Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Sirefef!GenC troubling me


11 Feb 2013   #1

Windows 7 Home Premium 64bit
 
 
Sirefef!GenC troubling me

Hey there, I've got some serious trouble with Sirefef. It's been shutting down my computer and also blocking my internet access, so I'm kinda f**ked up. Norton seems to be unable to find and shut down the virus. Sometimes the virus causes a crash so the OS rollbacks and it goes all over. I tried some solutions I found through my iPad, but when I tried to use EzSireFix.exe, the boot failed, I got a critical error and the system just turned on without any success, apparently rolled back a few hours.

Plz help


My System SpecsSystem Spec
.

11 Feb 2013   #2

Windows 7 Home Premium x64
 
 

My System SpecsSystem Spec
11 Feb 2013   #3

Windows 7 Home Premium 64bit
 
 

I just found out my firewall is down and i attempted to turn it back on, when an error 0x80070424 appeared. Any ideas?
My System SpecsSystem Spec
.


11 Feb 2013   #4

Windows 7 Home Premium
 
 

Sharpthrower,

Let's take a look at what is going on with your system...

Please download RogueKiller:
Tlcharger RogueKiller (Site Officiel)

When you get to the website, go to where it says:
(Download link) Lien de téléchargement:

Select the version that applies to your system: x64

Click the dark-blue button that applies to download.

Save to the Desktop

Close all windows and browsers
Right-click RogueKiller and select 'Run as Administrator'

Press: SCAN

A report opens on the Desktop: RKreport.txt

Please provide the RKreport.txt (Mode: Scan) in your reply.

(Please do not delete anything!)



Also, download Farbar Service Scanner


Save to the Desktop
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press: Scan
  • FSS creates a log, FSS.txt, on the Desktop.
Please provide the FSS.txt in your reply.
My System SpecsSystem Spec
11 Feb 2013   #5

Windows 7 Home Premium 64bit
 
 

Okay, gonna do that ASAP.
My System SpecsSystem Spec
12 Feb 2013   #6

Windows 7 Home Premium 64bit
 
 
Here goes the report

RogueKiller V8.5.0 _x64_ [Feb 9 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : RogueKiller - Geeks to Go Forums
Website : Download RogueKiller (Official website)
Blog : tigzy-RK

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : HP [Admin rights]
Mode : Scan -- Date : 02/12/2013 16:46:00
| ARK || FAK || MBR |

¤¤¤ Bad processes : 2 ¤¤¤
[DLL] explorer.exe -- C:\Windows\explorer.exe : C:\Users\HP\AppData\Roaming\MegaCloud\MegaCloudShellExtx64.dll -> ODEBRÁNO
[DLL] explorer.exe -- C:\Windows\explorer.exe : C:\Users\HP\AppData\Roaming\MegaCloud\MegaCloudShellExtx64.dll -> UNLOADED

¤¤¤ Registry Entries : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 crl.verisign.net CRL.VERISIGN.NET ood.opsource.net
127.0.0.1 activate.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 practivate.adobe
127.0.0.1 practivate.adobe.com
127.0.0.1 practivate.adobe.newoa
127.0.0.1 practivate.adobe.ntp
127.0.0.1 practivate.adobe.ipp
127.0.0.1 adobeereg.com
127.0.0.1 activate.wip1.adobe.com
127.0.0.1 activate.wip2.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 activate.wip4.adobe.com
127.0.0.1 Registration
127.0.0.1 hl2rcv.adobe.com
127.0.0.1 wip.adobe.com
127.0.0.1 wip1.aobe.com
127.0.0.1 wip2.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 wip4.adobe.com
[...]


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD32 00BEKT-60PVMT0 SATA Disk Device +++++
--- User ---
[MBR] f81cb0759e3075ff4f7422a0df73e994
[BSP] d9b7fdd57cff1123c005903e5078fa2f : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 287730 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 589680640 | Size: 17211 Mo
3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 624928768 | Size: 103 Mo
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] bf2ae94e70356570bf1d17c78f84b0c3
[BSP] 0727de404f9243241609af3b218b8afc : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 69631 Mo
1 - [ACTIVE] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 143013888 | Size: 400 Mo

+++++ PhysicalDrive1: JetFlash Transcend 4GB USB Device +++++
--- User ---
[MBR] 48187a60273017520ea4c263b61ff8aa
[BSP] 4b8b702b557e3455c4e0f1b634afd5c4 : MBR Code unknown
Partition table:
0 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 256 | Size: 3829 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[4]_S_02122013_02d1646.txt >>
RKreport[1]_S_02122013_02d1603.txt ; RKreport[2]_SC_02122013_02d1633.txt ; RKreport[3]_D_02122013_02d1635.txt ; RKreport[4]_S_02122013_02d1646.txt


That for RogueKiller

FSS:

Farbar Service Scanner Version: 10-02-2013
Ran by HP (administrator) on 12-02-2013 at 16:29:25
Running from "C:\Users\HP\Desktop"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Google IP is offline
Google.com is accessible.
Yahoo IP is accessible.
Attempt to access Yahoo.com returned error: Other errors


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.

BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.


Other Services:
==============
Checking Start type of SharedAccess: ATTENTION!=====> Unable to retrieve start type of SharedAccess. The value does not exist.
Checking ImagePath of SharedAccess: ATTENTION!=====> Unable to retrieve ImagePath of SharedAccess. The value does not exist.
Checking ServiceDll of SharedAccess: ATTENTION!=====> Unable to retrieve ServiceDll of SharedAccess. The value does not exist.
Checking Start type of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
Checking ImagePath of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
Checking ServiceDll of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

Sorry it took so long, I had a hard day.
My System SpecsSystem Spec
12 Feb 2013   #7

Windows 7 Home Premium
 
 

There are services in need of repair, but first, let's see if the malware shows up...

Please download TDSSKiller:
http://support.kaspersky.com/downloa...tdsskiller.exe
Save it to your Desktop

◦Right-click on TDSSKiller.exe and select: Run as Administrator
◦At the TDSSKiller program console, click on: Change parameters
◦At the next prompt, check: Loaded Modules and Detect TDLFS file system
◦Uncheck: Verify file digital signatures

◦If asked to reboot because an "Extended Monitoring Driver is required" please click: Reboot now

◦Click: Start Scan and allow the scan process to run

◦If threats are detected select Skip for all of them.
◦Click: Continue

When done, please provide in your reply the TDSSKiller.[Version]_[Date]_[Time]_log.txt found in the root directory (which is typically c:\)
My System SpecsSystem Spec
12 Feb 2013   #8

Windows 7 Home Premium 64bit
 
 

Okay, found one threat, scan finished, now I see I have ti click "Reboot computer" button. There is no such button. Where is it? . There's just the scan result, the Change par. and Start Scan :/

EDIT: Solved the problem, the files must be deleted in order to reboot.
My System SpecsSystem Spec
12 Feb 2013   #9

Windows 7 Home Premium
 
 

My bad on that one.
If Cure or Delete is selected, then you click Continue > Reboot now to finish the cleaning process.



Are you posting the scan report: TDSSKiller.[Version]_[Date]_[Time]_log.txt?


Need to see it before we press on and work on the services with issues.
My System SpecsSystem Spec
13 Feb 2013   #10

Windows 7 Home Premium 64bit
 
 

Yep
My System SpecsSystem Spec
Reply

 Sirefef!GenC troubling me




Thread Tools



Similar help and support threads for2: Sirefef!GenC troubling me
Thread Forum
Repeated annoying BSODs troubling a beginner BSOD Help and Support
Homegroup troubling me? Network & Sharing
Sirefef Removal! System Security
Trojan win64/ sirefef.b and .J System Security
Troubling Issue.. Sound & Audio
Troubling nailing elusive virus System Security

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 03:42 AM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33