Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

XP Directory Files corrupted by ERUNT, many softwares no longer work


  • Please log in to reply

#1
Explore100

Explore100

    New Member

  • Member
  • Pip
  • 2 posts
Hi,

I have just discovered the forum yesterday and i am glad i did as it seems to have many knowledgeable people.

I have a Dell Precision M6300 with Windows XP Professional 32 bits that i mainly use to do 3D CAD design with Rhino 3D and photo editing with Gimp.
Unfortunately my computer came with Windows XP Pro pre-installed so there was no XP Pro CD coming along with it... (it's a refurbished computer, got it from a third party dealer). Also, to make things more complicated, my DVD reader-burner is no longer working since more than a year. It's a Sony, and apparently i am not the only one who had problems with that Sony disk player-burner. So that means, i wanted to wipe out my hard disk and reinstall Windows XP from scratch i cannot, unless i bought an external CD reader (but i am not entirely sure it might work, yet.. haven't tested that, as i have not been able to make a Microsoft plug and play mouse work on my machine but strangely it works on the little inexpensive computer of my wife which is one of those small 10 inch new Acer machines)(and Microsoft's solution seemed to risky for me to take as it involved dissabling the touch pad, which mean that if it failed i would have nothing left to access my computer...). Strangely, the computer detects the Sony DVD drive and does not detect anything wrong, but it just won't open and a DVD got stuck inside it over a year ago which forced me to dismantle the machine and the drive to remove it manually. I reassembled everything and it has been working normally ever since (except for the Sony DVD player which is still out of function) until i had the following problems:

The computer now have serious trouble that started just after i installed and tested ERUNT. Here is what happened:

For a period of 1 month or so, i had big problems with the Sirefef virus. I was finally able to get rid of the last component of Sirefef when i used about 4 of the 6 or 7 tools that were given on the Bleeping computer forum. Prior to this Sirefef had slowed down my machine and generated a lot of alerts almost all the time about my Avast antivirus stopping various viruses or websites but was never able to catch and destroy them (Avast customer service was of no help at all and i had to find the solution entirely by myself, they just didn't seem to care, which is a shame). Because my system was not the Windows 7 or Vista given as an exemple on the forum explaining how to get rid of Sirefef, the instructions did not match most of what i saw onscreen for my machine but luckily the virus removal tools worked and went into action correctly and it caught one last component of the virus. The computer have been working normally ever since and i re-installed Avast.
(With the exception of my Firewall, Sirefef virus disabled it and it has been impossible to access it ever since, even after i removed Sirefef, i don't know how to remedy to this).

However, i had saved some of my data on an external hard drive during the period when i had the virus (but didn't know yet it was Sirefef at the time). So after i got rid of Sirefef on my computer, i decided it would be a good idea to scan my external drive as well to avoid contamination. I tried to run the Sirefef removal tools in the same safe mode as i had before on my computer's drive, and with the external disk connected to my machine, but they didn't seem to find my external drive and instead they scanned again my computer hard disk. So i tried a different approach, and not sure if those tools were designed to be used that way: i directly scanned the external disk with those tools (not in safe mode). The tools didn't seem to find anything.

So i decided it would be a good idea to try Erunt, to make a copy of my directory just in case i had some future trouble with another virus as nasty as Sirefef.

I clicked and installed it and when came the moment to click where to install the copy of my Windows Directory files, i did not click save because i was not sure where it was going to send this copy and i was afraid i would not be able to find it as i had not created any special file for it that i could recognize easily.

I don't remember why i ran Erunt a 2nd time, and again it asked me to save the copy, again i didn't click save because i didn't feel safe about saving the copy where i may not be able to find it, but i may have done something wrong because the next thing i know:

My computer is now taking a very long time to booth up.

My Avast and Malwarebyte softwares cannot be opened or used anymore, i cannot reinstall Avast either.

I cannot move or drag and drop any of my icons or documents.

And, MAJOR CATASTROPHE, my Internet Explorer is down, my internet access icons on the lower right hand corner are also totally gone and i cannot go on the internet anymore ! Worse, i cannot even use MY MAIN TOOL, Rhino 3D, anymore, because it says it cannot access the license manager... so i cannot do any of my work... (thankfully i had previously saved my most recent 3D files on an external drive, because now none of them can be opened on my computer).

MAJOR headache, because this computer and 3D software are going to become my main source of income for the future (on an extremely small budget), and i was close to complete a new 3D model to sent it to RP to show to potential clients when the problem started (i had just changed to all numeric design after 15 years of building things the hard way, with manual tools, at home).

I have tried 'Undo Changes Made To Your Computer' almost right away, it is totally unaccessible... 'Search' i also not working... 'Go back to last good configuration' also just sends me back to the same situation i am right now (no change)... and Repair Mode gave no result when i booth up on Safe Mode.

ALL or most of my commercial softwares like Rhino 3D, Avast, and so on no longer work, but several of my GNU softwares such as Gimp and Blender still open and seem to work, though some others have problems.

I also cannot click open any of my photos, i have to right click and get the 'open with software so and so' command to open them with picture viewer individually with this method, which is extremely painstaking.

I also cannot open ANY of the webpages i had saved on my computer and i cannot save any of them to my external drive or a USB key......

I also cannot save to my external drive any of the movies i have on my computer (including .FLV format, which is GNU license...).

Basically the only thing i can do is type this on Wordpad, and look at my pictures with the method mentionned above, and work on Gimp, and erase files.

My suspicion is that Erunt somehow overwrote my Directory file once or even twice, as i found a lot of red dot with a white X 'error' messages in the event viewer, but i cannot locate where exactly the unwanted copies are or HOW to get rid of them without damaging my system any further.

So i would need a step by step method for someone who is not a tech expert, i've just been using Windows since 2 years and i have very below average knowledge of what to do when problems like this occur. I have also never reinstalled Windows XP or any OS on computers before, i would prefer a solution where i could remove the corrupting files manually and repair my Directory files in a safe manner, or use a software that could do this for me or a combination of both (i don't know any specifically and i don't really trust any of the supposedly free softwares like PC Cleaners and Speedy Computer that ask you to register after you do the scan and then ask you to pay for a full version to repair your Directory (i doubt i could even do that because i would have to go online to register them, i have installed them but since i cannot get a connection now, i doubt i can get them to work even if i pay for them or got the registration key).

Can someone help me resolve this problem please ?
Thanking you in advance for any help you may bring.
  • 0

Advertisements


#2
paws

paws

    WTT Tech Teacher

  • Tech Academy Moderator
  • 523 posts
Hi explore 100 and welcome to the forum.
Sorry to hear of the problems you are experiencing with your Windows XP machine.

The Zero Access/Sirefef infection is a very bad one, and it is very difficult even for a well trained and experienced malware removal specialist to guarantee that a computer infected with it has been cleaned with a 100% guarantee that every trace of the infection has been removed.
You can seek assistance from our expert malware fighters by posting in the appropriate forum...see here for more details
http://www.geekstogo...alware-removal/

The "payload" of this family of infections can differ according to type but if you have a look here:
http://www.microsoft...e=Win32/Sirefef

you will see what Microsoft have to say about it....
Here's an extract that sums it all up quite well:

Win32/Sirefef is a multi-component family of malware that uses stealth to hide its presence on an affected computer. Due to the nature of this threat, the payload may vary greatly from one infection to another, although common behavior includes:

•Downloading and executing of arbitrary files
•Contacting remote hosts
•Disabling of security features
Caution: Win32/Sirefef is a dangerous threat that uses advanced stealth techniques in order to hinder its detection and removal. Particular variants of Win32/Sirefef may also make lasting changes to your computer that will NOT be restored - some system files may be irrevocably corrupted and essential security services may be disabled.

Due to the severe consequences associated with this threat, you may need to reinstall your Windows operating system and other computer programs, and restore your files and data from backup if your computer is infected with any of the following Sirefef variants:

•Trojan:Win32/Sirefef.AA
•Trojan:Win32/Sirefef.AC
•Trojan:Win32/Sirefef.AH


Note particularly the comments about corrupted system files and essential services and also that Sirefef can also make lasting changes to your computer that will not be restored.....

It is a very nasty infection and you should think carefully about the wisdom of relying upon it in the future, without formatting and reinstalling Windows and all your applications, especially if it is used for important purposes, or caries "sensitive" business or private information or is used for any sort of financial transactions.

The formatting and then the reinstallation clears everything from your computer, the good along with the bad, so you will need to rely upon a good accurate backup of all important information and files, made at a time when your computer was free from infection....
Regards
paws
  • 0

#3
Explore100

Explore100

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
Hi Paws,

and thank you, sorry for my belated reply. I have been trying to run several scans and posted logs at another forum. I am still trying to get an answer from them to know if it is possible to reinstall Windows XP Pro from a USB key or from an external CD reader-burner, my big problem is that the DVD reader-burner in my computer have long been out of function, it seems to be a problem inherent to that model (a Sony DVD reader-burner) that several people had problems with on their Dell Precision computer.

I have had the Sirefef-A and Sirefef-PL versions, both were caught by Avast when my anti-virus was still working but it could not delete them, only stop them or quarantine them.



Hi explore 100 and welcome to the forum.
Sorry to hear of the problems you are experiencing with your Windows XP machine.

The Zero Access/Sirefef infection is a very bad one, and it is very difficult even for a well trained and experienced malware removal specialist to guarantee that a computer infected with it has been cleaned with a 100% guarantee that every trace of the infection has been removed.
You can seek assistance from our expert malware fighters by posting in the appropriate forum...see here for more details
http://www.geekstogo...alware-removal/

The "payload" of this family of infections can differ according to type but if you have a look here:
http://www.microsoft...e=Win32/Sirefef

you will see what Microsoft have to say about it....
Here's an extract that sums it all up quite well:

Win32/Sirefef is a multi-component family of malware that uses stealth to hide its presence on an affected computer. Due to the nature of this threat, the payload may vary greatly from one infection to another, although common behavior includes:

•Downloading and executing of arbitrary files
•Contacting remote hosts
•Disabling of security features
Caution: Win32/Sirefef is a dangerous threat that uses advanced stealth techniques in order to hinder its detection and removal. Particular variants of Win32/Sirefef may also make lasting changes to your computer that will NOT be restored - some system files may be irrevocably corrupted and essential security services may be disabled.

Due to the severe consequences associated with this threat, you may need to reinstall your Windows operating system and other computer programs, and restore your files and data from backup if your computer is infected with any of the following Sirefef variants:

•Trojan:Win32/Sirefef.AA
•Trojan:Win32/Sirefef.AC
•Trojan:Win32/Sirefef.AH


Note particularly the comments about corrupted system files and essential services and also that Sirefef can also make lasting changes to your computer that will not be restored.....

It is a very nasty infection and you should think carefully about the wisdom of relying upon it in the future, without formatting and reinstalling Windows and all your applications, especially if it is used for important purposes, or caries "sensitive" business or private information or is used for any sort of financial transactions.

The formatting and then the reinstallation clears everything from your computer, the good along with the bad, so you will need to rely upon a good accurate backup of all important information and files, made at a time when your computer was free from infection....
Regards
paws


  • 0

#4
paws

paws

    WTT Tech Teacher

  • Tech Academy Moderator
  • 523 posts
Hi Explore100,

I see from your last post that you have also posted the same problem at other forums.

I also have now found that you are receiving expert assistance from mOle here:
http://www.bleepingc...opic464964.html

I can appreciate the difficulties under which you are trying to work, and all us volunteers in the IT community will do our best to help you..HOWEVER
You should only be acting on the directions of one expert helperat a time, and should follow those directions exactly, so please continue to follow the directions of mOle until he advises you otherwise.

I will not provide the answers here on this forum to the questions you have asked about reinstalling Windows using USB key or other means until you have finished your work with mOle.

As amatter of urgency please advise mOle that you have posted in other forums and provide him with a link to this topic here,and any other forums that you may have posted at, so he is fully aware of the position.

If there is a chance of getting your computer cleaned up effectively and working well with all system files repaired then you are in good hands with mOle at bleeping computer.
Regards
paws
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP