1 2 Previous Next 10 Replies Latest reply on May 12, 2013 1:07 AM by Hayton

    Help! found dropper.trojan:win32/sirefef.gen



      Four days ago I removed the above virus and another similarly named one. The original symptom stopped, but starting-up the comp today I found no internet connections are working. Worried I decided to run a system restore to two weeks ago and now it has been initializing for about 30 min. This is even more worrying. And now I'm thinking I may have just doomed the machine.


      Did I just mess up by running system restore? And will system restore actually stop the virus?


      Thanks in advance


      I'm running windows 7 64-bit home premium, McAfee found and deleted the first virus and windows defender found the second.

        • 1. Re: Help! found dropper.trojan:win32/sirefef.gen

          So, the restore ran successfully and got the internet working again. Just ran TDSSkiller and it found nothing, any advice as to how I can make sure there's no rootkit installed?

          • 2. Re: Help! found dropper.trojan:win32/sirefef.gen

            If TDSSKiller didn't find anything that's not absolute proof that you don't have a rootkit, but it's a pretty good indicator that you're okay. McAfee's own Rootkit Remover (which you can get from HERE) checks for ZeroAccess as well as TDSS, so you could run it also as a check.


            System Restore gets you out of trouble about 90% of the time, so keep your fingers crossed. You're probably okay.

            • 3. Re: Help! found dropper.trojan:win32/sirefef.gen
              Peter M

              Moved this to Malware Discussion > Home User Assistance as a better spot for it.

              • 4. Re: Help! found dropper.trojan:win32/sirefef.gen

                Thanks for the reply!


                I ran rootkit remover and it found nothing as well. The only odd symtom I have noticed since my last post was two consecutive requests from tdsskiller (file located in temp folder for some reason, with oddly long/nonsensical names in the filepath) for permission to modify harddrive, which I denied. I had run tdsskiller in safe mode the last time I started it up.


                I know it's never possible to be 100%sure your clean, but should I continue to worry/continue scanning? Or, should I leave it for now and look for symptoms while not doing anything that could risk my info? Or am I being overparanoid at this point?

                • 5. Re: Help! found dropper.trojan:win32/sirefef.gen

                  I think you can assume you're 99% safe. Because of the 1% margin, watch for anything out of the ordinary - requests for unknown programs to connect to the internet, pop-ups, abnormally high CPU, it's difficult to be specific. And certainly, for the next week or two, run an occasional Quick Scan just to check for anything that shouldn't be there.


                  After a System Restore you need to re-download anything from Microsoft and McAfee that the rollback undid. Other than that, just carry on as normal.


                  I don't know why TDSSKiller wanted to modifty the hard drive; if it didn't say what exactly it was going to do and why you may have been right to deny it permission.

                  • 6. Re: Help! found dropper.trojan:win32/sirefef.gen

                    Thanks, I appreciate the advice and help! I think that will be my plan of action.

                    • 7. Re: Help! found dropper.trojan:win32/sirefef.gen

                      Just realized something kind of odd, looking at the rootkit remover log and there's no mention of initialization, itskips from scanning fo updates to scanning. the "how to use rootkit remover tool" guide mentioned the initialization step so thats why I'm asking. I pasted the log below.



                      [TimeStamp: 20130511174105]





                      Rootkit Remover v0.8.9.161 [Apr  5 2013 - 16:14:29]



                      McAfee Labs.







                      Windows build 6.1.7601 x64 Service Pack 1



                      Checking for updates ...






                      Now Scanning...



                          Scan Result --> No trojan or viruses found!



                      Scan Finished







                      Press any key to exit.

                      • 8. Re: Help! found dropper.trojan:win32/sirefef.gen

                        I don't thnk that's anything to worry about. The illustration in the How-To is for a slightly earlier version, and I would think the initialisation stage is mostly checking for updates anyway.

                        • 9. Re: Help! found dropper.trojan:win32/sirefef.gen

                          So another update, I ran a McAfee full scan and it found and removed RDN/Generic.BackDoor!mv


                          Any advice about what to do next?

                          1 2 Previous Next