Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Continual Reboot After Virus (Possibly Sirefef?)


  • Please log in to reply
86 replies to this topic

#1 rosych33ks

rosych33ks

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Canyon Country, CA
  • Local time:06:57 PM

Posted 07 December 2012 - 06:47 PM

Hi, I'm Kattie. My problem is with my Dell netbook (Inspiron Mini 1012 I think) with Windows 7 Starter.

Honestly, I have no idea where to begin. A few months ago, I contracted a pretty terrible virus that pretty much wiped out my netbook and entirely thwarted any of my attempts at fixing it. I don't remember how at this point, but before it became completely inaccessible, I somehow figured out that it was the sirefef virus. I got a mini-scan to bring up sirefef.exe or something similar, I really don't remember at this point. But the symptoms seem to match other reports, so unless I can figure out otherwise, I think it's safe to assume that sirefef was the beginning of the problem.

Now, when this first happened, I found other people's methods for posting logs and getting fixes, and that was my initial plan for repair, but I just generally ended up procrastinating it, and now, I have a completely different problem and have no idea how to even begin to solve it.

I'm really not sure when this happened or if it's even the result of the virus at all (though I assume it is), but my netbook is now stuck in the most irritating reboot loop that I can just not seem to get out of. I'm really not sure what details to mention here, so it'd probably just be better to ask me specific questions, but I'll explain as well as I can for now.

I was having a reboot problem when first infected, but it had a lag of 60-90 seconds, which meant I could actually bring up my desktop, though very briefly. This was probably how I was able to pinpoint the sirefef file in the first place. I messed around quite a bit, and I got in and out of safe mode a few times, but nothing really changed. I may have gotten it to stop rebooting long enough to try a system restore with no results, but that was probably it. I think all my restore points came up as corrupted or something similar. Anyway, at this point, it was bad, but I was still able to actually get into my account at the very least. Now, it's something completely different.

I'm going to turn it on and just describe the process:
- Boots up with normal Dell logo screen.
- Goes to 'Loading Window Files' screen, then to a system information screen which I'm not sure how to describe. Has processor information, which I can type out if needed. Here it says that my system is booting in safe mode - minimal services with network.
- Then, the screen comes up as "Setup is preparing your computer for first use" and goes into a scrolling command screen, of which I have no control over, annoyingly. Should I be able to access the commands? If there's something specific to look for here, I could try, but it scrolls pretty fast at most points. I'm able to catch quite a few phrases though, I just don't know what I'm looking for. Personally I don't like what I do see though, as it includes the phrases 'flushing current folder' and 'could not find' too many times for comfort.
- Lastly, "Setup will continue after restarting your computer"

This repeats endlessly. I am able to press F8 and get into Advanced Boot Options, not that it helps me any. I'm pretty sure this screen is how it's supposed to be, but it doesn't lead me anywhere, and I've tried all options except
'Enable low-resolution video (640x480)' because I don't think that's the problem;
'Directory Services Restore Mode' and 'Debugging Mode' because I don't know how to use them, though I doubt they'd alter anything as none of the other options lead to a different outcome.

This is a long babbly post, and I'm sure I missed necessary information, so please feel free to ask for anything I left out. I am very open to following any instructions, and even just a way to get back into my system would be a lot better than where I'm at now!

Thank you so much for wading through my nonsense. ;D

BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:06:57 PM

Posted 07 December 2012 - 09:18 PM

I'll report this topic to appropriate helpers.
Hold on....

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#3 rosych33ks

rosych33ks
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Canyon Country, CA
  • Local time:06:57 PM

Posted 08 December 2012 - 04:00 PM

*holding* :P

#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,410 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:04:57 AM

Posted 12 December 2012 - 01:02 PM

Hello Kattie, and sorry for the delay.

You mention getting the setup screens. Did you at any point attempt to do a repair installation? (using the xp CD)?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#5 rosych33ks

rosych33ks
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Canyon Country, CA
  • Local time:06:57 PM

Posted 13 December 2012 - 01:41 PM

Hi Elise :)
No, I haven't, as being a netbook, it has no disc drive. I don't currently have an external one either. I really don't have the money for even the cheapest ones, but I suppose I'd have to get one as a last resort. Do you think that's the only hope I have?
And I just want to make sure, by repair installation, you don't mean completely reinstalling windows right? I had the alternate explained to me, but I don't remember if repair installation is what you call it. I'm desperate to save this computer without completely wiping it out as I have hundreds of pictures that I don't have anywhere else. One of the only things keeping me from giving up on the poor thing. :(

#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,410 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:04:57 AM

Posted 13 December 2012 - 01:46 PM

No need for a CD yet, I was just wondering about the mention of setup. How did this screen look, was it a "normal" windows screen (desktop background with a foreground window open)?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#7 rosych33ks

rosych33ks
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Canyon Country, CA
  • Local time:06:57 PM

Posted 14 December 2012 - 07:34 PM

No, I can't get anywhere near the normal screen yet. I'm unable to boot up at all as of yet, that's really my main problem. The setup screen is plain black background with white text. Very basic and oldschool looking.

