Sirefef.R & Windows Security Center Issues

Discussion in 'Malware Help (A Specialist Will Reply)' started by sherra, Jul 10, 2012.

  1. sherra

    sherra Private E-2

    My husband started having problems with getting automatically redirected a week or two ago. I don't know exactly how long ago it was because this is not my computer & he only asks me about computer related issues when he's having serious problems. He did say that he disabled something (maybe the antivirus - he wasn't specific) before the issues started. Of course, he didn't tell me about all this until today. So, I ran AVG Free since his Microsoft Security Essentials was disabled & I was not able to re-enable it (nor the Windows Security Center). It found the Sirefef.R Trojan & attempted to remove it. In the process of removing it his system got messed up & wouldn't even boot properly. Thankfully, I was able to fix those issues by booting from the CD drive.

    In the past several hours I have followed all the steps in your Vista & Windows 7 Malware Removal/Cleaning Procedure thread. The browser redirects seem to have been resolved, but I am still unable to get Windows Security Center to start nor can I get the Microsoft Security Essentials to activate.

    RogueKiller created two different log files, so I copied & pasted the second one at the end of the text of the first since the instructions did not mention a second log file at all (whether to ignore the file, zip them together, etc.).

    Also, this could be completely unrelated, but I am unable to get Network Discovery to turn on for his computer, so none of the other devices on the network are visible on his computer, but he can still access the network printer.

    Thank you.
     

    Attached Files:

    sherra, Jul 10, 2012
    #1
  2. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    http://img827.imageshack.us/img827/1263/frst.gif For 32-bit (x86) systems download Farbar Recovery Scan Tool and save it to a flash drive.
    For 64-bit (x64) systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

    Plug the flashdrive into the infected PC.

    Enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Choose your language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.

    To enter System Recovery Options by using Windows installation disc:

    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Choose your language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.
    On the System Recovery Options menu you will get the following options:
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
    • Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please attach this log to your next reply. (How to attach)
     
    Kestrel13!, Jul 12, 2012
    #2
  3. sherra

    sherra Private E-2

    Thank you for your reply. Here is the requested log.
     

    Attached Files:

    sherra, Jul 12, 2012
    #3
  4. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Attached is fixlist.txt
    • Save fixlist.txt to your flash drive.
    • You should now have both fixlist.txt and FRST.exe on your flash drive.

    Now re-enter System Recovery Options.
    Run FRST and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt).
    Please attach this to your next message. (How to attach)

    Now attempt to boot normally.

    Now run FRST again like you did in post # 4. Attach the new log.

    How are things running?
     

    Attached Files:

    Kestrel13!, Jul 12, 2012
    #4
  5. sherra

    sherra Private E-2

    I haven't let my husband touch his laptop yet since the Security Center couldn't be turned on (I don't want him on the 'net without protection). ;) I will let you know in a few minutes.
     
    sherra, Jul 12, 2012
    #5
  6. sherra

    sherra Private E-2

    I am still getting the notices that the Security Center service can't be started & the Security Essentials service can't be started. :eek
     

    Attached Files:

    sherra, Jul 12, 2012
    #6
  7. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Could you run FRST again please as requested like you did in post #4, attach the log.
     
    Kestrel13!, Jul 13, 2012
    #7
  8. sherra

    sherra Private E-2

    Here is the 2nd version of the fixlog after the 2nd repair with fixlist, as requested, and I am still getting the notices that the Security Center service can't be started & the Security Essentials service can't be started.

    Also, as an FYI, when I boot into the Advanced Boot Options from just the hard drive, I do not get a Repair Your Computer menu item. This is what I get:

    In order to get a menu with an option to Repair I MUST boot from the Windows install DVD.
     

    Attached Files:

    sherra, Jul 13, 2012
    #8
  9. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    So you can't get me a log like you dropped for me in post #3? Correct?
     
    Kestrel13!, Jul 14, 2012
    #9
  10. sherra

    sherra Private E-2

    You never asked for a log like in post #3. You asked for what was done in Post #4 (fixlog.txt), so that's what's I've attached - twice.

    Would you like me to run the steps as you posted in Post #2?
     
    sherra, Jul 16, 2012
    #10
  11. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Yes! :)
     
    Kestrel13!, Jul 16, 2012
    #11
  12. sherra

    sherra Private E-2

    Here is the latest FRST.txt log.
     

    Attached Files:

    sherra, Jul 16, 2012
    #12
  13. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Attached is fixlist.txt
    • Save fixlist.txt to your flash drive.
    • You should now have both fixlist.txt and FRST64.exe on your flash drive.

    Now re-enter System Recovery Options.
    Run FRST64 and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt).
    Please attach this to your next message. (How to attach)

    Now attempt to boot normally.

    Run FRST again like you did before now. (post #2) And attach that log too.
     

    Attached Files:

    Kestrel13!, Jul 17, 2012
    #13
  14. sherra

    sherra Private E-2

    Here are the two requested logs. I am still unable to start up Security Center Service & Security Essentials. :cry
     

    Attached Files:

    sherra, Jul 18, 2012
    #14
  15. sherra

    sherra Private E-2

    I got frustrated & ran ComboFix & that seems to have fixed my issue. Security Center activates now & I re-installed Security Essentials. I'm in the process of scanning with Security Essentials now. Here's a frst.txt file from after running ComboFix.
     

    Attached Files:

    sherra, Jul 18, 2012
    #15
  16. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Ilivid Player <--- Uninstall this if you see it listed.


    C:\Users\JR\AppData\Local\Ilivid Player <--- Delete this folder.

    Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.


    Make sure that you tell me if you receive a success message about adding the above
    to the registry. If you do not get a success message, it definitely did not work.

    How are things running now, smoothly still?
     
    Kestrel13!, Jul 18, 2012
    #16

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds