Win32/Sirefef.AB & Win64/Sirefef.P; Browser Redirection, Windows Critical, Restarts

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by Punkrulz, Jul 6, 2012.

  1. Punkrulz

    Punkrulz Private E-2

    Hello all,

    I'm a first time poster here and have come here looking for help in resolving my infection issue. I followed the directions in the read first thread and will post my logs. I am / was experiencing the following issues:

    • Firefox would redirect to various pages such as newsfudge.com. Since proceeding through the read first post, and also running goored? I have not noticed this recently.
    • Sometimes browsing seems to be incredibly slow, possibly related to the redirections.
    • Since attempting to troubleshoot this issue (Microsoft Security Essentials), it is believed that this is causing the following issue:

      ! You are about to be logged off
      Windows has encountered a critical probelm and will restart automatically in one minute. Please save your work now.

      If I let the computer restart itself, then this will keep happening. I have learned to "interrupt" it by running a normal restart after the message pops up. So far everytime the computer comes back I won't get the message. If I restart again, it will happen again. I haven't noticed anything in particular relating to this in the system log.
    • While not experiencing problems with the programs to resolve issues like this, I have noted that it has prevented me from patching games such as Rift. I believe this is related.
    • While working in safemode sometimes I noticed Adobe Flash 11.3 installer would frequently run trying to get me to install it. I do believe there was a massive security threat involved with this, and this could be how the virus remains on the PC.
    • While trying to troubleshoot the issue, I know part of the biggest threats were located:
      C:\Windows\Assembly\GAC_32\Desktop.ini
      C:\Windows\Assembly\GAC_64\Desktop.ini

    Attached are the logs. Please let me know what else you would like me to do.
     

    Attached Files:

  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Re: Win32/Sirefef.AB & Win64/Sirefef.P; Browser Redirection, Windows Critical, Restar

    Welcome to Major Geeks!


    Rescan with HitmanPro, when it finds services.exe - Virus, allow it to Replace by clicking the down arrow next to the detection and choosing Replace.
    • Also allow Hitman to delete the C:\Windows\assembly\GAC_32\Desktop.ini piece of the infection
    • Afterwards, click the Next button.
    • HitmanPro may want to reboot the PC in order for the changes to take affect, please do so.
    • Reboot back into normal Windows and run another scan with HitmanPro and then attach the latest hitmanpro.zip log.
    Also do the below:

    Delete the below folders if found:
    C:\Windows\installer\{5efa2d27-76c5-fff1-abd3-fdc5fc0c9d41}
    C:\Users\Administrator\AppData\Local\{5efa2d27-76c5-fff1-abd3-fdc5fc0c9d41}


    Download the current version of MGtools and save it to your root folder. Overwrite your previous MGtools.exe file with this one.

    Run MGtools.exe ( Note: If using Vista or Win7, make sure UAC is still disabled. Also don't double click on it, use right click and select Run As Administrator )


    Now attach the below log:
    • C:\MGlogs.zip
    Make sure you tell me how things are working now!
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds