Sirefef

Discussion in 'Malware Help (A Specialist Will Reply)' started by degsdg, Apr 2, 2013.

  1. degsdg

    degsdg Private E-2

    Hello all,
    So I was trying to watch the walking dead tv show online today and a stray click resulted in some Sirefef nonsense..

    Gateway laptop Vista home 64 bit sp2
    Intel R core 2 duo T6400 2ghz
    4 gb ram

    Avira quarantined the following file.. TR/Sirefef.AH
    but flash kept trying to install

    So I used microsoft malicious removal tool, and it got that to stop.
    And then I followed info here on the malware removal thread and vista specific procedures.

    Rogue Killer and Hitman have zero access enties.. What can I do?
    thanks in advance

    upon launch of TDSSkiller a window popped up "cant initialize log". but upon completion it said no threats found. So no log for that right now
     

    Attached Files:

    degsdg, Apr 2, 2013
    #1
  2. dr.moriarty

    dr.moriarty Malware Super Sleuth Staff Member

    Hello, degsdg

    I'm reviewing your logs - please be patient.
     
    dr.moriarty, Apr 4, 2013
    #2
  3. dr.moriarty

    dr.moriarty Malware Super Sleuth Staff Member

    Please re-scan with Hitman Pro and have it delete everything under the headings of
    • Potential Unwanted Programs
    • Malware remnants
    ...ignore any other findings.
    Afterwards, click the Next button.
    HitmanPro may want to reboot the PC in order for the changes to take affect, please do so.

    Next, double-click RogueKiller.exe to run it. (Vista/7 right-click and select Run as Administrator)
    When it opens, press the Scan button, then select the Registry tab and then select any of the below that exist and then click the Delete button.
    • [HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-21-1628992656-2472315545-1236452496-1000\$70ed92a6c670e24e61d237e9f56c0c4c\n.) [x] -> FOUND
    When it is finished there will be a log on your desktop called RKreport[2].txt, attach it to your next reply.
    Then immediately reboot your PC.

    After reboot, run new scans with both RogueKiller and Hitman Pro, attach those new logs to your next reply.

    Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

    Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista/Windows7, don't double click, use right-click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
    After clicking Fix, exit HJT.

    Please look in Add/Remove Programs (Programs and Features if using Vista or Windows 7) for the following and uninstall if found. If you get any errors just make a note and continue on.
    http://imageshack.us/a/img841/7292/thisisujrt.gif Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Attach the JRT.txt to your next message.
    Next, download AdwCleaner and save it to your Destop.
    • Double-click AdwCleaner.exe to run it. (Vista & Win7 users should right-click and "Run As Administrator)
    • Click on Delete
    • Your pc should now automatically re-boot
    • AdwCleaner will display a log showing the files, folders, and registry entries that were removed.
    • Attach this log to your next reply.

    Then download and run TFC by OldTimer using the steps listed.

    Now install the latest Sun Java Runtime Environment

    Then run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista or Windows 7, use right click and select Run As Administrator).

    Please attach the below logs to your next reply:
    • C:\MGlogs.zip
    • JRT.txt
    • AdwCleaner log
    • RKreport[2].txt
    • updated RogueKiller and Hitman Pro logs

    What malware problems are you still experiencing?
     
    dr.moriarty, Apr 5, 2013
    #3
  4. degsdg

    degsdg Private E-2

    Hello,
    First, thanks for your help.

    I ran a couple of your instructions (scans) more than once. (Attached logs may be overwritten).

    Current issues I'm experiencing.
    I have Avira installed. I can not seem to successfully perform a system scan. After a while it gets to a certain point and freezes. I actually can't cancel or exit out at that point but instead have to hold down the power button to reboot.
    I have tried microsoft safety scanner, and Panda virus scan and they all freeze requiring reboot above. I think it freezes when it gets to some dll file in program files(86x) folder. ?

    Hopefully I followed your instructions satisfactorily
     

    Attached Files:

    degsdg, Apr 7, 2013
    #4
  5. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You have a few minor left overs to remove but these have nothing to do with the below problem.
    Sounds more like a hardware issue. Like disk errors or file system problems. Have you run a chkdsk ? See : http://www.ehow.com/how_4967757_run-chkdsk-utility-vista.html

    Also have you tried to run a complete scan in safe boot mode just to see what happens?



    Please download OTM by Old Timer and save it to your Desktop.
    • Run it by double clicking on it (Note: if using Vista, Win7, or Win8, don't double click, use right click and select Run As Administrator).
    • Copy the lines from the below codebox to the clipboard by highlighting ALL of them and pressing CTRL + C
      (or, after highlighting, right-click and choose Copy): Do not include the word Code: which is just a title line of
      the code box
    Code:
    :Processes
explorer.exe
 
:Files
C:\Program Files (x86)\Wajam
 
:Reg
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WajamUpdater]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\WajamUpdater]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WajamUpdater]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
:Commands
[purity]
[EmptyTemp]
[start explorer]

[Reboot]
    • Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar
      ) and choose Paste.
    • Now click the large http://forums.majorgeeks.com/chaslang/images/MoveIt!.png button.
    • If OTM asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.
    • Close OTM.
    Now navigate to the C:\_OTM\MovedFiles folder ( assuming your Windows drive is C). This is where your log will be
    saved in the form of Date and Time mmddyyyy_hhmmss.log. Just look for the most recent .log file. Attach
    this log file to your next message.


    Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista or Win7, don't double click, use right click and select Run As Administrator).


    Then attach the below logs:
    • the C:\_OTM\MovedFiles log
    • C:\MGlogs.zip
    Make sure you tell me how things are working now!
     
    chaslang, Apr 13, 2013
    #5

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds