Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

flashplayer update => securityshield & sirefef


  • Please log in to reply
2 replies to this topic

#1 taxidiotes

taxidiotes

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:16 AM

Posted 04 June 2012 - 03:22 PM

Hi,

This is my first post and really appreciate your voluntary efforts to help people like me.
I have read what checks to perform & I am certain my issue is virus- and/or malware-related. Here is the story:

  • 2 days ago while I was browsing (no suspicious sites), an Adobe Flash player updater window appeared. This was already installed so I allowed it to proceed. Next thing I know a 'SecurityShield' application installed itself (I may have unwittingly allowed it to, I honestly don't remember). Before this, MSE was running; it was now gone. The task manager could not be launched, the firewall was also gone (I use the standard Windows version). I was also warned about viruses etc. and was prompted to purchase the pro version of securityshield.
  • I ended up uninstalling securityshield (from the Control Panel if I remember correctly), then reinstalled MSE and did a full system scan. The Sirefef trojan was detected but could not be removed. The system then rebooted within about a minute after the virus was detected (a prompt indicated this would occur).
  • Every startup after that MSE would detect Sirefef, attempt to remove it and the system would reboot again (after it prompted that it would). At this stage, task manager could be launched.
    Quarantined items:
    - Trojan:Win64/Sirefef.W (6 instances, dates are 3/6 and 4/6/2012)
    - VirTool:Win32/Evidpatch.A (17/4/2012)
    Threat detected:
    - Trojan:Win64/Sirefef.Y => reboot
  • I uninstalled MSE via the control panel. To avoid another reboot before this could be completed, I killed the MSE client process before it could try removing the virus. The continuous reboots then stopped.
  • I tried removing it with a number of tools. Here is a list:
    - Microsoft security essentials (first & last attempted, behaviour always as described above).
    - Microsoft Malware removal tool (nothing found)
    - Malwarebytes anti-malware tool (1 virus removed - I don't have a record of which, nothing found after that)
    - Super antispyware (nothing found)
    - Kaspersky virus removal tool (nothing found)
    - Kaspersky TDSS rootkit removal tool (suspicious objects: one locked file [sptd service], 6 unsigned files, medium risk, skip preselected for all)
    - Microsoft fixit (tried to fix the firewall, no joy)
    - Combofix (installation aborts)

I have not archived the reports. All AV tools are now uninstalled.
My OS is Win7 64-bit home premium, AV software was Microsoft Security Essentials (now uninstalled)

I have stopped any further attempts to fix this and am at your disposal regarding how to proceed...

BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:11:16 PM

Posted 04 June 2012 - 03:40 PM

Please follow the instructions in ==>This Guide<== starting at Step 6. If you cannot complete a step, skip it and continue.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 taxidiotes

taxidiotes
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:16 AM

Posted 04 June 2012 - 04:54 PM

Thanks for the super-fast reply!

I have performed the requested steps and posted the results in this topic, as requested.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users