in your next reply.Please check that you get the one with the right date and time.   

http://www.bleepingcomputer.com/forums/t/507332/win32sirefef-btt-trj-win64sirefef-a-trj-win32malware-gen/
Relevancy 67.94%

My security alert says I have these four viruses and all attempts to clean them using microsoft forefront client security have failed. Besides, the computer shuts down every couple of minutes. Please help, I am frustrated.

A:Please help me rid my laptop of win32/sirefef.an, sirefef, sirefef.ao, and sirefef.ag

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster. NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer. NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will appear Click OKDeFogger may ask you to reboot the machine, if it does - click OKDo not re-enable these drivers until otherwise instructed.Security CheckDownload Security Check by screen317 from here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt; please post the contents of that document.Download DDS:Please download DDS by sUBs from one of the links below and save it to your desktop:
Download DDS and save it to your desktop

Link1
Link2
Link3

Please disable any anti-malware program that will block scripts from running before running DDS.

Double-Click on dds.scr and a command window will appear. This is normal.Shortly after two logs will appear:
DDS.txt Attach.txtA window will open instructing you save & post the logsSave the logs to a convenient place such as your desktopCopy the contents of both logs & post in your next replyinformation and logs:In your next post I need the following

.logs from DDSlet me know of any problems you may have hadGringo

http://www.bleepingcomputer.com/forums/t/464562/please-help-me-rid-my-laptop-of-win32sirefefan-sirefef-sirefefao-and-sirefefag/
Relevancy 67.51%

Avast continually blocks the following threats - Win Malware-gen - WIn Downloader-PKU Trj - Win DNSChanger-VJ Trj Avast scans and detects Win Sirefef-PL Rtk cannot remove it though Malwarebytes scan detects BCminer quarantines Win32:Malware-gen, need BCMiner Win32:DNSChanger-VJ [Trj], Win32:Sirefef-PL, WIn32:Downloader-PKU [Trj], help it though never seems to get rid of BCminer Other issues of possible note - Windows Firewall not running x - Backup amp Restore - last backup did not complete Win32:Sirefef-PL, Win32:Malware-gen, WIn32:Downloader-PKU [Trj], Win32:DNSChanger-VJ [Trj], BCMiner need help successfully - server execution failed - x Ran both DDS and GMER GMER did not have all the options available as per the preparation guide and did not log anything when the scan was complete DDS Ver - - - NTFSAMD Internet Explorer Run by Family-pc at on - - Microsoft Windows Home Premium GMT - SP Windows Defender Disabled Updated D DDC A- F- fae- E -DA C ACF Running Processes C Windows system wininit exeC Windows system lsm exeC Windows system svchost exe -k DcomLaunchC Windows system svchost exe -k RPCSSC Windows system atiesrxx exeC Windows System svchost exe -k LocalServiceNetworkRestrictedC Windows System svchost exe -k LocalSystemNetworkRestrictedC Windows system svchost exe -k netsvcsC Windows system svchost exe -k LocalServiceC Windows system svchost exe -k NetworkServiceC Program Files AVAST Software Avast AvastSvc exeC Windows system atieclxx exeC Program Files AVAST Software Avast afwServ exeC Windows system Dwm exeC Windows Explorer EXEC Windows System spoolsv exeC Windows system taskhost exeC Program Files x Common Files Adobe ARM armsvc exeC Program Files ATI Technologies ATI ACE Fuel Fuel Service exeC Program Files x Common Files Apple Mobile Device Support AppleMobileDeviceService exeC Program Files Realtek Audio HDA RAVCpl exeC Program Files x Common Files Apple Internet Services ubd exeC Program Files x Steam Steam exeC Program Files x HP Digital Imaging bin hpqtra exeC Program Files x Common Files Apple Apple Application Support distnoted exeC Windows system conhost exeC Program Files Bonjour mDNSResponder exeC Program Files x HP HP Software Update hpwuschd exeC Windows System svchost exe -k LocalServiceNoNetworkC Program Files x iTunes iTunesHelper exeC Windows SysWOW svchost exe -k hpdevmgmtC Program Files x OpenOffice org program soffice exeC Program Files x Secunia PSI sua exeC Windows system svchost exe -k imgsvcC Program Files Common Files Microsoft Shared Windows Live WLIDSVC EXEC Windows system svchost exe -k HPServiceC Windows system svchost exe -k LocalServiceAndNoImpersonationC Windows system SearchIndexer exeC Program Files Common Files Microsoft Shared Windows Live WLIDSvcM exeC Program Files iPod bin iPodService exeC Program Files x OpenOffice org program soffice binC Program Files x ATI Technologies ATI ACE Core-Static MOM exeC Program Files x Malwarebytes Anti-Malware mbamgui exeC Program Files AVAST Software Avast AvastUI exeC Program Files x ATI Technologies ATI ACE Core-Static CCC exeC Program Files Windows Media Player wmpnetwk exeC Program Files x HP Digital Imaging bin hpqSTE exeC Program Files x HP Digital Imaging bin hpqbam exeC Program Files x HP Digital Imaging bin hpqgpc exeC Windows Microsoft Net Framework v WPF PresentationFontCache exeC Program Files x Malwarebytes Anti-Malware mbamservice exeC Windows system svchost exe -k SDRSVCC Program Files x Internet Explorer iexplore exeC Program Files x Internet Explorer iexplore exeC Program Files x HP Digital Imaging smart web printing hpswp clipbook exeC Windows System svchost exe -k HPZ C Windows System svchost exe -k HPZ C Program Files x Mozilla Firefox firefox exeC Windows system SearchProtocolHost exeC Windows system SearchFilterHost exeC Windows SysWOW cmd exeC Windows system conhost exeC Windows SysWOW cscript exeC Windows system wbem wmiprvse exe Pseudo HJT Report uStart Page hxxp www google ca uInternet Settings ProxyOverride local... Read more

A:Win32:Sirefef-PL, Win32:Malware-gen, WIn32:Downloader-PKU [Trj], Win32:DNSChanger-VJ [Trj], BCMiner need help

Hello Njals, Welcome to Bleeping Computer.
My name is fireman4it and I will be helping you with your Malware problem.

Please take note of some guidelines for this fix:
Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

Finally, please reply using the ADD REPLY button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
I will be analyzing your log. I will get back to you with instructions.Do you have a USB Flash Drive you can use?

http://www.bleepingcomputer.com/forums/t/463979/win32sirefef-pl-win32malware-gen-win32downloader-pku-trj-win32dnschanger-vj-trj-bcminer-need-help/
Relevancy 64.93%

Microsoft Security Essentials keeps reporting this Trojan and quarantines it After attempts to remove the file It keeps reappearing It shows a file location that I am unable to find on my system C WINDOWS Installer c -dd -a b- -cba d db U Now I am getting a warning Infected with Trojan:Win32/Sirefef.AG Sirefef.I and about VirTool Win Obfuscator Infected with Trojan:Win32/Sirefef.AG and Sirefef.I XQ C WINDOWS Installer c -dd -a b- -cba d db n However this file cannot be located wither There is no C Windows Install directory Also Combofix loads and starts then it crashes Disappears from file manager and splash screen disappears -- The program literally stops running DDS Text File Contents DDS Ver - - - NTFSx Internet Explorer BrowserJavaVersion Run by Estelle Clark at on - - Microsoft Windows XP Professional GMT - AV Microsoft Security Essentials Enabled Updated EDB FA - B - AFA- C D- CCA Running Processes C WINDOWS system svchost exe -k DcomLaunch svchost exe C Program Files Microsoft Security Client MsMpEng exe C WINDOWS System svchost exe -k netsvcs C Program Files Nero Tools InCD InCDSrv exe svchost Infected with Trojan:Win32/Sirefef.AG and Sirefef.I exe svchost exe C WINDOWS system spoolsv exe svchost exe C Program Files SUPERAntiSpyware SASCORE EXE C Program Files Roxio BackOnTrack Disaster Recovery SaibSVC exe C Program Files Common Files ArcSoft esinter Bin eservutil exe C Program Files Common Files Apple Mobile Device Support AppleMobileDeviceService exe C Program Files Bonjour mDNSResponder exe C Program Files CinemaNow CinemaNow Media Infected with Trojan:Win32/Sirefef.AG and Sirefef.I Manager CinemanowSvc exe C Program Files CyberLink PowerDVD Kernel DMP CLHNServiceForPowerDVD exe C Program Files CyberLink PowerDVD Common MediaServer CLMSMonitorService exe C Program Files CyberLink PowerDVD Common MediaServer CLMSServerForPDVD exe C Program Files Nuance Nuance Cloud Connector GladFileMonSvc exe C WINDOWS system svchost exe -k hpdevmgmt C WINDOWS system svchost exe -k HPService C Program Files ICQ Toolbar ICQ Service exe C Program Files Common Files Intuit Update Service IntuitUpdateService exe C Program Files Java jre bin jqs exe C Program Files Common Files Microsoft Shared VS DEBUG MDM EXE C Program Files Nuance Nuance Cloud Connector WOSVSSSvrXP exe C Program Files Microsoft SQL Server MSSQL MSSQL Binn sqlservr exe C WINDOWS Explorer EXE C Program Files Common Files Nero Nero BackItUp NBService exe C Program Files Nero Tools InCD NBHRegInCDSrv exe C WINDOWS System svchost exe -k HPZ C WINDOWS system nvsvc exe C Program Files Paperport PaperPort PDFProFiltSrvPP exe C WINDOWS System svchost exe -k HPZ C Program Files RoboSoft RSDBServer exe C Program Files Microsoft SQL Server Shared sqlwriter exe C WINDOWS system svchost exe -k imgsvc C WINDOWS system fxssvc exe C WINDOWS system SearchIndexer exe C WINDOWS system ctfmon exe C Program Files SUPERAntiSpyware SUPERAntiSpyware exe C WINDOWS system wscntfy exe C Program Files Opera opera exe C WINDOWS system SearchProtocolHost exe C Program Files Microsoft Security Client msseces exe globalroot systemroot Installer c -dd -a b- -cba d db U Pseudo HJT Report uInternet Settings ProxyOverride lt local gt local mURLSearchHooks ICQToolBar f b - d - fe - a -bbb - c program files icq toolbar ICQToolBar dll mURLSearchHooks H - No File mURLSearchHooks ICQToolBar f b - d - fe - a -bbb - c program files icq toolbar ICQToolBar dll mURLSearchHooks H - No File BHO Adobe PDF Reader Link Helper e f-c d - d -b d- b d be b - c program files common files adobe acrobat activex AcroIEHelper dll BHO Adobe PDF Link Helper df c-e ad- -a -fa c ebdc - c program files common files adobe acrobat activex AcroIEHelperShim dll BHO RealPlayer Download and Record Plugin for Internet Explorer c e -b - bc - - c ca - c documents and settings all users application data real realplayer browserrecordplugin ie rpbrowserrecordplugin dll BHO PlusIEEventHelper Class a f- a - a - c -afbec a d - c program files nua... Read more

A:Infected with Trojan:Win32/Sirefef.AG and Sirefef.I

Hello and Welcome to Bleeping Computer!!My name is Gringo and I'll be glad to help you with your computer problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster. NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer. NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.Security CheckDownload Security Check by screen317 from here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt; please post the contents of that document.Run Combofix:You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<Combofix may need to reboot your computer more than once to do its job this is normal.You can download Combofix from one of these links.Link 1Link 2Link 3 1. Close any open browsers or any other programs that are open.2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.Double click on combofix.exe & follow the prompts. When finished, it will produce a report for you. Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stallNote 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer"information and logs"In your next post I need the following
Log from Combofixlet me know of any problems you may have had
How is the computer doing now?Gringo

http://www.bleepingcomputer.com/forums/t/454131/infected-with-trojanwin32sirefefag-and-sirefefi/
Relevancy 64.93%

Hello everyone I just discovered this forum while searching for a fix to my problem I stumbled upon this post Thread Bleepingcomputer and he has the exact same problem Win64/Sirefef.AB with Win32/Sirefef.P Infected and as I have even though the name is different It seems his problem was fixed through a few custom actions a member suggested to him and I figured I was SOL with my problem and would need the help So thanks in advance to whoever ends up helping me So my PC was running a bit slow Infected with Win32/Sirefef.P and Win64/Sirefef.AB but the thing that ticked me off was this popup that kept appearing randomly even once triggering on youtube com a site which has never generated popups in the recent past This nagged me so I launched MBAM and it found something called Trojan Dropper BCMiner and it failed to remove it after asking for a reboot So I try a bunch of stuff I don t really remember all I did since I fired in no precise order ComboFix which didn t start at first but it did once I rebooted into safe mode later in the process the kaspersky malware tool I ve seen suggested a lot here I don t remember the exact name MBAM a MSSE scan and SUPERAntiMalware All of them failed at doing anything good I also ran the avast MBR fix tool to no avail it actually blue screened my PC After I started reading on the topic linked earlier I ran almost the exact same procedure up to getting a FRST log which I now do have In the end I m having the same problem I had at the beginning MSSE is crazy about the two desktop ini files in C Windows assembly GAC and GAC and however I try to kill them or use combofix or look at recently added files and delete them they keep coming back So now I m running GMER and DDS from scratch to provide the accurate information as of now GMER doesn t seem to be looking exactly like the guide says more than half the boxes it wants me to tick are grayed out and I can t tick them So I ran it with only Services Registry and Files from drive C checked the ADS box checked So Here s DDS txt DDS Ver - - - NTFSAMD Internet Explorer BrowserJavaVersion Run by Chlikaflok at on - - Microsoft Windows Professional GMT - AV Microsoft Security Essentials Enabled Updated EA - D C- DFB- - E E F F SP Windows Defender Disabled Outdated D DDC A- F- fae- E -DA C ACF SP Microsoft Security Essentials Enabled Updated C BB - B - - A - B A B B Running Processes C Windows system wininit exeC Windows system lsm exeC Windows system svchost exe -k DcomLaunchC Windows system nvvsvc exeC Windows system svchost exe -k RPCSSc Program Files Microsoft Security Client MsMpEng exeC Windows System svchost exe -k LocalServiceNetworkRestrictedC Windows System svchost exe -k LocalSystemNetworkRestrictedC Windows system svchost exe -k netsvcsC Windows system svchost exe -k LocalServiceC Program Files NVIDIA Corporation Display nvxdsync exeC Windows system nvvsvc exeC Windows system svchost exe -k NetworkServiceC Windows System spoolsv exeC Windows system svchost exe -k LocalServiceNoNetworkC Windows system taskhost exeC Windows system Dwm exeC Windows Explorer EXEC Program Files SUPERAntiSpyware SASCORE EXEC Program Files x Common Files Apple Mobile Device Support AppleMobileDeviceService exeC Program Files Bonjour mDNSResponder exeC Program Files Realtek Audio HDA DTSAudioService exeC Windows SysWOW PnkBstrA exeC Windows system svchost exe -k NetworkServiceNetworkRestrictedC Windows system svchost exe -k imgsvcC Program Files Common Files Microsoft Shared Windows Live WLIDSVC EXEC Program Files Highresolution Enterprises X-Mouse Button Control XMouseButtonSvc exeC Program Files Common Files Microsoft Shared Windows Live WLIDSvcM exeC Program Files Highresolution Enterprises X-Mouse Button Control XMouseButtonControl exeC Windows system WUDFHost exeC Program Files Realtek Audio HDA RAVCpl exeC Program Files Realtek Audio HDA RAVBg exeC Program Files Microsoft Security Client msseces exeC Program Files Windows Sidebar sidebar exeC Users Chlikaflok AppDat... Read more

A:Infected with Win32/Sirefef.P and Win64/Sirefef.AB

Hi,I'd like to see an updated FRST log:download Farbar Recovery Scan Tool and save it to a flash drive.(you need the 64bit version)Plug the flashdrive into the infected PC.Enter System Recovery Options. To enter System Recovery Options from the Advanced Boot Options:Restart the computer.As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.Use the arrow keys to select the Repair your computer menu item.Choose your language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account and click Next.To enter System Recovery Options by using Windows installation disc:Insert the installation disc.Restart your computer.If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.Click Repair your computer.Choose your language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account an click Next.On the System Recovery Options menu you will get the following options:Startup RepairSystem RestoreWindows Complete PC RestoreWindows Memory Diagnostic ToolCommand Prompt[*]Select Command Prompt[*]In the command window type in notepad and press Enter.[*]The notepad opens. Under File menu select Open.[*]Select "Computer" and find your flash drive letter and close the notepad.[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter Note: Replace letter e with the drive letter of your flash drive.[*]The tool will start to run.[*]When the tool opens click Yes to the disclaimer.[*]Place a check next to List Drivers MD5 as well as the default check marks that are already there[*]Press Scan button.[*]type exit and reboot the computer normally[*]FRST will make a log (FRST.txt) on the flash drive, please copy and paste the log in your reply.[/list]

http://www.bleepingcomputer.com/forums/t/456353/infected-with-win32sirefefp-and-win64sirefefab/
Relevancy 64.93%

Hello,

Microsoft Security Essentials is notifying me that Win32/Sirefef.AB and Win64/Sirefef.P are potential threats, but of course trying to remove them does nothing.

Attached is my Farbar Recovery Scan Tool log. Thanks in advance for any help!

A:Win32/Sirefef.AB and Win64/Sirefef.P Infection

Hello user314159 and welcome to the forums!My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. I'll be addressing you by your username, if you'd like me to address you by something else, please let me know!I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)

Because of this, you must reply within 3 days failure to reply will result in the topic being closed! I like chocolate chip cookies.Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system or even taking your computer into a repair shop.

Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data and have means of backing up your data available.____________________________________________________It appears you're infected with an infection known as ZeroAccess.ZeroAccess (Max++) Rootkit (aka: Sirefef) is a sophisticated rootkit that uses advanced technology to hide its presence in a system and can infect both x86 and x64 platforms. ZeroAccess is similar to the TDSS rootkit but has more self-protection mechanisms that can be used to disable anti-virus software resulting in "Access Denied" messages whenever you run a security application. For more specific information about this infection, please refer to:Dissecting the ZeroAccess RootkitZeroAccess / Max++ / Smiscer Crimeware RootkitMAX++ sets its sights on x64 platformsZeroAccess (Max++) RootkitZeroAccess Gets Another UpdateZeroAccess ? an advanced kernel mode rootkitNEXT: One or more of the identified infections is a backdoor trojan and password stealer.This type of infection allows hackers to access and remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.If you do any banking or other financial transactions on the PC or if it contains any other sensitive information, then from a clean computer, change all pas... Read more

http://www.bleepingcomputer.com/forums/t/457490/win32sirefefab-and-win64sirefefp-infection/
Relevancy 64.93%

Hello. My antivirus picked up these two and I was wondering if anyone could help me remove them. I tried using dds to send you logs but no attach or dds txt pops up after using it,and I'm an amateur when using computers so I have no idea how to find those logs if they exist somewhere in my system. Hope someone can help.

A:win64 sirefef -btt and win32 sirefef - a detected

Hello SONYAns I would like to welcome you to the Malware Removal section of the forum.Around here they call me Gringo and I will be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.I would like you to run this program for me.Please download Farbar Recovery Scan Tool and save it to your desktop.Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.Double-click to run it. When the tool opens click Yes to disclaimer.Press Scan button.It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.Gringo

http://www.bleepingcomputer.com/forums/t/506504/win64-sirefef-btt-and-win32-sirefef-a-detected/
Relevancy 64.93%

Yes I have the dreded infection and have downloaded the frst64.exe and will run it to get the log files...
Any other directions or advice would be great

Not sure if this is the correct place to post virus infection requests...if not please direct me to the correct place...I do have the frst.txt file for my issue to upload when necessary.

Thanks
Russ

A:Win32/sirefef.AB / win64/sirefef.P infection

Read the guide here on preparing logs

http://www.bleepingcomputer.com/forums/topic34773.html

and create a topic here

http://www.bleepingcomputer.com/forums/forum22.html

You can also post the FRST log

Good luck

http://www.bleepingcomputer.com/forums/t/461196/win32sirefefab-win64sirefefp-infection/
Relevancy 64.93%

Avast keeps detecting Win Sirefef-B Win Sirefef-A and sometimes Win Win32:Sirefef-BTT Infected with & Win64:Sirefef-A Malware-gen Multiple scans detect amp quarrantine files but the trojan warning keeps popping up My friend ran ComboFix on it amp claims that everything is fine now but I'm concerned that he shouldn't have run ComboFix yet and also that it may not have actually removed this infection Here is my log from DDS txt DDS Ver - - - NTFS x Internet Explorer Run by Michael Calhoun at on - - Microsoft Windows Vista Home Basic GMT - AV avast Antivirus Enabled Updated Infected with Win32:Sirefef-BTT & Win64:Sirefef-A B D - B-D C - E- FE FC C SP avast Antivirus Enabled Updated CF - -DA - FCE-A D DFB SP Windows Defender Disabled Outdated D DDC A- F- fae- E -DA C ACF Running Processes C Windows system wininit exe C Windows system lsm exe C Windows system SLsvc exe C Windows System WLTRYSVC EXE C Windows system WLANExt exe C Windows System bcmwltry exe C Program Files AVAST Software Avast AvastSvc exe C Windows System spoolsv exe C Windows system Dwm exe C Windows Explorer EXE C Program Files Common Files Apple Mobile Device Support AppleMobileDeviceService exe C Program Files Bonjour mDNSResponder exe C Program Files Intel Intel Matrix Storage Manager IAANTMon exe C Program Files Common Files Intuit QuickBooks QBCFMonitorService exe C Windows system taskeng exe C Windows system taskeng exe C Program Files Common Files Intuit DataProtect QBIDPService exe C Windows system SearchIndexer exe C Windows system RUNDLL EXE C Program Files DellTPad Apoint exe C Windows System hkcmd exe C Windows System igfxpers exe C Windows System WLTRAY EXE C Program Files Intel Intel Matrix Storage Manager IAAnotif exe C Program Files CyberLink PowerDVD DX PDVDDXSrv exe C Windows system igfxsrvc exe C Program Files IDT WDM sttray exe C Program Files iTunes iTunesHelper exe C Program Files AVAST Software Avast AvastUI exe C Program Files Common Files Intuit QuickBooks QBUpdate qbupdate exe C Program Files Intuit QuickBooks QBW EXE C Program Files DellTPad ApMsgFwd exe C Program Files DellTPad HidFind exe C Program Files DellTPad Apntex exe C Program Files Windows Media Player wmpnscfg exe C Program Files Windows Media Player wmpnetwk exe C Program Files iPod bin iPodService exe C Windows system SearchProtocolHost exe C Windows system Macromed Flash FlashUtil ActiveX exe C Windows system SearchFilterHost exe C Windows system wbem wmiprvse exe C Windows system svchost exe -k DcomLaunch C Windows system svchost exe -k rpcss C Windows System svchost exe -k LocalServiceNetworkRestricted C Windows System svchost exe -k LocalSystemNetworkRestricted C Windows system svchost exe -k netsvcs C Windows system svchost exe -k GPSvcGroup C Windows system svchost exe -k LocalService C Windows system svchost exe -k NetworkService C Windows system svchost exe -k LocalServiceNoNetwork C Windows System svchost exe -k Akamai C Windows System svchost exe -k HPZ C Windows System svchost exe -k HPZ C Windows system svchost exe -k NetworkServiceNetworkRestricted C Windows system svchost exe -k imgsvc C Windows System svchost exe -k WerSvcGroup C Windows system svchost exe -k LocalServiceAndNoImpersonation Pseudo HJT Report uStart Page hxxp home mywebsearch com index jhtml n DE amp p UX xdm YY us amp ptb D E- DA - D - FCC-D F amp si lc t uProxyOverride lt local gt local uURLSearchHooks c f aa-f f- c- f e-b d a - lt orphaned gt uURLSearchHooks a d - d- b -b a- b b f d - lt orphaned gt BHO Adobe PDF Link Helper DF C-E AD- -A -FA C EBDC - c program files common files adobe acrobat activex AcroIEHelperShim dll BHO Java Plug-In SSV Helper BB-D F - C-B EB-D DAF D D - c program files java jre bin ssv dll BHO avast Online Security E E -AD D- bf-AC D-D F D - c program files avast software avast aswWebRepIE dll BHO ab dfde- c - b - df - b eba - lt orphaned gt BHO Skype Browser Helper AE - E C- ED - F B-F F A - c program files skype toolbars internet explorer skypeieplugin dll B... Read more

A:Infected with Win32:Sirefef-BTT & Win64:Sirefef-A

Hello troyman5150 I would like to welcome you to the Malware Removal section of the forum.Around here they call me Gringo and I will be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.-AdwCleaner-Please download AdwCleaner by Xplode onto your desktop.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click on Scan.After the scan is complete click on "Clean"Confirm each time with Ok.Your computer will be rebooted automatically. A text file will open after the restart.Please post the content of that logfile with your next answer.You can find the logfile at C:\AdwCleaner[S1].txt as well.-Junkware-Removal-Tool-Please download Junkware Removal Tool to your desktop.Shut down your protection software now to avoid potential conflicts.Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".The tool will open and start scanning your system.Please be patient as this can take a while to complete depending on your system's specifications.On completion, a log (JRT.txt) is saved to your desktop and will automatically open.Post the contents of JRT.txt into your next message.When they are complete let me have the two reports and let me know how things are running.Gringo

http://www.bleepingcomputer.com/forums/t/510088/infected-with-win32sirefef-btt-win64sirefef-a/
Relevancy 63.64%

I recently got annoyed when my Firefox browser started redirecting me to random websites So I scanned my computer using aswMBR and it found viruses called Sirefef-PL Medfos and Agent-APDL Here is my aswMBR log aswMBR version Copyright copy AVAST Software Run date - - ----------------------------- OS Version Windows x Service Pack Number of processors x A ComputerName STEVEN-PC UserName Steven Initialize success AVAST engine defs Disk boot Device Harddisk DR - gt Device Ide IdeDeviceP T L with Win32:Sirefef-PL/Win32:Agent-APDL/Win32:Medfos Help - Disk Vendor SAMSUNG HD SJ AJ E Size MB BusType Disk MBR read successfully Disk MBR scan Disk Windows default MBR code Disk Partition A HPFS NTFS NTFS MB offset Disk Partition HPFS NTFS NTFS MB offset Disk scanning C Windows system drivers Service scanning Modules scanning Disk trace - called modules ntoskrnl exe CLASSPNP SYS disk sys ACPI sys ataport SYS pciide sys PCIIDEX SYS Help with Win32:Sirefef-PL/Win32:Agent-APDL/Win32:Medfos hal dll atapi sys nt IofCallDriver - gt Device Harddisk DR xfffffa db CLASSPNP SYS fffff f - gt nt IofCallDriver - gt xfffffa ACPI sys fffff f a - gt nt IofCallDriver - gt Device Ide IdeDeviceP T L - xfffffa AVAST engine scan C Windows AVAST engine scan C Windows system File C Windows assembly GAC Desktop ini INFECTED Win Sirefef-PL Rtk File C Windows assembly GAC Desktop ini INFECTED Win Sirefef-PL Rtk AVAST engine scan C Windows system drivers AVAST engine scan C Users Steven File C Users Steven AppData Roaming hvcont dll INFECTED Win Agent-APDL Trj File C Users Steven AppData Roaming wshloc dll INFECTED Win Medfos Trj AVAST engine scan C ProgramData Scan finished successfully Disk MBR has been saved successfully to quot C Users Steven Desktop MBR dat quot The log file has been saved successfully to quot C Users Steven Desktop aswMBR txt quot Thanks in advance for any help

A:Help with Win32:Sirefef-PL/Win32:Agent-APDL/Win32:Medfos

Hello and welcome to the forums!My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. I'll be addressing you by your username, if you'd like me to address you by something else, please let me know!I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)

Because of this, you must reply within 3 days failure to reply will result in the topic being closed! I like chocolate chip cookies.Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system or even taking your computer into a repair shop.

Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data and have means of backing up your data available.____________________________________________________It appears you're infected with an infection known as ZeroAccess.ZeroAccess (Max++) Rootkit (aka: Sirefef) is a sophisticated rootkit that uses advanced technology to hide its presence in a system and can infect both x86 and x64 platforms. ZeroAccess is similar to the TDSS rootkit but has more self-protection mechanisms that can be used to disable anti-virus software resulting in "Access Denied" messages whenever you run a security application. For more specific information about this infection, please refer to:Dissecting the ZeroAccess RootkitZeroAccess / Max++ / Smiscer Crimeware RootkitMAX++ sets its sights on x64 platformsZeroAccess (Max++) RootkitZeroAccess Gets Another UpdateZeroAccess ? an advanced kernel mode rootkitNEXT: One or more of the identified infections is a backdoor trojan and password stealer.This type of infection allows hackers to access and remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.If you do any banking or other financial transactions on the PC or if it contains any other sensitive information, then from a clean computer, change all passwords wher... Read more

http://www.bleepingcomputer.com/forums/t/465584/help-with-win32sirefef-plwin32agent-apdlwin32medfos/
Relevancy 63.21%

My PC is infected by the sirefef R and AH trojan Thanks to you guys I have already found some information and already run the Farbar Recovery Scan Below and also attached you will find the results from the scan and search txt Could you please tell me on how to proceed from here Thanks Bjorn FRST txtScan result of Farbar Recovery Scan Tool FRST written by Farbar Version - - Ran by SYSTEM at - - Running from J Windows Home Premium X OS Language Dutch Standard The current controlset is ControlSet Registry Whitelisted HKLM Run SynTPEnh C Program Files Synaptics SynTP SynTPEnh exe - - Synaptics Inc HKLM Run RtHDVCpl RtHDVCpl exe x HKLM Run Acrobat Assistant quot Win32/sirefef.AH and Win32/sirefef.R Nasty C Program Files Adobe Acrobat Acrobat Acrotray exe quot - - Adobe Systems Inc HKLM Run AdobeCS ServiceManager quot C Program Files Common Files Adobe CS ServiceManager CS ServiceManager exe quot -launchedbylogin - - Adobe Systems Incorporated HKLM Nasty Win32/sirefef.R and Win32/sirefef.AH Run CanonSolutionMenu C Program Files Canon SolutionMenu CNSLMAIN exe logon - - CANON INC HKLM Run IAAnotif C Program Files Intel Intel Matrix Storage Manager iaanotif exe - - Intel Corporation HKLM Run ISBMgr exe quot C Program Files Sony ISB Utility ISBMgr exe quot - - Sony Corporation HKLM Run PSQLLauncher quot C Program Files Protector Suite launcher exe quot startup - - UPEK Inc HKLM Run Eraser quot C PROGRA Eraser Eraser exe quot --atRestart - - The Eraser Project HKLM Run ArcSoft Connection Service C Program Files Common Files ArcSoft Connection Service Bin ACDaemon exe - - ArcSoft Inc HKLM Run Acronis Scheduler Service quot C Program Files Common Files Acronis Schedule schedhlp exe quot - - Acronis HKLM Run NvCplDaemon RUNDLL EXE C Windows system NvCpl dll NvStartup - - NVIDIA Corporation HKLM Run TrueImageMonitor exe C Program Files Acronis TrueImageHome TrueImageMonitor exe - - Acronis HKLM Run CanonMyPrinter C Program Files Canon MyPrinter BJMyPrt exe logon - - CANON INC HKLM Run DivXUpdate quot C Program Files DivX DivX Update DivXUpdate exe quot CHECKNOW - - HKLM Run LUTManager quot C Program Files LUT Manager LUTManager exe quot pt quot default quot - - Nixz Software HKLM Run APSDaemon quot C Program Files Common Files Apple Apple Application Support APSDaemon exe quot - - Apple Inc HKLM Run Windows Mobile Device Center windir WindowsMobile wmdc exe x HKLM Run iTunesHelper quot C Program Files iTunes iTunesHelper exe quot - - Apple Inc HKLM Run x HKLM Run RoxWatchTray quot C Program Files Common Files Roxio Shared SharedCOM RoxWatchTray exe quot - - Rovi Corporation HKLM Run ISUSPM C ProgramData FLEXnet Connect isuspm exe -scheduler - - Flexera Software Inc HKLM Run CPMonitor quot C Program Files Roxio CPMonitor exe quot - - HKLM Run Desktop Disc Tool quot C Program Files Roxio Roxio Burn RoxioBurnLauncher exe quot - - HKLM Run ASUS Ai Charger C Program Files ASUS ASUS Ai Charger AiChargerAP exe - - ASUSTek Computer Inc HKLM Run QuickTime Task quot C Program Files QuickTime QTTask exe quot -atboottime - - Apple Inc HKLM Run Regedit C Windows system regedit exe x HKLM Run MSC quot C Program Files Microsoft Security Client msseces exe quot -hide -runkey - - Microsoft Corporation HKU Bjorn Run NSUFloatingUI quot C Program Files Sony Network Utility LANUtil exe quot - - Sony Corporation HKU Bjorn Run RocketDock quot C Program Files RocketDock RocketDock exe quot - - HKU Bjorn Run AlcoholAutomount quot C Program Files Alcohol Soft Alcohol AxAutoMntSrv exe quot -automount - - Alcohol Soft Development Team HKU Bjorn Run LUTManager quot C Program Files LUT Manager LUTManager exe quot pt quot default quot - - Nixz Software HKU Bjorn Run MobileDocuments C Program Files Common Files Apple Internet Services ubd exe - - Apple Inc HKU Bjorn Run ApplePhotoStreams C Program Files Common Files Apple Internet Services ApplePhotoStreams exe - - Apple Inc HKU Bjorn Run iCloudServices C Program Files Common Files Apple Internet Services iCloudServices e... Read more

A:Nasty Win32/sirefef.R and Win32/sirefef.AH

Hi,Please run the following:Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt start
SubSystems: [Windows] ==> ZeroAccess
HKLM\...\Run: [] [x]
HKLM\...\Run: [Regedit32] C:\Windows\system32\regedit.exe [x]
HKU\Bjorn\...\Run: [0i763f66bz] C:\Users\Bjorn\0i763f66bz.exe [42496 2012-06-23] (FaceVsion)
0 ece2981047436e29; C:\Windows\System32\Drivers\ece2981047436e29.sys [66488 2012-06-24] ()
2012-06-24 11:48 - 2012-06-24 11:48 - 00066488 ____A C:\Windows\System32\Drivers\ece2981047436e29.sys
2012-06-23 17:04 - 2012-06-23 17:04 - 00042496 ____A (FaceVsion) C:\Users\Bjorn\0i763f66bz.exe
2012-06-07 22:16 - 2012-06-24 22:32 - 00000000 ____D C:\Users\Bjorn\AppData\Local\831B70AA-4223-46DB-A9E4-D27C6CB4247D.aplzod
2012-05-15 16:33 - 2012-04-23 10:08 - 00000000 ____D C:\Users\Bjorn\AppData\Roaming\Belastingdienst
C:\Windows\Installer\{a4b8fb52-11e7-86e9-8511-b8c2b6b19ecb}
C:\Users\Bjorn\AppData\Local\{a4b8fb52-11e7-86e9-8511-b8c2b6b19ecb}
replace: C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe C:\Windows\System32\services.exe
endNOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating systemNow please enter System Recovery Options then select Command PromptRun FRST64 and press the Fix button just once and wait.The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.Now restart, let it boot normally and tell me how it went.NEXTRefer to the ComboFix User's Guide Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Place ComboFix.exe on your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
You can get help on disabling your protection programs here
Double click on ComboFix.exe & follow the prompts.Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

---------------------------------------------------------------------------------------------
Ensure your AntiVirus and AntiSpyware applications are re-enabled.

---------------------------------------------------------------------------------------------NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

http://www.bleepingcomputer.com/forums/t/458226/nasty-win32sirefefr-and-win32sirefefah/
Relevancy 63.21%

Microsoft essentials found the AH first and shortly after that the AC popped up also. It is a redirect trojan. Says it is cleared, and then comes back. running malaware now to see if it will clear it. thanks for your help again.

A:win32/sirefef.ac and win32/sirefef.ah please help clear it

Download Security Check from HERE, and save it to your Desktop. * Double-click SecurityCheck.exe * Follow the onscreen instructions inside of the black box. * A Notepad document should open automatically called checkup.txt; please post the contents of that document.=============================================================================Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply.====================================================================================Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeClick Go and post the result.=============================================================================Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop. * Double-click mbam-setup.exe and follow the prompts to install the program. * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. * If an update is found, it will download and install the latest version. * Once the program has loaded, select Perform quick scan, then click Scan. * When the scan is complete, click OK, then Show Results to view the results. * Be sure that everything is checked, and click Remove Selected. * When completed, a log will open in Notepad. * Post the log back here.Be sure to restart the computer.The log can also be found here:C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txtOr at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt=============================================================================Download aswMBR to your desktop.Double click the aswMBR.exe to run it.If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".Click the "Scan" button to start scan.On completion of the scan click "Save log", save it to your desktop and post in your next reply.NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

http://www.bleepingcomputer.com/forums/t/450849/win32sirefefac-and-win32sirefefah-please-help-clear-it/
Relevancy 62.35%

Hello MSE had a message that said detected and cleaned virus and in the history came up Trojan win sirefef ak am ag sirefef and then proceeded to say remove kept getting the MSE logo spinning and saying cleaning and then same viruses would be in history I used malwarebytes and it found the four aswell and cleaned them but I feel something is still there and runnin in the background because when I reboot my desktop icons keep resetting if I change sirefef ag & am win32/sirefef.ak Trojan: & and them Need help Thanks LR what do you need for me to run a log to show the computer status Malwarebytes Anti-Malware www malwarebytes org Database version v Windows Vista Service Pack x NTFS Internet Explorer Roger Trudel ROGERTRUDEL-PC administrator PM mbam-log- - - - - txt Scan type Quick scan Scan options enabled Memory Startup Registry File System Heuristics Extra Heuristics Shuriken PUP PUM Scan options disabled P P Objects scanned Time elapsed minute s second s Memory Processes Detected No malicious items detected Memory Modules Detected No malicious items detected Registry Keys Detected No malicious items detected Registry Values Detected No malicious items detected Registry Data Items Detected HKCR CLSID aedc - - fd-b a - c feabec InprocServer Trojan Zaccess - gt Bad C Users Roger Trudel AppData Local ef b c - - fd - dbd- eefc n Good SystemRoot system shell dll - gt Trojan: win32/sirefef.ak & am & ag and sirefef Quarantined and repaired successfully Folders Detected C Trojan: win32/sirefef.ak & am & ag and sirefef Recycle Bin Trojan Spyeyes - gt Quarantined and deleted successfully Files Detected C Users Roger Trudel AppData Local temp msimg dll Trojan Agent MRGGen - gt Quarantined and deleted successfully C Windows assembly GAC Desktop ini Trojan access - gt Quarantined and deleted successfully end ------------------------------------------------------------------------------------------------------------------------ then I did another one alwarebytes Anti-Malware www malwarebytes org Database version v Windows Vista Service Pack x NTFS Internet Explorer Roger Trudel ROGERTRUDEL-PC administrator PM mbam-log- - - - - txt Scan type Full scan Scan options enabled Memory Startup Registry File System Heuristics Extra Heuristics Shuriken PUP PUM Scan options disabled P P Objects scanned Time elapsed hour s minute s second s Memory Processes Detected No malicious items detected Memory Modules Detected No malicious items detected Registry Keys Detected No malicious items detected Registry Values Detected No malicious items detected Registry Data Items Detected No malicious items detected Folders Detected No malicious items detected Files Detected C Users Roger Trudel AppData Local ef b c - - fd - dbd- eefc n Trojan Agent MRGGen - gt Quarantined and deleted successfully C Users Roger Trudel AppData LocalLow GamingWonderlandEI Installr Cache DE D exe PUP MyWebSearch - gt Quarantined and deleted successfully end

A:Trojan: win32/sirefef.ak & am & ag and sirefef

Hello and welcome to the forums!My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. I'll be addressing you by your username, if you'd like me to address you by something else, please let me know!I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)

Because of this, you must reply within 3 days failure to reply will result in the topic being closed! I like chocolate chip cookies.Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system or even taking your computer into a repair shop.

Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data and have means of backing up your data available.____________________________________________________It appears you're infected with an infection known as ZeroAccess.ZeroAccess (Max++) Rootkit (aka: Sirefef) is a sophisticated rootkit that uses advanced technology to hide its presence in a system and can infect both x86 and x64 platforms. ZeroAccess is similar to the TDSS rootkit but has more self-protection mechanisms that can be used to disable anti-virus software resulting in "Access Denied" messages whenever you run a security application. For more specific information about this infection, please refer to:Dissecting the ZeroAccess RootkitZeroAccess / Max++ / Smiscer Crimeware RootkitMAX++ sets its sights on x64 platformsZeroAccess (Max++) RootkitZeroAccess Gets Another UpdateZeroAccess ? an advanced kernel mode rootkitNEXT: One or more of the identified infections is a backdoor trojan and password stealer.This type of infection allows hackers to access and remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.If you do any banking or other financial transactions on the PC or if it contains any other sensitive information, then from a clean computer, change all passwords wher... Read more

http://www.bleepingcomputer.com/forums/t/456842/trojan-win32sirefefak-am-ag-and-sirefef/
Relevancy 62.35%

Hello I ve been infected with Sirefef for a week now tried system restore Full system scans in safe mode tdss killer numerous Sirefef removal tools from Kaspersky / Win32 Sirefef.P Win64 Sirefef.Y Eset Symantec to no avail MS SE still founds Sirefef reincarnations from time to time please help DDS Ver - - - NTFSAMD Sirefef.P Win32 / Sirefef.Y Win64 Internet Explorer Run by The Great Dark Lord at on - - Microsoft Windows Ultimate GMT AV Microsoft Security Essentials Enabled Updated EA - D C- DFB- - E E F F SP Windows Defender Disabled Updated D DDC A- F- fae- E -DA C ACF SP Microsoft Security Essentials Enabled Updated C BB - B - - A - B A B B Running Processes C Windows system wininit exe C Windows system lsm exe C Windows system svchost exe -k DcomLaunch C Windows system svchost exe -k RPCSS C Program Files Microsoft Security Client MsMpEng exe C Windows system atiesrxx exe C Windows System svchost exe -k LocalServiceNetworkRestricted C Windows System svchost exe -k LocalSystemNetworkRestricted C Windows system svchost exe -k netsvcs C Program Files x Creative Shared Files CTAudSvc exe C Windows system svchost exe -k LocalService C Windows system atieclxx exe C Windows system svchost exe -k NetworkService C Windows system WLANExt exe C Windows system conhost exe C Windows System spoolsv exe C Windows system svchost exe -k LocalServiceNoNetwork C Program Files x Common Files Adobe ARM armsvc exe C Program Files x Common Files Apple Mobile Device Support AppleMobileDeviceService exe C Program Files x ASUS AXSP atkexComSvc exe C Program Files x ASUS AAHM aaHMSvc exe C Program Files x ASUS AsSysCtrlService AsSysCtrlService exe C Program Files x Bluetooth Suite adminservice exe C Program Files Bonjour mDNSResponder exe C Users The Great Dark Lord AppData Local CrossLoop CrossLoopService exe C Windows system IProsetMonitor exe C Program Files x RadeonPro RadeonProSupport exe C Program Files x Ralink Common RaRegistry exe C Program Files x Ralink Common RaRegistry exe C Windows system svchost exe -k imgsvc C Program Files Common Files Microsoft Shared Windows Live WLIDSVC EXE C Program Files Common Files Microsoft Shared Windows Live WLIDSvcM exe C Windows system SearchIndexer exe C Windows system taskhost exe C Program Files Common Files Microsoft Shared OfficeSoftwareProtectionPlatform OSPPSVC EXE C Windows system Dwm exe C Windows system taskeng exe C Program Files x ASUS AI Suite II DIGI VRM VRMHelp exe C Program Files x ASUS AI Suite II AsRoutineController exe C Windows Explorer EXE C Program Files x ASUS AI Suite II USB Boost U BoostSvr exe C Windows System rundll exe C Program Files x ASUS AI Suite II TurboV EVO TurboVHelp exe C Program Files x ASUS AI Suite II EPU EPUHelp exe C Program Files x Bluetooth Suite BtvStack exe C Program Files x Bluetooth Suite AthBtTray exe C Program Files Zune ZuneLauncher exe C Program Files Logitech Gaming Software LCore exe C Program Files Microsoft Security Client msseces exe C Program Files x Internet Download Manager IDMan exe D Steam Steam exe C Users The Great Dark Lord AppData Roaming Google Google Talk googletalk exe C Users The Great Dark Lord AppData Local CrossLoop CrossLoopConnect exe C Program Files x InstallShield Installation Information E -DA B- E - - D D C AiChargerPlus exe C Windows SysWOW Ctxfihlp exe C Program Files x Creative Volume Panel VolPanlu exe C Program Files x Elaborate Bytes VirtualCloneDrive VCDDaemon exe C Program Files x iTunes iTunesHelper exe C Program Files x ATI Technologies ATI ACE Core-Static MOM exe C Windows SysWOW CTXFISPI EXE C Program Files x ASUS AI Suite II AI Suite II exe C Program Files MagicTune Premium MagicTune exe C Program Files x Ralink Common RaUI exe C Program Files iPod bin iPodService exe C Program Files x Xfire Xfire exe C Windows system svchost exe -k LocalServiceAndNoImpersonation C Program Files x ASUS AI Suite II Sensor AlertHelper AlertHelper exe C Program Files x ATI Technologies ATI ACE Core-Static CCC exe C Program Files x Com... Read more

A:Sirefef.P Win32 / Sirefef.Y Win64

Hi,Please run the following:Download Farbar Recovery Scan Tool and save it to a flash drive.Plug the flashdrive into the infected PC.Restart your computer and tap F8 to bring up the Advanced Menu, then click Repair your computerFollow the prompt to enter keyboard input method, and then the prompt to enter a password. If the machine does not have a password, simply click Enter.In the next menu, use the arrow keys on the keyboard to highlight Command Prompt and press Enter.In the command window type in notepad and press Enter. The notepad opens. Under File menu select Open. Select "Computer" and find your flash drive letter and close the notepad. In the command window type e:\frst64.exe and press Enter. Note: Replace letter e with the drive letter of your flash drive.The tool will start to run. When the tool opens click Yes to disclaimer. Uncheck the Whitlelist boxes next to Registry, Services, Drivers, and known DLL's Place a check next to List Drivers MD5 Press Scan button. It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

http://www.bleepingcomputer.com/forums/t/458886/sirefefp-win32-sirefefy-win64/
Relevancy 61.49%

I started noticed a couple weeks ago that my computer would link itself to advertisements Downloaded AVast and it found the following win Sirefef-PL AND win win32:Sirefef-PL/win32:BitCoinMiner-U/win32:Malware-gen Sirefef- with other letters win win32:Sirefef-PL/win32:BitCoinMiner-U/win32:Malware-gen BitCoinMiner-U win Malware-gen I completed the DeFogger and I didn t do the GMER as it says not to for -bit I tried to check on win32:Sirefef-PL/win32:BitCoinMiner-U/win32:Malware-gen my firewall but when I clicked use recommended settings it says quot Error Code x quot Even though I ran the Avast Boot Scanner and it said it deleted the files Avast pops up saying quot Trojan blocked quot or quot Malware blocked quot all the time so I know I am still infected THANKS IN ADVANCE DDS DDS Ver - - - NTFSAMD Internet Explorer Run by Rachel at on win32:Sirefef-PL/win32:BitCoinMiner-U/win32:Malware-gen - - Microsoft Windows Home Premium GMT - SP Windows Defender Disabled Updated D DDC A- F- fae- E -DA C ACF Running Processes C Windows system wininit exe C Windows system lsm exe C Windows system svchost exe -k DcomLaunch C Windows system svchost exe -k RPCSS C Windows System svchost exe -k LocalServiceNetworkRestricted C Windows System svchost exe -k LocalSystemNetworkRestricted C Windows system svchost exe -k netsvcs C Windows system svchost exe -k LocalService C Windows system svchost exe -k NetworkService C Program Files AVAST Software Avast AvastSvc exe C Windows system WLANExt exe C Windows system conhost exe C Windows System spoolsv exe C Program Files x Common Files Adobe ARM armsvc exe C Program Files Realtek Audio HDA AERTSr exe C Program Files x Common Files Apple Mobile Device Support AppleMobileDeviceService exe C Program Files Bonjour mDNSResponder exe C Windows System svchost exe -k LocalServiceNoNetwork C Program Files Hewlett-Packard HP Client Services HPClientServices exe C Program Files x Hewlett-Packard Shared HPDrvMntSvc exe C Program Files x Hewlett-Packard HP Quick Launch HPWMISVC exe C Program Files x Canon IJPLM IJPLMSVC EXE C Program Files x Common Files LightScribe LSSrvc exe C Program Files x Intel Intel reg Management Engine Components LMS LMS exe C Windows system lxeccoms exe C Program Files x Symantec Norton Online Backup NOBuAgent exe C Program Files x Roxio RoxioNow Player RNowSvc exe C Windows system svchost exe -k imgsvc C Program Files Common Files Microsoft Shared Windows Live WLIDSVC EXE C Program Files x Yahoo SoftwareUpdate YahooAUService exe C Program Files Common Files Microsoft Shared Windows Live WLIDSvcM exe C Windows system taskhost exe C Windows system Dwm exe C Windows Explorer EXE C Program Files Synaptics SynTP SynTPEnh exe C Program Files Realtek Audio HDA RtkNGUI exe C Windows System igfxtray exe C Windows System hkcmd exe C Windows System igfxpers exe C Program Files Synaptics SynTP SynTPHelper exe C Program Files Canon MyPrinter BJMYPRT EXE C Program Files x Common Files LightScribe LightScribeControlPanel exe C Program Files x Common Files Apple Internet Services ubd exe C Program Files x Canon Canon IJ Network Scan Utility CNMNSUT exe C Program Files x Yahoo Common YMailAdvisor exe C Program Files x Hewlett-Packard HP Quick Launch HPMSGSVC exe C Program Files x Common Files Java Java Update jusched exe C Program Files x Common Files Adobe ARM AdobeARM exe C Program Files x Citrix ICA Client concentr exe C Windows system wbem wmiprvse exe C Program Files x Common Files Research In Motion USB Drivers RIMBBLaunchAgent exe C Program Files x Citrix ICA Client wfcrun exe C Program Files x iTunes iTunesHelper exe C Program Files x Common Files Apple Apple Application Support distnoted exe C Windows system conhost exe C Program Files AVAST Software Avast AvastUI exe C Windows system SearchIndexer exe C Program Files x Hewlett-Packard Shared hpqWmiEx exe C Program Files iPod bin iPodService exe C Program Files Windows Media Player wmpnetwk exe C Windows system svchost exe -k LocalServiceAndNoImpe... Read more

A:win32:Sirefef-PL/win32:BitCoinMiner-U/win32:Malware-gen

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster. NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer. NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.Security CheckDownload Security Check by screen317 from here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt; please post the contents of that document.Run Combofix:You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<Combofix may need to reboot your computer more than once to do its job this is normal.You can download Combofix from one of these links.Link 1Link 2Link 31. Close any open browsers or any other programs that are open.2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.Double click on combofix.exe & follow the prompts.When finished, it will produce a report for you. Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stallNote 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer"information and logs"In your next post I need the following
Log from Combofixlet me know of any problems you may have had
How is the computer doing now?Gringo

http://www.bleepingcomputer.com/forums/t/466129/win32sirefef-plwin32bitcoinminer-uwin32malware-gen/
Relevancy 61.06%

Hello Bleeping A few days ago I removed Norton AV and installed MSSE MSSE detected Trojan Dropper Win Sirefef B and Rogue Win FakeRean For the past two full system scans MSSE has detected and removed the dropper and the last scan last night detected the Fake Rean The MSSE removals don t appear to be effective against the dropper Another peculiar thing when I installed MSSE a few days ago it told me my firewall was not up but when I go into MS Security Center it says that the firewall is quot ON quot Not sure if perhaps the Norton AV removal maybe wasn t complete and that I am getting quot false positives quot or if something is really there My logs are as follows DDS Ver - - - NTFSx Internet Explorer BrowserJavaVersion Run by Eric at on Win32 AND Dropper: Rogue: Fake Rean Infected Win32/Sirefef.B Trojan with - - Microsoft Windows XP Professional GMT - AV Microsoft Security Essentials Enabled Updated EDB FA - B - AFA- C D- CCA Running Processes C WINDOWS system svchost exe -k DcomLaunch svchost exe c Program Files Microsoft Security Client Antimalware MsMpEng exe C Program Files Trusteer Rapport bin RapportMgmtService exe C WINDOWS System svchost exe -k netsvcs C WINDOWS system svchost exe -k WudfServiceGroup svchost exe svchost exe C WINDOWS system spoolsv exe C WINDOWS Explorer EXE C WINDOWS MMKeybd exe C Program Files Microsoft Infected with Trojan Dropper: Win32/Sirefef.B AND Rogue: Win32 Fake Rean IntelliType Pro itype exe C Program Files Malwarebytes Anti-Malware mbamgui exe C Program Files iTunes iTunesHelper exe C Program Files BillP Studios WinPatrol winpatrol exe C Program Files Microsoft Security Client msseces exe C WINDOWS system ctfmon exe C Program Files Microsoft IntelliType Infected with Trojan Dropper: Win32/Sirefef.B AND Rogue: Win32 Fake Rean Pro dpupdchk exe C Program Files Netropa OSD exe svchost exe C Program Files Common Files Apple Mobile Device Support AppleMobileDeviceService exe C Program Files Bonjour mDNSResponder exe C Program Files Cobian Backup cbVSCService exe C WINDOWS system CTsvcCDA exe C WINDOWS eHome ehRecvr exe C WINDOWS eHome ehSched exe C Program Files Java jre bin jqs exe C Program Files LeapFrog LeapFrog Connect CommandService exe C Program Files Malwarebytes Anti-Malware mbamservice exe C Program Files Norton Safe Web Lite Engine ccSvcHst exe C WINDOWS system nvsvc exe C Program Files Common Files Roxio Shared SharedCOM RoxWatch exe svchost exe C WINDOWS system svchost exe -k imgsvc C Program Files Canon CAL CALMAIN exe C Program Files iPod bin iPodService exe C WINDOWS system dllhost exe C Program Files Mozilla Firefox firefox exe C Program Files Mozilla Firefox plugin-container exe Pseudo HJT Report uInternet Connection Wizard ShellNext hxxp www google com ig dell hl en amp client dell-usuk amp channel us amp ibd uInternet Settings ProxyOverride local BHO Adobe PDF Link Helper df c-e ad- -a -fa c ebdc - c program files common files adobe acrobat activex AcroIEHelperShim dll BHO Spybot-S amp D IE Protection - f - d - - d f - c progra spybot SDHelper dll BHO EWPBrowseObject Class f e- - e - aaf- bc a a be - c program files canon easy-webprint EWPBrowseLoader dll BHO Java Plug-In SSV Helper bb-d f - c-b eb-d daf d d - c program files java jre bin ssv dll BHO Java Plug-In SSV Helper dbc -a - b-bc - c c c a - c program files java jre bin jp ssv dll BHO JQSIEStartDetectorImpl Class e e f - ce- c -bc -eabfe f c - c program files java jre lib deploy jqs ie jqs plugin dll BHO Norton Safe Web Lite BHO f da e - b - fb-bc -ef cfb c ff - c program files norton safe web lite engine coIEPlg dll TB Easy-WebPrint c -e d- c -aa d- ac baba c - c program files canon easy-webprint Toolband dll TB Norton Safe Web Lite ceeea - - e - dd- bf cbb d - c program files norton safe web lite engine coIEPlg dll TB C B - - D - B - A CD F - No File uRun ctfmon exe c windows system ctfmon exe mRun DellTouch c windows MMKeybd exe mRun itype quot c program files microsoft intellitype pro itype exe quot mRun Malwarebyt... Read more

A:Infected with Trojan Dropper: Win32/Sirefef.B AND Rogue: Win32 Fake Rean

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Run Combofix:You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<Combofix may need to reboot your computer more than once to do its job this is normal.You can download Combofix from one of these links.Link 1Link 2Link 3 1. Close any open browsers or any other programs that are open.2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.Double click on combofix.exe & follow the prompts. When finished, it will produce a report for you. Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stallNote 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer"information and logs"In your next post I need the following
Log from Combofixlet me know of any problems you may have had
How is the computer doing now?Gringo

http://www.bleepingcomputer.com/forums/t/442048/infected-with-trojan-dropper-win32sirefefb-and-rogue-win32-fake-rean/
Relevancy 60.2%

Hy there

My eset Nod 32 antivirus 4 detected Win32/Sirefef.CH & Win32/Rootkit.Agent.NUS
I tried to remove them with Kaspersky removal tool, Malwarebytes anti-malware, SPYBOT
All Failed to delete this file C:\WINDOWS\assembly\GAC_MSIL\desktop.ini wich is a Win32/Sirefef.CH trojan
The other Win32/Rootkit.Agent.NUS trojan is in operating memory
My pc symptoms are: 1. can't acces a direct link....i have to press 3-4 times the Enter Key in browser..then page will load.
2. Pc is moving slow

A:infected by Win32/Sirefef.CH & Win32/Rootkit.Agent.NUS

HiPlease do the following:Please download TDSSKiller.zipExtract it to your desktopDouble click TDSSKiller.exePress Start Scan
Only if Malicious objects are found then ensure Cure is selectedThen click Continue > Reboot nowCopy and paste the log in your next reply
A copy of the log will be saved automatically to the root of the drive (typically C:\)NEXTDownload ComboFix from one of the following locations:Link 1 Link 2 VERY IMPORTANT !!! Save ComboFix.exe to your Desktop * IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here Double click on ComboFix.exe & follow the prompts.As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:Click on Yes, to continue scanning for malware.When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.Notes:1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

http://www.bleepingcomputer.com/forums/t/426726/infected-by-win32sirefefch-win32rootkitagentnus/
Relevancy 60.2%

Hi I tried the search but couldn t find any threads about Trojan Win Sirefef AB and Trojan Win Sirefef AN I apologise in advance if this is not the place to post this Trojan:Win32/Sirefef.AN files and Trojan:Win32/Sirefef.AB I m running an old Hp Pavilion using Windows XP Yesterday my computer was attacked by a virus Trojan:Win32/Sirefef.AB and Trojan:Win32/Sirefef.AN files that disabled Microsoft Security Essentials breaking the desktop shortcut and making it unusable I found that using a trial version of hitmanPro that the virus disables and redirects Microsoft Security Essentials s files However because the trial period was over I was unable to repair it I performed a system restore in safe mode The restore failed but it partially fixed Microsoft Security Essentials Immediately after I ran a quick scan using Malwarebytes in safe mode with networking It found a vendor called Rootkit Access that it was unable to remove even after a few repeated quick scans I downloaded and attempted to use the the Malwarebytes Anti-Rootkit tool but was unable to get it to work I then searched the internet about the file and found that TDSS Killer could help After running TDSS Killer and restarting in normal mode it managed to fix the issue and Microsoft Security Essentials notified that the computer was infected and gave the option to clean After cleaning it gave the option to restart the computer After restarting it found and two files called Trojan Win Sirefef AB and Trojan Win Sirefef AN under the All detected items under the History tab Clicking the delete history button gave the message Security Essentials couldn t remove some of the detected threats Class not registered Click Help for more information about this problem Error code x After that I restarted the computer in safe mode with networking and ran a scan with hitmanPro and a quick scan with Malwarebytes Nothing was found but as a precaution I ran a full scan with Malwarebytes After the scan it found items Rootkit Zaccess Trojan Access Trojan FakeApach and Rootkit Access files With a restart prompt Malwarebytes was able to remove them Subsequent full scans with Malwarebytes show no results Another TDSS Killer scan shows only suspicious files that default to skip However hitmanPro Malwarebytes and TDSS Killer cannot detect the Trojan Win Sirefef AB and Trojan Win Sirefef AN files that MSE has found Currently in normal mode with Microsoft Security Essentials I can scan cancel a scan and update MSE with the latest files However I cannot interrupt a scan delete items under the History tab and cannot change anything under the Settings tab including disabling real-time protection In properties the target location states Microsoft Security Client with the location being C Program Files Microsoft Security Client msseces exe I can access Windows Firewall without issues but upon start-up in normal mode the computer is slow with items slow to pop up on the notification part of the task bar At this point I m unsure as what to do When recommending actions please state what mode it should be done in I m not the most tech-savy person Also due to the age of the computer scans may take some time I apologise for any inconvenience this may cause I m using another computer to post this as I don t want to chance something else happening and I don t know if it would be safe to post the logs from the infected computer Thank you

A:Trojan:Win32/Sirefef.AB and Trojan:Win32/Sirefef.AN files

Hello moe, please run these next. Try all from Normal mode unless you cannot run them, then use safe mode with networking.Please download Rkill by Grinler and save it to your desktop.Link 1Link 2Double-click on the Rkill desktop icon to run the tool.If using Vista, right-click on it and Run As Administrator.A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.If not, delete the file, then download and use the one provided in Link 2.If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.If the tool does not run from any of the links provided, please let me know....Run TDSS againDownload TDSSKiller and save it to your desktop.Extract (unzip) its contents to your desktop.Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.If an infected file is detected, the default action will be Cure, click on Continue.If a suspicious file is detected, the default action will be Skip, click on Continue.It may ask you to reboot the computer to complete the process. Click on Reboot Now.If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here....Last run ESET.Hold down Control and click on this link to open ESET OnlineScan in a new window.Click the button.For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.Double click on the icon on your desktop.Check "YES, I accept the Terms of Use."Click the Start button.Accept any security warnings from your browser.Under scan settings, check "Scan Archives" and "Remove found threats" Click Advanced settings and select the following:Scan potentially unwanted applicationsScan for potentially unsafe applicationsEnable Anti-Stealth technologyESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.When the scan completes, click List ThreatsClick Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.Click the Back button.Click the Finish button.NOTE:Sometimes if ESET finds no infections it will not create a log.

http://www.bleepingcomputer.com/forums/t/511379/trojanwin32sirefefab-and-trojanwin32sirefefan-files/
Relevancy 59.34%

Hi I m having a terrible time with my desktop computer MSE detected a trojan sirefef P virus days ago After that detection when I did a Yahoo search I was being redirected to random ad sites finesearchsystem dot com star dot feedsmixer dot org etc I have run MSE Spybot S amp D Malwarebytes Kaspersky and Security Task Manager All have found some sort of malware but the sirefef keeps popping back up In addition I am unable to Win32/zbot win32/sirefef.P PWS trojan and turn on my windows firewall as there is an error code x The thing that concerns me the most is that MSE trojan win32/sirefef.P and PWS Win32/zbot in its history log shows that it allowed the sirefef P and zbot which means they made all kinds of settings changes and are probably embedded deep in my computer What steps can I take to remedy this I have been on another forum but have not been able to open a topic I found some instruction on some things I trojan win32/sirefef.P and PWS Win32/zbot could run to trojan win32/sirefef.P and PWS Win32/zbot get diagnostic info but haven t been able to post it Thanks

A:trojan win32/sirefef.P and PWS Win32/zbot

Hello,Please follow the instructions in ==>This Guide<== starting at step 6. If you cannot complete a step, skip it and continue.Once the proper logs are created, then post them in a reply to this topic by using the Add Reply button.If you can produce at least some of the logs, then please create the post and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Please note that I am not a member of the Malware Removal Team and will not be assisting you in removing the infection. I'm simply helping you to post the information they need in order to assist you.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.Orange Blossom

http://www.bleepingcomputer.com/forums/t/429987/trojan-win32sirefefp-and-pws-win32zbot/
Relevancy 58.91%

found with mse and scanned with malwarebytes no help just hoping someone can help dds file logs DDS Ver - - - NTFS AMD Internet Explorer BrowserJavaVersion Run by Sean at on - - Microsoft Windows Home Premium GMT - AV Microsoft Security Essentials Disabled Updated SP Windows Defender Disabled Updated SP Microsoft Security Essentials Disabled Updated dataLayer push 'event' 'ldfMDL' 'mdlLocLabel' 'forums' jQuery function Load dialog on page load modal cbox modal opacity containerCss backgroundColor c c c borderColor C height padding width onShow function dialog html body css overflow hidden if Android webOS iPhone iPad iPod BlackBerry IEMobile Opera Mini i test navigator userAgent 'body' css 'position' 'fixed' onClose function dialog html body css overflow auto if Android webOS iPhone iPad iPod removal trojan.win32/sirefef.ab and help trojan.win64/sirefef.p BlackBerry IEMobile Opera trojan.win64/sirefef.p and trojan.win32/sirefef.ab removal help Mini i test navigator userAgent 'body' css 'position' 'relative' modal close Running Processes C Windows system lsm exe C Windows system trojan.win64/sirefef.p and trojan.win32/sirefef.ab removal help svchost exe -k DcomLaunch C Windows system nvvsvc trojan.win64/sirefef.p and trojan.win32/sirefef.ab removal help exe C Program Files x NVIDIA Corporation D Vision nvSCPAPISvr exe C Windows system svchost exe -k RPCSS C Windows System svchost exe -k LocalServiceNetworkRestricted C Windows System svchost exe -k LocalSystemNetworkRestricted C Windows system svchost exe -k LocalService C Windows system svchost exe -k netsvcs C Windows system svchost exe -k GPSvcGroup C Windows system svchost exe -k NetworkService C Windows System spoolsv exe C Windows system svchost exe -k LocalServiceNoNetwork C Program Files NVIDIA Corporation Display nvxdsync exe C Windows system nvvsvc exe C Program Files x Common Files Apple Mobile Device Support AppleMobileDeviceService exe C Program Files x ASUS AXSP atkexComSvc exe C Program Files x ASUS AAHM aaHMSvc exe C Program Files x ASUS AsSysCtrlService AsSysCtrlService exe C Program Files Bonjour mDNSResponder exe C Windows SysWOW AsHookDevice exe C Windows system svchost exe -k LocalServiceAndNoImpersonation C Windows system IProsetMonitor exe C Program Files Microsoft LifeCam MSCamS exe C Windows System svchost exe -k HPZ C Program Files x NVIDIA Corporation NVIDIA Update Core daemonu exe C Windows System svchost exe -k HPZ C Windows SysWOW PnkBstrA exe C Windows system svchost exe -k NetworkServiceNetworkRestricted C Program Files x Microsoft BingBar SeaPort EXE C Program Files x Microsoft Application Virtualization Client sftvsa exe C Windows system svchost exe -k imgsvc C Program Files Common Files Microsoft Shared Windows Live WLIDSVC EXE C Program Files Common Files Microsoft Shared Windows Live WLIDSvcM exe C Program Files x Microsoft Application Virtualization Client sftlist exe C Program Files x Common Files Microsoft Shared Virtualization Handler CVHSVC EXE C Windows system taskhost exe C Windows system Dwm exe C Windows Explorer EXE C Program Files Realtek Audio HDA RAVCpl exe C Program Files x NVIDIA Corporation NVIDIA Update Core NvTmru exe C Users Sean AppData Local Akamai netsession win exe C Program Files x Steam Steam exe C Program Files Windows Sidebar sidebar exe C Users Sean AppData Local Akamai netsession win exe C Program Files x ASUS AI Manager AsShellApplication exe C Program Files x Razer Lycosa razerhid exe C Program Files x Intel Intel reg USB eXtensible Host Controller Driver Application iusb mon exe C Program Files x Razer Lycosa razertra exe C Program Files NVIDIA Corporation Display nvtray exe C Program Files iPod bin iPodService exe C Windows system SearchIndexer exe C Windows system taskeng exe C Program Files x ASUS AI Suite II AsRoutineController exe C Program Files Windows Media Player wmpnetwk exe C Program Files x Common Files Steam SteamService exe C Program Files x ASUS AI Suite II EPU EPUHelp exe C Program Files x Intel... Read more

A:trojan.win64/sirefef.p and trojan.win32/sirefef.ab removal help

Hello silencer626 I would like to welcome you to the Malware Removal section of the forum.Around here they call me Gringo and I will be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.-AdwCleaner-Please download AdwCleaner by Xplode onto your desktop.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click on Delete.Confirm each time with Ok.Your computer will be rebooted automatically. A text file will open after the restart.Please post the content of that logfile with your next answer.You can find the logfile at C:\AdwCleaner[S1].txt as well.-Junkware-Removal-Tool-Please download Junkware Removal Tool to your desktop.Shut down your protection software now to avoid potential conflicts.Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".The tool will open and start scanning your system.Please be patient as this can take a while to complete depending on your system's specifications.On completion, a log (JRT.txt) is saved to your desktop and will automatically open.Post the contents of JRT.txt into your next message.When they are complete let me have the two reports and let me know how things are running.Gringo

http://www.bleepingcomputer.com/forums/t/503232/trojanwin64sirefefp-and-trojanwin32sirefefab-removal-help/
Relevancy 56.33%

Hello everyone, sry if i make another post about this facking virus but as i saw around it sems to be different for everyone (the removing process)

here i am, from italy, praying for someone to help me to remove this facking bleep, the situation atm it's that on intervals of 3 minutes Microsfot Security Essentials find on my pc this 2 files

Tojan:Win32/Sirefef.AB
Tojan:Win64/Sirefef.P
and i don't know what to do.. anyone that it's able to help me ?

EDIT: i'm running Windows 7 ultimate edition 64 bit service pack 1

A:Trojan:Win32/Sirefef.AB + Trojan:Win64/Sirefef.P NEED HELP PLEASE!

anyone that can help me ? that thing it's stealing all my passwords!

http://www.bleepingcomputer.com/forums/t/456319/trojanwin32sirefefab-trojanwin64sirefefp-need-help-please/
Relevancy 56.33%

Hi there i kept Trojan:Win32/sirefef.AK and Trojan:Win64/sirefef.M getting a virus that AVG couldn t remove which AVG wouldn t stop popping up about so i tried a different anti virus software MSE which seemed to have i would believe half fixed the problem as symptoms from the virus before like redirected webpages etc MSE managed to stop however MSE is having trouble dealing with Trojan Win sirefef M and Trojan Win sirefef AK now i saw a topic posted about the win which suggested to using combofix which this Trojan:Win64/sirefef.M and Trojan:Win32/sirefef.AK site stats do not use unless asked too so i wanted to do things by the book or you guys about the problem i have used combofix before on the same machine to remove another virus before a while ago maybe a year ago a Step by step method of removing the virus and what the virus actually do so i know how bad it is for future reference Thank you Using an AZUS ROG laptop with windows Edit Moved topic from Windows to the more appropriate forum Animal

A:Trojan:Win64/sirefef.M and Trojan:Win32/sirefef.AK

DownloadTDSSkillerLaunch it.Click on change parameters-Select TDLFS file systemClick on "Scan".Please post the LOG report(log file should be in your C drive) DownloadaswMBRLaunch it, allow it to download latest Avast! virus definitionsClick the "Scan" button to start scan.After scan finishes,click on Save logPost the log results hereDownloadESET online scannerInstall itClick on START,it should download the virus definitionsWhen scan gets completed,click on LIST of found threatsExport the list to desktop,copy the contents of the text file in your reply

http://www.bleepingcomputer.com/forums/t/457615/trojanwin64sirefefm-and-trojanwin32sirefefak/
Relevancy 56.33%

Hi, I'm from Portugal and I'm getting frustrated because I can't remove this virus.

Microsoft Security Essentials is finding 2 files I can't remove when I reboot the computer. When I reboot, MSE continues to find those files.

I'm running Windows 7 Home Premium Edition 64 bit service pack 1.

Please help me!

A:Trojan:Win32/Sirefef.AB and Trojan:Win64/Sirefef.P

Help me, please. I don't know what to do.

http://www.bleepingcomputer.com/forums/t/456667/trojanwin32sirefefab-and-trojanwin64sirefefp/
Relevancy 56.33%

Hello win32/sirefef.ab, win64/sirefef.m win64/sirefef.p and and Welcome to Bleeping Computer My name is Gringo and I ll be glad to help you with your malware problems I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless win32/sirefef.ab, win64/sirefef.p and win64/sirefef.m instructed to do so strong We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine and running any additional tools may detect false positives interfere with our tools or cause unforeseen damage or system instability Please do not attach logs or use code boxes just copy and paste the text strong Due to the high volume of logs we receive it helps to receive everything in the same format and code boxes make the logs very difficult to read Also attachments require us to download and open the reports when it is easier to just read the reports in your post Please read every post completely before doing anything strong Pay special attention to the NOTE lines these entries identify an individual issue or important step in the cleanup process Please provide feedback about your experience as we go strong A short statement describing how the computer is working helps us understand where to go next for example I am still getting redirected the computer is running normally etc Please do not describe the computer as quot the same quot this requires the extra step of looking back at your previous post NOTE At the top of your post click on the Watch Topic Button select Immediate Notification and click on Proceed This will send you an e-mail as soon as I reply to your topic allowing us to resolve the issue faster NOTE Backup any files that cannot be replaced Removing malware can be unpredictable and this step can save a lot of hartaches if things don t go as planed You can put them on a CD DVD external drive or a pen drive anywhere except on the computer NOTE It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process To open notepad navigate to Start Menu gt All Programs gt Accessories gt Notepad Please remember to copy the entire post so you do not miss any instructions download Farbar Recovery Scan Tool x and save it to a flash drive Plug the flashdrive into the infected PC Enter System Recovery Options To enter System Recovery Options from the Advanced Boot Options Restart the computer As soon as the BIOS is loaded begin tapping the F key until Advanced Boot Options appears Use the arrow keys to select the Repair your computer menu item Select US as the keyboard language settings and then click Next Select the operating system you want to repair and then click Next Select your user account an click Next To enter System Recovery Options by using Windows installation disc Insert the installation disc Restart your computer If prompted press any key to start Windows from the installation disc If your computer is not configured to start from a CD or DVD check your BIOS settings Click Repair your computer Select US as the keyboard language settings and then click Next Select the operating system you want to repair and then click Next Select your user account and click Next On the System Recovery Options menu you will get the following options Startup RepairSystem RestoreWindows Complete PC RestoreWindows Memory Diagnostic ToolCommand Prompt Select Command Prompt In the command window type in notepad and press Enter The notepad opens Under File menu select Open Select quot Computer quot and find your flash drive letter and close the notepad In the command window type e frst exe for x bit version type e frst and press Enter Note Replace letter e with the drive letter of your flash drive The tool will start to run When the tool opens click Yes to disclaimer Press Scan button It will make a log FRST txt on the flash dr... Read more

A:win32/sirefef.ab, win64/sirefef.p and win64/sirefef.m

Hi Gringo
Thanks for your help. my firewall is down and i am lost on what to do. i have done what you asked and hope its ok.
what is this sirefef ? seems like it wants to stay.

Scan result of Farbar Recovery Scan Tool Version: 16-05-2012
Ran by SYSTEM at 16-05-2012 19:15:34
Running from F:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [10151968 2010-05-20] (Realtek Semiconductor)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
HKLM-x32\...\Run: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [113296 2010-03-29] (NEC Electronics Corporation)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1259376 2011-07-28] ()
HKU\Gary\...\Run: [Updater] C:\Users\Gary\AppData\Roaming\Updater\updateloader.exe [25088 2011-10-03] ()
HKU\Gary\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized [17351304 2011-10-13] (Skype Technologies S.A.)
HKU\Gary\...\Run: [Advanced SystemCare 5] "C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart [574296 2012-03-06] (IObit)
HKU\Gary\...\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent [1242448 2012-05-03] (Valve Corporation)
HKU\Gary\...\Run: [Google] C:\Users\Gary\AppData\Roaming\googleoez.exe [102400 2012-04-02] ()
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

==================== Services (Whitelisted) ======

2 AdvancedSystemCareService5; C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [913752 2012-03-14] (IObit)
2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [75136 2011-07-08] ()
2 MsMpSvc; "c:\Program Files\Microsoft Security Client\MsMpEng.exe" [x]
3 NisSrv; "c:\Program Files\Microsoft Security Client\NisSrv.exe" [x]

========================== Drivers (Whitelisted) =============

1 AsIO; C:\Windows\SysWow64\Drivers\AsIO.sys [13440 2009-08-03] ()
1 dtsoftbus01; C:\Windows\System32\Drivers\dtsoftbus01.sys [283200 2012-03-11] (DT Soft Ltd)
1 eybevjlo; C:\Windows\System32\Drivers\eybevjlo.sys [50000 2012-05-16] (Microsoft Corporation)
3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-15] ()
3 nusb3hub; C:\Windows\System32\Drivers\nusb3hub.sys [78336 2010-02-24] (NEC Electronics Corporation)
3 nusb3xhc; C:\Windows\System32\Drivers\nusb3xhc.sys [181248 2010-02-24] (NEC Electronics Corporation)
3 NvStUSB; C:\Windows\System32\Drivers\NvStUSB.sys [291648 2011-10-15] (NVIDIA Corporation)
3 PID_0928; C:\Windows\System32\DRIVERS\LV561V64.SYS [582680 2007-10-11] (Logitech ... Read more

http://www.bleepingcomputer.com/forums/t/453856/win32sirefefab-win64sirefefp-and-win64sirefefm/
Relevancy 56.33%

Please run the following download Farbar Recovery Scan Tool and save it to a flash drive Plug the flashdrive into the infected PC Enter System Recovery present. minute. sirefef.w keeps sirefef.b Win64/Sirefef.y cannot on 1 Firewall turn Laptop every rebooting Options To enter System Recovery Options from the Advanced Boot Options Restart the computer As soon as the BIOS is loaded begin tapping the F key until Advanced Boot Options appears Use the arrow keys to select the Repair your computer menu item Choose your language settings and then click Next Select the operating system you want to repair and then click Next Select your user account and click Win64/Sirefef.y sirefef.w sirefef.b present. Laptop keeps rebooting every 1 minute. Firewall cannot turn on Next To enter System Recovery Options by using Windows installation disc Insert the installation disc Restart your computer If prompted press any key to start Windows from the installation disc If your computer is not configured to start from a CD or DVD check your BIOS settings Click Repair your computer Choose your language settings and then click Next Select the operating system you want to repair and then click Next Select your user account an click Next On the System Recovery Options menu you will get the following options Startup RepairSystem RestoreWindows Complete PC RestoreWindows Memory Diagnostic ToolCommand Prompt Select Command Prompt In the command window type in notepad and press Enter The notepad opens Under File menu select Open Select quot Computer quot and find your flash drive letter and close the notepad In the command window type e frst exe for x bit version type e frst and press Enter Note Replace letter e with the drive letter of your flash drive The tool will start to run When the tool opens click Yes to the disclaimer Place a check next to List Drivers MD as well as the default check marks that are already there Press Scan button FRST will let you know when the scan is complete and has written the FRST txt to file close out this message then type the following into the search box services exe now press the search button when the search is complete search txt will also be written to your USB type exit and reboot the computer normally please copy and paste both logs in your reply FRST txt and Search txt list

A:Win64/Sirefef.y sirefef.w sirefef.b present. Laptop keeps rebooting every 1 minute. Firewall cannot turn on

Hi,

Thanks for the reply.

Scan result of Farbar Recovery Scan Tool Version: 25-07-2012 01
Ran by SYSTEM at 29-07-2012 11:19:09
Running from F:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe -set Silent "1" SplashURL "" [1111568 2011-10-08] (Trend Micro Inc.)
HKLM\...\Run: [ETDCtrl] %ProgramFiles%\Elantech\ETDCtrl.exe [2589992 2011-04-12] (ELAN Microelectronics Corp.)
HKLM\...\Run: [AtherosBtStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe" [617120 2011-03-13] (Atheros Commnucations)
HKLM\...\Run: [Trend Micro Client Framework] "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [197152 2011-02-10] (Trend Micro Inc.)
HKLM\...\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
HKLM-x32\...\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe /S [731472 2011-02-23] (ecareme)
HKLM-x32\...\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5732992 2010-08-17] (ASUS)
HKLM-x32\...\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" [x]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [624248 2007-05-10] (Adobe Systems Inc.)
HKLM-x32\...\Run: [] [x]
HKU\Default\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [x]
HKU\Default User\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [x]
HKU\Lee Han Siang\...\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\UpdatusUser\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [x]
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
AppInit_DLLs: C:\Windows\system32\nvinitx.dll
IMEO\asusvibelauncher.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IMEO\asuswspanel.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IMEO\backache.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64... Read more

http://www.bleepingcomputer.com/forums/t/462650/win64sirefefy-sirefefw-sirefefb-present-laptop-keeps-rebooting-every-1-minute-firewall-cannot-turn-on/
Relevancy 55.9%

I installed Microsoft security essential and ran a full scan of the system But I found out that my windows is attacked by Trojan win Sirefef W Trojan win Sirefef M and Trojan win Sirefef AK Microsoft security essentials was unable to remove them The main issue that I have been facing since this incident is that windows can t update Firewall settings the following message is displayed quot Windows Firewall cant change some with and Trojan:win64/Sirefef.W, Infected Trojan:win32/Sirefef.AK Trojan:win64/Sirefef.M of your settings Error code x quot Additionally the antivirus program quot Microsoft security essential quot keeps on detecting the above mentioned malwares and asks to delete these files Once deleted it asks for a Infected with Trojan:win64/Sirefef.W, Trojan:win64/Sirefef.M and Trojan:win32/Sirefef.AK reboot After restart again these viruses are re-created and its been happening for the last couple of weeks sea In order to resolve this issue I searched the internet and found http www bleepingcomputer com so I posted a topic regarding this issue and I have been recieving help from one of your experts Here s the link of this topic http www bleepingcomputer com forums topic html page gopid entry Now that problem persists I have been asked for the elevated help and to post a new topic here I am glad to know that your team is so dedicated for our help As I am using -bit version of windows so only DDS logs were created DDS txt logs are given below and attach txt is been attached as well DDS Ver - - - NTFSAMD Internet Explorer BrowserJavaVersion Run by Ahmad at on - - Microsoft Windows Home Premium GMT AV Microsoft Security Essentials Enabled Updated EA - D C- DFB- - E E F F SP Windows Defender Disabled Updated D DDC A- F- fae- E -DA C ACF SP Microsoft Security Essentials Enabled Updated C BB - B - - A - B A B B Running Processes C Windows system wininit exeC Windows system lsm exeC Windows system svchost exe -k DcomLaunchC Windows system nvvsvc exeC Program Files x NVIDIA Corporation D Vision nvSCPAPISvr exeC Windows system svchost exe -k RPCSSC Program Files Microsoft Security Client MsMpEng exeC Windows System svchost exe -k LocalServiceNetworkRestrictedC Windows System svchost exe -k LocalSystemNetworkRestrictedC Windows system svchost exe -k netsvcsC Windows system svchost exe -k LocalServiceC Program Files NVIDIA Corporation Display nvxdsync exeC Windows system nvvsvc exeC Windows system svchost exe -k NetworkServiceC Windows system WLANExt exeC Windows system conhost exeC Windows System spoolsv exeC Program Files SUPERAntiSpyware SASCORE EXEC Program Files x Common Files Adobe ARM armsvc exeC Program Files Bonjour mDNSResponder exeC Windows System svchost exe -k LocalServiceNoNetworkC Program Files x Microsoft BingBar SeaPort EXEC Windows system svchost exe -k imgsvcC Program Files x Toshiba TEMPRO TemproSvc exeC Windows system TODDSrv exeC Program Files TOSHIBA Power Saver TosCoSrv exeC Program Files x TuneUp Utilities TuneUpUtilitiesService exeC Program Files Common Files Microsoft Shared Windows Live WLIDSVC EXEC Program Files TOSHIBA TECO TecoService exeC Program Files Common Files Microsoft Shared Windows Live WLIDSvcM exeC Windows servicing TrustedInstaller exeC Windows system taskhost exeC Program Files x TuneUp Utilities TuneUpUtilitiesApp exeC Windows system Dwm exeC Windows Explorer EXEC Program Files TOSHIBA BulletinBoard TosNcCore exeC Program Files TOSHIBA ReelTime TosReelTimeMonitor exeC Program Files TOSHIBA Power Saver TPwrMain exeC Program Files TOSHIBA FlashCards TCrdMain exeC Program Files Synaptics SynTP SynTPEnh exeC Program Files TOSHIBA TECO Teco exeC Program Files Microsoft Security Client msseces exeC Program Files Windows Sidebar sidebar exeC Program Files x Samsung Kies External FirmwareUpdate KiesPDLR exeC Windows system svchost exe -k LocalServiceAndNoImpersonationC Program Files Synaptics SynTP SynTPHelper exeC Program Files x Internet Download Manager IDMan exeC Program Files SUPERAntiSpywa... Read more

A:Infected with Trojan:win64/Sirefef.W, Trojan:win64/Sirefef.M and Trojan:win32/Sirefef.AK

Hello and Welcome to Bleeping Computer!!My name is Gringo and I'll be glad to help you with your malware problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster. NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer. NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.download Farbar Recovery Scan Tool x64 and save it to a flash drive. Plug the flashdrive into the infected PC. Enter System Recovery Options. To enter System Recovery Options from the Advanced Boot Options: Restart the computer. As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears. Use the arrow keys to select the Repair your computer menu item. Select US as the keyboard language settings, and then click Next. Select the operating system you want to repair, and then click Next. Select your user account an click Next.To enter System Recovery Options by using Windows installation disc: Insert the installation disc. Restart your computer. If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings. Click Repair your computer. Select US as the keyboard language settings, and then click Next. Select the operating system you want to repair, and then click Next. Select your user account and click Next.On the System Recovery Options menu you will get the following options: Startup Repair System Restore Windows Complete PC Restore Windows Memory Diagnostic Tool Command Prompt[*]Select Command Prompt [*]In the command window type in notepad and press Enter. [*]The notepad opens. Under File menu select Open. [*]Select "Computer" and find your flash drive letter and close the notepad. [*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter Note: Replace letter e with the drive letter of your flash drive. [*]The tool will start to run. [*]When the tool opens click Yes to disclaime... Read more

http://www.bleepingcomputer.com/forums/t/456344/infected-with-trojanwin64sirefefw-trojanwin64sirefefm-and-trojanwin32sirefefak/
Relevancy 55.47%

Good day Sir

I am currently using AVG anti-virus. I discovered yesterday that my pc was infected with the above when a pop up appeared from AVG Resident Shield Alert.
Filename : c:\WINDOWS\System32\services.exe
Threat warning: Trojan horse patched_c.LZI detected when open

I searched online & followed to thsi forum. I ran esetscan & found this:
C:\Downloads\Software\apex-video-converter-free.exe multiple threats
C:\WINDOWS\Installer\{9081a400-93a1-c7e5-1756-88339bbd685a}\U\[email protected] Win64/Agent.BA trojan
C:\WINDOWS\Installer\{9081a400-93a1-c7e5-1756-88339bbd685a}\U\[email protected] Win64/Sirefef.AE trojan
C:\WINDOWS\Installer\{9081a400-93a1-c7e5-1756-88339bbd685a}\U\[email protected] a variant of Win32/Sirefef.FD trojan
Operating memory a variant of Win32/Sirefef.EZ trojan
I would appreciatte whatever help in overcoming this threat.

Thank you & looking forward to your advice.
D

A:Win64/Agent.BA trojan, Win32/Sirefef.FD trojan & Sirefef.AE trojan

Hello,Please follow the instructions in ==>This Guide<== starting at step 6. If you cannot complete a step, skip it and continue.Once the proper logs are created, then post them in a reply to this topic by using the Add Reply button.If you can produce at least some of the logs, then please create the post and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Please note that I am not a member of the Malware Removal Team and will not be assisting you in removing the infection. I'm simply helping you to post the information they need in order to assist you.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.Orange Blossom

http://www.bleepingcomputer.com/forums/t/461827/win64agentba-trojan-win32sirefeffd-trojan-sirefefae-trojan/
Relevancy 55.47%

Hello i post my problem here as it seems the only place where i ve found people who actually know what they re talking about I have a Sony Vaio Laptop running windows bit infected with the sirefef virus Microsoft security essentials shows that it found Trojan Win Sirefef Trojan Win Sirefef Y Virus Win Sirefef B Trojan Win Sirefef Z Trojan Win Sirefef W Every time i boot the computer MSE finds these infections and prompts me after a minute to restart in order to complete the removal But every time it reboots the message is still there I tried installing Malwarebytes but it won t let me cause it says quot access denied quot or something like that Sorry for not providing any more information but i can use my pc for a couple of minutes every time cause it reboots automatically I followed your instructions and scanned with DDS I attach the attach txt file it generated I look forward to hearing from you as i really need the laptop for my university studies and i m in the middle of the exams period Thank you for your time P S rebooting keeps every sirefef.w present. 1 sirefef.b Win64/Sirefef.y minute Laptop If i restore my whole Win64/Sirefef.y sirefef.w sirefef.b present. Laptop keeps rebooting every 1 minute system Win64/Sirefef.y sirefef.w sirefef.b present. Laptop keeps rebooting every 1 minute to factory settings is the problem going to persist Cause if it s not i will do it in a heartbeat Only problem is that i am afraid of infecting my external hard drive which would be already infected if the virus spreads to external devices Would that be the case Will i need to clean my external HDD too

A:Win64/Sirefef.y sirefef.w sirefef.b present. Laptop keeps rebooting every 1 minute

Hello and welcome. Please follow these guidelines while we work on your PC:Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I?ve given you the ?All clear.? Absence of symptoms does not mean your machine is clean! Please do not run any scans or install/uninstall any applications without being directed to do so.Please note that the forum is very busy and if I don't hear from you within five days this thread will be closed. Download Farbar Recovery Scan Tool x64 and save it to a flash drive.Plug the flashdrive into the infected PC.Enter System Recovery Options. To enter System Recovery Options from the Advanced Boot Options:Restart the computer.As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.Use the arrow keys to select the Repair your computer menu item.Select US as the keyboard language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account an click Next.To enter System Recovery Options by using Windows installation disc:Insert the installation disc.Restart your computer.If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.Click Repair your computer.Select US as the keyboard language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account and click Next.On the System Recovery Options menu you will get the following options:Startup RepairSystem RestoreWindows Complete PC RestoreWindows Memory Diagnostic ToolCommand Prompt[*]Select Command Prompt[*]In the command window type in notepad and press Enter.[*]The notepad opens. Under File menu select Open.[*]Select "Computer" and find your flash drive letter and close the notepad.[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter Note: Replace letter e with the drive letter of your flash drive.[*]The tool will start to run.[*]When the tool opens click Yes to disclaimer.[*]Press Scan button.[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]

http://www.bleepingcomputer.com/forums/t/457633/win64sirefefy-sirefefw-sirefefb-present-laptop-keeps-rebooting-every-1-minute/
Relevancy 55.47%

Running current version of -avast Internet Security- and -ESET Online Scanner- detected Win Sirefef-PL Rtk Several attempts to Win32:Sirefef-PL [Rtk] remove it using avast including running in safe mode have been unsuccessful While each scan indicates it has been moved to Virus Chest subsequent scans indicate it is still present Any assistance Win32:Sirefef-PL [Rtk] will be greatly appreciated Thanks DDS text Win32:Sirefef-PL [Rtk] as follows DDS Ver - - - NTFSAMD Internet Explorer BrowserJavaVersion Run by E at on - Win32:Sirefef-PL [Rtk] - Microsoft Windows Professional GMT - AV McAfee Anti-Virus and Anti-Spyware Enabled Updated - - EA -ABB - B EB SP Windows Defender Disabled Updated D DDC A- F- fae- E -DA C ACF SP McAfee Anti-Virus and Anti-Spyware Enabled Updated D B - E- - - C A FW McAfee Firewall Enabled BE ED - A B- FFF- EC-B C Running Processes C Windows system wininit exe C Windows system lsm exe C Windows system svchost exe -k DcomLaunch C Windows system nvvsvc exe C Windows system svchost exe -k RPCSS C Windows System svchost exe -k LocalServiceNetworkRestricted C Windows System svchost exe -k LocalSystemNetworkRestricted C Windows system svchost exe -k netsvcs C Program Files IDT WDM STacSV exe C Windows system svchost exe -k LocalService C Windows system WUDFHost exe C Windows system svchost exe -k NetworkService C Program Files NVIDIA Corporation Display NvXDSync exe C Windows system nvvsvc exe C Program Files AVAST Software Avast AvastSvc exe C Program Files Common Files SPBA upeksvr exe C Windows system wbem wmiprvse exe C Program Files AVAST Software Avast afwServ exe C Windows System spoolsv exe C Program Files Broadcom Corporation Broadcom USH Host Components CV bin HostControlService exe C Program Files Broadcom Corporation Broadcom USH Host Components CV bin HostStorageService exe C Windows system svchost exe -k LocalServiceAndNoImpersonation C Program Files Dell Dell Data Protection Access Advanced Wave Trusted Drive Manager TdmService exe C Program Files x Common Files Adobe ARM armsvc exe C Windows system taskhost exe C Windows system Dwm exe C Windows Explorer EXE C Program Files IDT WDM AESTSr exe C Program Files x Cisco Systems VPN Client cvpnd exe c Program Files Dell Dell System Manager DCPSysMgrSvc exe C Windows System svchost exe -k LocalServiceNoNetwork C Windows system IProsetMonitor exe C Program Files x Intel Services IPT jhi service exe C Windows system DRIVERS o flash exe c Windows SysWOW srvany exe c Windows sysWOW SDIOAssist exe C Program Files Common Files Intel WirelessCommon RegSrvc exe C Program Files x NVIDIA Corporation D Vision nvSCPAPISvr exe C Windows system svchost exe -k imgsvc C Program Files Common Files Microsoft Shared Windows Live WLIDSVC EXE C Program Files Common Files Microsoft Shared Windows Live WLIDSvcM exe C Program Files DellTPad Apoint exe C Program Files IDT WDM sttray exe C Windows System igfxtray exe C Windows System hkcmd exe C Windows System igfxpers exe C Program Files x STMicroelectronics AccelerometerP FF Protection exe C dell DBRM Reminder DbrmTrayicon exe C Program Files DellTPad ApMsgFwd exe C Program Files DellTPad Apntex exe C Windows system conhost exe C Program Files DellTPad HidFind exe C Program Files Microsoft IntelliPoint ipoint exe C Program Files Dell Dell System Manager DCPSysMgr exe C Program Files x WinZip WZQKPICK EXE C Windows system SearchIndexer exe C Program Files x CyberLink PowerDVD PDVD Serv exe C Program Files x Roxio OEM Roxio Burn RoxioBurnLauncher exe C Program Files x Citrix ICA Client concentr exe C Program Files AVAST Software Avast AvastUI exe C Program Files x Citrix ICA Client wfcrun exe C Windows system igfxext exe C Windows system igfxsrvc exe C Program Files x Intel Intel reg Management Engine Components IMSS PrivacyIconClient exe C Program Files x Intel Intel reg Management Engine Components LMS LMS exe C Program Files x Intel Intel reg Management Engine Components UNS UNS exe C Program Files x NVIDIA Corporation NVIDI... Read more

A:Win32:Sirefef-PL [Rtk]

The following files are returned as infected by avast:
Win32:Sirefef-PL[Rtk]

C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini

http://www.bleepingcomputer.com/forums/t/461928/win32sirefef-pl-rtk/
Relevancy 55.47%

As per Boopme... not successful on step 8 of prep guide. Downloaded the file, but it was already extracted, named 8vj582mc.exe and didn't fit the instruction set. Link two resulted in no additional downloads. Am attaching files from step 7. Many thanks!!!

A:Win32:Sirefef-PL [Rtk]

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster. NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer. NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.Security CheckDownload Security Check by screen317 from here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt; please post the contents of that document.Run Combofix:You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<Combofix may need to reboot your computer more than once to do its job this is normal.You can download Combofix from one of these links.Link 1Link 2Link 3 1. Close any open browsers or any other programs that are open.2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.Double click on combofix.exe & follow the prompts. When finished, it will produce a report for you. Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stallNote 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer"information and logs"In your next post I need the following
Log from Combofixlet me know of any problems you may have had
How is the computer doing now?Gringo

http://www.bleepingcomputer.com/forums/t/459712/win32sirefef-pl-rtk/
Relevancy 55.47%

One of my employees, notified me today that they are getting virus alert via CA for...

Sirefef.FY
Sirefef.GY
Sirefef.GL
Sirefef.GK

Her laptop is personal and work. I informed her about you guys and she gave me her laptop hoping you guys can help me.

About a month ago her whole Photoshop suite crashed and even after spending days on the phone with Adobe still remains not working, she is a professional graphic artist. So that was a hard hit for her, but she uses one of the laptops in the office if she needs to. Not sure if that is related or not. Because she was updating her usb drive it updates with or through Adobe and after she finished is when CA popped up the alert.

A:Win32/sirefef

DownloadTDSSkillerLaunch it.Click on change parameters-Select TDLFS file systemClick on "Scan".Please post the LOG report(log file should be in your C drive) Do not change the default options on scan resultsDownloadaswMBRLaunch it, allow it to download latest Avast! virus definitionsClick the "Scan" button to start scan.After scan finishes,click on Save logPost the log results hereDownloadESET online scannerInstall itClick on START,it should download the virus definitionsWhen scan gets completed,click on LIST of found threatsExport the list to desktop,copy the contents of the text file in your reply

http://www.bleepingcomputer.com/forums/t/465107/win32sirefef/
Relevancy 55.47%

I am not very computer literate but will do my best to win32/sirefef.o explain I got a scan result saying that I have this trojan My virus software is not working correctly and will not scan a complete scan I have backed up my computer because that seemed like the thing to do I don t want to sound stupid but does that mean my pictures will be saved I have done all steps listed on here to post a problem but for some reason I cannot get the page for gmr to open up I have the long list of stuff saved on notepad Since my computer is backed up what if I just take everything off and put it back on again would that be easier I really need help and someone patient as I am trying to take care of my year old son and do it at the same time with barely computer experience Thanks so much for your time nbsp

Relevancy 55.47%

So about a week ago I was watching game of thrones on www movie k to and my symantec endpoint protection put up a warning that said I had a trojan horse then the list began to multiply rapidly its the same four names but the list just gets insanly long the names are win32.sirefef.r cb So I ran the full scan from symantec and it found I had a trojan horse named win sirefef r win32.sirefef.r along with a hundred or so of the four listed above however it was unable to delete or quarantine the win sirefef win32.sirefef.r r So I downloaded Ad-Aware win32.sirefef.r since in the past this usually helped clear infections quickly so I ran the full scan and it found the win sirefef r virus an many tracking cookies but the other four which it said it deleted them so I ran the quick scan afterward and in seconds it picked up the virus again however it wont quarantine delete or do anything to it and now if im not in safemode it wont even open the program so I turned my troubles to the internet where i learned symptoms of the win sirefef r virus and now know i have actually had the virus since january its just now at its worst level I read online that malwarebytes and tdsskiller exe are good at deleting win sirefef o so i figured it would work for me too Wrong I scanned with both of them in safe mode then rebooted and before the start bar even appeared symantec kept flagging the same for trojan horses i listed above I have gone through control panel and removed several programs that i know i didnt install however a couple still remain they are whitesmoke toolbar ask toolbar and they wont let me delete them and now my symantec is locked by the admin which is logically the virus protecting itself from being deleted ad-aware says the infected file on my laptop is c windows system services exe i have tried everything i have learned to fix this infection I normally have my sisters boyfriend fix these kinds of things but im outta town and dont have the time to stop and bug him to fix it for me so please help

A:win32.sirefef.r

Please run the following:download Farbar Recovery Scan Tool and save it to a flash drive.Plug the flashdrive into the infected PC.Enter System Recovery Options. To enter System Recovery Options from the Advanced Boot Options:Restart the computer.As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.Use the arrow keys to select the Repair your computer menu item.Choose your language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account and click Next.To enter System Recovery Options by using Windows installation disc:Insert the installation disc.Restart your computer.If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.Click Repair your computer.Choose your language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account an click Next.On the System Recovery Options menu you will get the following options:Startup RepairSystem RestoreWindows Complete PC RestoreWindows Memory Diagnostic ToolCommand Prompt[*]Select Command Prompt[*]In the command window type in notepad and press Enter.[*]The notepad opens. Under File menu select Open.[*]Select "Computer" and find your flash drive letter and close the notepad.[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter Note: Replace letter e with the drive letter of your flash drive.[*]The tool will start to run.[*]When the tool opens click Yes to the disclaimer.[*]Place a check next to List Drivers MD5 as well as the default check marks that are already there[*]Press Scan button.[*]FRST will let you know when the scan is complete and has written the FRST.txt to file, close out this message, then type the following into the search box:services.exe[*]now press the search button[*]when the search is complete, search.txt will also be written to your USB[*]type exit and reboot the computer normally[*]please copy and paste both logs in your reply.(FRST.txt and Search.txt)[/list]

http://www.bleepingcomputer.com/forums/t/461211/win32sirefefr/
Relevancy 55.47%

Hello, I am new to this form. My computer too is infected with the win32. Alerts kept popping up, I have ran malware bytes scanner and removed it but it keeps coming back.

I have also downloaded Combofix but have not run it because I dont want to do any additional damage? Any help would be appreciated

Thanks

A:win32 sirefef

Hello, Yes wait until asked to run it.We need a deeper look. Please go here....Preparation Guide ,do steps 6-9.Create a DDS log and post it in the new topic explained in step 9 which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.If GMER won't run (it may not on a 64 bit system) skip it and move on.Let me know if that went well.

http://www.bleepingcomputer.com/forums/t/463100/win32-sirefef/
Relevancy 55.47%

Hi there,

It seems I have a virus and I have absolutely no idea what to do. I've run avast but it is unable to move it to the chest as it says it is read only - ran a scan with malware bytes and it found three things and seemed to manage to get rid of them successfully however avast is still picking them up in a full scan even though a full scan with malware bytes is finding nothing. The computer itself seems to be running perfectly fine at the minute other than avast picking up the virus. I am a bit of a newbie with this sort of stuff and any help would be greatly appreciated. Thanks

A:Win32:Sirefef-AII [Rtk]

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your malware problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer. NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.-Security Check-Download Security Check by screen317 from here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt; please post the contents of that document.-AdwCleaner-Please download AdwCleaner by Xplode onto your desktop.
Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click on Delete.Confirm each time with Ok.Your computer will be rebooted automatically. A text file will open after the restart.Please post the content of that logfile with your next answer.You can find the logfile at C:\AdwCleaner[S1].txt as well.--RogueKiller-- Download & SAVE to your Desktop RogueKiller or from here
Quit all programs that you may have started. Please disconnect any USB or external drives from the computer before you run this scan! For Vista or Windows 7, right-click and select "Run as Administrator to start"For Windows XP, double-click to start. Wait until Prescan has finished ... Then Click on "Scan" button Wait until the Status box shows "Scan Finished"click on "delete" Wait until the Status box shows "Deleting Finished" Click on "Report" and copy/paste the content of the Notepad into your next reply.The log should be found in RKreport[1].txt on your DesktopExit/Close RogueKiller+Gringo

http://www.bleepingcomputer.com/forums/t/482716/win32sirefef-aii-rtk/
Relevancy 55.47%

I have two instances of this trojan which eset was unable to remove I originally posted here http www bleepingcomputer com forums topic htmlHello Let me thank you in advance for your assistance and let you know I will be making a donation as well I have checked out several forums and bleeping computer definitely has the best guidance that I have found My PC is running Windows XP Pro It is infected with a redirect virus and some other malicious ones that rewrite code Using eset online scanner identified files of which only could be deleted Here is the text file of the scan results Please advise on next steps to fully rid my system of these trojans viruses Thank you My intent is to clean out the system and then upgrade to Windows Win32.sirefef.CV C WINDOWS exe Win Sirefef CT cleaned by deleting - quarantinedC WINDOWS KMSEmulator exe Win32.sirefef.CV a variant of Win HackKMS A application cleaned by Win32.sirefef.CV deleting - quarantinedC WINDOWS assembly GAC MSIL Desktop ini a variant of Win Sirefef CH trojan cleaned by deleting - quarantinedC WINDOWS system c nl a variant of Win Sirefef CR trojan cleaned by deleting - quarantinedC WINDOWS system drivers cdrom sys Win Sirefef CV trojan unable to cleanC WINDOWS system drivers netbt sys Win Sirefef CV trojan unable to cleanC WINDOWS system ReinstallBackups DriverFiles Camdrl sys Win Rootkit Agent NUT trojan cleaned by deleting - quarantinedG Downloaded Updates pconpoint-full exe a variant of Win Adware ErrorClean application deleted - quarantinedG Downloads ACT rar probably a variant of Win Agent COVIDA trojan deleted - quarantinedG GLENN-LAPTOP Backup Set - - Backup Files - - Backup files zip Win Induc virus deleted - quarantinedG GLENN-LAPTOP Backup Set - - Backup Files - - Backup files zip probably a variant of Java TrojanDownloader Agent AB trojan deleted - quarantinedG GLENN-LAPTOP Backup Set - - Backup Files - - Backup files zip multiple threats deleted - quarantinedG GLENN-LAPTOP Backup Set - - Backup Files - - Backup files zip Win Induc virus deleted - quarantinedG GLENN-LAPTOP Backup Set - - Backup Files - - Backup files zip probably a variant of Java TrojanDownloader Agent AB trojan deleted - quarantinedG GLENN-LAPTOP Backup Set - - Backup Files - - Backup files zip a variant of Win Adware ErrorClean deleted - quarantinedG GLENN-LAPTOP Backup Set - - Backup Files - - Backup files zip Win Induc virus deleted - quarantined

A:Win32.sirefef.CV

Please go here....Preparation Guide Create a DDS log and post it in this topic.

http://www.bleepingcomputer.com/forums/t/424095/win32sirefefcv/
Relevancy 55.47%

I ve tried running sirefef.o win32 many different programs to get rid of this but none of them work In the welcome guide they said to run D D S but it s not working for me This Trojan doesn t let me access my spyware protection and it redirects me to different sites Since I can t run D D S i ran tdsskiller but I skipped the threats detected I don t know if this helps but win32 sirefef.o this is the log it gives me TDSS rootkit removing tool Oct Current date time SystemInfo OS Version ServicePack Product type Workstation ComputerName ZACK UserName Miriam Windows directory C Windows System windows directory C Windows Processor architecture Intel x Number of processors Page size x Boot type Normal boot Initialize success Scan started Mode Manual cf efbe f bb cac aee a e a C Windows exe Suspicious file Hidden C Windows exe md f bb cac aee a e a cf efbe Rootkit Win PMax gen - infected cf efbe - detected Rootkit Win PMax gen ACPI fcb c f e c f f c c C Windows system drivers acpi sys ACPI - ok adp xx f fcac c c a ac eb fafc C Windows system drivers adp xx sys adp xx - ok adpahci e f bdbb f bf c ce C Windows system drivers adpahci sys adpahci - ok adpu m a b aec eab ecfc f bd C Windows system drivers adpu m sys adpu m - ok adpu c e f ce ef c de ca e C Windows system drivers adpu sys adpu - ok AFD eb c ac e C Windows system drivers afd sys AFD - ok agp f e e b a ff c db d C Windows system drivers agp sys agp - ok aic xx ae fdf bf bb c a f d a C Windows system drivers djsvs sys aic xx - ok aliide eaef fc b e afa e a fae f C Windows system drivers aliide sys aliide - ok amdagp c bc e f b dce C Windows system drivers amdagp sys amdagp - ok amdide b a a c fdbc e dd b c C Windows system drivers amdide sys amdide - ok AmdK f b ad ecee d a c c d C Windows system drivers amdk sys AmdK - ok AmdK ae f dd ab a f a b be d C Windows system DRIVERS amdk sys AmdK - ok arc d fb acee fdad C Windows system drivers arc sys arc - ok arcsas e a bd c b e fdec e C Windows system drivers arcsas sys arcsas - ok AsyncMac b abee e be C Windows system DRIVERS asyncmac sys AsyncMac - ok atapi d c dc a d a de ed C Windows system drivers atapi sys atapi - ok athr fa e b d a f c a b b f C Windows system DRIVERS athr sys athr - ok BCM XV cf a c e e d dede b C Windows system DRIVERS bcmwl sys BCM XV - ok Beep e b bd a ec b bd dfb C Windows system drivers Beep sys Beep - ok blbdrive d df fd d e a C Windows system drivers blbdrive sys blbdrive - ok bowser d fa f e C Windows system DRIVERS bowser sys bowser - ok BrFiltLo f acc f ccde a c d f b C Windows system drivers brfiltlo sys BrFiltLo - ok BrFiltUp ad a f f dee a C Windows system drivers brfiltup sys BrFiltUp - ok Brserid b e cff eddf C Windows system drivers brserid sys Brserid - ok BrSerWdm f b e adadbbb b b fabd f b C Windows system drivers brserwdm sys BrSerWdm - ok BrUsbMdm bd ba e a e ae b C Windows system drivers brusbmdm sys BrUsbMdm - ok BrUsbSer af ed f a b cc faec e C Windows system drivers brusbser sys BrUsbSer - ok BTHMODEM ad c ec b b ab c b C Windows system drivers bthmodem sys BTHMODEM - ok catchme - ok cdfs add e beb e dd c d a C Windows system DRIVERS cdfs sys cdfs - ok cdrom ec cea de ac bf f e b C Windows system DRIVERS cdrom sys cdrom - ok circlass e d f dbcfe bc d C Windows system drivers circlass sys circlass - ok CLFS c b f c b aab C Windows system CLFS sys CLFS - ok CmBatt afc b cc fbbbcdc fcb C Windows system DRIVERS CmBatt sys CmBatt - ok cmdide ca e a e fdabd ab C Windows system drivers cmdide sys cmdide - ok COH Mon b b bdc f f b b e a C Windows system Drivers COH Mon sys COH Mon - ok Compbatt afef b fa de c ee f a C Windows system DRIVERS compbatt sys Compbatt - ok CO Mon f d bfa c e d da C Windows system drivers CO Mon sys CO Mon - ok cpuz - ok crcdisk e dff f d d d fc dc df C Windows system drivers crcdisk sys crcdisk - ok Crusoe f becdca a cda ba C Windows system drivers crusoe sys Crusoe - ok CVirtA b ecadf f c fa f c C Windows system DRIVERS CVirtA sys CVirtA - ok DfsC a e fa f ac c... Read more

A:win32 sirefef.o

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

http://www.bleepingcomputer.com/forums/t/425821/win32-sirefefo/
Relevancy 55.47%

Hi,
Just got this last night. C:win32/sirefef.AB. So i started to try to remove it and MSE shut it down. Tried throwing some different programs on the computer to detect it and start the removal process but now MSE shut computer down. So from start up to shut down I got a window of about 95 sec. to shut the process's down but any type of attempt everything stop resonding. Tried uninstalling MSE not enuff time. Tried throwing threatfire in there not enuff time. Tried doing some of the things on this and others pages of the web but again not enuff time. So if possible any help would be great. tyvm JOhn Oh I'm on my computer the wifes is the one infected. I used a flash drive to move a few programs over to her computer.

A:Win32/sirefef.ab

Welcome John! What is your Operating System?Have you tried from a Reboot into Safe Mode with NetworkingHow to start Windows 7 in Safe Mode<<><<><><><><><><><><><><><><><><><><><><><> Reboot into Safe Mode with Networking How to enter safe mode(XP/Vista)Using the F8 MethodRestart your computer. When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu. Select the option for Safe Mode with Networking using the arrow keys. Then press enter on your keyboard to boot into Safe Mode. >>>> Download this file and doubleclick on it to run it. Allow the information to be merged with the registry.Run RKill....Download and Run RKillPlease download RKill by Grinler from one of the 4 links below and save it to your desktop.

Link 1
Link 2
Link 3
Link 4

Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
If nothing happens or if the tool does not run, please let me know in your next replyDo not reboot your computer after running rkill as the malware programs will start again. Or if rebooting is required run it again.If you continue having problems running rkill.com, you can download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead.>>>Please download TDSSKiller.zip and and extract it.Run TDSSKiller.exe. Click on Change Parameters Put a check in the box of Detect TDLFS file system Click Start scan.When it is finished the utility outputs a list of detected objects with description.
The utility automatically selects an action (Cure or Delete) for malicious objects.
The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click ContinueLet reboot if needed and tell me if the tool needed a reboot.Click on Report and post the contents of the text file that will open.

Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log has a name like: TDSSKiller.Version_Date_Time_log.txt.>>>Please download aswMBR ( 511KB ) to your desktop.Double click the aswMBR.exe icon to run itClick the Scan button to start the scanOn completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

http://www.bleepingcomputer.com/forums/t/465948/win32sirefefab/
Relevancy 55.47%

Hi everyone So this is my first post here I made an account because I REALLY need help with this it's bugging me so much Basically today I decided to do a virus scan me Win32/Sirefef.aii of please! Help get :( rid like I do every few weeks using Avast and I only had infections one of them was just adware the other was a trojan of some kind and I couldn't remove it it was called Win Sirefef aii Or I think it's aii maybe it's all since it was actually like All Anyway since I Help me get rid of Win32/Sirefef.aii please! :( couldn't remove it I thought I'd give Malwarebytes Anti Malware a go and see what it picks up and well after a full scan that's taken the best part of hours it's found get ready for this over infections Most of them are rootkits and very few of them are trojan small's whatever they are but still the word trojan scares me since I know what the trojan horse was Even weirder though is when I try to remove them all I know it's a lot the program doesn't do anything it doesn't start deleting them or not respond it just does nothing Anyway I kept a report after it had finished since I thought it'd be handy if you need it feel free to ask Can someone PLEASE help me with my problem I'd love to get rid of it and I'd be so grateful Thankyou Jason

A:Help me get rid of Win32/Sirefef.aii please! :(

 Please post the report. Also follow these steps: Please download the latest version of TDSSKiller from here and save it to your Desktop.Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.Put a checkmark beside loaded modules.A reboot will be needed to apply the changes. Do it.TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.Then click on Change parameters in TDSSKiller.Check all boxes then click OK.Click the Start Scan button.The scan should take no longer than 2 minutes.If a suspicious object is detected, the default action will be Skip, click on Continue.If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here. 

http://www.bleepingcomputer.com/forums/t/488493/help-me-get-rid-of-win32sirefefaii-please/
Relevancy 55.47%

Hello Using Windows Vista win32/sirefef.ah Home Premium I had a notification that my Microsoft Security Essentials was not turned on When I tried to turn it on I got the error message quot Couldn t start Security Essentials service The specified service does not exist as an installed service quot When I clicked support info I get error code x I tried to redownload MSE from Microsoft and was told the service is already on my computer So I tried uninstalling MSE and redownloading and installing This seemed to win32/sirefef.ah work okay win32/sirefef.ah as in no error win32/sirefef.ah messages during installation I left my computer unattended for about an hour When I came back I could see it rebooted as I was back at the login screen After logging in a popup came saying Windows had a critical error and would be shutting down in minute save your work I didn t actually time it but after approximately minute my computer rebooted Then whenever I turn the computer on I get the critical error message and my computer auto reboots Upon startup MSE pops up saying it detected a threat and is removing When I click the popup the threat is quot trojan win sirefef ah quot But the computer reboots before MSE can finishing clearing the threat I had tried rebooting into safe mode and the option that tells Windows not to restart after a critical error Neither option helped with the critical error and reboot in minute I ve tried unplugging my computer from the network and that doesn t help either I have run the system restore to a couple days ago before I uninstalled MSE MSE still isn t active and can t be turned on Everything else appears to be running normal I tried following the steps in the prep guide and I get an error message when runnings GMER LoadDriver quot C Users Mark AppData Temp kxldqpob sys quot error xc A device attached to the system is not functioning GMER will then start up but of the options in the top right only Services Registry and Files are slectable The other options are grey and clicking does nothing Thank you for the assistance

A:win32/sirefef.ah

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster. NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer. NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will appear Click OKDeFogger may ask you to reboot the machine, if it does - click OKDo not re-enable these drivers until otherwise instructed.Security CheckDownload Security Check by screen317 from here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt; please post the contents of that document.Download DDS:Please download DDS by sUBs from one of the links below and save it to your desktop:
Download DDS and save it to your desktop

Link1
Link2
Link3

Please disable any anti-malware program that will block scripts from running before running DDS.

Double-Click on dds.scr and a command window will appear. This is normal.Shortly after two logs will appear:
DDS.txt Attach.txtA window will open instructing you save & post the logsSave the logs to a convenient place such as your desktopCopy the contents of both logs & post in your next replyinformation and logs:In your next post I need the following

.logs from DDSlet me know of any problems you may have hadGringo

http://www.bleepingcomputer.com/forums/t/457752/win32sirefefah/
Relevancy 55.47%

Looks like my personal laptop was infected with the above mentioned trojan. I saw when it happened (while browsing an internet site a fake security scanner popped up). I immediately ran MBAM in safe mode w/networking and it found about 6 infected files and cleaned them. Still things were a little different. So I did a Kaspersky online scan and it found about 8 more files infected. One it could not clean b/c it was in memory. How can I make sure this infection is gone? Thanks!

