Author Topic: need some help with removing trojan win64\sirefef.y  (Read 38963 times)

0 Members and 1 Guest are viewing this topic.

cool_gecko

  • Guest
Re: need some help with removing trojan win64\sirefef.y
« Reply #45 on: June 19, 2012, 07:32:52 PM »
ok
« Last Edit: June 19, 2012, 07:35:59 PM by cool_gecko »

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: need some help with removing trojan win64\sirefef.y
« Reply #46 on: June 19, 2012, 07:34:58 PM »
Got it

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: need some help with removing trojan win64\sirefef.y
« Reply #47 on: June 19, 2012, 07:40:48 PM »
Download fixlist.txt to the same USB as FRST
Run FRST as before but this time select FIX

After the fix has completed reboot to normal windows
If that fails then I will search and replace the services file 

« Last Edit: June 19, 2012, 07:49:04 PM by essexboy »

cool_gecko

  • Guest
Re: need some help with removing trojan win64\sirefef.y
« Reply #48 on: June 19, 2012, 07:44:59 PM »
got it.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: need some help with removing trojan win64\sirefef.y
« Reply #49 on: June 19, 2012, 07:55:42 PM »
If you achieve normal windows then do the following

Download and Install Combofix
 
Download ComboFix from one of the following locations:
Link 1
Link 2
 
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
 
* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks




  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.[/b]
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3.  If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.



Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

cool_gecko

  • Guest
Re: need some help with removing trojan win64\sirefef.y
« Reply #50 on: June 19, 2012, 08:01:22 PM »
opened fixlog from notepad*, the 1st item was "moved successfully", the other 3 were "not found".

edit: *this is from system recovery options -> command prompt.
« Last Edit: June 19, 2012, 08:04:34 PM by cool_gecko »

cool_gecko

  • Guest
Re: need some help with removing trojan win64\sirefef.y
« Reply #51 on: June 19, 2012, 08:13:18 PM »
about a minute or two after the desktop is done loading, MSE still tries to remove it, and says it has to reboot. it's services.exe.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: need some help with removing trojan win64\sirefef.y
« Reply #52 on: June 19, 2012, 08:24:41 PM »
OK lets replace it via FRST

Start FRST and in the search box Type:

services.exe

Then press search .. It will then list the locations of all instances of that file
Copy that here and I will make a replace fix

cool_gecko

  • Guest
Re: need some help with removing trojan win64\sirefef.y
« Reply #53 on: June 19, 2012, 08:35:57 PM »
ok.
« Last Edit: June 30, 2012, 11:11:25 AM by cool_gecko »

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: need some help with removing trojan win64\sirefef.y
« Reply #54 on: June 19, 2012, 08:40:11 PM »
Same again to switch .. Download fixlist.txt to the USB
Allow it to over write then again press Fix

You should now get into windows to start combofix

cool_gecko

  • Guest
Re: need some help with removing trojan win64\sirefef.y
« Reply #55 on: June 19, 2012, 09:06:43 PM »
in Windows now. that error message is gone now. trying to disable all security software when it told me it found something running (which I thought I disabled already), then clicked OK. No window popped up from combofix or anything, so I went to see if it was running. everything froze up.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: need some help with removing trojan win64\sirefef.y
« Reply #56 on: June 19, 2012, 09:09:27 PM »
OK lets skip combofix now as I was going to use that to replace the services.exe  ;D

If you could run an OTL quick scan selecting all users and attach the log

Also let me know how the computer is behaving at the moment .. Any anomolies

cool_gecko

  • Guest
Re: need some help with removing trojan win64\sirefef.y
« Reply #57 on: June 19, 2012, 09:12:13 PM »
after killed some security tasks (old av that didn't do anything), and clicked OK, I can't get to task manager, start menu, or anything, but the widgets appear to be running. so is combofix running or should I reboot?

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: need some help with removing trojan win64\sirefef.y
« Reply #58 on: June 19, 2012, 09:14:04 PM »
If you have hard drive activity and the balck/green box is counting through the stages then it is working

If not then reboot

cool_gecko

  • Guest
Re: need some help with removing trojan win64\sirefef.y
« Reply #59 on: June 19, 2012, 09:26:15 PM »
ok, rebooted. running OTL scan now.