Many backdoors/various Trojans/rootkit. Shutdowner present

HonorGamer · 01 Aug 2012

Try a system restore to the point before you clicked on the spam and such.

Like what borg said, it may not be fixable.

-Justin

MelancholyRose · 01 Aug 2012

Click on Repair your computer. (See screenshot below)

5. Select which operating system you want to restore and the click on Next. (See screenshot below)
NOTE: If Windows 7 is not listed here, or it is blank, then it is ok. Click on Next anyway.

It wasn't listed, it was blank, and I clicked Next anyway. I went to System Restore and it said:

To use System Restore, you must specify which Windows installation to restore. Restart this computer, select an operating system, and then select System Restore.

I thought I could leave it blank?

I didn't click Load Drivers. Should I try that?

F5ing · 01 Aug 2012

Although you might be able to get a deeply infected machine back into a 'workable' state it will likely take more than one program to do it.

But even if you can get it back into that 'workable' state I wouldn't trust it. I'd wipe that disk clean and reinstall. Quicker that way, and you can then be confident that it's secure.

Back up all your data to reliable media first though.

F5ing · 01 Aug 2012

MelancholyRose said:

To use System Restore, you must specify which Windows installation to restore. Restart this computer, select an operating system, and then select System Restore.

I thought I could leave it blank?

I didn't click Load Drivers. Should I try that?

System Restore might work, but you should be aware that your restore points can contain the malware too. Definitely contains it if you've been infected for some time.

MelancholyRose · 01 Aug 2012

I need to get that shutdown to stop happening before I can back anything up. I'm having a friend help me.

kegobeer · 01 Aug 2012

The easiest thing to do is to remove the drive and slave it into another computer (with up to date virus definitions, of course). Copy your essential files to the other computer. Put the drive back into the original computer, and reinstall Windows.

MelancholyRose · 01 Aug 2012

Apparently the Services.exe file is damaged, and that's what's causing the shut downs, not a virus. I thought to do an sfc scannow, but for some reason my computer just doesn't show my OS. It acts like I don't have one, even though I definitely do.

What I think is causing that is, I use a RAID 1 mirror. My other hard drive isn't being used right now, it hasn't been used for a while, so I'm using only the one drive. Do I need my RAID driver to get to my OS?

If so, do I need to use RAID drivers or Chipset drivers? http://support.amd.com/us/gpudownloa...d_windows.aspx [EDIT: I'm thinking it's the AHCI Controller Driver under chipsets.]

EDIT: Looks like this is probably it. SATA Drivers - Load in Windows Recovery Options

OldMX · 01 Aug 2012

My mother in law's laptop got infected and I got tired of fighting this rootkit because of the afterall damage to core files which SFC couldnt fix, ended wiping the disk and reinstalling clean, one thing I'm clueless about is how is this infection spreaded?

MelancholyRose · 01 Aug 2012

Judging on what I've read/been told about Sirefef is that if you try to remove it, it hides in system files and copies itself to Registry keys and such.

Jacee · 01 Aug 2012

This sounds like the Zero Access Rootkit. It has created a hidden partition to hide itself from being found and fixed. This is quite a nasty Rootkit!

Save what you can (pictures, important documents), then wipe your OS and do a "clean" install.