Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan Win64/Sirefef.Y


  • This topic is locked This topic is locked
4 replies to this topic

#1 whazelto

whazelto

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:06:27 PM

Posted 19 June 2012 - 10:36 PM

I'm trying to help my mother in law whose Windows 7 64-bit computer is apparently infected with Sirefef / Sirefef.Y
Shortly after startup, I get the critical error message saying my computer will restart in one minute. I can't seem to stop it from doing so, even in safe mode, so there isn't time to remove the trojan using Malware Bytes. I have Security Essentials too, but no luck removing this (also the 60 second restart is an issue).

Can someone please guide me through what I need to do? Thanks!!

BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,205 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:01:27 AM

Posted 20 June 2012 - 02:22 AM

Hello, will the same thing happen in Safe mode (try all three safe mode options)?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#3 whazelto

whazelto
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:06:27 PM

Posted 20 June 2012 - 07:18 AM

Hi Elise, Yes, I've tried all three and same restart problem with all three.

#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,205 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:01:27 AM

Posted 21 June 2012 - 12:35 AM

Hello again,

Try this please. You will need a USB drive.

Download GETxPUD.exe to the desktop of your clean computer
  • Run GETxPUD.exe
  • A new folder will appear on the desktop.
  • Open the GETxPUD folder and click on the get&burn.bat
  • The program will download xpud_0.9.2.iso, and upon finished will open BurnCDCC ready to burn the image.
  • Click on Start and follow the prompts to burn the image to a CD.
  • Remove the USB & CD and insert it in the sick computer
  • Next right click the following link and select Save As: http://noahdfear.net/downloads/beta/ZAchk
    Save the file as ZAchk to your USB drive.
  • Boot the Sick computer with the CD you just burned
  • The computer must be set to boot from the CD
  • Gently tap F12 and choose to boot from the CD
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • sda1,2...usually corresponds to your HDD
  • sdb1 is likely your USB
  • Click on the folder that represents your USB drive (sdb1 ?)
  • Double click on ZAchk to run it.
  • After it has finished a file will be located on your USB drive named zachk.txt
  • Click Home > Shut Down > Power off and remove your USB drive. Please post me zachk.txt in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#5 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,205 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:01:27 AM

Posted 28 June 2012 - 01:47 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users