Sirefef!GenC troubling me

Page 1 of 2 12 LastLast

  1. Posts : 10
    Windows 7 Home Premium 64bit
       #1

    Sirefef!GenC troubling me


    Hey there, I've got some serious trouble with Sirefef. It's been shutting down my computer and also blocking my internet access, so I'm kinda f**ked up. Norton seems to be unable to find and shut down the virus. Sometimes the virus causes a crash so the OS rollbacks and it goes all over. I tried some solutions I found through my iPad, but when I tried to use EzSireFix.exe, the boot failed, I got a critical error and the system just turned on without any success, apparently rolled back a few hours.

    Plz help
      My Computer


  2. Posts : 3,724
    Windows 10x64 Build 1709
       #2
      My Computer


  3. Posts : 10
    Windows 7 Home Premium 64bit
    Thread Starter
       #3

    I just found out my firewall is down and i attempted to turn it back on, when an error 0x80070424 appeared. Any ideas?
      My Computer


  4. Posts : 2,470
    Windows 7 Home Premium
       #4

    Sharpthrower,

    Let's take a look at what is going on with your system...

    Please download RogueKiller:
    Tlcharger RogueKiller (Site Officiel)

    When you get to the website, go to where it says:
    (Download link) Lien de téléchargement:

    Select the version that applies to your system: x64

    Click the dark-blue button that applies to download.

    Save to the Desktop

    Close all windows and browsers
    Right-click RogueKiller and select 'Run as Administrator'

    Press: SCAN

    A report opens on the Desktop: RKreport.txt

    Please provide the RKreport.txt (Mode: Scan) in your reply.

    (Please do not delete anything!)



    Also, download Farbar Service Scanner


    Save to the Desktop
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press: Scan
    • FSS creates a log, FSS.txt, on the Desktop.
    Please provide the FSS.txt in your reply.
      My Computer


  5. Posts : 10
    Windows 7 Home Premium 64bit
    Thread Starter
       #5

    Okay, gonna do that ASAP.
      My Computer


  6. Posts : 10
    Windows 7 Home Premium 64bit
    Thread Starter
       #6

    Here goes the report


    RogueKiller V8.5.0 _x64_ [Feb 9 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : RogueKiller - Geeks to Go Forums
    Website : Download RogueKiller (Official website)
    Blog : tigzy-RK

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : HP [Admin rights]
    Mode : Scan -- Date : 02/12/2013 16:46:00
    | ARK || FAK || MBR |

    ¤¤¤ Bad processes : 2 ¤¤¤
    [DLL] explorer.exe -- C:\Windows\explorer.exe : C:\Users\HP\AppData\Roaming\MegaCloud\MegaCloudShellExtx64.dll -> ODEBRÁNO
    [DLL] explorer.exe -- C:\Windows\explorer.exe : C:\Users\HP\AppData\Roaming\MegaCloud\MegaCloudShellExtx64.dll -> UNLOADED

    ¤¤¤ Registry Entries : 0 ¤¤¤

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [NOT LOADED] ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts

    127.0.0.1 crl.verisign.net CRL.VERISIGN.NET ood.opsource.net
    127.0.0.1 activate.adobe.com
    127.0.0.1 activate-sea.adobe.com
    127.0.0.1 practivate.adobe
    127.0.0.1 practivate.adobe.com
    127.0.0.1 practivate.adobe.newoa
    127.0.0.1 practivate.adobe.ntp
    127.0.0.1 practivate.adobe.ipp
    127.0.0.1 adobeereg.com
    127.0.0.1 activate.wip1.adobe.com
    127.0.0.1 activate.wip2.adobe.com
    127.0.0.1 activate.wip3.adobe.com
    127.0.0.1 activate.wip4.adobe.com
    127.0.0.1 Registration
    127.0.0.1 hl2rcv.adobe.com
    127.0.0.1 wip.adobe.com
    127.0.0.1 wip1.aobe.com
    127.0.0.1 wip2.adobe.com
    127.0.0.1 wip3.adobe.com
    127.0.0.1 wip4.adobe.com
    [...]


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: WDC WD32 00BEKT-60PVMT0 SATA Disk Device +++++
    --- User ---
    [MBR] f81cb0759e3075ff4f7422a0df73e994
    [BSP] d9b7fdd57cff1123c005903e5078fa2f : Windows Vista/7/8 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 287730 Mo
    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 589680640 | Size: 17211 Mo
    3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 624928768 | Size: 103 Mo
    User = LL1 ... OK!
    User != LL2 ... KO!
    --- LL2 ---
    [MBR] bf2ae94e70356570bf1d17c78f84b0c3
    [BSP] 0727de404f9243241609af3b218b8afc : Windows 7/8 MBR Code
    Partition table:
    0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 69631 Mo
    1 - [ACTIVE] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 143013888 | Size: 400 Mo

    +++++ PhysicalDrive1: JetFlash Transcend 4GB USB Device +++++
    --- User ---
    [MBR] 48187a60273017520ea4c263b61ff8aa
    [BSP] 4b8b702b557e3455c4e0f1b634afd5c4 : MBR Code unknown
    Partition table:
    0 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 256 | Size: 3829 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR!

    Finished : << RKreport[4]_S_02122013_02d1646.txt >>
    RKreport[1]_S_02122013_02d1603.txt ; RKreport[2]_SC_02122013_02d1633.txt ; RKreport[3]_D_02122013_02d1635.txt ; RKreport[4]_S_02122013_02d1646.txt


    That for RogueKiller

    FSS:

    Farbar Service Scanner Version: 10-02-2013
    Ran by HP (administrator) on 12-02-2013 at 16:29:25
    Running from "C:\Users\HP\Desktop"
    Windows 7 Home Premium Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Attempt to access Google IP returned error. Google IP is offline
    Google.com is accessible.
    Yahoo IP is accessible.
    Attempt to access Yahoo.com returned error: Other errors


    Windows Firewall:
    =============
    mpsdrv Service is not running. Checking service configuration:
    The start type of mpsdrv service is OK.
    The ImagePath of mpsdrv service is OK.

    MpsSvc Service is not running. Checking service configuration:
    Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
    Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
    Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.

    bfe Service is not running. Checking service configuration:
    Checking Start type: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
    Checking ImagePath: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
    Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.


    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Action Center:
    ============
    wscsvc Service is not running. Checking service configuration:
    Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
    Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
    Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.


    Windows Update:
    ============
    wuauserv Service is not running. Checking service configuration:
    Checking Start type: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
    Checking ImagePath: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
    Checking ServiceDll: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.

    BITS Service is not running. Checking service configuration:
    Checking Start type: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
    Checking ImagePath: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
    Checking ServiceDll: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.


    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
    Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
    Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.


    Other Services:
    ==============
    Checking Start type of SharedAccess: ATTENTION!=====> Unable to retrieve start type of SharedAccess. The value does not exist.
    Checking ImagePath of SharedAccess: ATTENTION!=====> Unable to retrieve ImagePath of SharedAccess. The value does not exist.
    Checking ServiceDll of SharedAccess: ATTENTION!=====> Unable to retrieve ServiceDll of SharedAccess. The value does not exist.
    Checking Start type of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
    Checking ImagePath of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
    Checking ServiceDll of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.


    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys => MD5 is legit
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll => MD5 is legit
    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll => MD5 is legit
    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit


    **** End of log ****

    Sorry it took so long, I had a hard day.
      My Computer


  7. Posts : 2,470
    Windows 7 Home Premium
       #7

    There are services in need of repair, but first, let's see if the malware shows up...

    Please download TDSSKiller:
    http://support.kaspersky.com/downloa...tdsskiller.exe
    Save it to your Desktop

    ◦Right-click on TDSSKiller.exe and select: Run as Administrator
    ◦At the TDSSKiller program console, click on: Change parameters
    ◦At the next prompt, check: Loaded Modules and Detect TDLFS file system
    ◦Uncheck: Verify file digital signatures

    ◦If asked to reboot because an "Extended Monitoring Driver is required" please click: Reboot now

    ◦Click: Start Scan and allow the scan process to run

    ◦If threats are detected select Skip for all of them.
    ◦Click: Continue

    When done, please provide in your reply the TDSSKiller.[Version]_[Date]_[Time]_log.txt found in the root directory (which is typically c:\)
    Last edited by cottonball; 12 Feb 2013 at 15:24. Reason: Erroneous entry removed
      My Computer


  8. Posts : 10
    Windows 7 Home Premium 64bit
    Thread Starter
       #8

    Okay, found one threat, scan finished, now I see I have ti click "Reboot computer" button. There is no such button. Where is it? . There's just the scan result, the Change par. and Start Scan :/

    EDIT: Solved the problem, the files must be deleted in order to reboot.
    Last edited by Sharpthrower; 12 Feb 2013 at 14:01.
      My Computer


  9. Posts : 2,470
    Windows 7 Home Premium
       #9

    My bad on that one.
    If Cure or Delete is selected, then you click Continue > Reboot now to finish the cleaning process.



    Are you posting the scan report: TDSSKiller.[Version]_[Date]_[Time]_log.txt?


    Need to see it before we press on and work on the services with issues.
    Last edited by cottonball; 12 Feb 2013 at 17:48.
      My Computer


  10. Posts : 10
    Windows 7 Home Premium 64bit
    Thread Starter
       #10

    Yep
      My Computer


 
Page 1 of 2 12 LastLast

  Related Discussions
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 00:50.
Find Us