Help
Hi ive been infected by a virus/trojan that i cant remove by myself. Windows defender detects it as "Trojan:Win32/Sirefef.G" but is unable to remove it, computer freezes when i try. If im correct this is a trojan that can be used to install other virus on your computer? I run malwarebytes every time i start the computer and it always finds a "Trojan.Agent.Max" that i remove but it comes right back. The computer works as normal except for a few programs that wont start.
Any help would be much appriciated
Page 1 of 1
infected by win32/Sirefef.G
Back to top
#2
- New Member
-
- Group: Members
- Posts: 3
- Joined: 19-April 11
- Gender:Male
- Location:Australia
Posted 26 April 2011 - 02:45 AM
When you did a virus scan does it show where the file is located?
If it does save that directory in notepad.
What operating system are you running? I'm using windows xp for example,
On start up press F8 and boot into safe mode.
Go to my computer click on tools then folder options,
go to view then hidden files and folders & click on show hidden files.
When u found the file delete it then do a virus scan in safe mode.
Hope it works for u =)
If it does save that directory in notepad.
What operating system are you running? I'm using windows xp for example,
On start up press F8 and boot into safe mode.
Go to my computer click on tools then folder options,
go to view then hidden files and folders & click on show hidden files.
When u found the file delete it then do a virus scan in safe mode.
Hope it works for u =)
This post has been edited by mathewdaniels: 26 April 2011 - 02:56 AM
#3
- New Member
-
- Group: Members
- Posts: 8
- Joined: 26-April 11
Posted 26 April 2011 - 03:55 AM
Thanks for the reply. I did what you recommended(running vista btw) and deleted windows/system32/DRIVERS/cdfs.sys that seemed to be the home of sirefef.g, after i deleted that file windows defender could remove sirefef.g without freezing so that seems taken care of. Trojan.agent.max still shows up on each malwarebytes scan after rebooting tho, should i delete that file to? the file is C:\Windows\winsxs\x86_Microsoft.Windows.Shell.HWEventDetector_6595b64144ccf1df_5.2.2.3_x-ww_5390e909/shsvcs.dll
#4
- New Member
-
- Group: Members
- Posts: 8
- Joined: 26-April 11
Posted 26 April 2011 - 04:20 AM
doesnt work with the trojan.agent.max, its still there after every reboot:S
#5
- New Member
-
- Group: Members
- Posts: 3
- Joined: 19-April 11
- Gender:Male
- Location:Australia
Posted 26 April 2011 - 04:21 AM
Sounds like u have got a spyware problem,
i would recommend downloading spy bot search and destroy or super anti-spyware
u can download these programs from www.majorgeeks.com
then update latest definitions.
while your doing the scan disconnect your internet connection.
but if all else fails you should back up your files and try deleting it through safe mode.
i would recommend downloading spy bot search and destroy or super anti-spyware
u can download these programs from www.majorgeeks.com
then update latest definitions.
while your doing the scan disconnect your internet connection.
but if all else fails you should back up your files and try deleting it through safe mode.
This post has been edited by mathewdaniels: 26 April 2011 - 05:26 AM
#6
- New Member
-
- Group: Members
- Posts: 8
- Joined: 26-April 11
Posted 26 April 2011 - 02:27 PM
Ok i used SpyBot search and destroy and it found 4 items under the name "Fraud.Internetsecurity2011" but could not remove them. So i went ahead and used this guide http://www.bleepingcomputer.com/virus-removal/remove-internet-security-2011 to remove that virus. However doing that doesnt seem to have helped much, spybot still finds the same items and cant remove them. Here is a screenshot of what spybot finds http://www.imagebam.com/image/3b537a129676006
kinda lost, would rly appriciate further help
kinda lost, would rly appriciate further help
#7
- New Member
-
- Group: Members
- Posts: 8
- Joined: 26-April 11
Posted 26 April 2011 - 04:24 PM
bla spent so many hours without being able to fix it, guess i might just have to reformat?
#8
- Member
-
- Group: Members
- Posts: 140
- Joined: 22-April 11
Posted 26 April 2011 - 07:56 PM
No need to reformat, this seems fixable.
Asdf12345678 - I'm going to ask you to boot your computer into safe mode and *IMPORTANT* right click on Spybot and click Run As Administrator, Spybot needs to be ran under Administrator elevation in order to remove objects. Remove the things it finds and then come back and let me know how it went
Asdf12345678 - I'm going to ask you to boot your computer into safe mode and *IMPORTANT* right click on Spybot and click Run As Administrator, Spybot needs to be ran under Administrator elevation in order to remove objects. Remove the things it finds and then come back and let me know how it went
#9
- New Member
-
- Group: Members
- Posts: 8
- Joined: 26-April 11
Posted 27 April 2011 - 01:39 AM
that didnt work:/ still getting the same message that they cant be removed
#10
- New Member
-
- Group: Members
- Posts: 8
- Joined: 26-April 11
Posted 27 April 2011 - 02:42 AM
ok some progress now, managed to get rid of the registry keys by doing this http://www.vistax64.com/tutorials/67717-take-ownership-file.html and then using spybot on them.
But the c:\Windows\WinSxs\x86_Microsoft.Windows.Shell.HWEventDetector_6595b64144ccf1df_5.2.2.3_x-ww_5390e909\shsvcs.dll file is just impossible to get rid of, i tried the same thing on it but it always comes right back after a reboot. I dont know much about viruses but this means there is another file/trojan somewere that i havent detected that keeps putting it back?
But the c:\Windows\WinSxs\x86_Microsoft.Windows.Shell.HWEventDetector_6595b64144ccf1df_5.2.2.3_x-ww_5390e909\shsvcs.dll file is just impossible to get rid of, i tried the same thing on it but it always comes right back after a reboot. I dont know much about viruses but this means there is another file/trojan somewere that i havent detected that keeps putting it back?
#11
- New Member
-
- Group: Members
- Posts: 8
- Joined: 26-April 11
Posted 27 April 2011 - 06:32 AM
ye tried a few more hours but cant do it, going on vaccation for 4 days tomorrow going to reformat when i get back unless someone has written something new here. Thanks for trying guys
Share this topic:
Page 1 of 1