Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

trojan dropper win32/sirefef.b , no internet connection


  • Please log in to reply
1 reply to this topic

#1 cobra5000

cobra5000

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:pittsburgh, pa
  • Local time:01:16 PM

Posted 08 October 2011 - 05:08 PM

Hi, my father got a trojan dropper win32/sirefef.b virus the other day.
so far the internet connection is knocked out, it shows all 0's for ip address, in network connections the message is there, saying " connecting"
also, the windows firewall is disabled and wont enable.
Remote Procedure Call,RPC, locator is stopped in services and wont restart.

ok, some new info here so i will edit in.
i did a r-click on my computer, then manage, services apps, then services, found the RPC locator disabled, so i set to automatic and started, it did fine. rebooted, but still find the following problems:

however, DHCP client was on auto but wont start. when i try to start i get
error 1075, the dependency service does not exist or is marked for deletion.
windows firewall/internet connection sharing is on auto but wont start. when i try to start i get
error 10050 socket operation encountered dead network.

would the windows repair feature on a windows install disk get it back up and running?
or is it time to reinstall?

question? i found in the services, something called "remote registry" which allows a remote user to alter the registry, how convenient. it was set to automatic. i set it to disable. not sure if that is the first thing a hacker would change if trying to gain access. am i correct that it should be set to disable unless you have a bonified remote assist in progress?

Edited by cobalt5002, 08 October 2011 - 06:35 PM.


BC AdBot (Login to Remove)

 


#2 cobra5000

cobra5000
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:pittsburgh, pa
  • Local time:01:16 PM

Posted 08 October 2011 - 10:07 PM

can i have some help, please?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users