#8 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,410 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:04:57 AM

Posted 15 December 2012 - 03:29 AM

Lets start with having a look at the MBR of the drive, maybe that can give us some clues.

Download http://unetbootin.sourceforge.net/unetbootin-xpud-windows-latest.exe & http://noahdfear.net/downloads/bootable/xPUD/xpud-0.9.2.iso to the desktop of your clean computer
  • Insert your USB drive
  • Press Start > My Computer > right click your USB drive > choose Format > Quick format
  • Double click the unetbootin-xpud-windows-387.exe that you just downloaded
  • Press Run then OK
  • Select the DiskImage option then click the browse button located on the right side of the textbox field.
  • Browse to and select the xpud-0.9.2.iso file you downloaded
  • Verify the correct drive letter is selected for your USB device then click OK
  • It will install a little bootable OS on your USB device
  • Once the files have been written to the device you will be prompted to reboot ~ do not reboot and instead just Exit the UNetbootin interface
  • After it has completed do not choose to reboot the clean computer simply close the installer
  • Next download http://noahdfear.net/downloads/driver.sh to your USB
  • Remove the USB and insert it in the sick computer
  • The computer must be set to boot from the USB
  • Gently tap F12 and choose to boot from the USB (note, on some computers this may be another key, for example Del)
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • sda1,2...usually corresponds to your HDD
  • sdb1 is likely your USB
  • Click on the folder that represents your USB drive (sdb1 ?)
  • Press Tool at the top
  • Choose Open Terminal
  • Type the following and press enter:

    dd if=/dev/sda of=mbr.bin bs=512 count=1

  • Press Enter
  • After it has finished a file will be located on your USB drive named mbr.bin
  • Remove the USB drive and insert it back in your working computer and navigate to mbr.bin, zip it up and attach it to your next reply.

This will allow me to have a look at the MasterBootRecord of your drive and see if it is infected.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#9 rosych33ks

rosych33ks
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Canyon Country, CA
  • Local time:06:57 PM

Posted 16 December 2012 - 07:57 PM

I'm sure I won't like the answer to this, but I have quite a bit on my flash drive already and since reformatting erases everything, is that step absolutely necessary? Obviously I'll figure something out if it is, but I have to ask. :P I can get another one if I have to, cause they're fairly cheap, but it'd take me a little longer.

Also, thank you so much for the detailed instructions! Whether it works or not, just having some input and ideas on a solution is really appreciated.

#10 AustrAlien

AustrAlien

    Inquisitor


  • Members
  • 6,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cowra NSW Australia
  • Local time:12:57 PM

Posted 16 December 2012 - 08:06 PM

... I have quite a bit on my flash drive already and since reformatting erases everything, is that step absolutely necessary?

Yes, that step is necessary. In order to create a bootable flashdrive with xPUD on it, you will need to either:
  • Get another flashdrive to use for that purpose.
    OR ...
  • Save the important files from your existing flashdrive to another device, before formatting and installing xPUD on it.

AustrAlien
Google is my friend. Make Google your friend too.

Posted Image

#11 rosych33ks

rosych33ks
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Canyon Country, CA
  • Local time:06:57 PM

Posted 16 December 2012 - 08:22 PM


... I have quite a bit on my flash drive already and since reformatting erases everything, is that step absolutely necessary?

Yes, that step is necessary. In order to create a bootable flashdrive with xPUD on it, you will need to either:
  • Get another flashdrive to use for that purpose.
    OR ...
  • Save the important files from your existing flashdrive to another device, before formatting and installing xPUD on it.


Yeah, I was afraid of that :P Thanks guys! I'll get back to you with the results Elise!

#12 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,410 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:04:57 AM

Posted 17 December 2012 - 03:22 AM

Okay! If you have a clean computer you can just create a folder on the desktop (name it "flashdrive" or so) and copy everything there. Once we're done with xPUD you can then copy the content of that folder back to the flashdrive.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#13 rosych33ks

rosych33ks
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Canyon Country, CA
  • Local time:06:57 PM

Posted 20 December 2012 - 02:27 AM

It has honestly been so long since I've zipped something, so I wouldn't be surprised if something went wrong there. But otherwise, everything worked awesome, and the mini OS was like the best thing ever ahahah.

Attached File  mbr.zip   607bytes   5 downloads

#14 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,410 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:04:57 AM

Posted 20 December 2012 - 08:01 AM

Please start your computer and tap the F8 key until the Advanced boot options menu comes up. Do you see the option Repair Windows? If so, please select it and let me know if the Recovery Environment loads successfully (you'll be prompted to select keyboard layout/language and enter your username/password if that is the case).

If everything loads, please select the Startup Repair option.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#15 rosych33ks

rosych33ks
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Canyon Country, CA
  • Local time:06:57 PM

Posted 20 December 2012 - 01:17 PM

Oh my goodness, first time I've seen the default windows background in the longest time o_o Startup repair is scanning...




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users