Unable to fix Action Center notifications after virus Win64/Sirefef.B

Page 2 of 3 FirstFirst 123 LastLast

  1. Posts : 2,171
    Windows 7 Ultimate x64
       #11

    Gotcha. Wasn't necessarily thinking sinister (can't think of why any malware would try to block it), really just curious. Thanks for the response...
      My Computer


  2. Posts : 8
    Windows 7 Professional x64
       #12

    Since this morning I've also been dealing with what avast! identifies as Sirefef-JQ, Sirefef-IX, and Crypt-MBU. It was my first infection in nearly 20 years. I was able to kill the processes and clean up the remains before rebooting.

    It disabled and then removed all of the services below, according to Event Viewer. You might want to see if these are missing for you. I've restored the registry keys from a full drive backup I (coincidentally) made last night. I'm just concerned about what else it did while it briefly had administrator rights.

    Base Filtering Engine
    Windows Firewall
    Security Center
    WinHTTP Web Proxy Auto-Discovery Service
    IP Helper
    Windows Defender
    Last edited by zcwmeorp; 27 Mar 2012 at 00:41.
      My Computer


  3. Posts : 4
    Windows 7 Professional x64
       #13

    Sadly I have this too, i tried to copy MenaceF1's registry key thinking it would fix the problem, sadly no dice, while I got it working temporarily, the next day it was back to being greyed out in the system icons options thing and no longer at my task-bar where it should be, I have tried all the other ideas and fixes on the net yet this one seems to be the only thing close to a solution. I have run all the virus scans and malware scans using combofix, malwarebytes, avg2012 and spybot search and destroy. My question is this. Should i copy the registry entry again as it appears in MenaceF1's post again and see what happens??....
      My Computer


  4. Posts : 8,608
    Windows 7 Ultimate 32bit SP1
       #14

    This is a realy serious Trojan/Rootkit, ricksta


    Encyclopedia entry
    Updated: Sep 20, 2011 | Published: Jun 21, 2011

    Aliases
      My Computer


  5. Posts : 4
    Windows 7 Professional x64
       #15

    Cool, more info. Hey got an update about this issue of mine. I managed to get the action centre working again, but still cant get the little white flag on the task bar working again. Real nasty piece of work this Trojan/Rootkit is. Does anyone know where I can get a copy of a clean registry from??....for the action centre?....
      My Computer


  6. Posts : 8
    Windows 7 Professional x64
       #16

    MenaceF1 said:
    If anyone's interesting in more detail about how I managed to work this out, I decided to observe what the virus does in a controlled environment. So I created a virtual machine running Windows 7, and deliberately infected it with the same virus while running a tool called "Process Monitor" that tells me every file it creates or deletes, and crucially, every registry key it modifies or deletes.
    Would you mind sharing that log? I want to see if I've missed anything.

    And do you have any idea how it got into your system? That's my biggest concern now. I THINK all I was doing at the time was browsing hotels.com and Google Maps in Firefox 11.
      My Computer


  7. Posts : 8
    Windows 7 Professional x64
       #17

    ricksta said:
    Cool, more info. Hey got an update about this issue of mine. I managed to get the action centre working again, but still cant get the little white flag on the task bar working again. Real nasty piece of work this Trojan/Rootkit is. Does anyone know where I can get a copy of a clean registry from??....for the action centre?....
    I've attached a registry file containing the text below. Save it, double-click on the file in Explorer, and choose "Yes" to merge. The Action Center setting should no longer be greyed out after you restart Windows.

    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A}]
    "AutoStart"=""
    Unable to fix Action Center notifications after virus Win64/Sirefef.B Attached Files
      My Computer


  8. Posts : 4
    Windows 7 Professional x64
       #18

    Great news and really bad news. The Action centre has been fixed and now pops up as it should be. But I think the monster virus has taken on a bad turn. About 5 minutes ago my computer went haywire, threw up a warning message that my copy of windows isn't genuine. Now it appears as though something new has possessed my pc. A watermark message now appears on my desktop "Windows 7 Build 7601 This Copy of Windows Is not Genuine". and I cant update the pc nor can I get updates for MSE. What the heck is going on. Id love to get my hands around the neck of the s.o.b. that made this virus. Any help would be greatly appreciated. pls help
    Attached Thumbnails Attached Thumbnails Unable to fix Action Center notifications after virus Win64/Sirefef.B-wtf.jpg  
      My Computer


  9. Posts : 4
    Windows 7 Professional x64
       #19

    Hey all. Well, i took the easy road and re installed windows 7. Suffice to say it was the nastist virus i have ever encountered in my life . It got the best of me...lol. Thanks anyway. i guess if anyone else gets this virus, this is the check list. Action centre flag no longer appears, MSE will no longer allow updates. Action centre no longer launches (for me anyway). Greyed out system icons in the taskbar options. Hey if anyone else gets this nasty, be careful fiddling with the services and registry.
      My Computer


  10. Posts : 1
    windows 7 ultimate 32bit
       #20

    hi


    thank you very very much profi i like to have contact whith you on msn if you would like too.sorry for bad english
    bye have a nice day
      My Computer


 
Page 2 of 3 FirstFirst 123 LastLast

  Related Discussions
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd
All times are GMT -5. The time now is 21:01.
Find Us