Relevancy 55.47%

Hello I am trying to fix a friends computer Its a Dell inspiron laptop running Vista home premium bit Avast is constantly poping up malware blocked boxs along the lines of c windows installer ch win sirefef-AHF Trj win Malware-gen win sirefef-A Trj Sometimes they pop up to fast to catch I have run scans and removed some things with Avast Malwarebytes and spybot s amp d but its not getting to the root cause I have run DSS logs below but the computer crashed and restarted after an hour or so of running GMER DDS Ver - - - NTFSx Internet Explorer BrowserJavaVersion Run by and others win32:Sirefef-AHF [Trj] Administrator at on - - Microsoft Windows Vista Home Premium GMT AV avast Antivirus Enabled Updated B D - B-D C - E- FE FC C SP avast Antivirus Enabled Updated CF - -DA - FCE-A D DFB SP Windows Defender Disabled Outdated D DDC A- F- fae- E -DA C ACF Running Processes C Windows system wininit exe C win32:Sirefef-AHF [Trj] and others Windows system lsm exe C Windows system svchost exe -k DcomLaunch C Windows system svchost exe -k rpcss C Windows System svchost exe -k LocalServiceNetworkRestricted C Windows System svchost win32:Sirefef-AHF [Trj] and others exe -k LocalSystemNetworkRestricted C Windows system win32:Sirefef-AHF [Trj] and others svchost exe -k netsvcs C Windows system svchost exe -k GPSvcGroup C Windows system SLsvc exe C Windows system svchost exe -k LocalService C Windows system svchost exe -k NetworkService C Windows system Dwm exe C Program Files AVAST Software Avast AvastSvc exe C Windows system WLANExt exe C Windows Explorer EXE C Windows System spoolsv exe C Windows system taskeng exe C Program Files Common Files ABBYY FineReaderSprint Licensing NetworkLicenseServer exe C Windows System svchost exe -k LocalServiceNoNetwork C Windows system svchost exe -k imgsvc C Windows System svchost exe -k WerSvcGroup C Windows system SearchIndexer exe C Windows system DRIVERS xaudio exe C Windows System hkcmd exe C Windows System igfxpers exe C Program Files AVAST Software Avast AvastUI exe C Program Files Epson Software Event Manager EEventManager exe C Program Files Common Files Java Java Update jusched exe C Program Files Spybot - Search amp Destroy TeaTimer exe C Windows system igfxsrvc exe C Windows system wbem unsecapp exe C Windows system wbem wmiprvse exe C Windows system svchost exe -k LocalServiceAndNoImpersonation C Program Files Malwarebytes Anti-Malware mbam exe C Program Files Windows Media Player wmpnscfg exe C Program Files Windows Media Player wmpnetwk exe C Program Files Mozilla Firefox firefox exe C Program Files Mozilla Firefox plugin-container exe C Windows system SearchProtocolHost exe C Windows system SearchFilterHost exe C Windows system wbem wmiprvse exe Pseudo HJT Report uStart Page hxxp www google co uk BHO Spybot-S amp D IE Protection - f - d - - d f - c progra spybot SDHelper dll BHO Java Plug-In SSV Helper bb-d f - c-b eb-d daf d d - c program files java jre bin ssv dll BHO avast WebRep e e -ad d- bf-ac d-d f d - c program files avast software avast aswWebRepIE dll BHO Easy Photo Print dd - f- -a ca- df ac ea - c program files epson software easy photo print EPTBL dll BHO Java Plug-In SSV Helper dbc -a - b-bc - c c c a - c program files java jre bin jp ssv dll BHO Yontoo Layers fd e- fde- d-a a- bab cad - c program files yontoo layers runtime YontooIEClient dll TB avast WebRep e e -ad d- bf-ac d-d f d - c program files avast software avast aswWebRepIE dll TB Easy Photo Print dd - f- -a ca- df ac ea - c program files epson software easy photo print EPTBL dll uRun SpybotSD TeaTimer c program files spybot - search amp destroy TeaTimer exe uRun EPSON SX Series c windows system spool drivers w x e fatihje exe fu quot c windows temp E S AE tmp quot EF quot HKCU quot mRun IgfxTray c windows system igfxtray exe mRun HotKeysCmds c windows system hkcmd exe mRun Persistence c windows system igfxpers exe mRun avast quot c program files avast software avast avastUI exe quot nogui mRun EEventManager quot c p... Read more

A:win32:Sirefef-AHF [Trj] and others

Sorry just realized Ive put this in the wrong section. Could someone be kind enough to move it please

http://www.bleepingcomputer.com/forums/t/465456/win32sirefef-ahf-trj-and-others/
Relevancy 55.47%

Hello I joined bleepingcomputer today because I ve simply had it with the two viruses on my computer I thought I took care of the Win sirefef Y virus but apparently not I discovered these little bundles of joy on my system the other day when I was redirected several times to websites such as quot finalcoutsearch quot I know absolutely nothing when it comes to the innerds of a computer and I see people asking others to post logs and such and I have no idea how to do that Any help in this matter would be much appreciated In the past I ve tried Microsoft Security Essentials but it would detect a problem and restart my computer after a minute or so after startup which became sirefef.B sirefef.Y Win32 and Win32 more of a nusiance than the viruses I ve been using MalwareBytes as a scanner and McAfee as a firewall I don t believe that I have any other firewall or security programs running on my computer at this time Any help would be much appreciated cheers And God bless -James

A:Win32 sirefef.Y and Win32 sirefef.B

DownloadTDSSkillerLaunch it.Click on change parameters-Select TDLFS file systemClick on "Scan".Please post the LOG report(log file should be in your C drive) DownloadaswMBRLaunch it, allow it to download latest Avast! virus definitionsClick the "Scan" button to start scan.After scan finishes,click on Save logPost the log results hereDownloadESET online scannerInstall itClick on START,it should download the virus definitionsWhen scan gets completed,click on LIST of found threatsExport the list to desktop,copy the contents of the text file in your reply

http://www.bleepingcomputer.com/forums/t/460258/win32-sirefefy-and-win32-sirefefb/
Relevancy 55.47%

Hello I am trying to fix a friends computer Its a Dell inspiron laptop running Vista home premium bit I dont think I have a windows disc and [Trj} others win32:sirefef-AHF for this machine but win32:sirefef-AHF [Trj} and others I may have a Vista repair disc somewhere I will try to dig win32:sirefef-AHF [Trj} and others it out Avast is constantly win32:sirefef-AHF [Trj} and others poping up malware blocked boxs along the lines of c windows installer ch c windows installer c windows installer win sirefef-AHF Trj win Malware-gen win sirefef-A Trj Sometimes they pop up to fast to catch and write down I have run scans and removed some things with Avast Malwarebytes and spybot s amp d but its not getting to the root cause I have run DSS logs below but the computer crashed and restarted after an hour or so of running GMER I tryed a second time but the scan stopped I am trying a third time now DDS Ver - - - NTFSx Internet Explorer BrowserJavaVersion Run by Administrator at on - - Microsoft Windows Vista Home Premium GMT AV avast Antivirus Enabled Updated B D - B-D C - E- FE FC C SP avast Antivirus Enabled Updated CF - -DA - FCE-A D DFB SP Windows Defender Disabled Outdated D DDC A- F- fae- E -DA C ACF Running Processes C Windows system wininit exe C Windows system lsm exe C Windows system svchost exe -k DcomLaunch C Windows system svchost exe -k rpcss C Windows System svchost exe -k LocalServiceNetworkRestricted C Windows System svchost exe -k LocalSystemNetworkRestricted C Windows system svchost exe -k netsvcs C Windows system svchost exe -k GPSvcGroup C Windows system SLsvc exe C Windows system svchost exe -k LocalService C Windows system svchost exe -k NetworkService C Windows system Dwm exe C Program Files AVAST Software Avast AvastSvc exe C Windows system WLANExt exe C Windows Explorer EXE C Windows System spoolsv exe C Windows system taskeng exe C Program Files Common Files ABBYY FineReaderSprint Licensing NetworkLicenseServer exe C Windows System svchost exe -k LocalServiceNoNetwork C Windows system svchost exe -k imgsvc C Windows System svchost exe -k WerSvcGroup C Windows system SearchIndexer exe C Windows system DRIVERS xaudio exe C Windows System hkcmd exe C Windows System igfxpers exe C Program Files AVAST Software Avast AvastUI exe C Program Files Epson Software Event Manager EEventManager exe C Program Files Common Files Java Java Update jusched exe C Program Files Spybot - Search amp Destroy TeaTimer exe C Windows system igfxsrvc exe C Windows system wbem unsecapp exe C Windows system wbem wmiprvse exe C Windows system svchost exe -k LocalServiceAndNoImpersonation C Program Files Malwarebytes Anti-Malware mbam exe C Program Files Windows Media Player wmpnscfg exe C Program Files Windows Media Player wmpnetwk exe C Program Files Mozilla Firefox firefox exe C Program Files Mozilla Firefox plugin-container exe C Windows system SearchProtocolHost exe C Windows system SearchFilterHost exe C Windows system wbem wmiprvse exe Pseudo HJT Report uStart Page hxxp www google co uk BHO Spybot-S amp D IE Protection - f - d - - d f - c progra spybot SDHelper dll BHO Java Plug-In SSV Helper bb-d f - c-b eb-d daf d d - c program files java jre bin ssv dll BHO avast WebRep e e -ad d- bf-ac d-d f d - c program files avast software avast aswWebRepIE dll BHO Easy Photo Print dd - f- -a ca- df ac ea - c program files epson software easy photo print EPTBL dll BHO Java Plug-In SSV Helper dbc -a - b-bc - c c c a - c program files java jre bin jp ssv dll BHO Yontoo Layers fd e- fde- d-a a- bab cad - c program files yontoo layers runtime YontooIEClient dll TB avast WebRep e e -ad d- bf-ac d-d f d - c program files avast software avast aswWebRepIE dll TB Easy Photo Print dd - f- -a ca- df ac ea - c program files epson software easy photo print EPTBL dll uRun SpybotSD TeaTimer c program files spybot - search amp destroy TeaTimer exe uRun EPSON SX Series c windows system spool drivers w x e fatihje exe fu quot c windows temp E S... Read more

A:win32:sirefef-AHF [Trj} and others

Gmer finished this time

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-08-17 14:11:27
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2 SAMSUNG_HM121HI rev.LZ100-11
Running: gmer.exe; Driver: C:\Users\ADMINI~1\AppData\Local\Temp\pwtdiaoc.sys
---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x8D423536]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0x8DA167BA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0x8D423F52]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x8D42ED7A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x8D42EDC6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x8D42EF48]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x8D42ECE8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0x8DA16BAC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x8D42ED30]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThread [0x8D424146]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x8D42EF02]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDebugActiveProcess [0x8D4248CA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x8D423584]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0x8DA1689E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0x8D4231EC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x8D4235D2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x8D4282A8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotify... Read more

http://www.bleepingcomputer.com/forums/t/465536/win32sirefef-ahf-trj-and-others/
Relevancy 55.47%

Need a little help here I have run into a trojan that just wont win32:sirefef-btt go away I have run ccleaner malwarebytes and avast Here is the fss that I ran afterwards Farbar Service Scanner Version - - Ran by Jamie administrator on - - at Running from E Microsoft Windows Professional Service Pack X Boot Mode Normal Internet Services Connection Status Localhost is accessible LAN connected Google IP is accessible Google com is accessible Yahoo com is accessible Windows Firewall mpsdrv Service is not running Checking service configuration The start type of mpsdrv service is OK The ImagePath of mpsdrv service is OK MpsSvc Service is not running Checking service configuration Checking Start type ATTENTION gt Unable to open MpsSvc registry key The service key does not exist Checking ImagePath ATTENTION gt Unable to open MpsSvc registry key The service key does not exist Checking ServiceDll ATTENTION gt Unable to open MpsSvc registry key The service key does not exist bfe Service is not running Checking service configuration Checking Start type ATTENTION gt Unable to open bfe registry key The service key does not exist Checking ImagePath ATTENTION gt Unable to open bfe registry key The win32:sirefef-btt service key does not exist Checking ServiceDll ATTENTION gt Unable to open bfe registry key The service key does not exist Firewall Disabled Policy HKLM SYSTEM CurrentControlSet Services SharedAccess Parameters FirewallPolicy StandardProfile registry key does not exist System Restore System Restore Disabled Policy Action Center wscsvc Service is not running Checking service configuration Checking Start type ATTENTION gt Unable to open wscsvc registry key The service key does not exist Checking ImagePath ATTENTION gt Unable to open wscsvc registry key The service key does not exist Checking ServiceDll ATTENTION gt Unable to open wscsvc registry key The service key does not exist Action Center Notification Icon gt Unable to open HKLM ShellServiceObjects F F FDD-AA D- -A -C B AF B A key The key does not exist Windows Update wuauserv Service win32:sirefef-btt is not running Checking service configuration Checking Start type ATTENTION gt Unable to open wuauserv registry key The service key does not exist Checking ImagePath ATTENTION gt Unable to open wuauserv registry key The service key does not exist Checking ServiceDll ATTENTION gt Unable to open wuauserv registry key The service key does not exist BITS Service is not running Checking service configuration Checking Start type ATTENTION gt Unable to open BITS registry key The service key does not exist Checking ImagePath ATTENTION gt Unable to open BITS registry key The service key does not exist Checking ServiceDll ATTENTION gt Unable to open BITS registry key The service key does not exist Windows Autoupdate Disabled Policy Windows Defender WinDefend Service is not running Checking service configuration The start type of WinDefend service is set to Disabled The default start type is Auto The ImagePath of WinDefend service is OK The ServiceDll of WinDefend service is OK Windows Defender Disabled Policy HKEY LOCAL MACHINE SOFTWARE Microsoft Windows Defender DisableAntiSpyware DWORD Other Services Checking Start type of iphlpsvc ATTENTION gt Unable to open iphlpsvc registry key The service key does not exist Checking ImagePath of iphlpsvc ATTENTION gt Unable to open iphlpsvc registry key The service key does not exist Checking ServiceDll of iphlpsvc ATTENTION gt Unable to open iphlpsvc registry key The service key does not exist Checking Start type of SharedAccess ATTENTION gt Unable to retrieve start type of SharedAccess The value does not exist Checking ImagePath of SharedAccess ATTENTION gt Unable to retrieve ImagePath of SharedAccess The value does not exist Checking ServiceDll of SharedAccess ATTENTION gt Unable to open SharedAccess registry key The service key does not exist Checking FirewallRules of SharedAccess ATTENTION gt Unable to open SharedAccess Defaults FirewallPolicy F... Read more

A:win32:sirefef-btt

Hi there,my name is Marius and I will assist you with your malware related problems.Before we move on, please read the following points carefully. First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding. Perform everything in the correct order. Sometimes one step requires the previous one. If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem. Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me. Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts. If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed. Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean. My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.    CombofixCombofix should only be run when adviced by a team member!LinkImportant - Save the file to your desktop! Deactivate any and all of your antivirus programs /spyware scanners - they can prevent CF from doing its work.Run Combofix.exeWhen finished, Combofix creates a log file named C:\Combofix.txt. Please post its content in your next reply.Note: When receiving an error message containing ""Illegal operation attempted on a registry key that has been marked for deletion" simply restart your computer to fix this.

http://www.bleepingcomputer.com/forums/t/509077/win32sirefef-btt/
Relevancy 55.47%

Hi my laptop running Windows Vista has been infected with Win sirefef R I noticed Win32/sirefef.R this morning that the Microsoft Firewall had been disabled and some Security Win32/sirefef.R Essentials functionalities were no longer working I uninstalled and re-installed Security Essentials and a scan showed the Win32/sirefef.R infection in the services exe file Every Win32/sirefef.R time SE tries to disinfect or I try to close the process in Task Manager the computer displays an error message and reboots after a minute both in normal mode and safe mode I ve just run a scan with FRST Any help would be greatly appreciated This is the log Scan result of Farbar Recovery Scan Tool FRST written by Farbar Version - - Ran by SYSTEM at - - Running from F Windows Vista Home Premium Service Pack X OS Language English US The current controlset is ControlSet Registry Whitelisted HKLM Run RtHDVCpl RtHDVCpl exe x HKLM Run SynTPEnh C Program Files Synaptics SynTP SynTPEnh exe - - Synaptics Inc HKLM Run IgfxTray C Windows system igfxtray exe - - Intel Corporation HKLM Run HotKeysCmds C Windows system hkcmd exe - - Intel Corporation HKLM Run Persistence C Windows system igfxpers exe - - Intel Corporation HKLM Run ISBMgr exe quot C Program Files Sony ISB Utility ISBMgr exe quot - - Sony Corporation HKLM Run MarketingTools C Program Files Sony Marketing Tools MarketingTools exe - - Sony Corporation HKLM Run Skytel Skytel exe x HKLM Run BCSSync quot C Program Files Microsoft Office Office BCSSync exe quot DelayServices - - Microsoft Corporation HKLM Run MSC quot c Program Files Microsoft Security Client msseces exe quot -hide -runkey - - Microsoft Corporation HKU Default Run swg C Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exe x HKU Default Run NSUFloatingUI quot C Program Files Sony Network Utility LANUtil exe quot - - Sony Corporation HKU Default User Run swg C Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exe x HKU Default User Run NSUFloatingUI quot C Program Files Sony Network Utility LANUtil exe quot - - Sony Corporation HKU Wij Run NSUFloatingUI quot C Program Files Sony Network Utility LANUtil exe quot - - Sony Corporation HKU Wij Run ehTray exe C Windows ehome ehTray exe - - Microsoft Corporation HKLM Runonce AvgUninstallURL cmd exe c start http www avg com ww special-uninstallation-feedback-app lic OQBBAFYARgBSAEUARQAtAFYATgBKADMAMgAtAEcAMwBMAEEAQQAtAEEANAA ADkAUgAtADkAVQBKAEsARgAtAEUASwBLADMAWAA quot amp quot inst NwA AC ANAAwADkAOQA ADkAMgAxADkALQBCAEEAKwAxAC ASwBWADMAKwA AC AWABMACsAMQAtAFQANQAtAEYAUAA ADIAKwA AC AQgBBAFIAOQBPACsAMQAtAFQAQgA ACsAMgAtAEYATAArADkALQBYAE AMwA ACsAMQAtAEYAOQBNADEAMABBACsAMQAtAEYAOQBNADEAKwAxAC AWABPADkAKwAxAC ARABEAFQAKwAwAA quot amp quot prod quot amp quot ver x Winlogon Notify igfxcui igfxdev dll Intel Corporation Winlogon Notify VESWinlogon VESWinlogon dll Sony Corporation Tcpip Parameters DhcpNameServer AppInit DLLs AVGRSSTX DLL Services Whitelisted ACDaemon C Program Files Common Files ArcSoft Connection Service Bin ACService exe - - ArcSoft Inc Eventlog C Windows System svchost exe -k LocalServiceNetworkRestricted - - Microsoft Corporation MSSQL MSSMLBIZ quot C Program Files Microsoft SQL Server MSSQL MSSQL Binn sqlservr exe quot -sMSSMLBIZ - - Microsoft Corporation SkypeUpdate quot C Program Files Skype Updater Updater exe quot - - Skype Technologies SOHCImp quot C Program Files Sony VAIO Media plus SOHCImp exe quot - - Sony Corporation SOHDms quot C Program Files Sony VAIO Media plus SOHDms exe quot - - Sony Corporation SOHDs quot C Program Files Sony VAIO Media plus SOHDs exe quot - - Sony Corporation uCamMonitor C Program Files ArcSoft Magic-i Visual Effects uCamMonitor exe - - ArcSoft Inc VAIO Entertainment TV Device Arbitration Service quot C Program Files Common Files Sony Shared VAIO Entertainment Platform VzHardwareResourceManager VzHardwareResourceManager VzHardwareResourceManager exe quot - - Sony Corporation VCFw quot C Program Files Common Files... Read more

A:Win32/sirefef.R

HiPlease do the following:Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt start
SubSystems: [Windows] ==> ZeroAccess
2012-07-09 00:12 - 2012-07-09 00:12 - 00374784 ____A C:\Users\Wij\AppData\Roaming\nragpo.dll
2012-07-09 00:11 - 2012-07-09 10:24 - 00000000 ____D C:\Users\Wij\AppData\Roaming\xsecva
C:\Windows\Installer\{9f74cfc1-6b18-56f8-5dc6-91cdedd064c5}
C:\Users\Wij\AppData\Local\{9f74cfc1-6b18-56f8-5dc6-91cdedd064c5}
C:\Windows\assembly\GAC\Desktop.ini
endNOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating systemNow please enter System Recovery Options then select Command PromptRun FRST and press the Fix button just once and wait.The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.While you are still booted into System Recovery Options run FRST.

Type the following in the edit box after "Search:" so it looks like this:

Search: services.exe

Click the Search button and post the log it makes to your reply. (search.txt)Exit FRST and reboot normallyNEXTRefer to the ComboFix User's Guide Download ComboFix from the following location:

Link

* IMPORTANT !!! Place ComboFix.exe on your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
You can get help on disabling your protection programs here
Double click on ComboFix.exe & follow the prompts.Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

---------------------------------------------------------------------------------------------
Ensure your AntiVirus and AntiSpyware applications are re-enabled.

---------------------------------------------------------------------------------------------NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

http://www.bleepingcomputer.com/forums/t/459915/win32sirefefr/
Relevancy 55.47%

Hello I have been handed a laptop by a cousin When he first noticed he had a problem Security essentials had shut off and was inactive so he decided to reinstall security essentials Now every restart results in essentials detecting issues Win sirefef R and Win sirefef AH both in services exe but this immediately results in a warning and shuts down the laptop I have Win32/sirefef.R Win32/sirefef.AH and followed the first part of the guide and ran frst exe from a key from command prompt in repair my computer with the log to follow Any help would be gratefully received IEDixy Scan result of Farbar Recovery Scan Tool FRST written by Farbar Version - - Ran by SYSTEM at - - Running from G Windows Ultimate X OS Language English US The current controlset is ControlSet Win32/sirefef.R and Win32/sirefef.AH Registry Whitelisted HKLM Run SoundMAXPnP C Program Files Analog Devices Core smax pnp exe - - Analog Devices Inc HKLM Run SynTPEnh ProgramFiles Synaptics SynTP SynTPEnh exe - - Synaptics Incorporated HKLM Run UpdatePDRShortCut quot C Program Files CyberLink PowerDirector MUITransfer MUIStartMenu exe quot quot C Program Files CyberLink Win32/sirefef.R and Win32/sirefef.AH PowerDirector quot UpdateWithCreateOnce quot Software CyberLink PowerDirector quot - - CyberLink Corp HKLM Run HP Software Update C Program Files HP HP Software Update HPWuSchd exe - - Hewlett-Packard HKLM Run hpqSRMon C Program Files HP Digital Imaging bin hpqSRMon exe - - Hewlett-Packard HKLM Run GrooveMonitor quot C Program Files Microsoft Office Office GrooveMonitor exe quot - - Microsoft Corporation HKLM Run AppleSyncNotifier C Program Files Common Files Apple Mobile Device Support AppleSyncNotifier exe - - Apple Inc HKLM Run TkBellExe quot C Program Files Real realplayer update realsched exe quot -osboot - - RealNetworks Inc HKLM Run APSDaemon quot C Program Files Common Files Apple Apple Application Support APSDaemon exe quot - - Apple Inc HKLM Run QuickTime Task quot C Program Files QuickTime QTTask exe quot -atboottime - - Apple Inc HKLM Run iTunesHelper quot C Program Files iTunes iTunesHelper exe quot - - Apple Inc HKLM Run MSC quot c Program Files Microsoft Security Client msseces exe quot -hide -runkey - - Microsoft Corporation HKU Dale Tynan Run swg quot C Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exe quot - - Google Inc HKU Dale Tynan Run NokiaSuite exe C Program Files Nokia Nokia Suite NokiaSuite exe -tray - - Nokia Tcpip Parameters DhcpNameServer Tcpip Interfaces FE -BAB - F - -A FC FD NameServer Tcpip Interfaces FF - B B- - F - DFA NameServer Tcpip Interfaces BFC F E- CDA- -BDF -FDB F FC NameServer Tcpip Interfaces F D A - D D- A - F- ED A NameServer Startup C Users All Users Start Menu Programs Startup HP Digital Imaging Monitor lnk ShortcutTarget HP Digital Imaging Monitor lnk - gt C Program Files HP Digital Imaging bin hpqtra exe Hewlett-Packard Co Startup C Users Dale Tynan Start Menu Programs Startup OneNote Screen Clipper and Launcher lnk ShortcutTarget OneNote Screen Clipper and Launcher lnk - gt C Program Files Microsoft Office Office ONENOTEM EXE Microsoft Corporation Services Whitelisted AEADIFilters C Windows System AEADISRV EXE - - Andrea Electronics Corporation ehRecvr C Windows ehome ehRecvr exe - - Microsoft Corporation ehSched C Windows ehome ehsched exe - - Microsoft Corporation eventlog C Windows System svchost exe -k LocalServiceNetworkRestricted - - Microsoft Corporation HWDeviceService exe C ProgramData DatacardService HWDeviceService exe - service - - O Broadband RunOuc C Program Files O O Broadband USB Modem O Broadband UpdateDog ouc exe - - RichVideo quot C Program Files CyberLink Shared files RichVideo exe quot - - wbengine quot C Windows system wbengine exe quot - - Microsoft Corporation MsMpSvc quot c Program Files Microsoft Security Client MsMpEng exe quot x NIHardwareService C Program Files Common Files Native Instruments Hardware NIHardwareService exe x NisSrv quot c Program Files Microsoft Securi... Read more

A:Win32/sirefef.R and Win32/sirefef.AH

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster. NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer. NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.Security CheckDownload Security Check by screen317 from here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt; please post the contents of that document.Run Combofix:You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<Combofix may need to reboot your computer more than once to do its job this is normal.You can download Combofix from one of these links.Link 1Link 2Link 3 1. Close any open browsers or any other programs that are open.2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.Double click on combofix.exe & follow the prompts. When finished, it will produce a report for you. Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stallNote 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer"information and logs"In your next post I need the following
Log from Combofixlet me know of any problems you may have had
How is the computer doing now?Gringo

http://www.bleepingcomputer.com/forums/t/457855/win32sirefefr-and-win32sirefefah/
Relevancy 55.47%

I have been working on this issue for a day or two now. This pc had XP Antispyware 2012 on it and it is not that hard to remove. After removing it and running Malwarebytes and MS Security Essentials this sirefef.n keeps coming up and I cant figure out how to removed it. It seems like it keeps coming back.

Please help

Thanks

A:Win32/sirefef.N

DownloadTDSSkillerLaunch it.Click on change parameters-Select TDLFS file systemClick on "Scan".Please post the LOG report Please download GMER from herehttp://www2.gmer.net/download.phpTemporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.GMER will open to the Rootkit/Malware tab and perform an automatic Full Scan when first run. (do not use the computer while the scan is in progress)If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.Now click the Scan button. If you see a rootkit warning window, click OK.When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.Click the Copy button and paste the results into your next reply.

http://www.bleepingcomputer.com/forums/t/440718/win32sirefefn/
Relevancy 54.61%

Cannot remove the following viruses from my computer:
 
Trojan:win32.sirefef.AB
Trojan:win64/sirefef.P
 
I'm running windows 7 64 bit.
 
Please help!

A:Trojan:win32/sirefef.AB

Welcome aboard  That kind of infection requires elevated help. Please follow the instructions in THIS GUIDE starting at Step 6. If you cannot complete a step, skip it and continue.Once the proper logs are created, then make a NEW TOPIC and post it HERE. Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

http://www.bleepingcomputer.com/forums/t/506972/trojanwin32sirefefab/
Relevancy 54.61%

Hello good folks Got a recent warning from Malewarebytes Windows defender and then I ran malewarebytes to clear it but i fear it is still lingering Any advice or help to ensure it is remmoved will be appreciated from the gurus Thanks in advance BuickGuy DDS Ver - - - NTFS AMD Internet Explorer BrowserJavaVersion Run by Six at on - - Microsoft Windows Professional GMT - SP Windows Defender Enabled Updated D DDC Infected with win32/sirefef.an A- F- fae- E -DA C ACF Running Processes C Windows system lsm exe C Windows system svchost exe -k DcomLaunch C Windows system svchost exe -k RPCSS C Windows system atiesrxx exe C Windows System svchost exe -k LocalServiceNetworkRestricted C Windows System svchost exe -k LocalSystemNetworkRestricted C Windows system svchost exe -k netsvcs C Windows system svchost exe -k LocalService C Windows system svchost exe -k NetworkService C Windows system atieclxx exe C Windows System spoolsv exe C Windows system svchost exe -k LocalServiceNoNetwork C Windows system taskhost exe C Windows system Dwm exe C Program Files x Malwarebytes' Anti-Malware mbamscheduler exe C Windows Explorer EXE C Program Files x Malwarebytes' Anti-Malware mbamservice exe C Windows SysWOW PnkBstrA exe C Program Files x Winsim ConnectionManager SimplyConnectionManager exe C Program Files x Malwarebytes' Anti-Malware mbamgui exe C Windows system svchost exe -k imgsvc C Program Files Common Files Microsoft Shared Windows Live WLIDSVC EXE C Program Files x ATI Technologies HydraVision HydraDM Infected with win32/sirefef.an exe C Program Files Common Files Microsoft Shared Windows Live WLIDSvcM exe C Program Files x ATI Technologies HydraVision HydraDM exe C Windows system SearchIndexer exe C Program Files x winsim ConnectionManager Simply SystemTrayIcon exe C Program Files x ATI Technologies ATI ACE Core-Static MOM exe C Program Files x ATI Technologies ATI ACE Core-Static CCC exe C Windows system svchost exe -k LocalServiceAndNoImpersonation C Windows System svchost exe -k secsvcs C Program Files Windows Media Player wmpnetwk exe C Windows system wuauclt exe C Windows System svchost exe -k LocalServicePeerNet C Windows system svchost exe -k NetworkServiceNetworkRestricted C Program Files x Mozilla Firefox firefox exe C Windows system wbem wmiprvse exe C Windows System cscript exe Pseudo HJT Report mWinlogon Userinit userinit exe BHO Adobe PDF Link Helper DF C-E AD- -A -FA C EBDC - C Program Files x Common Files Adobe Acrobat ActiveX AcroIEHelperShim dll BHO Spybot-S amp D IE Protection - F - D - - D F - C Program Files x Spybot - Search amp Destroy SDHelper dll BHO Java Plug-In SSV Helper BB-D F - C-B EB-D DAF D D - C Program Files x Java jre bin ssv dll BHO Windows Live ID Sign-in Helper D - C - ABF- ECC- C - C Program Files x Common Files Microsoft Shared Windows Live WindowsLiveLogin dll BHO Java Plug-In SSV Helper DBC -A - b-BC - C C C A - C Program Files x Java jre bin jp ssv dll uRun HydraVisionDesktopManager C Program Files x ATI Technologies HydraVision HydraDM exe mRun ConnectionManager C Program Files x Winsim ConnectionManager Simply SystemTrayIcon exe mRun StartCCC C Program Files x ATI Technologies ATI ACE Core-Static CLIStart exe MSRun mPolicies-Explorer NoActiveDesktop dword mPolicies-Explorer NoActiveDesktopChanges dword mPolicies-System ConsentPromptBehaviorAdmin dword mPolicies-System ConsentPromptBehaviorUser dword mPolicies-System EnableUIADesktopToggle dword IE E amp xport to Microsoft Excel - C PROGRA MICROS OFFICE EXCEL EXE IE AD F C-ED - e -B D - B F A EF - C Program Files x PokerStars PokerStarsUpdate exe IE B - CC- C -B BE- C C A - FF E -CC A- E E-BF B- E D IE DFB A - F - C -A - CAB FD A - - F - D - - D F - C Program Files x Spybot - Search amp Destroy SDHelper dll INFO HKCU has more than listed domains If you wish to scan all of them select the 'Force scan all domains' option INFO HKLM has more than listed domains If you wish to scan all of them select the 'Force scan all domains' option DPF AD C - E- ... Read more

A:Infected with win32/sirefef.an

Hello BuickGuy I would like to welcome you to the Malware Removal section of the forum.Around here they call me Gringo and I will be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.-AdwCleaner-Please download AdwCleaner by Xplode onto your desktop.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click on Delete.Confirm each time with Ok.Your computer will be rebooted automatically. A text file will open after the restart.Please post the content of that logfile with your next answer.You can find the logfile at C:\AdwCleaner[S1].txt as well.-Junkware-Removal-Tool-Please download Junkware Removal Tool to your desktop.Shut down your protection software now to avoid potential conflicts.Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".The tool will open and start scanning your system.Please be patient as this can take a while to complete depending on your system's specifications.On completion, a log (JRT.txt) is saved to your desktop and will automatically open.Post the contents of JRT.txt into your next message.When they are complete let me have the two reports and let me know how things are running.Gringo

http://www.bleepingcomputer.com/forums/t/496207/infected-with-win32sirefefan/
Relevancy 54.61%

Hello win32/sirefef.er Infected with I m a noob to this forum but it s my last resort and I m at my wits end As stated above my desktop is infected with win sirefef er at least that is what AGV was saying I keep getting pop ups of the threat and I can t quarentine the virus a new window just pops up That s how it started I have read other threads Infected with win32/sirefef.er in this forum on posible cures but got nowhere with the procedures Now when I restart the computer AGV still pops up threat windows but it displays other trojan names Infected with win32/sirefef.er not the quot win sirefef er quot as it did originally did I am afraid the trojan is so deeply rooted I just turned off the computer and I am using my P O S Evo N v laptop to post here Infected with win32/sirefef.er The computer in question is a Medion running Windows Vista Home Premium SP I believe Any help would be appreciated

A:Infected with win32/sirefef.er

Hello and welcome. I moved this to the Am I Infected... please do these.Please click Start > Run, type inetcpl.cpl in the runbox and press enter.Click the Connections tab and click the LAN settings option.Verify if "Use a proxy..." is checked, if so, UNcheck it and click OK/OK to exit.>>>>>I'd like us to scan your machine with ESET OnlineScanHold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScanClick the button.For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)Click on to download the ESET Smart Installer. Save it to your desktop.Double click on the icon on your desktop.Check Click the button.Accept any security warnings from your browser.Under scan settings, check and check Remove found threats Click Advanced settings and select the following:Scan potentially unwanted applicationsScan for potentially unsafe applicationsEnable Anti-Stealth technologyESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.When the scan completes, push Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.Push the button.Push NOTE: In some instances if no malware is found there will be no log produced.>>>>>>>>>>>>>Reboot into Safe Mode with NetworkingHow to start Windows 7 in Safe Modeb]Run RKill[/b]....Download and Run RKillPlease download RKill by Grinler from one of the 4 links below and save it to your desktop.

Link 1
Link 2
Link 3
Link 4

Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
If nothing happens or if the tool does not run, please let me know in your next replyDo not reboot your computer after running rkill as the malware programs will start again. Or if rebooting is required run it again.If you continue having problems running rkill.com, you can download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead.>>>Please download TDSSKiller.zip and and extract it.Run TDSSKiller.exe. Click Start scan.When it is finished the utility outputs a list of detected objects with description.
The utility automatically selects an action (Cure or Delete) for malicious objects.
The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click ContinueLet reboot if needed and tell me if the tool needed a reboot.Click on Report and post the contents of the text file that will open.

Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log has a name like: TDSSKiller.Version_Date_Time_log.txt.If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these[/color] instructions. In some cases it may be necessary to redownload TDSSKiller and randomly rename it before downloading and saving to the computer.>>>Next run MBAM (MalwareBytes):Please download Malwarebytes Anti-Malware and save it to your desktop.Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.Malwarebytes may "make change... Read more

http://www.bleepingcomputer.com/forums/t/447153/infected-with-win32sirefefer/
Relevancy 54.61%

Slow performance and constant pop up by the default windows anti-virus -- DDS Ver - - - NTFS AMD Internet Explorer BrowserJavaVersion Run by Miguel at on - - Microsoft Windows Home Premium GMT - SP Windows Defender Enabled Trojan:Win32/Sirefef.AN Updated D DDC A- F- fae- E Trojan:Win32/Sirefef.AN -DA C ACF Running Processes C Windows system wininit exe C Windows system lsm exe C Windows system svchost exe -k DcomLaunch C Windows system svchost exe -k RPCSS C Windows System svchost exe -k LocalServiceNetworkRestricted C Windows System svchost exe -k LocalSystemNetworkRestricted C Windows system svchost exe -k netsvcs C Windows System DriverStore FileRepository stwrt inf amd neutral afc f cfedd Trojan:Win32/Sirefef.AN STacSV exe C Windows system svchost exe -k LocalService C Program Files Dell DellDock DockLogin exe C Windows system svchost exe -k NetworkService C Program Files Dell Dell Wireless WLAN Card WLTRYSVC EXE C Windows system WLANExt exe C Windows system conhost exe C Program Files Dell Dell Wireless WLAN Card bcmwltry exe C Windows System spoolsv exe C Windows system svchost exe -k LocalServiceNoNetwork C Windows system taskhost exe C Windows system Dwm exe C Program Files x Common Files Apple Mobile Device Support AppleMobileDeviceService exe C Windows Explorer EXE C Program Files x Bonjour mDNSResponder exe C Windows system svchost exe -k LocalServiceAndNoImpersonation C Windows SysWOW svchost exe -k hpdevmgmt C Program Files x HTC Internet Pass-Through PassThruSvr exe C Program Files x Microsoft Search Enhancement Pack SeaPort SeaPort exe C Program Files x Dell DataSafe Local Backup sftservice EXE C Program Files x SolidDocuments SolidPDFCreator SPC SolidPdfServicex exe C Windows system svchost exe -k imgsvc C Windows System svchost exe -k Trojan:Win32/Sirefef.AN secsvcs C Program Files x Intel Intel Matrix Storage Manager IAANTMon exe C Windows system svchost exe -k NetworkServiceNetworkRestricted C Program Files x Dell DataSafe Local Backup Toaster exe C Windows system wbem wmiprvse exe C Program Files DellTPad Apoint exe C Program Files IDT WDM sttray exe C Windows System igfxtray exe C Windows System hkcmd exe C Windows System igfxpers exe C Program Files Dell Dell Wireless WLAN Card WLTRAY EXE C Windows system igfxsrvc exe C Program Files DellTPad ApMsgFwd exe C Program Files DellTPad HidFind exe C Program Files DellTPad Apntex exe C Windows system conhost exe C Program Files Dell QuickSet quickset exe C Program Files x Intel Intel Matrix Storage Manager IAAnotif exe C Program Files Eraser Eraser exe C Program Files x CyberLink PowerDVD DX PDVDDXSrv exe C Program Files x Dell Webcam Dell Webcam Central WebcamDell exe C Program Files x Roxio Roxio Burn RoxioBurnLauncher exe C Program Files x Dell Support Center bin sprtcmd exe C Program Files x HP Digital Imaging bin HpqSRmon exe C Program Files x HP HP Software Update hpwuSchd exe C Program Files x Common Files Research In Motion USB Drivers RIMBBLaunchAgent exe C Program Files x HTC HTC Sync htcUPCTLoader exe C Windows system SearchIndexer exe C Program Files Windows Media Player wmpnetwk exe C Windows System svchost exe -k LocalServicePeerNet C Program Files x Dell Support Center bin sprtsvc exe C Windows servicing TrustedInstaller exe quot C Windows SysWOW svchost exe quot -k LocalServiceDns C Program Files x Mozilla Firefox firefox exe C Program Files x Mozilla Firefox plugin-container exe C Windows SysWOW Macromed Flash FlashPlayerPlugin exe C Windows SysWOW Macromed Flash FlashPlayerPlugin exe C Windows system SearchProtocolHost exe C Windows system SearchFilterHost exe C Windows system conhost exe C Windows system wbem wmiprvse exe C Windows System cscript exe Pseudo HJT Report mWinlogon Userinit userinit exe BHO HP Print Enhancer C E- - -BF - C - C Program Files x HP Digital Imaging Smart Web Printing hpswp printenhancer dll BHO Adobe PDF Link Helper DF C-E AD- -A -FA C EBDC - C Program Files x Common Files Adobe Acrobat ActiveX AcroIEHelperShim dll BH... Read more

A:Trojan:Win32/Sirefef.AN

Please do the following:

Download the appropriate version for your system of the Farbar Recovery Scan Tool and save it to a flash drive.
Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:Restart the computer.
As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
Use the arrow keys to select the Repair your computer menu item.
Choose your language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account and click Next.
To enter System Recovery Options by using Windows installation disc:Insert the installation disc.
Restart your computer.
If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
Click Repair your computer.
Choose your language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account an click Next.
On the System Recovery Options menu you will get the following options:Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

Select Command Prompt
In the command window type in notepad and press Enter.
The notepad opens. Under File menu select Open.
Select "Computer" and find your flash drive letter and close the notepad.
In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
The tool will start to run.
When the tool opens click Yes to the disclaimer.
Place a check next to List Drivers MD5 as well as the default check marks that are already there
Press Scan button.
FRST will let you know when the scan is complete and has written the FRST.txt to file, close out this message, then type the following into the search box:
services.exe
now press the search button
when the search is complete, search.txt will also be written to your USB
type exit and reboot the computer normally
please copy and paste both logs in your reply.(FRST.txt and Search.txt)

http://www.techsupportforum.com/forums/f100/trojan-win32-sirefef-an-671061.html
Relevancy 54.61%

Hi,

I recently visited the www.dailymotion.co.uk site and have been infected with the Trojan:Win32/sirefef.p.
My Avast instantly popped up saying it had blocked it, however it keeps popping up now. I have downloaded malwarebytes and done a full scan which found 4 bad files which i removed. However Avast still picks up on it.

I would appreciate any help with removing this.
Thanks
Tom

A:Trojan:Win32/sirefef.p

Hello and welcome.Please post the MBAM log.The log is automatically saved and can be viewed by clicking the Logs tab.Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.Please download TDSSKiller.zip and and extract it.Run TDSSKiller.exe. Click Start scan.When it is finished the utility outputs a list of detected objects with description.
The utility automatically selects an action (Cure or Delete) for malicious objects.
The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click ContinueLet reboot if needed and tell me if the tool needed a reboot.Click on Report and post the contents of the text file that will open.

Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log has a name like: TDSSKiller.Version_Date_Time_log.txt.If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these[/color] instructions. In some cases it may be necessary to redownload TDSSKiller and randomly rename it before downloading and saving to the computer.I'd like us to scan your machine with ESET OnlineScanHold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScanClick the button.For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)Click on to download the ESET Smart Installer. Save it to your desktop.Double click on the icon on your desktop.Check Click the button.Accept any security warnings from your browser.Under scan settings, check and check Remove found threats Click Advanced settings and select the following:Scan potentially unwanted applicationsScan for potentially unsafe applicationsEnable Anti-Stealth technologyESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.When the scan completes, push Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.Push the button.Push [color="#8B0000"]NOTE: In some instances if no malware is found there will be no log produced.

http://www.bleepingcomputer.com/forums/t/451990/trojanwin32sirefefp/
Relevancy 54.61%

I somehow got infected withe trojandropper Win sirefef b trojan It has disabled all my antivirus and prevents trojandropper:Win32/Sirefef.b any other ones I try to install from running Windows defender sees it removes it and then asks to restart but then I get the windows failed to start error and it ends up restoring itself but then the trojan is back When windows defender finds it and says that it s resources are a driver called NPFS Any time I try to run any antivirus or malware programs as an administrator a window pops up that says access to that path is not allowed I tried to run gmer and it displays for a second and then closed and then when I try to run trojandropper:Win32/Sirefef.b it again I get that same window Due to that I was unable to obtain a gmer log to post Attached are the DDS logsAny help would be much appreciated Thanks DDS logs DDS Ver - - - NTFSx Internet Explorer BrowserJavaVersion Run by BradyandLola at on - - Running Processes C Windows system wininit exe C Windows system lsm exe C Windows exe C Windows system SLsvc exe C Windows system WLANExt exe C Windows System spoolsv exe C Program Files Adobe Photoshop Elements PhotoshopElementsFileAgent exe C Windows system taskeng exe C Program Files Seagate SeagateManager Sync FreeAgentService exe C Program Files Common Files LightScribe LSSrvc exe C Program Files Motorola MotoHelper MotoHelperService exe C Program Files Common Files PC Tools sMonitor StartManSvc exe C Program Files SMINST BLService exe C Program Files CyberLink Shared files RichVideo exe C Windows system DRIVERS xaudio exe C Windows system Dwm exe C Windows Explorer EXE C Program Files Motorola MotoHelper MotoHelperAgent exe C Windows system taskeng exe C Program Files Uniblue RegistryBooster rbmonitor exe C Program Files Uniblue SpeedUpMyPC spmonitor exe C Program Files Uniblue DriverScanner dsmonitor exe C Windows system taskeng exe C Program Files Synaptics SynTP SynTPEnh exe C Windows system schtasks exe C Program Files Hewlett-Packard HP Wireless Assistant HPWAMain exe C Program Files Microsoft IntelliPoint ipoint exe C Program Files HP QuickPlay QPService exe C Program Files Seagate SeagateManager FreeAgent Status stxmenumgr exe C Program Files Common Files PC Tools sMonitor SSDMonitor exe C Program Files Sony PMB PMBVolumeWatcher exe C Windows System wpcumi exe C Program Files Common Files Research In Motion USB Drivers RIMBBLaunchAgent exe C Windows System hkcmd exe C Windows System igfxpers exe C Program Files ESET ESET NOD Antivirus egui exe C Program Files Windows Sidebar sidebar exe C Windows ehome ehtray exe C Program Files Verizon V CAST Media Manager V CAST Backup Scheduler exe C Program Files Windows Media Player wmpnscfg exe C Windows system igfxsrvc exe C Windows System mobsync exe C Windows system wbem wmiprvse exe C Windows ehome ehmsas exe C Program Files Hewlett-Packard Shared hpqwmiex exe C Program Files Windows Sidebar sidebar exe C Program Files Hewlett-Packard HP wireless Assistant WiFiMsg EXE C Program Files Windows Media Player wmpnetwk exe C Program Files Hewlett-Packard Shared HpqToaster exe C Windows system wbem wmiprvse exe C Windows system wbem WMIADAP EXE C Program Files Synaptics SynTP SynTPHelper exe C Windows system DllHost exe C Windows system DllHost exe C Users BradyandLola Desktop dds scr C Windows system rundll exe C Windows system svchost exe -k DcomLaunch C Windows system svchost exe -k rpcss C Windows System svchost exe -k secsvcs C Windows System svchost exe -k LocalServiceNetworkRestricted C Windows System svchost exe -k LocalSystemNetworkRestricted C Windows system svchost exe -k netsvcs C Windows system svchost exe -k GPSvcGroup C Windows system svchost exe -k LocalService C Windows system svchost exe -k NetworkService C Windows system svchost exe -k LocalServiceNoNetwork C Windows system svchost exe -k hpdevmgmt C Windows System svchost exe -k HPZ C Windows System svchost exe -k HPZ C Windows system svchost exe -k NetworkServiceNetworkRestric... Read more

A:trojandropper:Win32/Sirefef.b

this is the message I get when I try to run gmer " Windows cannot access the specified device, path or file. You may not have the appropriate permissions to access the item. I get that same error when I try to run any antivirus or anti malware program. i have tried eset nod32, A Squared, malwarea antimalware and super anti spyware and my mcafee provided by my isp, cox.

http://www.bleepingcomputer.com/forums/t/420760/trojandropperwin32sirefefb/
Relevancy 54.61%

Windows detected this and my computer has been running very slowly Here are my logs Logfile of Trend Micro HijackThis v Scan saved at AM on Platform Windows SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C Program Files x Intel Intel R Rapid Storage Technology IAStorIcon exe C Program Files x OpenOffice org program soffice exe C trojan:win32/sirefef.AN Program Files x OpenOffice org program soffice bin C Program Files x Sony ISB Utility ISBMgr exe trojan:win32/sirefef.AN C Program Files x Sony PMB PMBVolumeWatcher exe C Program Files x AVG Secure Search vprot exe C Program Files x Epson Software Event Manager EEventManager exe C Program Files x iTunes iTunesHelper exe C Program Files x Common Files Java Java Update jusched exe C Program Files Sony VAIO Care listener exe C Program Files x DDNi Oasis VAIO Messenger exe C Program Files x Mozilla Firefox firefox exe C Program Files x Internet Explorer IELowutil exe C Program Files x Mozilla Firefox plugin-container exe C Windows SysWOW Macromed Flash FlashPlayerPlugin exe C Windows SysWOW Macromed Flash FlashPlayerPlugin exe C Users AddyDoll Downloads HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Default Page URL http sony msn com R - HKCU Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Explorer Main Start Page http isearch avg com cid EA CB - C - C - B- BF B F amp mid a fae a d ad a cd a bd- de a f bd ab f a e b cf a b amp lang en amp ds ft amp pr sa amp d - - amp v amp sap hp R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Search SearchAssistant R - HKLM Software Microsoft Internet Explorer Search CustomizeSearch R - HKLM Software Microsoft Internet Explorer Main Local Page C Windows SysWOW blank htm R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride local R - HKCU Software Microsoft Internet Explorer Toolbar LinksFolderName R - URLSearchHook uTorrentControl Toolbar - b - - a a- e - ee e - C Program Files x uTorrentControl prxtbuTor dll F - REG system ini UserInit userinit exe O - BHO AcroIEHelperStub - DF C-E AD- -A -FA C EBDC - C Program Files x Common Files Adobe Acrobat ActiveX AcroIEHelperShim dll O - BHO Norton Identity Protection - ADB E- AFF- - AA - DAC DFA - C Program Files x Norton Internet Security Engine coIEPlg dll O - BHO uTorrentControl - b - - a a- e - ee e - C Program Files x uTorrentControl prxtbuTor dll O - BHO Norton Vulnerability Protection - D EC - AAE- -AEEE-F F C - C Program Files x Norton Internet Security Engine IPS IPSBHO DLL O - BHO Java tm Plug-In SSV Helper - BB-D F - C-B EB-D DAF D D - C Program Files x Java jre bin ssv dll O - BHO Windows Live ID Sign-in Helper - D - C - ABF- ECC- C - C Program Files x Common Files Microsoft Shared Windows Live WindowsLiveLogin dll O - BHO AVG Security Toolbar - B C- C F- BF -B - A - C Program Files x AVG Secure Search AVG Secure Search toolbar dll O - BHO Bing Bar Helper - d ce e -f a- - e- dc f c f - quot C Program Files x Microsoft BingBar BingExt dll quot file missing O - BHO Java tm Plug-In SSV Helper - DBC -A - b-BC - C C C A - C Program Files x Java jre bin jp ssv dll O - Toolbar Bing Bar - dcb -df - - - fa b f - quot C Program Files x Microsoft BingBar BingExt dll quot file missing O - Toolbar Norton Toolbar - FEBEFE - B - - D -FFB D B CA - C Program Files x Norton Internet Security Engine coIEPlg dll O - Toolbar AVG Security Toolbar - B C- C F- BF -B - A - C Program Files x AVG Secure Search AVG Secure Search toolbar dll O - Toolbar uTorrentControl Toolbar -... Read more

Relevancy 54.61%

I recently did a scan of my C drive with Eset Smart Security and received a notice stating that I had a trojan that could not be cleaned called win32/Sirefef.FC in C:\Windows\system32\services.exe. I did a search of this and came across this site so I thought I would post and see if you could help.

Thanks,
Shane

A:win32/Sirefef.FC trojan

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster. NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer. NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will appear Click OKDeFogger may ask you to reboot the machine, if it does - click OKDo not re-enable these drivers until otherwise instructed.Security CheckDownload Security Check by screen317 from here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt; please post the contents of that document.Download DDS:Please download DDS by sUBs from one of the links below and save it to your desktop:
Download DDS and save it to your desktop

Link1
Link2
Link3

Please disable any anti-malware program that will block scripts from running before running DDS.

Double-Click on dds.scr and a command window will appear. This is normal.Shortly after two logs will appear:
DDS.txt Attach.txtA window will open instructing you save & post the logsSave the logs to a convenient place such as your desktopCopy the contents of both logs & post in your next replyinformation and logs:In your next post I need the following

.logs from DDSlet me know of any problems you may have hadGringo

http://www.bleepingcomputer.com/forums/t/460839/win32sirefeffc-trojan/
Relevancy 54.61%

I have an infection, detected by Microsoft Security Essentials, of Trojan:Win32/Sirefef.AG and Trojan:Win32/Sirefef.I

I have bbeen unsuccessful in removing this infection. Can you help?
Estelle
PS this infection is supposed in this file: C:\WINDOWS\Installer\{c9895293-dd75-a99b-8995-cba2d2461db3}\U\[email protected] But it cannot be found on my system.
@myrti in IRC told me to post this question in this forum.

A:Trojan:Win32/Sirefef.AG

Hi eclark53,please create a log with DDS (if you can) and post it here:Please run a scan with DDS: Download DDS by sUBs from one of the following links. Save it to your desktop.
DDS.scr
DDS.pif
Double click on the DDS icon, allow it to run. A small box will open, with an explanation about the tool. No input is needed, the scan is running. Notepad will open with the results, click no to the Optional_Scan Follow the instructions that pop up for posting the results. Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.Information on A/V control HEREDo you have a 32bit or a 64bit OS?regards myrti

http://www.bleepingcomputer.com/forums/t/454015/trojanwin32sirefefag/
Relevancy 54.61%

I have a laptop that is infected with malware, I was able to delete most of it using adaware cleaner but when I run windows defender a pesty win32/sirefef pops up and I delete it and  it comes back.   The computer is running extremely slow to do anything and Im afraid its because of this ...

A:win32/sirefef virus

Hi there,my name is Marius and I will assist you with your malware related problems.Before we move on, please read the following points carefully.First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.Perform everything in the correct order. Sometimes one step requires the previous one.If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.Important: To help me reviewing your logs, please post them in code boxes. You can create them by clicking on the <>-symbol on top of the reply window.    HijackThis is not the preferred initial scanning tool in this forum. With today's malware, a more comprehensive set of logs is required to determine the presence of malware.    Scan with FRST in normal modePlease download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties) Run FRST.Don´t change one of the checkboxes and hit Scan.Logfiles are created on your desktop.Poste the FRST.txt and (after the first scan only!) the Addition.txt.     Scan with aswMBRPlease download aswMBR ( 4.5MB ) to your desktop.Double click the aswMBR.exe icon, and click Run.There will be a short delay before the next dialog box comes up. Please just wait a minute or two.When asked if you'd like to "download the latest Avast! virus definitions", click Yes.Typically this is about a 100MB download so depending on your connection speed it can take a short while to download and become ready.Click the Scan button to start the scan once the update has finished downloadingOn completion of the scan, click the save log button, save it to your desktop, then copy and paste it in your next reply.Note: There will also be a file on your desktop named MBR.dat do not delete this for now. It is an actual backup of the MBR (master boot record).

http://www.bleepingcomputer.com/forums/t/548137/win32sirefef-virus/
Relevancy 54.61%

Computer had been acting funny lately so I updated and ran MSE. MSE found the threat, but before I was able to remove and restart the pc I kept getting the error message "windows has encountered a critical problem and will restart automatically in one minute"Every time I restart the machine it keeps throwing up the same error even in safe mode. I can't run any programs long enough to post any logs, please help

A:I am infected by Win32/Sirefef

Let me ask a malware response team member to assist you

good luck

http://www.bleepingcomputer.com/forums/t/463924/i-am-infected-by-win32sirefef/
Relevancy 54.61%

So I m getting some weird activity on my pc Trojan:Win32/Sirefef please Help Random reboots Browser redirection and inability to click some links or download some protection tools etc I ve read the sticky and here are my Trojan:Win32/Sirefef Help please posts I m pretty certain my pc is relatively unclean as it is but I d like to get rid of this Trojan before I address other issues Thank you for reading and any help you can provide S Logfile of Trend Micro HijackThis v Scan saved at AM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system csrss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS system svchost exe c Program Files Microsoft Security Client MsMpEng exe C WINDOWS System svchost exe C WINDOWS system svchost exe C WINDOWS system svchost exe C WINDOWS Explorer EXE C WINDOWS system spoolsv exe C WINDOWS system Rundll exe C Program Files Sony PMB PMBVolumeWatcher exe C Program Files Common Files Java Java Update jusched exe C WINDOWS system RunDLL exe C Program Files Microsoft Security Client msseces exe C Program Files Messenger msmsgs exe C WINDOWS system ctfmon exe C Program Files Common Files Ahead Lib NMBgMonitor exe C WINDOWS system Rundll exe C Program Files SUPERAntiSpyware SUPERAntiSpyware exe C Program Files D-Link SharePort Utility Connect exe C WINDOWS system svchost exe C Program Files SUPERAntiSpyware SASCORE EXE C Program Files Oracle JavaFX Runtime bin jqs exe C WINDOWS system nvsvc exe C Program Files NVIDIA Corporation NVIDIA Update Core daemonu exe C Program Files Sony PMB PMBDeviceInfoProvider exe C WINDOWS system wuauclt exe C Program Files Common Files Ahead Lib NMIndexingService exe C Program Files Common Files Ahead Lib NMIndexStoreSvr exe C WINDOWS System svchost exe C Program Files Mozilla Firefox firefox exe C Program Files Mozilla Firefox plugin-container exe C WINDOWS system wbem wmiprvse exe c Program Files Microsoft Security Client MpCmdRun exe C Documents and Settings Steven Duncan Desktop HijackThis exe C WINDOWS system wbem wmiprvse exe R - HKCU Software Microsoft Internet Explorer Main Start Page http www bing com pc Z amp form ZGAPHP O - BHO no name - D -C F - efb- B - ECA - no file O - BHO AcroIEHelperStub - DF C-E AD- -A -FA C EBDC - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelperShim dll O - BHO Java tm Plug-In SSV Helper - BB-D F - C-B EB-D DAF D D - C Program Files Oracle JavaFX Runtime bin ssv dll O - BHO Java tm Plug-In SSV Helper - DBC -A - b-BC - C C C A - C Program Files Oracle JavaFX Runtime bin jp ssv dll O - HKLM Run JMB X IDE Setup C WINDOWS JM JMInsIDE exe O - HKLM Run X Raid Configurer C WINDOWS system JMRaidSetup exe boot O - HKLM Run P Helper Rundll SPIRun dll RunDLLEntry O - HKLM Run PMBVolumeWatcher C Program Files Sony PMB PMBVolumeWatcher exe O - HKLM Run NeroFilterCheck C Program Files Common Files Ahead Lib NeroCheck exe O - HKLM Run svcdotnet C WINDOWS svcdotnet svcdotnet exe O - HKLM Run Adobe Reader Speed Launcher quot C Program Files Adobe Reader Reader Reader sl exe quot O - HKLM Run Adobe ARM quot C Program Files Common Files Adobe ARM AdobeARM exe quot O - HKLM Run SunJavaUpdateSched quot C Program Files Common Files Java Java Update jusched exe quot O - HKLM Run NvCplDaemon RUNDLL EXE C WINDOWS system NvCpl dll NvStartup O - HKLM Run NvMediaCenter RunDLL exe NvMCTray dll NvTaskbarInit -login O - HKLM Run nwiz C Program Files NVIDIA Corporation nview nwiz exe installquiet O - HKLM Run MSC quot c Program Files Microsoft Security Client msseces exe quot -hide -runkey O - HKLM Run KernelFaultCheck systemroot system dumprep -k O - HKCU Run MSMSGS quot C Program Files Messenger msmsgs exe quot background O - HKCU Run Weather C Program Files AWS WeatherBug Weather exe O - HKCU Run ctfmon exe C WINDOWS system ctfmon exe O - HKCU Run Steam quot C Program Files Steam Steam exe quot -sil... Read more

Relevancy 54.61%

Windows Defender saysTrojanDropper Win Sirefef BI ran Spybot Search TrojanDropper:Win32/Sirefef.B amp Destroy Adaware Malwarebytes Hitman Pro TDSSKiller TrendMicro Housecall None detected trojan Fixed a bunch of tracking cookies Google search and Yahoo search are redirecting using IE and Firefox They do not redirect using Chrome Toshiba laptop L -S Windows OS NameMicrosoft Windows Home PremiumVersion Build Other OS Description Not AvailableOS ManufacturerMicrosoft CorporationSystem NameTASHA-PCSystem ManufacturerTOSHIBASystem ModelSatellite L System TypeX -based PCProcessorIntel reg Celeron reg CPU GHz Mhz Core s Logical Processor s BIOS Version DateTOSHIBA V SMBIOS Version Ran Defogger None detected Ran DDS - it locked up and didn t complete Having lots of trouble with your bleeping site Registration issues email etc From Mail Delivery Subsystem lt MAILER-DAEMON aol com gt To xxxSent Sun May pmSubject Returned mail see transcript for detailsThe original message was received at Sun May - from mtaomg-ma r mx aol com TrojanDropper:Win32/Sirefef.B ATTENTION Your e-mail is being returned to you because there was a problem with itsdelivery The address which was undeliverable is listed in the sectionlabeled quot ----- The following addresses had permanent fatal errors ----- quot The reason your mail is being returned to you is listed in the sectionlabeled quot ----- Transcript of Session Follows ----- quot The line beginning with quot lt lt lt quot describes the specific reason your e-mail couldnot be delivered The next line contains a second error message which is ageneral translation for other e-mail servers Please direct further questions regarding this message to the e-mailadministrator or Postmaster at that destination --AOL Postmaster ----- The following addresses had permanent fatal errors ----- lt bleep bleepingcomputer com gt reason - The email account that you tried to reach does not exist Please try ----- Transcript of session follows ----- while talking to aspmx l google com gt gt gt DATA lt lt lt - The email account that you tried to reach does not exist Please try lt lt lt - double-checking the recipient s email address for typos or lt lt lt - unnecessary spaces Learn more at lt lt lt http mail google com support bin answer py answer dn si qcb lt bleep bleepingcomputer com gt User unknown lt lt lt RCPT first dn si qcb -----Original Message-----From xxxTo bleep lt bleep bleepingcomputer com gt Sent Sun May pmSubject Error on the forums jpminis TrojanDropper Win Sirefef BCan not register Getting errors on all attempts We could not find the validation request you are attempting to verify http www bleepingcomputer com forums index php app core amp module global amp section register amp do It will ask you for a user id number and your validation key These are shownbelow User ID Validation Key c aaa f e eaee ef e We could not find the validation request you are attempting to verify jpminisAlso DDS command prompt is hanging will not end and will not exit EDIT Posts merged Budapest

A:TrojanDropper:Win32/Sirefef.B

Hello and welcome to the forums!My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)
Because of this, you must reply within three days failure to reply will result in the topic being closed!
Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.____________________________________________________Rootkit UnHooker (RkU)Please download Rootkit Unhooker from one of the following links and save it to your desktop.Link 1 (.exe file)Link 2 (zipped file)Link 3 (.rar file)In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can downlaod, install and use the free 7-zip utility.Double-click on RKUnhookerLE.exe to start the program.
Vista/Windows 7 users right-click and select Run As Administrator.Click the Report tab, then click Scan.Check Drivers, Stealth Code, and uncheck the rest.Click OK.Wait until it's finished and then go to File > Save Report.Save the report to your Desktop.Copy and paste the contents of the report into your next reply.-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".NEXT:Running OTLWe need to create a FULL OTL ReportPlease download OTL from here:
Main MirrorMirrorSave it to your desktop.Double click on the i... Read more

http://www.bleepingcomputer.com/forums/t/400505/trojandropperwin32sirefefb/
Relevancy 54.61%

Hey guys I'm Sayak and I'm currently residing with Win32/Sirefef.gen!C Infected in Infected with Win32/Sirefef.gen!C the US My company sent me here from India to work for a client Obviously they spent a lot on me so the fact that uninterrupted work is more important to them on anything else goes without saying After a rough day at work I got my hands on a video that wouldn't play Frustrated I Infected with Win32/Sirefef.gen!C did two things I never do Installed something on my work laptop and Got that installer off the internet It was supposed to be a codec pack Turned out Infected with Win32/Sirefef.gen!C to be packed with a ZeroAccess RootKit program - pleasant surprise Now I wasn't completely insane I did scan it before running but the geniuses at my office have shoved Symantec Endpoint Security down our throats - which is as effective as a potato I started noticing that SSL sites stopped opening in Chrome so I quickly did some research downloaded MS Security Essentials and managed to kill the virus Or so I thought I could no longer use the internet on my laptop After hours of reading surprisingly accurate threads on the forum on my phone btw and it was so tedious thanks to the awesome codec pack that I installed I finally managed to get everything up and running So thanks to you guys at bleeping computer I am not losing my job Kudos guys you made my day Sayak

A:Infected with Win32/Sirefef.gen!C

I, along with many other bleepin members here are honored, and feel warm and fuzzy that we've been able to help another person in our quest to slay all bugs and foibles that plague us computer users. ~Zestypanda

http://www.bleepingcomputer.com/forums/t/498975/infected-with-win32sirefefgenc/
Relevancy 54.61%

Tech Support Guy System Info Utility version OS Version Microsoft Windows Home Premium Service Pack bit Processor Intel R Core TM Duo CPU T GHz x Family Model Stepping Processor Count RAM Mb Graphics Card Mobile Intel R Series Express Chipset Family Mb Hard Drives C Total - MB Free - MB D Total - MB Free - MB Motherboard ASUSTeK Computer Inc K IJ Antivirus avast Antivirus Updated and Enabled Logfile of Trend Micro HijackThis with win32:sirefef-AII[Rtk] Infected v Scan saved at on Platform Windows SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C Windows system Infected with win32:sirefef-AII[Rtk] Dwm exe C Windows Explorer EXE C Windows system taskhost exe C Windows System hkcmd exe C Windows System igfxpers exe C Program Files AVAST Software Avast AvastUI exe C Program Files Common Files Apple Internet Services ubd exe C Program Files Spybot - Search amp Destroy TeaTimer exe C Program Files Common Files Apple Apple Application Support distnoted exe C Windows system conhost exe C Program Files Internet Explorer iexplore exe C Program Files Internet Explorer iexplore exe C Windows system Macromed Flash FlashUtil ActiveX exe C Program Files Internet Explorer iexplore exe C Program Files Trend Micro HiJackThis HiJackThis exe R - HKCU Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKCU Software Infected with win32:sirefef-AII[Rtk] Microsoft Internet Explorer Main Start Page Infected with win32:sirefef-AII[Rtk] http www trialscentral com R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Search SearchAssistant R - HKLM Software Microsoft Internet Explorer Search CustomizeSearch R - HKCU Software Microsoft Internet Explorer Toolbar LinksFolderName O - BHO no name - D -C F - efb- B - ECA - no file O - BHO AcroIEHelperStub - DF C-E AD- -A -FA C EBDC - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelperShim dll O - BHO Spybot-S amp D IE Protection - - F - D - - D F - C PROGRA SPYBOT SDHelper dll O - BHO avast WebRep - E E -AD D- bf-AC D-D F D - C Program Files AVAST Software Avast aswWebRepIE dll O - BHO Java tm Plug-In SSV Helper - DBC -A - b-BC - C C C A - C Program Files Java jre bin jp ssv dll O - Toolbar avast WebRep - E E -AD D- bf-AC D-D F D - C Program Files AVAST Software Avast aswWebRepIE dll O - HKLM Run AppleSyncNotifier C Program Files Common Files Apple Mobile Device Support AppleSyncNotifier exe O - HKLM Run IgfxTray C Windows system igfxtray exe O - HKLM Run HotKeysCmds C Windows system hkcmd exe O - HKLM Run Persistence C Windows system igfxpers exe O - HKLM Run Adobe ARM quot C Program Files Common Files Adobe ARM AdobeARM exe quot O - HKLM Run APSDaemon quot C Program Files Common Files Apple Apple Application Support APSDaemon exe quot O - HKLM Run avast quot C Program Files AVAST Software Avast avastUI exe quot nogui O - HKCU Run Google Update quot C Users Norman AppData Local Google Update GoogleUpdate exe quot c O - HKCU Run MobileDocuments C Program Files Common Files Apple Internet Services ubd exe O - HKCU Run SpybotSD TeaTimer C Program Files Spybot - Search amp Destroy TeaTimer exe O - HKUS S- - - Run Sidebar ProgramFiles Windows Sidebar Sidebar exe autoRun User LOCAL SERVICE O - HKUS S- - - RunOnce mctadmin C Windows System mctadmin exe User LOCAL SERVICE O - HKUS S- - - Run Sidebar ProgramFiles Windows Sidebar Sidebar exe autoRun User NETWORK SERVICE O - HKUS S- - - RunOnce mctadmin C Windows System mctadmin exe User NETWORK SERVICE O - Extra button no name - DFB A - F - C -A - CAB FD A - C PROGRA SPYBOT SDHelper dll O - Extra Tools menuitem Spybot - Search amp Destroy Configuration - DFB A - F - C -A - CAB FD A - C PROGRA SPYBOT SDHelper dll O - Options group ACCELERATED GRAPHICS Accelerated graphics O - DPF D B C - - - - EC D F a... Read more

Relevancy 54.61%

On my personal computer (Windows XP Home), Microsoft Security Essentials is finding a trojan win32/sirefef.ag. However, after removal, the trojan shows up again. Malware AntiMalware Bytes does not find the trojan. I have tried running EmiSoft, but can not download the latest updates.

I have also tried all 3 programs in Windows safe mode to no avail. Any suggestions?

A:Trojan win32/sirefef.AG

Hello and Welcome to Bleeping Computer!!My name is Gringo and I'll be glad to help you with your computer problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster. NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer. NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.DeFogger:Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will appear Click OKDeFogger may ask you to reboot the machine, if it does - click OKDo not re-enable these drivers until otherwise instructed.Security CheckDownload Security Check by screen317 from here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt; please post the contents of that document.Download DDS:Please download DDS by sUBs from one of the links below and save it to your desktop:
Download DDS and save it to your desktop

Link1
Link2
Link3

Please disable any anti-malware program that will block scripts from running before running DDS.

Double-Click on dds.scr and a command window will appear. This is normal.Shortly after two logs will appear:
DDS.txt Attach.txtA window will open instructing you save & post the logsSave the logs to a convenient place such as your desktopCopy the contents of both logs & post in your next replyinformation and logs:In your next post I need the following

.logs from DDSlet me know of any problems you may have hadGringo

http://www.bleepingcomputer.com/forums/t/454612/trojan-win32sirefefag/
Relevancy 54.61%

Hello,
Our son downloaded something on our laptop, that has affected our OS Winxp. Our AV Eset cannot run and when I looked into the logs report, it shows that the laptop is infected with win32/Sirefef.CT trojan.

I tried running the eset scan with no success.

We would appreciate your assistance. Thank you.
James

A:Win32/Sirefef.CT trojan

Attached files as per your online instructions:

DDST.txt pasted and attach.zip and ark.txt are attached.

I have an original XP install CD.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
Run by matthewjackson at 13:21:11 on 2011-10-15
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1602 [GMT -7:00]
.
AV: ESET Smart Security 4.2 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
svchost.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\USB LOCK AP\klpsrvc.exe
C:\WINDOWS\system32\PrintCtrl.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
"C:\Program Files\USB LOCK AP\svchost.exe"
C:\WINDOWS\system32\WebUpdateSvc4.exe
C:\Program Files\Acronis\DiskDirector\OSS\reinstall_svc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\PrintDisp.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Evernote\Evernote\EvernoteClipper.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\JGsoft\EditPadPro6\EditPadPro.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://startpage.com/
uInternet Settings,ProxyServer = http=;ftp=;https=;
uInternet Settings,ProxyOverride = *.local
uWinlogon: Shell=c:\documents and settings\matthewjackson\local settings\application data\d2a46fdd\X
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 9\SnagitBHO.dll
BHO: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - No File
BHO: FGCatchUrl: {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - c:\program files\flashget\jccatch.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - d:\progra~1\spybot~1\SDHelper.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: FlashGet GetFlash Class: {f156768e-81ef-470c-9057-481ba8380dba} - c:\program files\flashget\getflash.dll
TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 9\SnagitIEAddin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: ZoneAlarm Toolbar: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [<NO NAME>]
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz... Read more

http://www.techsupportforum.com/forums/f100/win32-sirefef-ct-trojan-606466.html
Relevancy 54.61%

Hello,
my system got affected with a trojan and now I tried all the ways on help online but notting seem to help, if anyone can help me in resolving this issue it would be great. here is the error that I am getting.
ESET Smart Security 5

Alert
Threat found

Object: c:\windows\system32\services.exe
Threat: win32/sirefef.FC trojan

Event occoured during an attempt to access the file by the

application:c:\windows\system32\svchost.exe.

delete
the object contaons a possible threat for your system. This

option will remove the object from your system.

No action- Not recomended
Despite a potential threat, the object will not be cleaned or

deleted and willpresist in the system.

error while deleting.

A:win32/sirefef.FC trojan

what operating system are you using?

http://www.bleepingcomputer.com/forums/t/482518/win32sirefeffc-trojan/
Relevancy 54.61%

Hi After downloading an audio codec my Avast anti virus has ben popping up every minutes or so to say Win sirefef-PL blocked and Win & Trojan-Gen ZT, Win32:\sirefef-PL sirefef-ZT blocked I Have since done a quick scan full system scan and boot time scan with Avast but when i tried to delete move to virus chest or fix these problems the following came up Win sirefef-PL - Error the system could Win32:\sirefef-PL & ZT, Trojan-Gen not find the file specified File name C Windows system services exe Win Win32:\sirefef-PL & ZT, Trojan-Gen sirefef-ZT - Error the process cannot access the file because it is being used by another process File name C Windows assembly GAC desktop ini This happened in the normal scan and the boot time scan I have located services exe and cannot delete the file or find it in the processes tab of task manager in order to end the process and have found a desktop ini but in a different address path and a file scan didn t show any infection I have also done a scan with Malwarebytes and have attached the log to this post I did a second scan which showed no threat even though i m still getting notifications from Avast I don t know if my personal information is at risk as Avast is blocking the attempts but my computer also seems to have slowed significantly too Any help advice with this problem would be greatly appreciated as i have spent nights trying all sorts to remove these Thanks in advance

A:Win32:\sirefef-PL & ZT, Trojan-Gen

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your malware problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer. NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.I need to get some reports to get a base to start from so I need you to run these programs first.-DeFogger-Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will appear Click OKDeFogger may ask you to reboot the machine, if it does - click OKDo not re-enable these drivers until otherwise instructed.-Security Check-Download Security Check by screen317 from here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt; please post the contents of that document.-Download DDS-Please download DDS from one of the links below and save it to your desktop:
Download DDS and save it to your desktop

Link1
Link2
Link3
Double-Click on dds.scr and a command window will appear. This is normal.Shortly after two logs will appear:
DDS.txt Attach.txtA window will open instructing you save & post the logsSave the logs to a convenient place such as your desktopCopy the contents of both logs & post in your next replyinformation and logsIn your next post I need the following

both reports from DDS report from security checklet me know of any problems you may have hadGringo

http://www.bleepingcomputer.com/forums/t/474660/win32sirefef-pl-zt-trojan-gen/
Relevancy 54.61%

Hi ive been infected by a virus/trojan that i cant remove by myself. Windows defender detects it as "Trojan:Win32/Sirefef.G" but is unable to remove it, computer freezes when i try. If im correct this is a trojan that can be used to install other virus on your computer? I run malwarebytes every time i start the computer and it always finds a "Trojan.Agent.Max" that i remove but it comes right back. The computer works as normal except for a few programs that wont start.
Any help would be much appriciated

A:infected by win32/Sirefef.G

When you did a virus scan does it show where the file is located?
If it does save that directory in notepad.
What operating system are you running? I'm using windows xp for example,
On start up press F8 and boot into safe mode.
Go to my computer click on tools then folder options,
go to view then hidden files and folders & click on show hidden files.
When u found the file delete it then do a virus scan in safe mode.

Hope it works for u =)

http://www.bleepingcomputer.com/forums/t/393713/infected-by-win32sirefefg/
Relevancy 54.61%

Hi guys
Think i'm infected with rootkit.win32.sirefef on my Windows Vista
It's making my computer annoyingly slow and i'm pretty sure disabling my normal virus scanner.
I've tried finding the virus in my task manager processes but cannot and i have tried several steps on the internet and none have worked so far.
I've also tried downloading some virus scanners in hope they'd help me delete but also, nothings work.

If anyone can help me it would be greatly appreciated.
Thanks

A:rootkit.win32.sirefef

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

We want all our members to perform the steps outlined here:

NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help - Tech Support Forum

After running through all the steps, you shall have a proper set of logs. Please post/attach the logs in your next reply.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

------------------------------------------------------

http://www.techsupportforum.com/forums/f284/rootkit-win32-sirefef-611564.html
Relevancy 54.61%

Hello there
back again after being away.
after running windows essentials on a full scan it picked up this Trogen:Win32/Sirefef!cfg and classed it as severe.
The recommended action was removal and was successfully applied.
I that the end of it?
how did I get it, or how did it get in?
Is there anything else I can do?
I thank you for any help in advance.

A:Trogen:win32/Sirefef!cfg

Hello,I will be helping you with your problems. Please be patient while I assist you.Some points for you to keep in mind while I am helping you to make things go easier and faster for both of us Please do NOT run, install or uninstall any programs, unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability. Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post. Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process. Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.----------------------------------------------Please do the following:Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!Double-click on TDSSKiller.exe on your desktop to run the tool for known TDSS variants.
Vista/Windows 7 users right-click and select Run As Administrator.If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.Click on change parametersUnder Objects to scan, check the box next to Loaded modulesIf you are asked to reboot, then click Yes.NextCheck the boxes next to Loaded modules, Verify file digital signatures, Detect TDLFS file system, then click OK.Click the Start Scan button.Do not use the computer during the scanIf the scan completes with nothing found, click Close to exit.If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
Note: If Cure is not an option, Skip instead, do NOT choose Delete or Quarantine unless instructed.A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).Copy and paste the full contents of that file in your next reply.Download Security Check by screen317 from here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automati... Read more

http://www.bleepingcomputer.com/forums/t/467979/trogenwin32sirefefcfg/
Relevancy 54.61%

Hi I would welcome any help that can be provided as my PC has contracted a big problem - When using google in browsers the search terms redirect to ad sites While loading the term quot colossalsearch com loading quot or similar appears in the browser - All anti-virus software programs have Trojan:Win32/Sirefef.O been affected AVG no longer works the trojan appears to have disabled the program I ve tried to download again and install but it cannot install Malwarebytes only works in safe mode I ve tried to download avast free software but this does not work - Spybot works and identifies about files which I keep removing but they come back Trojan:Win32/Sirefef.O - PC has gone extremely slow - Windows defender identified the virus as quot Trojan Win Sirefef O quot - I tried to run GMER as instructed and it loaded but when I Trojan:Win32/Sirefef.O tried to scan it seemed to disappear When I tried to run again it came up with the message quot Windows cannot access the specified device path or file You may not have appropriate permissions to access the item quot - I m currently in safe mode with networking -Logs attached below Thanks in advance for any help DDS Ver - - - NTFSx NETWORK Internet Explorer BrowserJavaVersion Run by Mark at on - - Microsoft Windows Vista Home Premium GMT SP Windows Defender Enabled Updated D DDC A- F- fae- E -DA C ACF SP Lavasoft Ad-Watch Live Disabled Updated CDFD D- CAC- -C FC- ACB B Running Processes C Windows system wininit exe C Windows system lsm exe C Windows system svchost exe -k DcomLaunch C Windows system svchost exe -k rpcss C Windows System svchost exe -k secsvcs C Windows exe C Windows System svchost exe -k LocalServiceNetworkRestricted C Windows system svchost exe -k netsvcs C Windows System svchost exe -k LocalSystemNetworkRestricted C Windows system svchost exe -k NetworkService C Windows system svchost exe -k LocalService C Windows system svchost exe -k LocalServiceNoNetwork C Windows system svchost exe -k NetworkServiceNetworkRestricted C Windows Explorer EXE C Windows system wbem unsecapp exe C Windows system wbem wmiprvse exe C Program Files Mozilla Thunderbird thunderbird exe C Program Files Mozilla Firefox firefox exe C Users Beetle AppData Roaming Dropbox bin Dropbox exe C Windows explorer exe C Windows system DllHost exe C Windows system wbem wmiprvse exe Pseudo HJT Report uStart Page hxxp www google co uk ig dell hl en amp client dell-usuk amp channel uk amp ibd uWindow Title Internet Explorer provided by Dell uURLSearchHooks N A c - e c- be- fe- c b - c program files mywebfaceie w bar bin wSrcAs dll mURLSearchHooks H - No File BHO Adobe PDF Reader Link Helper e f-c d - d -b d- b d be b - c program files common files adobe acrobat activex AcroIEHelper dll BHO Search Assistant BHO d d- - cce- f- fd dd fc - c program files mywebfaceie w bar bin wSrcAs dll BHO AVG Safe Search ca f - f e- b -a e- e e c c - c program files avg avg avgssie dll BHO Spybot-S amp D IE Protection - f - d - - d f - c program files spybot - search amp destroy SDHelper dll BHO Groove GFS Browser Helper - c - d -b f - bbc d a e - c program files microsoft office office GrooveShellExtensions dll BHO avast WebRep e e -ad d- bf-ac d-d f d - c program files avast software avast aswWebRepIE dll BHO Skype Browser Helper ae - e c- ed - f b-f f a - c program files skype toolbars internet explorer skypeieplugin dll BHO Google Toolbar Notifier BHO af de - d - -b fa-ce b ad d - c program files google googletoolbarnotifier swg dll BHO Toolbar BHO c e db-debf- a - eef-a ebd cb - c progra mywebf bar bin wbar dll BHO CBrowserHelperObject Object ca c - b - e-a -a c db f - c program files dell bae BAE dll BHO Java Plug-In SSV Helper dbc -a - b-bc - c c c a - c program files java jre bin jp ssv dll TB CCC A -B CA- -B A - F DD - No File TB myWebFace dfa f - - a -ad a-c a cce eb - c program files mywebfaceie w bar bin wbar dll TB avast WebRep e e -ad d- bf-ac d-d f d - c program files avast software avast aswWebRepIE dll TB A A -B... Read more

A:Trojan:Win32/Sirefef.O

Hello and Welcome to the forums!My name is Gringo and I'll be glad to help you with your computer problems.Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Run Combofix:You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<Combofix may need to reboot your computer more than once to do its job this is normal.You can download Combofix from one of these links.Link 1Link 2Link 31. Close any open browsers or any other programs that are open.2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.Double click on combofix.exe & follow the prompts.When finished, it will produce a report for you. Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stallNote 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer"information and logs"In your next post I need the following
Log from Combofixlet me know of any problems you may have had
How is the computer doing now?Gringo

http://www.bleepingcomputer.com/forums/t/425227/trojanwin32sirefefo/
Relevancy 54.61%

I ended up with TROJAN WIN SIREFEF and TROJAN WIN SIREFEF AL and TROJAN WIN SIREFEF AQ on my pc probably from a bad website I have Microsoft Security Essentials running and it found them and quarantined them and I then deleted them Or so I thought I also have Malwarebytes installed the free version and when I ran it it also found trojans although TROJAN:WIN32/SIREFEF it didn t name them I still have those TROJAN:WIN32/SIREFEF logs When I run MS Security TROJAN:WIN32/SIREFEF Essentials now it says my pc is clean and Malwarebytes says the same thing However My Windows Firewall is now turned off I did not do that and I can t turn it back on When I try to TROJAN:WIN32/SIREFEF launch the Security Center through msconfig -- Tools I get a message saying that quot The Security Center is currently unavailable because the quot Security Center quot service has not started or was stopped Please close this window restart the computer or start the quot Security Center quot service and then open the Security Center again quot I tried all of that If I try to get to the Firewall through the Control Panel I get a message saying quot Due to an unidentified problem Windows cannot display Windows Firewall settings quot MS Security Essentials cannot receive updates When I try to I get this message quot Virus and spyware definitions update failed Security Essentials couldn t check for virus and spyware definition updates Check your Internet or network connection and try again Click Help for more information about this problem Error code x Error description Security Essentials couldn t install the definition updates Please try again later quot The weird thing is that behind that error message the bar that indicates progress moves about of the way before it stops I am able to uninstall MS Security Essentials and then download it from Microsoft again and that way get the definition updates but it still says my p c is clean I am also not able to obtain any Windows updates from Microsoft It complains about an unidentified error This may not be related but I have noticed that when I open Internet Explorer Citrix Receiver loads almost immediately When I stop it by right-clicking on the icon in my system tray bottom right hand corner of my screen and selecting quot Exit quot it comes back again within seconds I use Opera most of the time and it doesn t start in Opera I run XP Media Center Edition Windows SP Note that the ark txt that GMER produced is without quot Files quot I had to deselect quot Files quot because GMER ran just over hours and then my monitor went black and there was nothing I could do to bring it back I tried this twice PC is still running but the screen is completely black I see from the DDS txt that Rogers Online Protection Anti-Virus appears to be enabled I used to run that but deinstalled it a couple of years ago or so I thought DDS txt DDS Ver - - - NTFSx Internet Explorer Run by user at on - - Microsoft Windows XP Professional GMT - AV Rogers Online Protection Anti-Virus Enabled Updated B A BD - - -AEA -C BB B AV Microsoft Security Essentials Enabled Updated EDB FA - B - AFA- C D- CCA FW Rogers Online Protection Firewall Enabled Running Processes C WINDOWS system Ati evxx exe C WINDOWS system svchost -k DcomLaunch svchost exe C WINDOWS System svchost exe -k netsvcs C WINDOWS system svchost exe -k WudfServiceGroup svchost exe C WINDOWS system spoolsv exe svchost exe C WINDOWS System svchost exe -k Akamai C Program Files Computer Updater ComputerUp-daterService exe C WINDOWS eHome ehRecvr exe C WINDOWS eHome ehSched exe C Program Files Java jre bin jqs exe C WINDOWS system lxczcoms exe C Program Files CyberLink Shared Files RichVideo exe svchost exe c program files idt intelxpv v wdm STacSV exe C WINDOWS system svchost exe -k imgsvc C WINDOWS system dllhost exe C WINDOWS System svchost exe -k HTTPFilter C Program Files Microsoft Security Client MsMpEng exe C WINDOWS system Ati evxx exe C WINDOWS Explorer EXE C WINDOWS ehome ehtray exe ... Read more

A:TROJAN:WIN32/SIREFEF

Hello keeta, Welcome to Bleeping Computer.
My name is fireman4it and I will be helping you with your Malware problem.

Please take note of some guidelines for this fix:
Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

Finally, please reply using the ADD REPLY button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.1.Please download the latest version of TDSSKiller from here and save it to your Desktop.Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
Put a checkmark beside loaded modules.
A reboot will be needed to apply the changes. Do it.TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.Then click on Change parameters in TDSSKiller.Check all boxes then click OK.
Click the Start Scan button.
The scan should take no longer than 2 minutes.If a suspicious object is detected, the default action will be Skip, click on Continue.
If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.2.Install Recovery Console and Run ComboFixThis tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.Download Combofix from any of the links below, and save it to your desktop. Link 1Link 2 Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.Close any open windows, including this one.Double click on ComboFix.exe & follow the prompts.As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. If you did not have it installed, you will see the prompt below. Choose YES.Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.Note:The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help youshould your computer have a problem after an attempted removal of malware. It is a simple... Read more

http://www.bleepingcomputer.com/forums/t/471373/trojanwin32sirefef/
Relevancy 54.61%

Got the win sirefef fc virus a couple of days ago and cannot get rid of it Attached the Win32/sirefef.fc virus ark txt and attach txt log as instructed Sorry this is my first post but it definitely won t be my last DDS Ver - - - NTFSx Internet Explorer BrowserJavaVersion Win32/sirefef.fc virus Run by GerryPatty at on - - Running Processes Pseudo HJT Report uStart Page hxxp www yahoo com uWindow Title gt gt gt Full Speed Enabled lt lt lt uInternet Settings ProxyOverride local uURLSearchHooks H - No File BHO Adobe PDF Link Helper df c-e ad- -a -fa c ebdc - c program files common files adobe acrobat activex AcroIEHelperShim dll TB D C F- A- -A AD- D - No File TB -D C - - FA - E EAAC - No File TB D -D - -BAB -AB A - No File mRun APSDaemon quot c program files common files apple apple application support APSDaemon exe quot mRun Malwarebytes Anti-Malware quot c program files malwarebytes anti-malware mbamgui exe quot starttray uPolicies-explorer HideSCAHealth x mPolicies-explorer HideSCAHealth x mPolicies-system ConsentPromptBehaviorAdmin x mPolicies-system ConsentPromptBehaviorUser x mPolicies-system EnableLUA x mPolicies-system EnableUIADesktopToggle x mPolicies-system PromptOnSecureDesktop x LSP mswsock dll TCP DhcpNameServer TCP Interfaces EAEE D-DC - -B D -F A E B DhcpNameServer Handler grooveLocalGWS - FED C-F CA- -A - CB B CD - c program files microsoft office office GrooveSystemServices dll Notify SASWinLogon - c program files superantispyware SASWINLO DLL Notify igfxcui - igfxdev dll SEH Groove GFS Stub Execution Hook b a f -dda - -b ba- e cd - c program files microsoft office office GrooveShellExtensions dll SEH SABShellExecuteHook Class ae d - afb- e - a-ebb f a da - c program files superantispyware SASSEH DLL Hosts www spywareinfo com FIREFOX FF - ProfilePath - c users gerrypatty appdata roaming mozilla firefox profiles hv nd nw default FF - prefs js browser startup homepage - hxxp www yahoo com FF - prefs js keyword URL - hxxp www searchqu com web src ffb amp appid amp systemid amp sr amp q FF - prefs js network proxy http - FF - prefs js network proxy http port - FF - prefs js network proxy type - FF - component c users gerrypatty appdata roaming mozilla firefox profiles hv nd nw default extensions piclens cooliris com components coolirisstub dll FF - plugin c program files adobe acrobat acrobat air nppdf dll FF - plugin c program files adobe reader reader air nppdf dll FF - plugin c program files divx divx plus web player npdivx dll FF - plugin c program files google update npGoogleUpdate dll FF - plugin c program files google update npGoogleUpdate dll FF - plugin c program files google update npGoogleUpdate dll FF - plugin c program files java jre bin new plugin npdeployJava dll FF - plugin c program files mozilla firefox plugins npdeployJava dll FF - plugin c users gerrypatty appdata local google google earth plugin npgeplugin dll FF - plugin c users gerrypatty appdata local google update npGoogleUpdate dll FF - plugin c users gerrypatty appdata roaming mozilla plugins npgoogletalk dll FF - plugin c users gerrypatty appdata roaming mozilla plugins npgtpo dautoplugin dll FF - plugin c windows system macromed flash NPSWF dll ---- FIREFOX POLICIES ---- FF - user js general useragent extra brc - SERVICES DRIVERS File Associations txt Created Last - - -------- d-----w- c users gerrypatty appdata roaming GetRightToGo - - -------- d-sh--w- c windows system APPDATA - - -------- d-----w- c programdata PLAV - - -------- d-----w- c programdata ParetoLogic Anti-Virus PLUS - - -------- d-----w- c users gerrypatty appdata local F -D FE- E - -B AC F F - - -------- d-----w- c users gerrypatty appdata roaming PC Cleaners - - ----a-w- c windows uninst exe - - -------- d-----w- c users gerrypatty appdata roaming PCPro - - -------- d-----w- c programdata PC Data - - -------- d-----w- c users gerrypatty appdata local ElevatedDiagnostics Find M - - ----a-w- c windows system drivers mbam sys - - ----a-w- c windows system drivers avgntflt ... Read more

A:Win32/sirefef.fc virus

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster. NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer. NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.Security CheckDownload Security Check by screen317 from here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt; please post the contents of that document.Run Combofix:You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<Combofix may need to reboot your computer more than once to do its job this is normal.You can download Combofix from one of these links.Link 1Link 2Link 3 1. Close any open browsers or any other programs that are open.2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.Double click on combofix.exe & follow the prompts. When finished, it will produce a report for you. Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stallNote 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer"information and logs"In your next post I need the following
Log from Combofixlet me know of any problems you may have had
How is the computer doing now?Gringo

http://www.bleepingcomputer.com/forums/t/462883/win32sirefeffc-virus/
Relevancy 54.61%

Good Morning. I am having trouble trying to get this virus removed from my computer. I have been able to do virus removal in the past and have some experience with the regedit and msconfig. I have read what have worked for others and searched for the same files, but I dont seem to have those specific ones. Can you please help?

I'm running Windows 7 (64 Bit) and according to my Ad-Aware scans, I'm infected with "virus.win32.sirefe.r (v)" and I've also been having random Google redirects as well.

Thank you

A:Virus.Win32.Sirefef.r (v)

I'm sorry for the extra post, I am not trying to bump my topic. I am only adding the results from my ESET online scan. Thank you.

C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe a variant of Win32/Toolbar.Widgi application
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll a variant of Win32/Toolbar.Widgi application
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.10 a variant of Win32/Toolbar.Widgi application
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.11 a variant of Win32/Toolbar.Widgi application
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.12 a variant of Win32/Toolbar.Widgi application
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.13 a variant of Win32/Toolbar.Widgi application
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.14 a variant of Win32/Toolbar.Widgi application
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.15 a variant of Win32/Toolbar.Widgi application
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.5 a variant of Win32/Toolbar.Widgi application
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.6 a variant of Win32/Toolbar.Widgi application
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.7 a variant of Win32/Toolbar.Widgi application
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.8 a variant of Win32/Toolbar.Widgi application
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.9 a variant of Win32/Toolbar.Widgi application
C:\Program Files (x86)\YTD Toolbar\IE\6.2\ytdToolbarIE.dll a variant of Win32/Toolbar.Widgi application
C:\Qoobox\Quarantine\C\Program Files (x86)\FREEzeFrog\bin\1.0.672.0\FREEzeFrogSAHook.dll.vir probably a variant of Win32/Adware.180Solutions application
C:\Qoobox\Quarantine\C\Windows\Installer\{c23461dc-4bb3-e6e2-b450-7c97e8d7cf2b}\U\[email protected] Win64/Agent.BA trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{c23461dc-4bb3-e6e2-b450-7c97e8d7cf2b}\U\[email protected] Win64/Conedex.B trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{c23461dc-4bb3-e6e2-b450-7c97e8d7cf2b}\U\[email protected] Win64/Sirefef.AP trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{c23461dc-4bb3-e6e2-b450-7c97e8d7cf2b}\U\[email protected] a variant of Win32/Sirefef.FD trojan
C:\Users\Sammy-mobile\.frostwire5\updates\frostwire-5.3.6.windows.exe Win32/OpenCandy application
C:\Windows\winsxs\Temp\PendingDeletes\$$DeleteMe.services.exe.01cd79e532f0bd97.0000 Win64/Patched.B.Gen trojan
Operating memory a variant of Win32/Toolbar.Widgi application

http://www.bleepingcomputer.com/forums/t/465139/viruswin32sirefefr-v/
Relevancy 54.61%

Services seem to be consuming - minimum cpu usage on cores DDS Ver - - - NTFSAMD Internet Explorer BrowserJavaVersion Run by User at on - - Microsoft Windows Professional GMT - AV avast Antivirus Enabled Updated B D - B-D C - Win32:Sirefef-PL by Infected E- FE FC C SP avast Antivirus Enabled Updated CF - -DA - FCE-A D DFB SP Windows Defender Disabled Updated D DDC A- F- fae- E -DA C ACF Running Processes C Windows system wininit exe C Windows system lsm exe C Windows system svchost exe -k DcomLaunch C Windows system nvvsvc exe C Program Files x NVIDIA Corporation D Vision nvSCPAPISvr exe C Windows system svchost exe -k RPCSS C Windows System svchost exe -k LocalServiceNetworkRestricted C Windows System svchost exe -k LocalSystemNetworkRestricted C Windows system svchost exe -k netsvcs C Windows Infected by Win32:Sirefef-PL system svchost exe -k LocalService C Windows system svchost exe -k NetworkService C Program Files NVIDIA Corporation Infected by Win32:Sirefef-PL Display nvxdsync exe C Windows system nvvsvc exe C Program Files AVAST Software Avast AvastSvc exe C Windows system WLANExt exe C Windows system conhost exe C Windows system Dwm exe C Windows System spoolsv exe C Windows system taskhost exe C Windows Explorer EXE C Program Files x Common Files Adobe ARM armsvc exe C Program Files x Common Files Apple Mobile Device Support AppleMobileDeviceService exe C Program Files Bonjour mDNSResponder exe C Program Files WIDCOMM Bluetooth Software btwdins exe C Windows System svchost exe -k LocalServiceNoNetwork C Windows SysWOW svchost exe -k hpdevmgmt C Windows System svchost exe -k HPZ C Windows System svchost exe -k HPZ C Program Files x Microsoft Search Enhancement Pack SeaPort SeaPort exe C Program Files x Dell DataSafe Local Backup sftservice EXE C Windows system svchost exe -k imgsvc C Program Files x Belkin F D V wlansrv exe C Program Files Common Files Microsoft Shared Windows Live WLIDSVC EXE C Program Files x Intel Intel Matrix Storage Manager IAANTMon exe C Windows system svchost exe -k HPService C Program Files Common Files Microsoft Shared Windows Live WLIDSvcM exe C Windows system WUDFHost exe C Windows system wbem wmiprvse exe C Program Files Realtek Audio HDA RAVCpl exe C Program Files x Intel Intel Matrix Storage Manager IAAnotif exe C Program Files Microsoft IntelliPoint ipoint exe C Program Files x Spybot - Search amp Destroy TeaTimer exe C Program Files Windows Sidebar sidebar exe C Program Files WIDCOMM Bluetooth Software BTTray exe C Program Files x HP Digital Imaging bin hpqtra exe C Program Files x Belkin F D V PBN exe C Program Files NVIDIA Corporation Display nvtray exe C Windows system SearchIndexer exe C Program Files x CyberLink PowerDVD DX PDVDDXSrv exe C Program Files Windows Media Player wmpnetwk exe C Program Files x HP HP Software Update hpwuschd exe C Program Files AVAST Software Avast AvastUI exe C Program Files x Razer Nostromo RazerNostromoSysTray exe C Program Files x Razer Synapse RzSynapse exe C Program Files x n te n teHid exe C Program Files x iTunes iTunesHelper exe C Windows system svchost exe -k LocalServiceAndNoImpersonation C Program Files x Common Files Java Java Update jusched exe C Program Files x Malwarebytes Anti-Malware mbamgui exe C Program Files iPod bin iPodService exe C Windows SysWOW RunDll exe C Windows system taskeng exe C Windows System jusched exe C Program Files x Malwarebytes Anti-Malware mbamservice exe C Program Files x NVIDIA Corporation NVIDIA Update Core daemonu exe C Windows system svchost exe -k SDRSVC C Program Files x Mozilla Firefox firefox exe C Program Files x Mozilla Firefox plugin-container exe C Windows SysWOW Macromed Flash FlashPlayerPlugin exe C Windows SysWOW Macromed Flash FlashPlayerPlugin exe C R FWJFW License iexplore exe C Program Files x Mozilla Firefox plugin-container exe C Users User AppData Local Google Google Talk Plugin googletalkplugin exe C Windows sysWOW wbem wmiprvse exe C Windows system wbem wmiprvse exe C Windows system conhos... Read more

A:Infected by Win32:Sirefef-PL

Hi,Please do the following:download Farbar Recovery Scan Tool and save it to a flash drive.Plug the flashdrive into the infected PC.Enter System Recovery Options. To enter System Recovery Options from the Advanced Boot Options:Restart the computer.As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.Use the arrow keys to select the Repair your computer menu item.Choose your language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account and click Next.To enter System Recovery Options by using Windows installation disc:Insert the installation disc.Restart your computer.If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.Click Repair your computer.Choose your language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account an click Next.On the System Recovery Options menu you will get the following options:Startup RepairSystem RestoreWindows Complete PC RestoreWindows Memory Diagnostic ToolCommand Prompt[*]Select Command Prompt[*]In the command window type in notepad and press Enter.[*]The notepad opens. Under File menu select Open.[*]Select "Computer" and find your flash drive letter and close the notepad.[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter Note: Replace letter e with the drive letter of your flash drive.[*]The tool will start to run.[*]When the tool opens click Yes to the disclaimer.[*]Place a check next to List Drivers MD5 as well as the default check marks that are already there[*]Press Scan button.[*]FRST will let you know when the scan is complete and has written the FRST.txt to file, close out this message, then type the following into the search box:services.exe[*]now press the search button[*]when the search is complete, search.txt will also be written to your USB[*]type exit and reboot the computer normally[*]please copy and paste both logs in your reply.(FRST.txt and Search.txt)[/list]

http://www.bleepingcomputer.com/forums/t/460941/infected-by-win32sirefef-pl/
Relevancy 54.61%

Hello I've recently been infected with the win32/sirefef.ez or sometimes .ev trojan and cant remove it with eset security 5. Eset recognizes it but cant remove it. It's also shut down my windows firewall and doesnt allow me to update eset or windows. It also mentions something about desktop.ini please help!! thank you!!

A:win32/sirefef.ez removal

I tried to download dds but no response when i click the downlooad link

http://www.bleepingcomputer.com/forums/t/476406/win32sirefefez-removal/
Relevancy 54.61%

I logged onto my desktop and noticed that my Microsoft Security Essentials was out of date When I tried to update it I kept getting a pop up saying my computer had an error and would restart in minute When trying multiple times to scan my computer I would get a pop up saying my desktop was infected with virus Virus Win32/Sirefef.R and two Virus Win32/Sirefef.R trojans Win Sirefef R I was finally able to restore my desktop to a previous date and run DDS and GMER Here are my results DDS Results DDS Ver - - - NTFSx Internet Explorer Run by pris at on - - Microsoft Windows Home Premium GMT - AV Microsoft Security Essentials Enabled Updated EA - D C- DFB- - E E F F Virus Win32/Sirefef.R SP Windows Defender Disabled Updated D DDC A- F- fae- E -DA C Virus Win32/Sirefef.R ACF SP Microsoft Security Essentials Enabled Updated C BB - B - - A - B A B B Running Processes C Windows system wininit exe C Windows system lsm exe C Windows system svchost exe -k DcomLaunch C Windows system svchost exe -k RPCSS C Program Files Microsoft Security Client MsMpEng exe C Windows System svchost exe -k LocalServiceNetworkRestricted C Windows System svchost exe -k LocalSystemNetworkRestricted C Windows system svchost exe -k netsvcs C Windows system svchost exe -k LocalService C Windows system svchost exe -k NetworkService C Windows System spoolsv exe C Windows system svchost exe -k LocalServiceNoNetwork C Program Files Common Files EPSON EBAPI eEBSVC exe C Program Files Common Files Adobe ARM armsvc exe C Program Files Common Files Apple Mobile Device Support AppleMobileDeviceService exe C Program Files Bonjour mDNSResponder exe C Program Files EPSON EpsonCustomerParticipation EPCP exe C Windows system svchost exe -k LocalServiceAndNoImpersonation C Program Files Hawkes Learning Systems Hawkes Update Service Manager srvany exe C Windows system svchost exe -k hpdevmgmt C Program Files Hawkes Learning Systems Hawkes Update Service Manager HawkesUpdater exe C Windows system svchost exe -k imgsvc C Program Files Spybot - Search amp Destroy SDWinSec exe C Windows system Dwm exe C Windows Explorer EXE C Windows system taskhost exe C Windows system taskeng exe C Windows system wbengine exe C Program Files HP HP Software Update hpwuSchd exe C Program Files Adobe Acrobat Acrobat acrobat sl exe C Program Files Adobe Acrobat Acrobat acrotray exe C Windows WindowsMobile wmdc exe C Windows System igfxtray exe C Windows System hkcmd exe C Windows system igfxsrvc exe C Windows System igfxpers exe C Program Files Common Files Adobe ARM AdobeARM exe C Program Files Epson Software Event Manager EEventManager exe C Program Files Common Files Java Java Update jusched exe C Program Files Microsoft Security Client msseces exe C Program Files iTunes iTunesHelper exe C Program Files Windows Sidebar sidebar exe C Users pris AppData Local Google Update GoogleUpdate exe C Program Files Spybot - Search amp Destroy TeaTimer exe C Windows System spool drivers w x E FATIHQA EXE C Users pris AppData Local Google Update GoogleUpdate exe C Windows system svchost exe -k WindowsMobile C Windows System svchost exe -k swprv C Users pris AppData Local Google Update GoogleUpdate exe C Program Files iPod bin iPodService exe C Windows system SearchIndexer exe C Program Files Windows Media Player wmpnetwk exe C Windows system wbem wmiprvse exe C Windows System svchost exe -k LocalServicePeerNet C Program Files Microsoft Security Client MpCmdRun exe C Windows system conhost exe C Windows system wbem wmiprvse exe C Windows system sppsvc exe C Windows servicing TrustedInstaller exe C Windows system WUDFHost exe C Windows system DllHost exe C Windows system DllHost exe C Windows system conhost exe Pseudo HJT Report uStart Page hxxp uwf edu uInternet Settings ProxyOverride local BHO Adobe PDF Link Helper df c-e ad- -a -fa c ebdc - c program files common files adobe acrobat activex AcroIEHelperShim dll BHO Spybot-S amp D IE Protection - f - d - - d f - c program files spybot - search amp destroy SDHelpe... Read more

A:Virus Win32/Sirefef.R

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster. NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer. NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.Security CheckDownload Security Check by screen317 from here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt; please post the contents of that document.Run Combofix:You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<Combofix may need to reboot your computer more than once to do its job this is normal.You can download Combofix from one of these links.Link 1Link 2Link 3 1. Close any open browsers or any other programs that are open.2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.Double click on combofix.exe & follow the prompts. When finished, it will produce a report for you. Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stallNote 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer"information and logs"In your next post I need the following
Log from Combofixlet me know of any problems you may have had
How is the computer doing now?Gringo

http://www.bleepingcomputer.com/forums/t/461809/virus-win32sirefefr/
Relevancy 54.61%

I have Windows XP desktop system w/Service Pack 3
Dell XPS 600 System
I have the following virus:Win32/Sirefef.DAtrojan
I cannot log onto the internet and get an error each time I do. I could use some help.
 

https://forums.techguy.org/threads/win32-sirefef-datrojan-need-help.1037871/
Relevancy 54.61%

My desktop became infected with the Win Sirefef N virus and possibly others several days ago I have tried various tools to diagnose and remove it without much success MS Security Essentials identifies the problem as Win Infestation Win32/Sirefef.N Sirefef N but then gives me a message that it quot could not apply the action Win32/Sirefef.N Infestation s you selected Win32/Sirefef.N Infestation quot which was to clean the computer of the problems it found Malwarebytes also detected several quot threats quot and was told to clean them Although it appeared to clean the PC I left it running and Malwarebytes is constantly popping up Anti-Malware messages that say quot Successfully blocked access to a potentially malicious website xxx xx xx xxx MicroTrend also behaves the same Search redirects are sporadic Occassionally a new Internet Explorer window will open up with an odd invalid URL I can close the window but of course it will reappear shortly NB I had to ZIP the Attach txt file - it was too large to attach as a txt file DDS txt follows DDS Ver - - - NTFSx Internet Explorer BrowserJavaVersion Run by GBostwick at on - - Microsoft Windows XP Professional GMT - AV Trend Micro OfficeScan Antivirus Disabled Outdated EDF CE - - B- D- B B AV Microsoft Security Essentials Enabled Updated EDB FA - B - AFA- C D- CCA FW Trend Micro OfficeScan Enterprise Client Firewall Disabled FW Trend Micro OfficeScan Enterprise Client Firewall Disabled Running Processes C WINDOWS system Ati evxx exe C WINDOWS system svchost -k DcomLaunch svchost exe c Program Files Microsoft Security Client Antimalware MsMpEng exe C WINDOWS System svchost exe -k netsvcs svchost exe svchost exe C WINDOWS system spoolsv exe svchost exe C Program Files AClient AClient exe C WINDOWS System svchost exe -k Akamai C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe C Program Files Symantec pcAnywhere awhost exe C Program Files Bonjour mDNSResponder exe C WINDOWS system ccsrvc exe C WINDOWS system cisvc exe C Program Files Altiris Carbon Copy shellker exe C Program Files Citrix ICA Client ssonsvr exe C WINDOWS system Hummingbird Connectivity Inetd inetd exe C Program Files Google Update GoogleUpdate exe C Program Files Dell OpenManage Client Iap exe C WINDOWS system inetsrv inetinfo exe C WINDOWS system Hummingbird Connectivity Jconfig jconfigdNT exe C WINDOWS system Hummingbird Connectivity Jconfig hjavaw exe C Program Files Malwarebytes Anti-Malware mbamservice exe C Program Files Java jre bin javaw exe C Program Files Common Files Microsoft Shared VS DEBUG MDM EXE C Program Files Microsoft SQL Server MSSQL Binn sqlservr exe C WINDOWS System svchost exe -k HPZ C WINDOWS System svchost exe -k HPZ C Program Files Roxio Digital Home RoxioUPnPRenderer exe C Program Files Microsoft SQL Server MSSQL Binn sqlagent EXE C Program Files Seagate Software WCS WebCompServer exe C WINDOWS Explorer EXE C Program Files AClient AClntUsr EXE C RightFax Client Client English FaxCtrl exe C Program Files Microsoft Security Client msseces exe C PROGRA Altiris CARBON client exe C Program Files Logitech SetPointP SetPoint exe C Program Files Malwarebytes Anti-Malware mbamgui exe C WINDOWS system ctfmon exe C Program Files NRG-PC-Info Bginfo exe C Program Files Common Files LogiShrd KHAL KHALMNPR EXE C WINDOWS system cidaemon exe C WINDOWS system cidaemon exe C WINDOWS system cidaemon exe C Program Files Internet Explorer IEXPLORE EXE C Program Files Internet Explorer IEXPLORE EXE C Documents and Settings GBostwick Desktop gmer exe C Program Files Internet Explorer IEXPLORE EXE C WINDOWS System ping exe C WINDOWS system NOTEPAD EXE C WINDOWS system msfeedssync exe Pseudo HJT Report uStart Page hxxp insider mSearchAssistant hxxp www google com ie BHO HelperObject Class c d-c - c - -fce ad c - c program files techsmith snagit SnagItBHO dll BHO Adobe PDF Link Helper df c-e ad- -a -fa c ebdc - c program files common files adobe acrobat activex AcroIEHelperShim dll BH... Read more

A:Win32/Sirefef.N Infestation

Hello and Welcome to the forums!My name is Gringo and I'll be glad to help you with your computer problems.Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Run Combofix:You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<Combofix may need to reboot your computer more than once to do its job this is normal.You can download Combofix from one of these links.Link 1Link 2Link 31. Close any open browsers or any other programs that are open.2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.Double click on combofix.exe & follow the prompts.When finished, it will produce a report for you. Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stallNote 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer"information and logs"In your next post I need the following
Log from Combofixlet me know of any problems you may have had
How is the computer doing now?Gringo

http://www.bleepingcomputer.com/forums/t/437347/win32sirefefn-infestation/
Relevancy 54.61%

Originally a trojan program repeatedly warned that I needed a PC antivirus tool and directed me to a website.
I was able to remove the trojan, but a hidden file redirected google searches to commercial sites when I clicked on a link.
Downloaded Registry Mechanic and Webroot malware tool and one of these seemed to fix the problem temporarily.
Now every 15 minutes I get a message from Microsoft Security Essentials that the my computer is infected with the title worm.
Infection likely came from an attachment to an email as three other computers on home wifi network are not infected.
All four computers are running MSE (two Windows 7/32 and two running XP).

A:Worm: Win32\Sirefef.gen!A

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.If you have already posted a log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.We need to see some information about what is happening in your machine. Please perform the following scan:Please download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the Quick Scan button.Two reports will open, copy and paste them in a reply here:OTListIt.txt <-- Will be openedExtra.txt <-- Will be minimizedPlease Download Rootkit Unhooker Save it to your desktop.Now double-click on RKUnhookerLE.exe to run it.Click the Report tab, then click Scan.Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.Wait till the scanner has finished and then click File, Save Report.Save the report somewhere where you can find it. Click Close.Copy the entire contents of the report and paste it in a reply here.Note - if you get the following warning, just ignore: "Rootkit Unhooker has detected a parasite inside itself!It is recommended to remove parasite, okay?"Click on Cancel, then Accept.-------------------------------------------------------------In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problemIf you still need help, please include the following in your next replyA detailed description of your problemsA new OTL log (don't forget extra.txt)RKU logThanks and again sorry for the delay.

http://www.bleepingcomputer.com/forums/t/368515/worm-win32sirefefgena/
Relevancy 54.61%

ESET keeps popping up with a warning that I have been infected with the Win32/Sirefef Trojan.  I have tried Mawarebytes, TDDS Killer, Rogue Killer and still get this warning from ESET.  Any help would be appreciated.  Thanks.

A:Win32/Sirefef trojan

Hi and Welcome!!   
 
My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:
 
The fixes are specific to your problem and should only be used for the issues on this machine.
It's often worth reading through these instructions and printing them for ease of reference.
If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
Please reply to this thread. Do not start a new topic.
If you happen to have a flash drive/thumb drive please have that ready in the event that we need to use it.
Please be sure to subscribe to the topic if you have not already done so.
IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your operating system and losing all your programs and data.
 
Having said that....     Let's get going!!  
----------
 
Do you happen to have the logs that were made by both TDSSKiller and Malwarebytes?  If so, please post those.  

http://www.bleepingcomputer.com/forums/t/534455/win32sirefef-trojan/
Relevancy 54.61%

Using Security Essentials I keep getting the following message

Virus:Win32/sirefef.n

Sometimes shows disinfected and sometimes quarantined, but it comes up on each and every scan I perform.

How to remove this?

Ken

A:Virus:Win32/sirefef.n

Post removed by author.

http://www.bleepingcomputer.com/forums/t/436425/viruswin32sirefefn/
Relevancy 54.61%

Vista OSInfected with Win Sirefef FB Gen Trojan Original thread scan logs in the Am I Infected section HEREDDS Text Log DDS Ver - - - NTFSx Internet Explorer BrowserJavaVersion Run by Darren Brown at on - - Microsoft Windows Vista Home Premium GMT - AV avast Antivirus Enabled Updated B D - B-D C - E- FE FC C SP avast Antivirus Enabled Updated CF - -DA - FCE-A D DFB SP Windows Defender Disabled Updated D Win32/Sirefef.FB.Gen Trojan DDC A- F- fae- E -DA C ACF Running Processes C Windows system wininit exeC Windows system lsm exeC Windows system svchost exe -k DcomLaunchC Windows Win32/Sirefef.FB.Gen Trojan system svchost exe -k rpcssC Windows system Ati evxx exeC Windows System svchost exe -k LocalServiceNetworkRestrictedC Windows System svchost exe -k LocalSystemNetworkRestrictedC Windows system svchost exe -k netsvcsC Windows system svchost exe -k GPSvcGroupC Windows system SLsvc exeC Windows system svchost exe -k LocalServiceC Windows system Ati evxx exeC Windows system svchost exe -k NetworkServiceC Windows Win32/Sirefef.FB.Gen Trojan System spoolsv exeC Program Files SUPERAntiSpyware SASCORE EXEC Program Files Common Files Adobe ARM armsvc exeC Program Files Common Files Apple Mobile Device Support AppleMobileDeviceService exeC Program Files Bonjour mDNSResponder exeC Windows System svchost exe -k LocalServiceNoNetworkC Windows system svchost exe -k hpdevmgmtC Program Files Intel Intel Matrix Storage Manager Iaantmon exeC Program Files Microsoft LifeCam MSCamS exeC Windows System svchost exe -k HPZ C Windows System svchost exe -k HPZ C Program Files Common Files Roxio Shared SharedCOM RoxWatch exeC Windows system Dwm exeC Windows Explorer EXEC Windows system taskeng exeC Windows system taskeng exeC Windows system svchost exe -k imgsvcC Windows System svchost exe -k WerSvcGroupC Program Files Common Files Microsoft Shared Windows Live WLIDSVC EXEC Windows system SearchIndexer exeC Program Files Common Files Microsoft Shared Windows Live WLIDSvcM exeC Windows system svchost exe -k HPServiceC Program Files Google Update GoogleCrashHandler exeC Program Files Common Files Roxio Shared SharedCOM RoxMediaDB exeC Program Files Intel Intel Matrix Storage Manager IAAnotif exeC Program Files Common Files InstallShield UpdateService issch exeC Program Files Microsoft Office Office GrooveMonitor exeC Windows sttray exeC Program Files AVAST Software Avast AvastUI exeC Program Files Windows Media Player wmpnscfg exeC Windows Pixart Pac Monitor exeC Windows vVX exeC Program Files Microsoft LifeCam LifeExp exeC Program Files HP HP Software Update hpwuschd exeC Program Files Windows Media Player wmpnetwk exeC Program Files DivX DivX Update DivXUpdate exeC Program Files iTunes iTunesHelper exeC Program Files Common Files Java Java Update jusched exeC Program Files DellSupport DSAgnt exeC Program Files SUPERAntiSpyware SUPERANTISPYWARE EXEC Windows ehome ehtray exeC Program Files Common Files Apple Internet Services ubd exeC Program Files HP Digital Imaging bin hpqtra exeC Windows ehome ehmsas exeC Windows system wbem unsecapp exeC Windows system wbem wmiprvse exeC Windows system svchost exe -k LocalServiceAndNoImpersonationC Program Files HP Digital Imaging bin hpqSTE exeC Program Files HP Digital Imaging bin hpqbam exeC Program Files iPod bin iPodService exeC Program Files Common Files Apple Apple Application Support distnoted exeC Program Files HP Digital Imaging bin hpqgpc exeC Users Darren Brown AppData Local Google Chrome Application chrome exeC Users Darren Brown AppData Local Google Chrome Application chrome exeC Users Darren Brown AppData Local Google Chrome Application chrome exeC Users Darren Brown AppData Local Google Chrome Application chrome exeC Users Darren Brown AppData Local Google Chrome Application chrome exeC Users Darren Brown AppData Local Google Chrome Application chrome exeC Users Darren Brown AppData Local Google Chrome Application chrome exeC Users Darren Brown AppData Local Google Chrome Application chrome exeC User... Read more

A:Win32/Sirefef.FB.Gen Trojan

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster. NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer. NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.Security CheckDownload Security Check by screen317 from here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt; please post the contents of that document.Run Combofix:You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<Combofix may need to reboot your computer more than once to do its job this is normal.You can download Combofix from one of these links.Link 1Link 2Link 3 1. Close any open browsers or any other programs that are open.2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.Double click on combofix.exe & follow the prompts. When finished, it will produce a report for you. Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stallNote 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer"information and logs"In your next post I need the following
Log from Combofixlet me know of any problems you may have had
How is the computer doing now?Gringo

http://www.bleepingcomputer.com/forums/t/462268/win32sirefeffbgen-trojan/
Relevancy 54.61%

Microsoft Security Essentials will just disinfect and not remove. But it continues to show in the history log daily

A:Virus: Win32/sirefef.N

Hi ALM19, to Bleeping Computer.My name is Jason and I'll be helping you with your computer problems. You can call me by my screename jntkwx or Jason is fine.Some things to remember while we are working together.Do not run any other tool untill instructed to do so!Please do not attach logs or put logs in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can also help.Do not run anything while running a fix.If you don't understand a step, please ask for clarification before continuing with any future steps.Click on the Watch Topic button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.Note to others: The instructions here are intended for the person who began this topic. If you need help, please create your own topic in the appropriate forum.  Please download MiniToolBox, save it to your desktop and run it.Checkmark the following checkboxes:Flush DNSReport IE Proxy SettingsReset IE Proxy SettingsReport FF Proxy SettingsReset FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList DevicesList Users, Partitions and Memory size.List Minidump FilesClick Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed. Please download Farbar Service Scanner and run it on the computer with the issue.Make sure the following options are checked:Internet ServicesWindows FirewallSystem RestoreSecurity CenterWindows UpdatePress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply. Please download Malwarebytes Anti-Malware and save it to your desktop.Download Link 1Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.
For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal process.Back at the main Scanner screen:Click on the Show Results button to see a list of any malware that was found.Make sure that everything is checked, and click Remove Selected.When removal is completed, a log report will open in Notepad.The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.Cop... Read more

http://www.bleepingcomputer.com/forums/t/436286/virus-win32sirefefn/
Relevancy 54.61%

I acquired this virus today and although it's not popping up all the time, AVG pops up every now and again with a "threat detected" message and also I am concerned over the security of my PC.

I have already ran TDSSkiller, AVG Rootkit scan and MalwareBytes. The latter come back clean, AVG Rootkit detected threats but hasn't really sorted the problem out...

Help?

A:win32/sirefef.er doesn't go away :(

Forgot to attach DDS log...
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.19190
Run by Matt at 4:21:23 on 2012-03-13
Microsoft? Windows Vista? Home Basic 6.0.6002.2.1252.44.1033.18.2974.1175 [GMT 0:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
FW: COMODO Firewall *Enabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\STacSV.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\IDrive\IDriveE Service.exe
C:\IDrive\IDriveWebM.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
C:\Program Files\SMINST\BLService.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\TightVNC\WinVNC.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Zune\ZuneNss.exe
C:\Pro... Read more

http://www.bleepingcomputer.com/forums/t/446065/win32sirefefer-doesnt-go-away/
Relevancy 54.61%

I REALLY need help my computer has this virus and I have tried everything to get it off. Windows defender cannot remove it and the virus wont let me use any of the anti virus programs and It is going crazy If someone could help me I would really appreciate it! Oh and the virus is Win32/Sirefef.o and also I dont know how to do the logs.
 

Relevancy 54.61%

Had (may still have) infection on laptop. Used avast boot scan and it seems to have stabilized and has not found subsequent infected files on further scans.Currently have no Audio as a result of infection and one of the quarantined files was a system 32 cd*.sys file. Find attached the requested files.

Quite a few of the services set for automatic start will not because modules are missing. DVD/CD player being one of many.