New
#11
Gotcha. Wasn't necessarily thinking sinister (can't think of why any malware would try to block it), really just curious. Thanks for the response...
Gotcha. Wasn't necessarily thinking sinister (can't think of why any malware would try to block it), really just curious. Thanks for the response...
Since this morning I've also been dealing with what avast! identifies as Sirefef-JQ, Sirefef-IX, and Crypt-MBU. It was my first infection in nearly 20 years. I was able to kill the processes and clean up the remains before rebooting.
It disabled and then removed all of the services below, according to Event Viewer. You might want to see if these are missing for you. I've restored the registry keys from a full drive backup I (coincidentally) made last night. I'm just concerned about what else it did while it briefly had administrator rights.
Base Filtering Engine
Windows Firewall
Security Center
WinHTTP Web Proxy Auto-Discovery Service
IP Helper
Windows Defender
Last edited by zcwmeorp; 27 Mar 2012 at 00:41.
Sadly I have this too, i tried to copy MenaceF1's registry key thinking it would fix the problem, sadly no dice, while I got it working temporarily, the next day it was back to being greyed out in the system icons options thing and no longer at my task-bar where it should be, I have tried all the other ideas and fixes on the net yet this one seems to be the only thing close to a solution. I have run all the virus scans and malware scans using combofix, malwarebytes, avg2012 and spybot search and destroy. My question is this. Should i copy the registry entry again as it appears in MenaceF1's post again and see what happens??....
This is a realy serious Trojan/Rootkit, ricksta
Encyclopedia entry
Updated: Sep 20, 2011 | Published: Jun 21, 2011
Aliases
- BackDoor.Maxplus.23 (Dr.Web)
- ZeroAccess.b (McAfee)
- Zero Access rootkit (other)
- Max++ (other)
- ZAccess (other)
Severe
Encyclopedia entry: Trojan:Win64/Sirefef.B - Learn more about malware - Microsoft Malware Protection Center
Cool, more info. Hey got an update about this issue of mine. I managed to get the action centre working again, but still cant get the little white flag on the task bar working again. Real nasty piece of work this Trojan/Rootkit is. Does anyone know where I can get a copy of a clean registry from??....for the action centre?....
I've attached a registry file containing the text below. Save it, double-click on the file in Explorer, and choose "Yes" to merge. The Action Center setting should no longer be greyed out after you restart Windows.
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A}]
"AutoStart"=""
Great news and really bad news. The Action centre has been fixed and now pops up as it should be. But I think the monster virus has taken on a bad turn. About 5 minutes ago my computer went haywire, threw up a warning message that my copy of windows isn't genuine. Now it appears as though something new has possessed my pc. A watermark message now appears on my desktop "Windows 7 Build 7601 This Copy of Windows Is not Genuine". and I cant update the pc nor can I get updates for MSE. What the heck is going on. Id love to get my hands around the neck of the s.o.b. that made this virus. Any help would be greatly appreciated. pls help
Hey all. Well, i took the easy road and re installed windows 7. Suffice to say it was the nastist virus i have ever encountered in my life . It got the best of me...lol. Thanks anyway. i guess if anyone else gets this virus, this is the check list. Action centre flag no longer appears, MSE will no longer allow updates. Action centre no longer launches (for me anyway). Greyed out system icons in the taskbar options. Hey if anyone else gets this nasty, be careful fiddling with the services and registry.
thank you very very much profi i like to have contact whith you on msn if you would like too.sorry for bad english
bye have a nice day