virus question

Stlight · Feb 13, 2013

At this point the virus is on my sister's computer and not mine. I'm hoping for help before it spreads.

Thanks for all help.

When she conects to the internet the systems slows to a crawl then stops. She ran the MSN virus scan and it found : Win32/Sirefef.gen/C

Every time she gets rid of it, it comes back.

When she tried to run the automatic security update for MSn virus scan, she got the following message:

MSec Essentials 0x80070424

Since this started on Sunday, she told the system to dump everything and restore as of last Friday. It did and the same thing happened again.

Any thoughts?

Is there something she can do?

Does she need to take it to the shop for a total wipe and start over?

Thanks again.

Torgo · Feb 13, 2013

Boot into safe mode and try Security Essentials again? Power the computer on and hold down F8, I think.

alleycat · Feb 13, 2013

Yeah, I would do as Torgo suggest as a first step. Then she might try an earlier restore date. Does she also have malwarebyte to use as a secondary scanner?

Some malware can be hard to get rid of.

There is another website that is very good about helping to get rid of hard-to-remove malware. Let's see what a scan in safe mode does first.

Dorky · Feb 13, 2013

Stlight said:
When she conects to the internet the systems slows to a crawl then stops. She ran the MSN virus scan and it found : Win32/Sirefef.gen/C

Every time she gets rid of it, it comes back.

When she tried to run the automatic security update for MSn virus scan, she got the following message:

MSec Essentials 0x80070424

Sirefef/Gen.c should be able to be removed by MSE according to this:
http://www.microsoft.com/security/p...dia/entry.aspx?Name=Virus:Win32/Sirefef.gen!C

Instructions at the bottom for removal:
http://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=Win32/Sirefef

It seems Sirefef can mess with MS security services. See the last section (Recovery and Additional remediation) on the previous link, and this one below for the MSE update error:
http://support.microsoft.com/kb/968002

Dorky · Feb 13, 2013

Oh, and have your sister (and anyone who has used her computer) change all her passwords for everything she ever accessed on that computer. Email, eBay, banking, Facebook, etc. It all needs to be changed ASAP.

Sirefef is really nasty. If it’s too complicated to remove, you might need help from malware experts. She’ll need to post OTL logs (or something similar) to a forum and ask for help, but these people are usually pretty good at what they do.

alleycat · Feb 13, 2013

If she does need further help, I would recommend Malware Removal. The people there are very good and thorough. But let's discuss it further before she takes that step.

http://www.malwareremoval.com/

Stlight · Feb 13, 2013

Thanks, we'll be changing passwords and working on the suggestions. Yes, we have Malwarebytes and she did a scan recently. But she may have missed the hit.

We're on dial-up. There have been things we couldn't get because they took 12+ hours to download and the puter won't stay on unattended. Will the downloads take long enough that we'd be better off taking it to the computer shop?

attempting to send rep points and failed. Will try again later. I hope that's not a a sign of this thing.

alleycat · Feb 13, 2013

The registry probably needs to be dealt with as well, but I always hesitate to get in to that.

Stlight · Feb 13, 2013

Something about the phrase the registry made me think of the Bates' hotel.

alleycat · Feb 13, 2013

Stlight said:
We're on dial-up. There have been things we couldn't get because they took 12+ hours to download and the puter won't stay on unattended. Will the downloads take long enough that we'd be better off taking it to the computer shop?

I assume you're referring to one of the downloads from the MS website. I don't know, but I wouldn't think any "fix" would take that long to download even on dial-up.

Jamesaritchie · Feb 14, 2013

It keeps coming back because it does affect the registry, but there are simple and effective removal tools from several sources.

kenebaker · Feb 16, 2013

Dorky said:
Oh, and have your sister (and anyone who has used her computer) change all her passwords for everything she ever accessed on that computer. Email, eBay, banking, Facebook, etc. It all needs to be changed ASAP.

Sirefef is really nasty. If it’s too complicated to remove, you might need help from malware experts. She’ll need to post OTL logs (or something similar) to a forum and ask for help, but these people are usually pretty good at what they do.

Just to add on that, you need to change your passwords on another computer! Not the one that is / was infected. Until you are sure that everything is off the machine, don't put any sensitive information on it.

I had exactly the same happen with my sister. Took me about three hours to clean her machine. Malwarebytes is amazing, and I used Kaspersky rescue disc because her computer also slowed to a crawl when it was connected to the internet.

Good luck.

virus question

Stlight

ideas are floating where they will

Torgo

Formerly Phantom of Krankor.

alleycat

Still around

Dorky

Dorky

alleycat

Still around

Stlight

ideas are floating where they will

alleycat

Still around

Stlight

ideas are floating where they will

alleycat

Still around

Jamesaritchie

kenebaker

Master of Meh!