Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

win32.sirefef.r


  • This topic is locked This topic is locked
2 replies to this topic

#1 sirefef.r

sirefef.r

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:08:50 AM

Posted 18 July 2012 - 07:51 AM

So about a week ago I was watching game of thrones on www.movie2k.to and my symantec endpoint protection put up a warning that said I had a trojan horse. then the list began to multiply rapidly its the same four names but the list just gets insanly long the names are 00000008.@, 00000cb.@, 0000004.@, 8000000.@ So I ran the full scan from symantec and it found I had a trojan horse named win32\sirefef.r along with a hundred or so of the four listed above however it was unable to delete or quarantine the win32/sirefef.r So I downloaded Ad-Aware since in the past this usually helped clear infections quickly so I ran the full scan and it found the win32\sirefef.r virus an many tracking cookies, but the other four which it said it deleted them so I ran the quick scan afterward and in 10 seconds it picked up the virus again however it wont quarantine, delete, or do anything to it and now if im not in safemode it wont even open the program so I turned my troubles to the internet where i learned symptoms of the win32\sirefef.r virus and now know i have actually had the virus since january its just now at its worst level I read online that malwarebytes and tdsskiller.exe are good at deleting win32\sirefef.o so i figured it would work for me too Wrong! I scanned with both of them in safe mode then rebooted and before the start bar even appeared symantec kept flagging the same for trojan horses i listed above I have gone through control panel and removed several programs that i know i didnt install however a couple still remain they are whitesmoke toolbar, ask toolbar, and they wont let me delete them and now my symantec is locked by the admin which is logically the virus protecting itself from being deleted ad-aware says the infected file on my laptop is c:\windows\system32\services.exe i have tried everything i have learned to fix this infection I normally have my sisters boyfriend fix these kinds of things but im outta town and dont have the time to stop and bug him to fix it for me so please help!

Attached Files



BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:10:50 AM

Posted 18 July 2012 - 04:19 PM

Please run the following:

download Farbar Recovery Scan Tool and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to the disclaimer.
[*]Place a check next to List Drivers MD5 as well as the default check marks that are already there
[*]Press Scan button.
[*]FRST will let you know when the scan is complete and has written the FRST.txt to file, close out this message, then type the following into the search box:
services.exe
[*]now press the search button
[*]when the search is complete, search.txt will also be written to your USB
[*]type exit and reboot the computer normally
[*]please copy and paste both logs in your reply.(FRST.txt and Search.txt)[/list]

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:10:50 AM

Posted 23 July 2012 - 06:18 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users