Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Trojan:win32/sirefef.J


  • Please log in to reply

#1
CNL

CNL

    New Member

  • Member
  • Pip
  • 2 posts
Hi
Yesterday i visited a new website, imidiatly a pop up window appears and want me to install something. The only thing that i did was reboot the system. Then I runned Microsoft Security essentials and it tells me that i have Trojan:win32/sirefef.J i though i deleted it, but Microsoft security essentials keeps showing the same trojan over and over again.
I saw in this forum how to fix it with OTL, and then i copy the code to OTL:


processeskillallprocesses:Servicesdellsupportcenter:OTLSRV - File not found [Auto | Stopped] -- -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313FF - HKLM\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll File not found[2011/08/01 19:09:06 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Nadolski\AppData\Roaming\Mozilla\Firefox\Profiles\qkkseu9t.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}[2010/05/17 19:35:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}[2011/04/01 11:23:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}[2011/04/01 08:09:39 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)O20 - HKCU Winlogon: Shell - (C:\Users\Nadolski\AppData\Local\cd2ed708\X) -C:\Users\Nadolski\AppData\Local\cd2ed708\X ()[2011/10/06 21:09:57 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Users\Nadolski\taskmgr.exe[2011/10/06 21:09:51 | 000,000,000 | -HSD | C] -- C:\Users\Nadolski\AppData\Local\cd2ed708[2011/10/06 21:09:57 | 000,027,136 | -HS- | M] () -- C:\Users\Nadolski\wevtapi.dll[2011/10/07 07:34:36 | 000,000,564 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job[2011/10/07 09:23:40 | 000,000,444 | ---- | M] () -- C:\Windows\Tasks\RegCure Program Check.job[2011/09/18 04:03:00 | 000,000,378 | ---- | M] () -- C:\Windows\Tasks\RegCure.job[2011/10/07 07:34:36 | 000,000,506 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job:filesxcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /Cxcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /Cxcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /Cxcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /Csc config dellsupportcenter start= disabled /c :Commands[purity][Reboot]




I used ctrl+c and ctrl+v to paste it to OTL and i click the RUN FIX button

and then OTL shows me:

Fix Complete
Click OK to open the fix log

and then:

error: Unable to interpret <processeskillallprocesses:Servicesdellsupportcenter:OTLSRV - File not found [Auto | Stopped] -- -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313FF - HKLM\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll File not found[2011/08/01 19:09:06 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Nadolski\AppData\Roaming\Mozilla\Firefox\Profiles\qkkseu9t.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}[2010/05/17 19:35:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}[2011/04/01 11:23:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}[2011/04/01 08:09:39 | 000,0> in the current context!
Error: Unable to interpret <00,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.> in the current context!
Error: Unable to interpret <ad...Plus/1.6/gp.cab (Reg Error: Key error.)O20 - HKCU Winlogon: Shell - (C:\Users\Nadolski\AppData\Local\cd2ed708\X) -C:\Users\Nadolski\AppData\Local\cd2ed708\X ()[2011/10/06 21:09:57 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Users\Nadolski\taskmgr.exe[2011/10/06 21:09:51 | 000,000,000 | -HSD | C] -- C:\Users\Nadolski\AppData\Local\cd2ed708[2011/10/06 21:09:57 | 000,027,136 | -HS- | M] () -- C:\Users\Nadolski\wevtapi.dll[2011/10/07 07:34:36 | 000,000,564 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job[2011/10/07 09:23:40 | 000,000,444 | ---- | M] () -- C:\Windows\Tasks\RegCure Program Check.job[2011/09/18 04:03:00 | 000,000,378 | ---- | M] () -- C:\Windows\Tasks\RegCure.job[2011/10/07 07:34:36 | 000,000,506 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job:filesxcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /Cxcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /Cxcopy %Temp%\smtmp\3 "%AppData%> in the current context!
Error: Unable to interpret <\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /Cxcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /Csc config dellsupportcenter start= disabled /c :Commands[purity][Reboot]> in the current context!

OTL by OldTimer - Version 3.2.29.1 log created on 10122011_235736



I know that i'm doing something wrong, because my computer didn't reboot
can somebody help me?


Sorry my english

Edited by CNL, 12 October 2011 - 05:04 PM.

  • 0

Advertisements


#2
CNL

CNL

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
ok Nevermind i started my computer this morning and the alerts from Security essentials does not pop up any more, and the scan does not alert me anymore... so problem fixed? I hope so.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP