Trojan win64/ sirefef.b and .J

[Beast52702]

Dell laptop has sirefef.b trojan sirefef.j trojan and win32/alureon.TK

These are all trojans.

The laptop has MicSecEssentials, and malwarebytes free version, both of which I put onto the computer after the viruses were there.

system Specs:
Dell Inspiron
intel i3 2130 2.3 ghz
4gb ddr3 ram
hd graphics 3000
Win 7 64

I wanted professional help to deal with these problems and I do not trust many random websites. Please assist! Any help will be greatly appreciated.

-Mike

 

[Lemur]

This is safe - and you are right to be wary...

Microsoft Safety Scanner - Antivirus | Remove Spyware, Malware, Viruses Free

 

[Beast52702]

I was reading that one of these trojans will edit registry files and that the removal of the virus is complicated until these registry files are fixed.

Is this true? If so, what tool should I use.

Also, the Microsoft security essentials keeps detecting the threats and "successfully" removing them, but then it re-detects them 5 minutes later. What can I do to change this? Will the program that you linked me to be more effective at removing these viruses?

Sorry about all the questions, Please advise

-Mike

 

[Lemur]

You can boot off AVG's CD

Rescue CD | PC Rescue and Repair Toolkit | AVG Worldwide

This should help...

 

[Beast52702]

Also I ran the scan tool from microsoft and it did not find anything in quick scan??? yet MSE still reports these trojans??

 

[Lemur]

For what it's worth, I read in a post Kapersky was the only one to remove win32/alureon.T. Again, your mileage may vary. Also, remember not to keep two virus scanners on one system.

 

[Beast52702]

upon removal of the sirefef.b trojan sirefef.j trojans the computer would not even boot into windows.

I really need some way to fix the registry before removing the virus, as the removal of the virus destroys the files and subsequently does not allow windows boot.

Anyhow, that is what I believe is going on

 

[Corrine]

Hi, Beast52702.

What is going on is, based on the findings of MSE, it appears your computer is infected with a rootkit known as ZeroAccess.

ZeroAccess (Max++) Rootkit (aka: Sirefef) is a sophisticated rootkit that uses advanced technology to hide its presence in a system and can infect both x86 and x64 platforms. ZeroAccess is similar to the TDSS rootkit but has more self-protection mechanisms that can be used to disable anti-virus software resulting in "Access Denied" messages whenever you run a security application. For more specific information about this infection, please refer to:

• Dissecting the ZeroAccess Rootkit
• ZeroAccess / Max++ / Smiscer Crimeware Rootkit
• MAX++ sets its sights on x64 platforms
• ZeroAccess (Max++) Rootkit
• ZeroAccess Gets Another Update
• ZeroAccess – an advanced kernel mode rootkit

This type of infection allows hackers to access and remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.

If you do any banking or other financial transactions on the PC or if it contains any other sensitive information, then from a clean computer, change all passwords where applicable. It would also be wise to contact those same financial institutions to appraise them of your situation.

I suggest you take a look at the following link: How Do I Handle Possible Identify Theft, Internet Fraud, and CC Fraud?. If you wish to format, there are very helpful tutorials here at Seven Forums on how to proceed.

Should you wish to attempt cleanup, we can try, however, no guarantees that you can trust it will be 100% secure afterwards. In addition, since you have already attempted removal, not knowing what has been done, those attempts may make it more difficult to remove.