Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

hit with sirefef virus, a few questions..


  • This topic is locked This topic is locked
2 replies to this topic

#1 beakernz

beakernz

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:08:41 AM

Posted 30 June 2012 - 09:16 PM

Hi Guys,

I got hit with this virus last night win7 64, it may have been active for 1-2hrs. I woke up this morning and caught it when I noticed my MS essentials would not run and my system kept rebooting.

Now, my questions.

I have a win7 system image backup from 3 months ago. I am restoring the image now (50% complete). Will this leave me clean? I am assuming it will be just as good as a fresh install?

Lastly, I had 2 disks on my system the OS and an old 300gig for some data. Currently I have disconnected my data drive as I am unsure if this virus could have planted something on a secondary disk. Is that possible or should my secondary disk be clean? If I connect and virus scan the secondary disk will that be good enough, or might it detect something and then the detection itself will re-install the virus.

Also, I took a backup of my infected PC's Desktop so that I can dip into any files since my system image was created. Mostly images and some website backups. Could sirefef have installed anything on my old systems desktop or do you think those files should be fine? I'll do a virus scan on them as well.

I just want to ensure I nuked this thing via system image restore. Thanks!!

***update*** my system restore seems fine so far. Just doing a full virus scan then need to do some windows updating. So glad I took that backup! Still it remains to be seen if my secondary disk is ok..

***update2*** system seems fine. I did a scan of my old desktop folder and it came up clean, but I only copied a few known files from it to my reimaged system. I have not hooked my "data" drive back up yet.

Edited by beakernz, 01 July 2012 - 12:22 AM.


BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:41 PM

Posted 04 July 2012 - 06:36 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

----------------------------------------------

The only way the rootkit can persist is in your Master Boot Record so let's check that.

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Posted Image
m0le is a proud member of UNITE

#3 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:41 PM

Posted 09 July 2012 - 06:19 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users