Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Win32sirefef.ez trojan cannot be deleted.

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Win32sirefef.ez trojan cannot be deleted.

Unread postby melboy » February 20th, 2013, 2:47 pm

Thankyou.

For me to continue to help you you're going to have to follow my instructions.

Please pay attention to the points in my opening post, particularly these:
melboy wrote:
  • Please refrain from making any further changes to your computer (Install/Uninstall programs, delete files, edit the registry, etc...)
  • Please DO NOT run any other tools or scans whilst I am helping you.


The initial signs of Win32/Sirefef have gone, due to the factory restore. However there still does appear to be a problem concerning your MBR which we'll need to take a look at.

First, complete the instructions below and let me know when you have done that.


Multiple Anti Virus programs.

You are operating multiple Anti Virus programs on your computer:

  • avast! Free Antivirus
  • Kaspersky PURE 2.0

It is NOT safe to have more than one anti-virus installed on a system, and that doing so not only does not provide better protection, it will actually cause additional problems. Anti-virus programs patch into the system kernel. Having more than one anti-virus patching into the system kernel will not only destabilize a system, it can corrupt system files and it WILL cause crashes! You MUST remove all but one anti-virus program.

  • Click Start
  • Go to Control Panel
  • Go to Add/Remove Programs
  • Find and click Remove for one of the the following:

    avast! Free Antivirus
    Kaspersky PURE 2.0
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK
Advertisement
Register to Remove

Re: Win32sirefef.ez trojan cannot be deleted.

Unread postby xrisem » February 20th, 2013, 3:01 pm

Hi Melboy,

Thanks for the recommendation.

I have removed Kaspersky about 3 hours ago. I knew that is no good, hence i disabled one while one was running but I have removed the Kaspersky now.

What do we do next?
xrisem
Regular Member
 
Posts: 16
Joined: February 16th, 2013, 1:32 am

Re: Win32sirefef.ez trojan cannot be deleted.

Unread postby xrisem » February 20th, 2013, 3:13 pm

Hi Melboy,
Are you saying that the virus is no longer in my machine?
I have other issues that I'll like to address, when my machine is booting, it gives an option of booting from microsoft windows recovery console, one other option and windows xp professional. This happen so fast that it automatically loads XP imediately. How do i fix this.

Also, before resetting my system to default i copied all my files to an external hard drives. Now that I want to copy my files back, I suspect the virus is still in the external hard drive. Hence, after doing a couple of online reading, i downloaded, microsoft fix it, that will disable autorun. My understanding is that if it Autorun is disabled, I should be able to plug the external drive in and scan with avast.

Please share your expertise with me on these issues while we confirm that the virus is no longer in machine.

Thanks a million times.
xrisem
Regular Member
 
Posts: 16
Joined: February 16th, 2013, 1:32 am

Re: Win32sirefef.ez trojan cannot be deleted.

Unread postby melboy » February 20th, 2013, 3:34 pm

xrisem wrote:Are you saying that the virus is no longer in my machine?

melboy wrote:The initial signs of Win32/Sirefef have gone, due to the factory restore. However there still does appear to be a problem concerning your MBR which we'll need to take a look at.


Let me know if you have any problems with these instructions. How is the computer behaving at the moment?

You will need a USB drive & a CD.

Download GETxPUD.exe & save it to your your desktop.

  • Run GETxPUD.exe
  • A new folder will appear on the desktop named GETxPUD
  • Open the GETxPUD folder and click on get&burn.bat
  • The program will download xpud_0.9.2.iso, and when finished will open BurnCDCC ready to burn the image.
  • Click on Start and follow the prompts to burn the image to a CD.

Also download dumpit.ndf and save it to a USB drive.

  • Turn off the computer, Insert the USB drive and CD into the computer and boot the from the CD.
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • Expand sdb1 (your USB)
  • Confirm that you see dumpit.ndf
  • Double click dumpit.ndf
  • When dumpit finishes a report will be located on your USB drive named mbr.zip
  • Click on the HOME tab and choose Power Off to turn off xPUD
  • Remove the CD, turn on the computer & boot into Windows.
  • Attach mbr.zip in your next reply.

Please note: If you have an ethernet connection you can access the internet using your computer by way of xPUD & Firefox.


Attachment

  • Attach mbr.zip to your next post using the Upload Attachment feature

    Image

  • Click Choose file and navigate to the file mbr.zip on your USB drive and click open.
  • Click Add the file and wait for it to upload.
  • Then click Submit along with the rest of your reply.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Win32sirefef.ez trojan cannot be deleted.

Unread postby xrisem » February 21st, 2013, 2:02 am

Hi Melboy,
The link you provided is to download dumpit.ndf is not loading into error...Could you provide alternative link?

Thanks
xrisem
Regular Member
 
Posts: 16
Joined: February 16th, 2013, 1:32 am

Re: Win32sirefef.ez trojan cannot be deleted.

Unread postby melboy » February 21st, 2013, 4:02 am

Hi

Are you using Google chrome?

Right click the link and choose "Save link as..." and save it to your desktop.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Win32sirefef.ez trojan cannot be deleted.

Unread postby melboy » February 23rd, 2013, 4:49 am

Hi xrisem

It has been two days since my last post.

  • Do you still need help?
  • Do you need more time?
  • Are you having problems following my instructions?
  • In accordance with Malware Removal policy, topics can be closed after 3 days without a response. If you do not reply within the next 24 hours, this topic will be closed.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Win32sirefef.ez trojan cannot be deleted.

Unread postby xrisem » February 23rd, 2013, 5:04 am

Its weekend here and I didn't have any cd at home. I intend to go buy 1 today so shld hv response by the end of today..

Sorry for the delay
xrisem
Regular Member
 
Posts: 16
Joined: February 16th, 2013, 1:32 am

Re: Win32sirefef.ez trojan cannot be deleted.

Unread postby xrisem » February 23rd, 2013, 7:51 am

Hi Melboy,
Please find attached the mbr zipped file.
You do not have the required permissions to view the files attached to this post.
xrisem
Regular Member
 
Posts: 16
Joined: February 16th, 2013, 1:32 am

Re: Win32sirefef.ez trojan cannot be deleted.

Unread postby melboy » February 23rd, 2013, 9:34 pm

Hi

Thank you. The MBR checks out ok.


Update Adobe Reader

Your Adobe Reader is out of date.
Older versions may have vulnerabilities that malware can use to infect your system.

  • Uninstall via Start > Control Panel > Add/Remove Programs:
    Adobe Reader 7.0.5

    Please visit the Adobe Site & download & install Adobe Reader X1.
  • Then using the internal updater ensure the software is updated to the current increment 11.0.02
  • Open Adobe Reader go to > Help > Check for updates and allow the updater to check.
  • Click to download and install any necessary updates.



Update Java Runtime

You are using an old version of Java. Oracle's Java (Was Sun Java) is sometimes updated in order to eliminate the exploitation of vulnerabilities in an existing version. For this reason, it's extremely important that you keep the program up to date, and also remove the older more vulnerable versions from your system. The most current version of Oracle Java is: Java Runtime Environment Version 7 Update 15.

  • Go to Oracle Java
  • Scroll down to where it says "Java Platform, Standard Edition. Java SE 7 Update 15"
  • Click the Download JRE button to the right.
  • Check the box to Accept License Agreement
  • In the list of files, Look to Windows x86 Offline & click on the link to the right which says "jre-7u15-windows-i586.exe" and save the downloaded file to your desktop.
  • Uninstall all old versions of Java via Start > Control Panel > Add/Remove Programs:
    J2SE Runtime Environment 5.0 Update 6
  • Install the new version by running the newly-downloaded file with the java icon which will be at your desktop, and follow the on-screen instructions.



Adobe Flash Player

Your Adobe Flash player is out of date. This represents a security risk. Older versions may have vulnerabilities that malware can use to infect your system.

  • Click on start
  • Click on control panel
  • Double click the icon add/remove programs
  • click on the programs in the list and click Remove
Macromedia Flash Player 8
Macromedia Shockwave Player
Then install the latest version from here
(UNcheck the Mcafee Security Scan)

Reboot your computer


After completing the instructions above:


Security Check

Please download and save SecurityCheck from Here & save it to your desktop..

  • Double click SecurityCheck.exe and follow the onscreen instructions inside the black box.
  • A Notepad document should open automatically called checkup.txt
  • Please post the contents of that document in your next reply.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Win32sirefef.ez trojan cannot be deleted.

Unread postby xrisem » February 23rd, 2013, 11:34 pm

Results of screen317's Security Check version 0.99.59
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Please wait while WMIC compiles updated MOF files.d
i
s
p
l
a
y
N
a
m
e
ECHO is off.
a
v
a
s
t
!
ECHO is off.
A
n
t
i
v
i
r
u
s
ECHO is off.
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java 7 Update 15
Java version out of Date!
Adobe Flash Player 11.6.602.168
Adobe Reader XI
Google Chrome 24.0.1312.57
````````Process Check: objlist.exe by Laurent````````
AVAST Software Avast AvastSvc.exe
AVAST Software Avast avastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 8%
````````````````````End of Log``````````````````````
xrisem
Regular Member
 
Posts: 16
Joined: February 16th, 2013, 1:32 am

Re: Win32sirefef.ez trojan cannot be deleted.

Unread postby melboy » February 24th, 2013, 6:05 am

Hi

Your Java version is the latest despite it being reported as outdated by SecurityCheck.

Your log now appears to be clean. Congratulations!

Please let me know if you still are having problems with your computer and what these problems are.

General Security and Computer Health
Below are some steps to follow in order to dramatically lower the chances of reinfection. You may have already implemented some of the steps below, however you should follow any steps that you have not already implemented.

  • Make sure that you keep your antivirus updated
    New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software.
    Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.
    Uninstall Tools for Major Antivirus Products
  • Security Updates for Windows, Internet Explorer & Microsoft Office
    Whenever a security problem in its software is found, Microsoft will usually create a patch so that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC. Keeping up with these patches will help to prevent malicious software being installed on your PC. Ensure you are registered for Windows updates via Start > right-click on My Computer > Properties > Automatic Updates tab or visit the Microsoft Update site on a regular basis.
    Note: The update process uses ActiveX, so you will need to use internet explorer for it and allow the ActiveX control to install.
  • Update Non-Microsoft Programs
    Microsoft isn't the only company whose products can contain security vulnerabilities. To check whether other programs running on your PC are in need of an update, you can use the Secunia Software Inspector - I suggest that you run it at least once a month.


