MSE took so long to remove 3 types of Sirefef

Z

zeamann

Cyber Daily-dreamer
Power User
Local time
4:31 PM
Messages
135
Location
Kiritimati Island, Rep of Kiribati
Greetings Sires and mi Ladies,

Please provide your expert advice on this:

My Dad's laptop keep restarting after a BSOD but was okay after opting for "last known good configuration" by pressing F8 BUT! It restarted with MSE's warning that PC is infected, so I didn't immediately clicked MSE's "clean button" but opened MSE's GUI and ran a full scan. This scan of course already took almost 1 hour so I went to sleep. I woke up later at around 1640 hours and found that MSE already finished scanning and got the following infections to which I immediately clicked "clean computer"
  1. TrojanDropper:Win32/Sirefef.B
  2. Trojan:WinNT/Sirefef.J
  3. Trojan:Win32/Sirefef.AH

The time now is 1918 hours and MSE is still running, trying to remove the infection. I am beginning to think that MSE (because it is not yet updated) will not be able to remove these infections. I will leave it till 2200 hours before forcing shut down but in the mean time please advise. Any tips and tricks and views and opinions including everything in between are all welcomed.

regards to you all and God Bless,

Zeamann.
 

My Computer My Computer

At a glance

Windows 7 Ultimate x64 SP1Intel Core i3-3110M CPU @ 2.4GHz, 2 Core (s),...4.0GB RAMIntel HD Graphics 4000
Computer type
Laptop
Computer Manufacturer/Model Number
Toshiba Satellite C875
OS
Windows 7 Ultimate x64 SP1
CPU
Intel Core i3-3110M CPU @ 2.4GHz, 2 Core (s), 4 Logical Proc
Memory
4.0GB RAM
Graphics Card(s)
Intel HD Graphics 4000
From a security point of view, when a system is compromised by a rootkit, the safest option is to do a clean install. That would be the recommended action being that you have 3 rootkits. Even if you remove the rootkits, it's doubtful your PC can be trusted again and any remnants of the virus can cause problems down the road.

http://www.sevenforums.com/tutorials/1649-clean-install-windows-7-a.html

Technical information:

http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Trojan:Win64/Sirefef.W

If this is not an option:

Eset has a removal tool which may work:

http://www.eset.eu/encyclopaedia/win32-sirefef-a-trojan-dropper-pmax-a-horse-trojandropper

Another option is Windows Defender Offline:

http://windows.microsoft.com/en-US/windows/what-is-windows-defender-offline

Depending on the variant you have, it may remove the infection. However, the newer versions of this rootkit are tougher to remove. You can also try TDSSKiller.

There has been a new tool released which has had mixed success at removing this bug:

http://blog.webroot.com/2011/08/03/new-tool-released-kiss-or-kick-zeroaccess-goodbye/

If this does not remove it, please see this link for manual removal of this bug:

How to Remove TR/Sirefef.BV.2 If Combofix & TDSSKiller Won’t Work? - Malware Removal - Malware Info
 
Last edited:

My Computer My Computer

At a glance

Win 7 32 Home Premium, Win 7 64 Pro, Win 8.1,...Intel Core 2 Duo 2.93GHzNot much with my ADHDATI Radeon HD 4350
Computer type
PC/Desktop
Computer Manufacturer/Model Number
Dell Hell oh Well
OS
Win 7 32 Home Premium, Win 7 64 Pro, Win 8.1, Win 10
CPU
Intel Core 2 Duo 2.93GHz
Memory
Not much with my ADHD
Graphics Card(s)
ATI Radeon HD 4350
Monitor(s) Displays
24" HDTV/Monitor
Screen Resolution
Blurry after a Scotch or 2
Hard Drives
1 HDD 250 GB, 1 HDD 1 TB, 3 - 1 TB Externals
Case
Don't get on my case...man :D
Cooling
I have an Air Conditioner & Diet Pepsi
Keyboard
Saitek Cyborg
Mouse
10 yr old MS optical mouse that still works
Internet Speed
Never fast enough
Antivirus
Various
Browser
Various
Borg 386 said:
From a security point of view, when a system is compromised by a rootkit, the safest option is to do a clean install. That would be the recommended action being that you have 3 rootkits. Even if you remove the rootkits, it's doubtful your PC can be trusted again and any remnants of the virus can cause problems down the road.

http://www.sevenforums.com/tutorials/1649-clean-install-windows-7-a.html

Technical information:

Encyclopedia entry: Trojan:Win64/Sirefef.W - Learn more about malware - Microsoft Malware Protection Center

If this is not an option:

Eset has a removal tool which may work:

http://www.eset.eu/encyclopaedia/win32-sirefef-a-trojan-dropper-pmax-a-horse-trojandropper

Another option is Windows Defender Offline:

What is Windows Defender Offline?

Depending on the variant you have, it may remove the infection. However, the newer versions of this rootkit are tougher to remove. You can also try TDSSKiller.

There has been a new tool released which has had mixed success at removing this bug:

New Tool Released: Kiss (or Kick) ZeroAccess Goodbye « Webroot Threat Blog

If this does not remove it, please see this link for manual removal of this bug:

How to Remove TR/Sirefef.BV.2 If Combofix & TDSSKiller Won’t Work? - Malware Removal - Malware Info
Click to expand...

Thank you so very much Borg for a very thorough guidance. I am going to try the clean install as I have backed up all critical personal files and/or documents.

Thank you again and God Bless,

Zeamann.
 

My Computer My Computer

At a glance

Windows 7 Ultimate x64 SP1Intel Core i3-3110M CPU @ 2.4GHz, 2 Core (s),...4.0GB RAMIntel HD Graphics 4000
Computer type
Laptop
Computer Manufacturer/Model Number
Toshiba Satellite C875
OS
Windows 7 Ultimate x64 SP1
CPU
Intel Core i3-3110M CPU @ 2.4GHz, 2 Core (s), 4 Logical Proc
Memory
4.0GB RAM
Graphics Card(s)
Intel HD Graphics 4000
That's the best course to take :D. One word of advice, scan all your personal files thoroughly before you put them back on the system to make sure they're not infected. You can submit files up to 32MB to VirusTotal, where they will be scanned by multiple AV's. Or scan your storage medium with MSE once it's back on your PC.

https://www.virustotal.com/
 

My Computer My Computer

At a glance

Win 7 32 Home Premium, Win 7 64 Pro, Win 8.1,...Intel Core 2 Duo 2.93GHzNot much with my ADHDATI Radeon HD 4350
Computer type
PC/Desktop
Computer Manufacturer/Model Number
Dell Hell oh Well
OS
Win 7 32 Home Premium, Win 7 64 Pro, Win 8.1, Win 10
CPU
Intel Core 2 Duo 2.93GHz
Memory
Not much with my ADHD
Graphics Card(s)
ATI Radeon HD 4350
Monitor(s) Displays
24" HDTV/Monitor
Screen Resolution
Blurry after a Scotch or 2
Hard Drives
1 HDD 250 GB, 1 HDD 1 TB, 3 - 1 TB Externals
Case
Don't get on my case...man :D
Cooling
I have an Air Conditioner & Diet Pepsi
Keyboard
Saitek Cyborg
Mouse
10 yr old MS optical mouse that still works
Internet Speed
Never fast enough
Antivirus
Various
Browser
Various
Borg 386 said:
That's the best course to take :D. One word of advice, scan all your personal files thoroughly before you put them back on the system to make sure they're not infected. You can submit files up to 32MB to VirusTotal, where they will be scanned by multiple AV's. Or scan your storage medium with MSE once it's back on your PC.

https://www.virustotal.com/
Click to expand...

Thank you for the tip Borg. I did just what you mentioned but both on my and Dad's machines prior opening the external drive after backing files into it.

Thanks again and God Bless,
 

My Computer My Computer

At a glance

Windows 7 Ultimate x64 SP1Intel Core i3-3110M CPU @ 2.4GHz, 2 Core (s),...4.0GB RAMIntel HD Graphics 4000
Computer type
Laptop
Computer Manufacturer/Model Number
Toshiba Satellite C875
OS
Windows 7 Ultimate x64 SP1
CPU
Intel Core i3-3110M CPU @ 2.4GHz, 2 Core (s), 4 Logical Proc
Memory
4.0GB RAM
Graphics Card(s)
Intel HD Graphics 4000
You must log in or register to reply here.
Back
Top