Help me. Can't get rid of sirefef trojan

Gary101 · Aug 11, 2012

PLz help me. I believe i have multiple trojans on my desktop. Windows defender started acting wierd and stopped and stated that it was deleted. I re-downloaded and installed most recent version from microsoft. instantly found 4 trojans.

Win32/sirefef
Win32/sirefef.AO
Win32/sirefef.AG
Win32/sirefef.AN

Shortly after a message pops up with windows critical error will shut down in one minute, and so it does. Now every time i restart my computer within a minute that message pops up and my computer will restart over and over again.

I found this forum and thought i would give it a try. I have looked at PLZ READ ME FIRST malware removal guide. I can't seem to get my computer to stay on long enough to do anything. I did get FARBAR and put on flash drive and ran a scan. I will attatch the log. Any help would be greatly appreciated.

Thank You.

TimW · Aug 12, 2012

Please download ComboFix to your desktop and run it. Do not do anything while it runs. Attach the log when it is finished. Disable any AV software before running it.

Then run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista or Win7, don't double click, use right click and select Run As Administrator).

Then attach the below logs:

* C:\ComboFix.txt
* C:\MGlogs.zip

Make sure you tell me how things are working now!

Gary101 · Aug 12, 2012

my computer wont stay on long enough to even get the programs on my desktop. It pops up the message saying it has suffered a critical error and windows will shut down in one minute. and then it does and it restarts and does it all over again.

TimW · Aug 12, 2012

We need some additional information so that we can replace an infected system file.

Boot to System Recovery Options and run FRST again.
Type the below bolded text in the edit box after "Search:".

services.exe

Then click the Search button.

It will make a log (Search.txt) on the flash drive. Please attach this log to your next reply.

Gary101 · Aug 12, 2012

I hit f8, went to the advanced boot options, went down to Directory Services Restore Mode, clicked on that and tried to run FRST search in command prompt.

The message still popped up and computer shutdown before it finished.

Am i doing something wrong?

TimW · Aug 12, 2012

Did you follow these instructions:?

Plug the flashdrive into the infected PC.

Option1: Enter System Recovery Options from the Advanced Boot Options:

Restart the computer.

As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.

Use the arrow keys to select the Repair your computer menu item.

Select US as the keyboard language settings, and then click Next.

Select the operating system you want to repair, and then click Next.

Select your user account an click Next.

Option2: Enter System Recovery Options by using Windows installation disc:

Insert the installation disc.

Restart your computer.

If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.

Click Repair your computer.

Select US as the keyboard language settings, and then click Next.

Select the operating system you want to repair, and then click Next.

Select your user account and click Next.

On the System Recovery Options menu you will get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
Click to expand...

Select Command Prompt

In the command window type in notepad and press Enter.

The notepad opens. Under File menu select Open.

Select "Computer" and find your flash drive letter and close the notepad.

In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.

The tool will start to run.

When the tool opens click Yes to disclaimer.

Press Scan button.

It will make a log (FRST.txt) on the flash drive. Please attach this file to your next reply. (See: How to attach)

Click to expand...

Gary101 · Aug 12, 2012

there is no Repair Your Computer option.
and it wont let me boot the disc

TimW · Aug 13, 2012

How did you get Farbar to run in the first place?

Gary101 · Aug 14, 2012

directory services restore mode

TimW · Aug 15, 2012

Let me consult with my colleagues.

Do you have your install disc?

TimW · Aug 16, 2012

Can you try to do any of this in safe mode:

READ & RUN ME FIRST. Malware Removal Guide

If not, try doing this:
http://support.kaspersky.com/faq/?qi...vkxk]Kaspersky

Log in or Sign up

Help me. Can't get rid of sirefef trojan

Gary101 Private E-2

Attached Files:

FRST.txt

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

Gary101 Private E-2

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

Gary101 Private E-2

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

Gary101 Private E-2

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

Gary101 Private E-2

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member