Many backdoors/various Trojans/rootkit. Shutdowner present
-
![]()
Many backdoors/various Trojans/rootkit. Shutdowner present
To start off, I got this virus a few weeks ago. My graphics card's fan failed and I fixed it by now.
This virus entered my system by what I assume was an e-mail link. I was receiving various random junk mails that I tried to unsubscribe from. A few minutes later weird sounds and advertisements began happening. Next thing I knew, Microsoft Security Essentials was uninstalled and my firewall was down/missing. I reinstalled Essentials to find out what I was infected with. It repeatedly said Sirefef.
A shutdowner of some kind got installed and wouldn't allow me to work on my HDD for more than 30 seconds. It will pop up with an error message as soon as I get into Windows, EVEN in Safe Mode. I didn't have enough time to get a new malware-remover of some kind to restore the system, because my computer is only operational for 30 seconds on startup.
I made a Kaspersky Rescue Disk, and started it up. I scanned everything and it found many Trojans. I deleted/disinfected them. I got back into Windows in Safe Mode and I still get a "critical error" message and it shuts down in 30 seconds again. So I ran the Rescue Disk a second time. It didn't find any "threats" exactly, except for:
-Trojan program: Exploit.Jav - a .class file found in the cache
-Trojan program: Trojan.Win - found in AppData/Local/Temp and is a jumble of numbers. It's an executable file.
I would remove these via the Rescue Disk, but it won't let me do anything with them. It says "Status: Absent" under their detection and says "Not Found." It only appears under the "All" dropdown menu, not "Active Threats." Kind of sneaky, if this is the Trojan's work, because I can't delete them.
I downloaded a bunch of other anti-virus programs, including the rootkit removal tool from Kaspersky (TDSSKiller), EZSireFix, HitmanPro, ServicesRepair, and I have MalwareBytes already on the system, intending to use them, but I cannot get into Windows. I get a restart almost immediately, and yes, still in Safe Mode as well.
Is it possible to use the programs from a flash drive while in the Kaspersky Rescue Disk?
-
-
-
All right. I'll try that. Hopefully it's reliable. I've kind of hit a speed bump trying to kill this sucker.
-
-
Yes it is reliable. Everyone here recommends that if MSE or Malwarebytes doesn't get em. And i bet.
-Justin
-
I'm actually honestly very shocked that the Kaspersky Disk couldn't beat it all. Kaspersky is usually a great anti-virus software company :/ Oh well, I'll try this, too. If it could at least get the shutdowner off of there I can use other programs to fix the residual damage.
-
I do hope WDO will work for you. I also heard that Kaspersky is a good A/V. But not even the best A/V can take care of every virus.
-Justin
-
-
Windows Defender Offline cannot be started.
Error: Unable to detect a Windows system drive. This could be due to missing drivers, an encrypted drive, or a corrupted Windows installation.
Error Code: 0x8004cc01
That... doesn't look good at all.
-
![]()
It repeatedly said Sirefef.
Depending on the variant you have, it may have done irreparable damage.
Encyclopedia entry: Trojan:Win32/Sirefef.AC - Learn more about malware - Microsoft Malware Protection Center
Win32/Sirefef is a multi-component family of malware that uses stealth to hide its presence on an affected computer. Due to the nature of this threat, the payload may vary greatly from one infection to another, although common behavior includes:
- Downloading and executing of arbitrary files
- Contacting remote hosts
- Disabling of security features
Caution: Win32/Sirefef is a dangerous threat that uses advanced stealth techniques in order to hinder its detection and removal. Particular variants of Win32/Sirefef may also make lasting changes to your computer that will NOT be restored - some system files may be irrevocably corrupted and essential security services may be disabled.
As a consequence of being infected with this threat, you may need to reinstall your Windows operating system and other computer programs, and restore your files and data from backup.
A clean reinstall would be the best/safest option.
Clean Install Windows 7
-
If you have a Windows Insallation disk, Boot from that and follow this: System Recovery Options
Seems like the virus decided to take some important system files with it.
-Justin
-
Erm... well, should I try repairing first before reinstalling?
What recovery option should I be using, by the way? Startup repair, system restore, etc?
Quote