Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Sirefef!GenC troubling me

11 Feb 2013   #1
Sharpthrower

Windows 7 Home Premium 64bit
 
 
Sirefef!GenC troubling me

Hey there, I've got some serious trouble with Sirefef. It's been shutting down my computer and also blocking my internet access, so I'm kinda f**ked up. Norton seems to be unable to find and shut down the virus. Sometimes the virus causes a crash so the OS rollbacks and it goes all over. I tried some solutions I found through my iPad, but when I tried to use EzSireFix.exe, the boot failed, I got a critical error and the system just turned on without any success, apparently rolled back a few hours.

Plz help


My System SpecsSystem Spec
.

11 Feb 2013   #2
indianacarnie

Windows 7 Home Premium x64
 
 

My System SpecsSystem Spec
11 Feb 2013   #3
Sharpthrower

Windows 7 Home Premium 64bit
 
 

I just found out my firewall is down and i attempted to turn it back on, when an error 0x80070424 appeared. Any ideas?
My System SpecsSystem Spec
.


11 Feb 2013   #4
cottonball

Windows 7 Home Premium
 
 

Sharpthrower,

Let's take a look at what is going on with your system...

Please download RogueKiller:
Tlcharger RogueKiller (Site Officiel)

When you get to the website, go to where it says:
(Download link) Lien de téléchargement:

Select the version that applies to your system: x64

Click the dark-blue button that applies to download.

Save to the Desktop

Close all windows and browsers
Right-click RogueKiller and select 'Run as Administrator'

Press: SCAN

A report opens on the Desktop: RKreport.txt

Please provide the RKreport.txt (Mode: Scan) in your reply.

(Please do not delete anything!)



Also, download Farbar Service Scanner


Save to the Desktop
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press: Scan
  • FSS creates a log, FSS.txt, on the Desktop.
Please provide the FSS.txt in your reply.
My System SpecsSystem Spec
11 Feb 2013   #5
Sharpthrower

Windows 7 Home Premium 64bit
 
 

Okay, gonna do that ASAP.
My System SpecsSystem Spec
12 Feb 2013   #6
Sharpthrower

Windows 7 Home Premium 64bit
 
 
Here goes the report

RogueKiller V8.5.0 _x64_ [Feb 9 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : RogueKiller - Geeks to Go Forums
Website : Download RogueKiller (Official website)
Blog : tigzy-RK

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : HP [Admin rights]
Mode : Scan -- Date : 02/12/2013 16:46:00
| ARK || FAK || MBR |

¤¤¤ Bad processes : 2 ¤¤¤
[DLL] explorer.exe -- C:\Windows\explorer.exe : C:\Users\HP\AppData\Roaming\MegaCloud\MegaCloudShellExtx64.dll -> ODEBRÁNO
[DLL] explorer.exe -- C:\Windows\explorer.exe : C:\Users\HP\AppData\Roaming\MegaCloud\MegaCloudShellExtx64.dll -> UNLOADED

¤¤¤ Registry Entries : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 crl.verisign.net CRL.VERISIGN.NET ood.opsource.net
127.0.0.1 activate.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 practivate.adobe
127.0.0.1 practivate.adobe.com
127.0.0.1 practivate.adobe.newoa
127.0.0.1 practivate.adobe.ntp
127.0.0.1 practivate.adobe.ipp
127.0.0.1 adobeereg.com
127.0.0.1 activate.wip1.adobe.com
127.0.0.1 activate.wip2.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 activate.wip4.adobe.com
127.0.0.1 Registration
127.0.0.1 hl2rcv.adobe.com
127.0.0.1 wip.adobe.com
127.0.0.1 wip1.aobe.com
127.0.0.1 wip2.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 wip4.adobe.com
[...]


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD32 00BEKT-60PVMT0 SATA Disk Device +++++
--- User ---
[MBR] f81cb0759e3075ff4f7422a0df73e994
[BSP] d9b7fdd57cff1123c005903e5078fa2f : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 287730 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 589680640 | Size: 17211 Mo
3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 624928768 | Size: 103 Mo
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] bf2ae94e70356570bf1d17c78f84b0c3
[BSP] 0727de404f9243241609af3b218b8afc : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 69631 Mo
1 - [ACTIVE] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 143013888 | Size: 400 Mo

+++++ PhysicalDrive1: JetFlash Transcend 4GB USB Device +++++
--- User ---
[MBR] 48187a60273017520ea4c263b61ff8aa
[BSP] 4b8b702b557e3455c4e0f1b634afd5c4 : MBR Code unknown
Partition table:
0 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 256 | Size: 3829 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[4]_S_02122013_02d1646.txt >>
RKreport[1]_S_02122013_02d1603.txt ; RKreport[2]_SC_02122013_02d1633.txt ; RKreport[3]_D_02122013_02d1635.txt ; RKreport[4]_S_02122013_02d1646.txt


That for RogueKiller

FSS:

Farbar Service Scanner Version: 10-02-2013
Ran by HP (administrator) on 12-02-2013 at 16:29:25
Running from "C:\Users\HP\Desktop"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Google IP is offline
Google.com is accessible.
Yahoo IP is accessible.
Attempt to access Yahoo.com returned error: Other errors


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.

BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.


Other Services:
==============
Checking Start type of SharedAccess: ATTENTION!=====> Unable to retrieve start type of SharedAccess. The value does not exist.
Checking ImagePath of SharedAccess: ATTENTION!=====> Unable to retrieve ImagePath of SharedAccess. The value does not exist.
Checking ServiceDll of SharedAccess: ATTENTION!=====> Unable to retrieve ServiceDll of SharedAccess. The value does not exist.
Checking Start type of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
Checking ImagePath of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
Checking ServiceDll of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

Sorry it took so long, I had a hard day.
My System SpecsSystem Spec
12 Feb 2013   #7
cottonball

Windows 7 Home Premium
 
 

There are services in need of repair, but first, let's see if the malware shows up...

Please download TDSSKiller:
http://support.kaspersky.com/downloa...tdsskiller.exe
Save it to your Desktop

◦Right-click on TDSSKiller.exe and select: Run as Administrator
◦At the TDSSKiller program console, click on: Change parameters
◦At the next prompt, check: Loaded Modules and Detect TDLFS file system
◦Uncheck: Verify file digital signatures

◦If asked to reboot because an "Extended Monitoring Driver is required" please click: Reboot now

◦Click: Start Scan and allow the scan process to run

◦If threats are detected select Skip for all of them.
◦Click: Continue

When done, please provide in your reply the TDSSKiller.[Version]_[Date]_[Time]_log.txt found in the root directory (which is typically c:\)
My System SpecsSystem Spec
12 Feb 2013   #8
Sharpthrower

Windows 7 Home Premium 64bit
 
 

Okay, found one threat, scan finished, now I see I have ti click "Reboot computer" button. There is no such button. Where is it? . There's just the scan result, the Change par. and Start Scan :/

EDIT: Solved the problem, the files must be deleted in order to reboot.
My System SpecsSystem Spec
12 Feb 2013   #9
cottonball

Windows 7 Home Premium
 
 

My bad on that one.
If Cure or Delete is selected, then you click Continue > Reboot now to finish the cleaning process.



Are you posting the scan report: TDSSKiller.[Version]_[Date]_[Time]_log.txt?


Need to see it before we press on and work on the services with issues.
My System SpecsSystem Spec
13 Feb 2013   #10
Sharpthrower

Windows 7 Home Premium 64bit
 
 

Yep
My System SpecsSystem Spec
Reply

 Sirefef!GenC troubling me




Thread Tools





Similar help and support threads
Thread Forum
Repeated annoying BSODs troubling a beginner
These cursed bluescreencrashes have suddenly appeared and they are driving me crazy, because I´m no computer guru and my skills are limited. So, my computer has started crashing every day, even twice a day. I've got no idea what lies beneth this diabolic behaviour. I've done memory tests which...
BSOD Help and Support
Homegroup troubling me?
I have a home group set up on my computer. I need to transfer some stuff to another computer. It says "There is currently no homegroup on your network." But it says, I can't create my own homegroup network on that computer with that edition, but I can join one (remind yourself my other computer is...
Network & Sharing
Sirefef Removal!
Help guys, BitDefender just alerted me about being infected by the Sirefef trojan. These are the two particular variants BitDefender can't seem to remove: *Sirefef.A - C:/Windows/System32/services.exe *Sirefef.GY - C:/Windows/Installer/{84d3bf12-3c1a-e026-8b4e-76a071be099b}/U/00000004.@ Any...
System Security
Trojan win64/ sirefef.b and .J
Dell laptop has sirefef.b trojan sirefef.j trojan and win32/alureon.TK These are all trojans. The laptop has MicSecEssentials, and malwarebytes free version, both of which I put onto the computer after the viruses were there. system Specs: Dell Inspiron intel i3 2130 2.3 ghz 4gb ddr3...
System Security
Troubling Issue..
I currently have the Windows 7 Home Premium laptop. It's like Acer or something. And Ive had it for just about a year and 2 months. This problem i'm having with the sound just started like two days ago. Okay so lately my computer has been really slow and it's been tormenting me about updates....
Sound & Audio
Troubling nailing elusive virus
Hi, I'm fairly confident that my Windows 7 machine has been compromised. Here are some funny things my computer has been doing: - My keyboard has been acting strange. Some keys don't work. - If I sit here and do not touch anything, the start menu will pop up as if I had pressed the...
System Security

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 06:51.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App