cancel
Showing results for 
Search instead for 
Did you mean: 
aush1126
Level 7

Help! found dropper.trojan:win32/sirefef.gen

Hi

Four days ago I removed the above virus and another similarly named one. The original symptom stopped, but starting-up the comp today I found no internet connections are working. Worried I decided to run a system restore to two weeks ago and now it has been initializing for about 30 min. This is even more worrying. And now I'm thinking I may have just doomed the machine.

Did I just mess up by running system restore? And will system restore actually stop the virus?

Thanks in advance

I'm running windows 7 64-bit home premium, McAfee found and deleted the first virus and windows defender found the second.

0 Kudos
10 Replies
aush1126
Level 7

Re: Help! found dropper.trojan:win32/sirefef.gen

So, the restore ran successfully and got the internet working again. Just ran TDSSkiller and it found nothing, any advice as to how I can make sure there's no rootkit installed?

0 Kudos
Hayton
Level 17

Re: Help! found dropper.trojan:win32/sirefef.gen

If TDSSKiller didn't find anything that's not absolute proof that you don't have a rootkit, but it's a pretty good indicator that you're okay. McAfee's own Rootkit Remover (which you can get from HERE) checks for ZeroAccess as well as TDSS, so you could run it also as a check.

System Restore gets you out of trouble about 90% of the time, so keep your fingers crossed. You're probably okay.

0 Kudos
exbrit
Level 21

Re: Help! found dropper.trojan:win32/sirefef.gen

Moved this to Malware Discussion > Home User Assistance as a better spot for it.

0 Kudos
aush1126
Level 7

Re: Help! found dropper.trojan:win32/sirefef.gen

Thanks for the reply!

I ran rootkit remover and it found nothing as well. The only odd symtom I have noticed since my last post was two consecutive requests from tdsskiller (file located in temp folder for some reason, with oddly long/nonsensical names in the filepath) for permission to modify harddrive, which I denied. I had run tdsskiller in safe mode the last time I started it up.

I know it's never possible to be 100%sure your clean, but should I continue to worry/continue scanning? Or, should I leave it for now and look for symptoms while not doing anything that could risk my info? Or am I being overparanoid at this point?

0 Kudos
Hayton
Level 17

Re: Help! found dropper.trojan:win32/sirefef.gen

I think you can assume you're 99% safe. Because of the 1% margin, watch for anything out of the ordinary - requests for unknown programs to connect to the internet, pop-ups, abnormally high CPU, it's difficult to be specific. And certainly, for the next week or two, run an occasional Quick Scan just to check for anything that shouldn't be there.

After a System Restore you need to re-download anything from Microsoft and McAfee that the rollback undid. Other than that, just carry on as normal.

I don't know why TDSSKiller wanted to modifty the hard drive; if it didn't say what exactly it was going to do and why you may have been right to deny it permission.

0 Kudos
aush1126
Level 7

Re: Help! found dropper.trojan:win32/sirefef.gen

Thanks, I appreciate the advice and help! I think that will be my plan of action.

0 Kudos
aush1126
Level 7

Re: Help! found dropper.trojan:win32/sirefef.gen

Just realized something kind of odd, looking at the rootkit remover log and there's no mention of initialization, itskips from scanning fo updates to scanning. the "how to use rootkit remover tool" guide mentioned the initialization step so thats why I'm asking. I pasted the log below.

[TimeStamp: 20130511174105]

Rootkit Remover v0.8.9.161 [Apr  5 2013 - 16:14:29]

McAfee Labs.

Windows build 6.1.7601 x64 Service Pack 1

Checking for updates ...

Now Scanning...

    Scan Result --> No trojan or viruses found!

Scan Finished

Press any key to exit.

0 Kudos
Hayton
Level 17

Re: Help! found dropper.trojan:win32/sirefef.gen

I don't thnk that's anything to worry about. The illustration in the How-To is for a slightly earlier version, and I would think the initialisation stage is mostly checking for updates anyway.

0 Kudos
aush1126
Level 7

Re: Help! found dropper.trojan:win32/sirefef.gen

So another update, I ran a McAfee full scan and it found and removed RDN/Generic.BackDoor!mv

Any advice about what to do next?

0 Kudos