Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

XP Infected w/ sirefef.ac & sirefef.ah & need help to permanently remove


  • Please log in to reply
9 replies to this topic

#1 davidad

davidad

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:02 AM

Posted 26 April 2012 - 09:27 AM

Hello. I have an XP machine, pretty old though works (except it is slow...probably some other residual trojan issues). I need your help!! Please assist.

I have Microsoft Security Essentials and MalwareBytes Anti-Malware on my machine. MSE detected the Sirefef.ac and Sirefef.ah trojans/viruses several days ago. It removed them. Then they appeared again and were removed again. This occurs every day. (FYI, MSE is always on and does an automatic daily scan. MBAM is run by me manually every serveral days.)

Over the weekend, I tried using various add'l software to get rid of these items & others though at the end of the day, it situation remains as noted above. Very frustrated that I can't do this on my own and am worried about my computer security. (I believe I used Eset, Kapersky TDSS killer, ccleaner, & itMan Pro)

First, if the sirefef items show as being removed, is my computer safe to use or should I turn it off? When I do get on the internet (when MSE shows all clean and green status), I do get to my default site, msnbc, can get to other sites, and don't get redirected.

I searched and found what seems like exactly the same problem in your forum.

topic450849 raised by MarkP, helped out by Broni, &
its successor topic, topic451285 helped out by Gringo.

Should I just follow and replicate what was noted on those forums or wait and follow specific instructions?

Thanks so much for trying to help me out!!

Kind regards,

Davidad

Edited by hamluis, 26 April 2012 - 09:58 AM.
No logs, moved from Malware Removal Logs to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,725 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:10:02 PM

Posted 26 April 2012 - 11:25 AM

Please follow the instructions in ==>This Guide<== starting at Step 6. If you cannot complete a step, skip it and continue.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 davidad

davidad
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:02 AM

Posted 26 April 2012 - 02:51 PM

Broni,

Hello and thanks for responding so soon. I'll look to undertake your instructions later tonight when I have access to the computer.

Two questions in the meantime please, if I may.

1) First, if the sirefef items show as being removed (via MSE) and MSE shows a green clean status, is my computer safe to use or should I turn it off?

2) Can I use the computer i.e. getting on the web or working in excel once I start following your instructions (not in the middle of any one program but for example after the DDS or GMER program is run?

Thanks.

Davidad

#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,725 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:10:02 PM

Posted 26 April 2012 - 03:01 PM

You should be fine to use the computer. Avoid visiting any security sensitive sites, like banking online...

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#5 davidad

davidad
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:02 AM

Posted 27 April 2012 - 01:59 AM

Broni,

Hello. This is davidad. I completed the items in the guide you referred me to, starting with step 6 through the end. I ran defogger, DSS, and GMER and have posted a new topic as you requested. Thanks for your assistance so far.

Separately, my computer is very slow at times. When task manager is open, many times CPU usage is 100%, internet sites take a long time to open or freeze, running MBAM can take 2-3 hours to run a full scan (on a 20Gig Hard drive) and running a full scan in MSE can and does take 6-8 hours! I know the xp is relatively old and slow but I doubt it s/b this slow.

What can I do? Is this due to some other previous infection? Also, maybe, I have programs running that I don't need but I'm not sure what to do/remove...in addition to dealing with the sirefef.ac and sirefef.ah

Thanks again in advance for your assistance. It's like 3 AM now so I'm calling it a night!

Take care and regards,

Davidad

#6 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,725 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:10:02 PM

Posted 27 April 2012 - 10:26 AM

Now you have to be patient.
Someone will get back to you.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#7 davidad

davidad
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:02 AM

Posted 27 April 2012 - 11:48 AM

Hi Broni,

Ok. No worries. I thought they were only dealing with the sirefef.ac and .ah issues and not dealing with the slowness issues I described in my last post to you.

Should I just follow the new topic I raised or will you be providing any guidance/help on the slowness" or other issues?

Thanks and regards,

davidad

#8 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,725 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:10:02 PM

Posted 27 April 2012 - 11:59 AM

Your computer has to be declared clean and we'll go from there.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#9 davidad

davidad
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:02 AM

Posted 27 April 2012 - 02:30 PM

Thanks. That makes a lot of sense.

Hey, one functional question re topics and replies. Any reason you know why I wouldn't get emails notifying me when my item gets a new reply (i.e. your feedback)? I'm not getting email notifications when you send a response? I thought I've checked off for all immediate notifications via email.

Thanks and regards!

davidad

#10 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,725 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:10:02 PM

Posted 27 April 2012 - 02:46 PM

You'd have to PM one of Staff members so they can check your settings.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users