Recommended Programs

I would recommend the download and installation of some or all of the following programs (if not already present), and the updating of them on a regular basis.

  • WinPatrol
    As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge. For more information, please visit HERE.
  • Malwarebytes' Anti-Malware
    Malwarebytes' Anti-Malware is an anti-malware application that can thoroughly remove even the most advanced malware. It includes a number of features, including a built in protection monitor that blocks malicious processes before they even start.You can download Malwarebytes' Anti-Malware from HERE.
  • Hosts File
    For added protection you may also like to add a host file. A simple explanation of what a Hosts file does is HERE and for more information regarding host files read HERE.
  • Use an alternative Internet Browser
    Many of the exploits are directed to users of Internet Explorer. Try using a different browser instead:
    Firefox
    Opera


Finally I am trying to make one point very clear. It is absolutely essential to keep all of your security programs and other applications & programs up to date.

Also please read this great articles:
So How Did I Get Infected In First Place by Tony Klein
Computer Security - a short guide to staying safer online by Gary R and Wingman


I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.


Happy surfing and stay clean!
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Win32sirefef.ez trojan cannot be deleted.

Unread postby xrisem » February 24th, 2013, 6:50 am

hi Melboy,
Thanks a lot for all your assistance. I have a couple of questions.
1: During booting, i usually have these options (Recovery Console, debugger XXXXXXXX, and Windows XP Professional) in a fraction of section and windows xp will eventually load automatically. This was not the case before.
2: How can I make sure that the virus is not transferred back to my machine when i plug in my external hard drive (I have used microsoft fix it to disable autorun but i don't know if this is sufficient)
3: I like to use p2p Vuze, but I suspect this exposes me to alot of malicious attack, hence I want to ask if there are ways you may recommend to use p2p safely.

Waiting for your responses...

Regards
xrisem
Regular Member
 
Posts: 16
Joined: February 16th, 2013, 1:32 am

Re: Win32sirefef.ez trojan cannot be deleted.

Unread postby melboy » February 24th, 2013, 7:23 am

xrisem wrote:1: During booting, i usually have these options (Recovery Console, debugger XXXXXXXX, and Windows XP Professional) in a fraction of section and windows xp will eventually load automatically. This was not the case before.

The recovery console was installed by combofix. It would be wise to leave the recovery console installed for future use.

It is possible give you more time to access the recovery console should there be a need to use it. To extend the Timeout value:

  • Go to Start > Run and enter MSConfig > click OK
  • Click the boot.ini tab
  • Change the timeout value to a value of your choice in seconds (image below shows 6 seconds)
  • Click Apply > Close
Image


You should uninstall combofix. The recovery console will however remain intact.

Uninstall Combofix

  1. Please go to Start -> Run
  2. Enter "ComboFix /uninstall" (without quotes). Note the space between "ComboFix" and "/uninstall", it needs to be there.
    Image
  3. Press OK (Or hit enter).
  4. Allow ComboFix to remove itself.

Let me know if you have any problems removing combofix.

xrisem wrote:2: How can I make sure that the virus is not transferred back to my machine when i plug in my external hard drive (I have used microsoft fix it to disable autorun but i don't know if this is sufficient)


Flash_Disinfector by sUBs

    Please download Flash_Disinfector and save it to your desktop.

  • Double click to run it.
  • You will be prompted to plug in your flash drive. Plug it in.
  • Flash_Disinfector will start disinfecting your flash and hard drives. This takes a few seconds. Your desktop will disappear in the meantime.
  • When done, a message box will appear. Click OK. Your desktop should now appear. If it doesn't, press Ctrl + Shift + Esc to open Task Manager.
  • Click on File > New Task (Run...). Type in explorer.exe and press Enter. Your desktop should now appear.

You can run Flash Disinfector with other flash drives and/or other removable drives. This may include your Mobile phone, Digital camera etc... Please do so and allow the utility to clean up those drives as well.

Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder...it will help protect your drives from future infection.


You can then scan the drives from your antivirus's context menu (right click scan) before copying back to your computer. Malwarebytes' Anti-malware also has the option to scan external drives with it's full scan.


xrisem wrote:3: I like to use p2p Vuze, but I suspect this exposes me to alot of malicious attack, hence I want to ask if there are ways you may recommend to use p2p safely.

We do not recommend the use of Peer-to-Peer (P2P) programs at all.

Although recognising P2P File sharing clients have their legitimate uses, they are often used for downloading copyrighted content & are a well known conduit for malware.

viewtopic.php?p=491394#p491394
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Win32sirefef.ez trojan cannot be deleted.

Unread postby melboy » February 26th, 2013, 9:10 am

Hi

Any further questions xrisem, or can this topic be closed? :)
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 297 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware