Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.

Windows 7: RootKit&TrojanViruses

05 Mar 2014   #1

windows 7

I have a Gateway computer, 64 bit, DX4822-01, with Intel pentium E5300 Dual Core, 2.6GHZ each, 6GB ram, and 1TB HDD, running Windows 7 Home Premium x 64 bit.

I've been getting a red warning on my screen that says I have (1) a Rootkit.Sirefef.spy and (2) a Trojan.fakAV-Download viruses. I've had trouble downloading with message 'cannot be downloaded'. Occasionally one gets through.

Does anyone out there have the expertise to help me delete these viruses.

Any help will be appreciated.


My System SpecsSystem Spec
05 Mar 2014   #2

Windows 7 Home Premium

Welcome to the forum, haplyss!

Please use the following diagnostic tool. It has a powerful detection mechanism, and may help us get to the cause of your issues:

Please use the Farbar Recovery Scan Tool.
Download: Farbar Recovery Scan Tool Download
Select the version that applies to your system 64-bit
Save it to your Desktop.
Double-click the downloaded file to run it.

When the tool opens click Yes to the disclaimer.
At the program's console, press the Scan button.

When done, the tool produces a log, FRST.txt, in the same directory from which the tool is run (Desktop).
Please provide the FRST.txt in your reply.

The first time the tool is run, it also makes another log: Addition.txt
Also post the Addition.txt in your reply.

Also, use the Farbar Service Scanner.
Download: Downloading Farbar Service Scanner

We will get a view of all services and dependencies scoped by the tool...

Make sure the following options are checked:
Internet Services
Windows Firewall
System Restore
Security Center
Windows Update
Windows Defender

Press: Scan
When done, FSS creates a log, FSS.txt, on the Desktop.

Please provide the FSS.txt in your reply.

Thank you.
My System SpecsSystem Spec
05 Mar 2014   #3
Microsoft MVP

Vista, Windows7, Mint Mate, Zorin, Windows 8

From what did you get the warning. It could be a fake warning from some site that wnats your money.
My System SpecsSystem Spec

08 Mar 2014   #4

windows 7

Hi, WHS,

I hope I did this right. I'm sending all that was created, when running these programs.

Attached Files
File Type: txt Addition.txt (45.0 KB, 7 views)
File Type: txt FSS.txt (2.3 KB, 4 views)
File Type: txt FRST.txt (99.4 KB, 3 views)
My System SpecsSystem Spec
08 Mar 2014   #5

Windows 7 Home Premium 64Bit

You have three anti virus programs running, please choose one, i would recommend MSE or Avira.
I noticed Ilivid which can be a pain.

Please download Junkware Removal Tool to your desktop.
  • Shutdown your antivirus to avoid any conflicts.
  • Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next reply message
  • When completed make sure to re-enable your antivirus
Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all the Clean button.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.
My System SpecsSystem Spec
08 Mar 2014   #6

Windows 7 Home Premium


In my previous instructions it was requested you post the FRST.txt, the Addition.txt, and the FSS.txt.

Please post the FRST.tx in your reply!! Really need to see it.


My System SpecsSystem Spec
13 Mar 2014   #7

windows 7

I've been under the weather for several days. I've attached the only FRST.txt I have, and I've attached a copy of the virus warning notice. I sure hope these are helpful.

Attached Thumbnails
Attached Files
File Type: txt FRST.txt (99.4 KB, 2 views)
My System SpecsSystem Spec
13 Mar 2014   #8

Windows 7 Professional 32-bit/Windows 8 64-bit/Win7 Pro64-bit

Quote   Quote: Originally Posted by haplyss View Post
I've been under the weather for several days. I've attached the only FRST.txt I have, and I've attached a copy of the virus warning notice. I sure hope these are helpful.
That seems legitimate. Do you remember installing MSE? Do not use it if it asks for money because the real MSE is free. If it does, you should install Malwarebytes FREE and run a full scan.
My System SpecsSystem Spec
14 Mar 2014   #9

windows 7

I think my brain is still in disaster area. I sent wrong file on virus warning. The attached is the current one I copied.

Attached Thumbnails
My System SpecsSystem Spec
14 Mar 2014   #10

Windows 7 Professional 32-bit/Windows 8 64-bit/Win7 Pro64-bit

Now that's a fake warning. Install Malwarebytes and run it. Also, you should have no problem running mse afterwards.
My System SpecsSystem Spec


Thread Tools

Similar help and support threads
Thread Forum
I think I have a rootkit
I am almost positive that I have a rootkit. I know this because it has happened before. I tried both gmer and avast for rootkit removal and they both got so far and then froze up and had to force a shutdown of the programs. What should I do? I am in the middle of a semester right now and have a...
System Security
ZA Reg Rootkit???
cannot access the internet using any browser, need some help, see capture below: Diagnostic Report (1.9.0027.0): ----------------------------------------- Windows Validation Data--> Validation Code: 0 Cached Online Validation Code: N/A, hr = 0x8007043c Windows Product Key:...
System Security
Require (Rootkit.TDSS.TDL4) Rootkit Removal & Cleanup walkthrough
I would really appreciate some help from someone with experience with this matter. Introduction: Origin: False sense of security by AVG (updated), Windows kept updated, Browser settings, firewall, and self system maintainence. Presentation: Installed a 2nd HDD (Exclusively for daily...
System Security
i heard rootkits cant install themselves on 64 bit OS'S, is this true?
System Security

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 17:45.
Twitter Facebook Google+