Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Malware - Trojan Horse Win32:Sirefef found in system

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Malware - Trojan Horse Win32:Sirefef found in system

Unread postby Joshen74 » June 18th, 2013, 1:19 pm

Ok, thanks.
We will try it out for a day or two (we have a long holiday coming up so it might take 6 days before we answer in worst case)

If you have any good idea on how we might be able to check the HW, HD/RAM and so on, i would be glad to any ideas

A big thanks so far, no we will see how this computer copes (the other one runs well)

/Joshen



All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{70D46D94-BF1E-45ED-B567-48701376298E}\ not found.
C:\Program\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Program\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Program\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Program\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Program\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Program\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Program\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Program\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Program\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Program\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Program\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Program\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Program\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Program\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Program\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Program\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Program\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Program\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Program\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Program\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Program\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Program\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Program\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Program\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Program\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} folder moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\localhost\ deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\GD\\http deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{82e4a43f-9680-11e1-9d53-00238bec4beb}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{82e4a43f-9680-11e1-9d53-00238bec4beb}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{82e4a43f-9680-11e1-9d53-00238bec4beb}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{82e4a43f-9680-11e1-9d53-00238bec4beb}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{82e4a44f-9680-11e1-9d53-00238bec4beb}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{82e4a44f-9680-11e1-9d53-00238bec4beb}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{82e4a44f-9680-11e1-9d53-00238bec4beb}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{82e4a44f-9680-11e1-9d53-00238bec4beb}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8cf87d67-b173-11de-971b-00238bec4beb}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8cf87d67-b173-11de-971b-00238bec4beb}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8cf87d67-b173-11de-971b-00238bec4beb}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8cf87d67-b173-11de-971b-00238bec4beb}\ not found.
File move failed. E:\LaunchU3.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ not found.
File move failed. E:\LaunchU3.exe scheduled to be moved on reboot.
========== FILES ==========
< ipconfig /flushdns /c >
IP-konfiguration f”r Windows
DNS-matcharens cacheminne har rensats.
I:\Malware Jakt\program filer\cmd.bat deleted successfully.
I:\Malware Jakt\program filer\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: TOJ
->Temp folder emptied: 353175894 bytes
->Temporary Internet Files folder emptied: 227217511 bytes
->Java cache emptied: 1 bytes
->FireFox cache emptied: 101345861 bytes
->Google Chrome cache emptied: 9420478 bytes
->Flash cache emptied: 1027662 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 156159717 bytes
RecycleBin emptied: 7021798064 bytes

Total Files Cleaned = 7 506,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 06182013_190541

Files\Folders moved on Reboot...
File move failed. E:\LaunchU3.exe scheduled to be moved on reboot.
C:\Users\TOJ\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
Joshen74
Active Member
 
Posts: 13
Joined: June 14th, 2013, 7:09 am
Advertisement
Register to Remove

Re: Malware - Trojan Horse Win32:Sirefef found in system

Unread postby Cypher » June 18th, 2013, 1:34 pm

Hi Joshen,
A big thanks so far

My pleasure.
We will try it out for a day or two (we have a long holiday coming up so it might take 6 days before we answer in worst case)

Your logs appear to be clean now, so you should be good to go.
I can keep this topic open for three days, after that it will be closed if you haven't replied.
If you have any good idea on how we might be able to check the HW, HD/RAM and so on, i would be glad to any ideas

If you are having any HW, HD/RAM issues, i can direct you to a general help forum if you wish, let me know in your next reply.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Malware - Trojan Horse Win32:Sirefef found in system

Unread postby Joshen74 » June 18th, 2013, 3:49 pm

Saw that it was a lot of data in the temp directories, do you think that could cause the friezing? apparently (according to my wife) it gets worse between the cleanups i make once and a while?


A suggestion to a good forums is not bad to have if we still have the issue.


I have an issue that you might be able to help me with (having problems to find solutions on the net)
After my re installation i installed VLC again, but the strange thing is that the icon in the exe file and taskbar is missing (shows a missing icon).
Cant seem to get them back... dont understand what the issue is

Have a similar issue with bookmarks in Firefox (but i dont think that is up your alley)

If we dont "chat" again thanks a lot for your help
Im sure i will get in contact with you again, as for many of as know anything about computers we are called upon for support :-)

Thanks for the excellent support
Joshen74
Active Member
 
Posts: 13
Joined: June 14th, 2013, 7:09 am

Re: Malware - Trojan Horse Win32:Sirefef found in system

Unread postby Cypher » June 19th, 2013, 5:55 am

Hi Joshen,
Thanks for the excellent support

You're most welcome.
Saw that it was a lot of data in the temp directories, do you think that could cause the friezing? apparently (according to my wife) it gets worse between the cleanups i make once and a while?
You should "clean up" on a regular basis, that should help with freezing problems.
I clean out all temp files and such each day.
A suggestion to a good forums is not bad to have if we still have the issue.

I have an issue that you might be able to help me with (having problems to find solutions on the net)
After my re installation i installed VLC again, but the strange thing is that the icon in the exe file and taskbar is missing (shows a missing icon).
Cant seem to get them back... dont understand what the issue is

Have a similar issue with bookmarks in Firefox (but i dont think that is up your alley)


Here are some excellent Tech sites (in no particular order) that may be able to help with the problems you are sill having:


If anyone asks if you've been checked for malware, please feel free to refer them to this topic.

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Clean up with OTL

  • Right click on OTL.exe And select Run as administrator to run it.
  • This will remove some of the tools we used to clean your pc.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CleanUp! button
  • Say Yes to the prompt and then allow the program to reboot your computer.

You can now delete any tools/logs we used if they remain on your Desktop.

Please read the article below which will give you a few suggestions for how to minimise your chances of getting another infection.

If your computer is running slowly after your clean up, please read.

I would be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.

Safe surfing!
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Malware - Trojan Horse Win32:Sirefef found in system

Unread postby Joshen74 » June 20th, 2013, 7:41 am

Cleaned it all and so far all is working fine.
Thanks for the help

/Joshen
Joshen74
Active Member
 
Posts: 13
Joined: June 14th, 2013, 7:09 am

Re: Malware - Trojan Horse Win32:Sirefef found in system

Unread postby Cypher » June 20th, 2013, 10:35 am

Hi Joshen,
Cleaned it all and so far all is working fine.
Thanks for the help

Good to hear and you're welcome :)
I will close this topic, good luck and stay safe.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Malware - Trojan Horse Win32:Sirefef found in system

Unread postby Cypher » June 20th, 2013, 10:35 am

As your problems appear to have been resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 118 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware