Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Many backdoors/various Trojans/rootkit. Shutdowner present


01 Aug 2012   #1

Windows 7 64-Bit Home Premium Service Pack 1
 
 
Many backdoors/various Trojans/rootkit. Shutdowner present

To start off, I got this virus a few weeks ago. My graphics card's fan failed and I fixed it by now.

This virus entered my system by what I assume was an e-mail link. I was receiving various random junk mails that I tried to unsubscribe from. A few minutes later weird sounds and advertisements began happening. Next thing I knew, Microsoft Security Essentials was uninstalled and my firewall was down/missing. I reinstalled Essentials to find out what I was infected with. It repeatedly said Sirefef.

A shutdowner of some kind got installed and wouldn't allow me to work on my HDD for more than 30 seconds. It will pop up with an error message as soon as I get into Windows, EVEN in Safe Mode. I didn't have enough time to get a new malware-remover of some kind to restore the system, because my computer is only operational for 30 seconds on startup.

I made a Kaspersky Rescue Disk, and started it up. I scanned everything and it found many Trojans. I deleted/disinfected them. I got back into Windows in Safe Mode and I still get a "critical error" message and it shuts down in 30 seconds again. So I ran the Rescue Disk a second time. It didn't find any "threats" exactly, except for:

-Trojan program: Exploit.Jav - a .class file found in the cache
-Trojan program: Trojan.Win - found in AppData/Local/Temp and is a jumble of numbers. It's an executable file.

I would remove these via the Rescue Disk, but it won't let me do anything with them. It says "Status: Absent" under their detection and says "Not Found." It only appears under the "All" dropdown menu, not "Active Threats." Kind of sneaky, if this is the Trojan's work, because I can't delete them.

I downloaded a bunch of other anti-virus programs, including the rootkit removal tool from Kaspersky (TDSSKiller), EZSireFix, HitmanPro, ServicesRepair, and I have MalwareBytes already on the system, intending to use them, but I cannot get into Windows. I get a restart almost immediately, and yes, still in Safe Mode as well.

Is it possible to use the programs from a flash drive while in the Kaspersky Rescue Disk?

My System SpecsSystem Spec
.

01 Aug 2012   #2

Microsoft Windows 7 Pro 64-bit SP1
 
 

Try giving Windows Defender Offline a shot.

But I honestly gotta say that, that is one mean virus.

-Justin
My System SpecsSystem Spec
01 Aug 2012   #3

Windows 7 64-Bit Home Premium Service Pack 1
 
 

All right. I'll try that. Hopefully it's reliable. I've kind of hit a speed bump trying to kill this sucker.
My System SpecsSystem Spec
.


01 Aug 2012   #4

Microsoft Windows 7 Pro 64-bit SP1
 
 

Yes it is reliable. Everyone here recommends that if MSE or Malwarebytes doesn't get em. And i bet.

-Justin
My System SpecsSystem Spec
01 Aug 2012   #5

Windows 7 64-Bit Home Premium Service Pack 1
 
 

I'm actually honestly very shocked that the Kaspersky Disk couldn't beat it all. Kaspersky is usually a great anti-virus software company :/ Oh well, I'll try this, too. If it could at least get the shutdowner off of there I can use other programs to fix the residual damage.
My System SpecsSystem Spec
01 Aug 2012   #6

Microsoft Windows 7 Pro 64-bit SP1
 
 

I do hope WDO will work for you. I also heard that Kaspersky is a good A/V. But not even the best A/V can take care of every virus.

-Justin
My System SpecsSystem Spec
01 Aug 2012   #7

Windows 7 64-Bit Home Premium Service Pack 1
 
 

Windows Defender Offline cannot be started.

Error: Unable to detect a Windows system drive. This could be due to missing drivers, an encrypted drive, or a corrupted Windows installation.

Error Code: 0x8004cc01

That... doesn't look good at all.
My System SpecsSystem Spec
01 Aug 2012   #8

Win 7 32 Home Premium, Win 7 64 Pro, Win 8.1 Pro
 
 

Quote   Quote: Originally Posted by MelancholyRose View Post
It repeatedly said Sirefef.
Depending on the variant you have, it may have done irreparable damage.

Encyclopedia entry: Trojan:Win32/Sirefef.AC - Learn more about malware - Microsoft Malware Protection Center

Quote:
Win32/Sirefef is a multi-component family of malware that uses stealth to hide its presence on an affected computer. Due to the nature of this threat, the payload may vary greatly from one infection to another, although common behavior includes:
  • Downloading and executing of arbitrary files
  • Contacting remote hosts
  • Disabling of security features
Quote:
Caution: Win32/Sirefef is a dangerous threat that uses advanced stealth techniques in order to hinder its detection and removal. Particular variants of Win32/Sirefef may also make lasting changes to your computer that will NOT be restored - some system files may be irrevocably corrupted and essential security services may be disabled.

As a consequence of being infected with this threat, you may need to reinstall your Windows operating system and other computer programs, and restore your files and data from backup.
A clean reinstall would be the best/safest option.

Clean Install Windows 7
My System SpecsSystem Spec
01 Aug 2012   #9

Microsoft Windows 7 Pro 64-bit SP1
 
 

If you have a Windows Insallation disk, Boot from that and follow this: System Recovery Options

Seems like the virus decided to take some important system files with it.

-Justin
My System SpecsSystem Spec
01 Aug 2012   #10

Windows 7 64-Bit Home Premium Service Pack 1
 
 

Erm... well, should I try repairing first before reinstalling?

What recovery option should I be using, by the way? Startup repair, system restore, etc?
My System SpecsSystem Spec
Reply

 Many backdoors/various Trojans/rootkit. Shutdowner present




Thread Tools



Similar help and support threads for2: Many backdoors/various Trojans/rootkit. Shutdowner present
Thread Forum
Former Pentagon analyst: China has backdoors to 80% of telecoms Chillout Room
Require (Rootkit.TDSS.TDL4) Rootkit Removal & Cleanup walkthrough System Security
ESE Found Trojans System Security
Trojans System Security
Trojans in Updates??? Windows Updates & Activation
Trojans in Firefox Add-ons System Security
Trojans? System Security

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 04:11 PM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33