As of late, I've been so busy working on a variety of projects that posting rants has been a near impossibility... But what do you know... Just when things begin to pipe down and it looks like I can get back to normal types of tasks, one of my daughters catches a string of infective viruses and trojans on her computer! She is using Windows 7.
These are really nasty infections of the Sirefef strain... Some with the ability to infect a computer's root kit! What's more is that these bugs may have the capacity to bypass a user's anti-virus/malware programs! Their creator or creators give the infections the ability to piggyback on what would otherwise be clean downloadable/clickable links and programs.
Now I cannot claim to lack knowledge as to why some people can't seem to help but release bugs into the internet world... bugs that they know will wreak havoc on other people's property. Unfortunately, these perpetrators seem to have no qualms over causing injury to goods belonging to those of us who are simply surfing the internet for fun, researching projects for school, or trying to earn honest livings online. It's as if damaging unsuspecting people's equipment is some sort of joke! Then there are those schemers who set out to infect the unsuspecting in order to get infected surfers to pay perpetrators to help them fix their machines!
The thing about computer bugs is that there is almost always a way to remove them no matter how severe their impact is on an infected machine. My biggest problem with this, however, is that finding the right (free) help to get rid of the bugs can be overwhelming to say the least! With so many makes and models of computers and their programs, what works to remove infections from one may not work for another!
As a result, surfing the net from an uninfected computer, seeking help for the sick one, took hours on end... Eventually, it was a few days later that I felt confident enough to render the computer useable again... At least... I hope it is okay now...
At any rate, while trying to fix the infected computer, I had to use info other people had suggested or used themselves meshed in with my own "hunches" on what would work for my daughter's system. Since I do not have a computer blog, I decided to post my fix here in case I can help others acquiring the same problem...
Getting Rid of Sirefef Trojans/Viruses in Windows 7 - My Way...
After spending approximately 6 - 7 hours searching for online help on how to remove Sirefef trojans and viruses from my daughter's laptop, I decided to create my own way of fixing the problem... and then... reflecting on steps I had taken... I decided to write this help post for anyone else coming across a Sirefef infection.
One thing I can say for certain is that too many posts in the help forums I went to, including Microsoft Answers, Microsoft Technet, Microsoft Support, WindowsSevenForums.com, and Windows, were difficult to understand. Even posts that started out sounding like the average user would be able to understand and follow wound up losing me for one or two of the following reasons:
(1) The posts became to techy... or
(2) The person making the post either seemed to leave out information or wrote the info in a way that did not make sense.
I welcome all to hit me back with messages for help with this post. Please bear in mind that I am NOT a techy person. I am simply someone who was determined to get my daughter's computer clean again... without doing a complete recovery like some of the forum posters had done themselves and/or suggested other people do to get rid of Sirefef infections.
The solution I wound up with takes 11 steps and goes like this...
(1) Download the Microsoft Safety Scanner
One of the problems with this trojan/virus team is that it may refuse to let you go onto the internet to get help. It does this by restarting the computer every 2-3 minutes! This means that by time you go online and type a few help keywords in your search bar, the computer restarts. A box will come up telling you to save your work because the computer has encountered a problem and will restart in 60 seconds! This restart action is on a continuous loop that repeats over and over for as long as your computer is on! For this reason, you will need to use another computer to download the Microsoft Safety Scanner. Save the scanner to a flash drive, a cd, or a dvd... whichever you have available that will work in the infected computer.
(2) Once you have the safety scanner download ready, turn on the infected computer, but instead of letting it go to its normal setting, press the F8 key so you can start it in "Safe Mode".
(3) Once the computer goes to Safe Mode Options, arrow down and select the safe mode option that is just "Safe Mode". You do not need to select safe mode with internet or safe mode with command prompt.
(4) Now that you are in the safe mode, click the start button and then type "System Restore" in the search box.
(5) Once you get to system restore, follow the prompts and then select a "Restore Point". Choose a restore point where you believe your computer was working fine before the viral attack occurred.
(6) Click the appropriate buttons and then wait the five minutes or so for the computer to revert back to the settings it had at that "previous" date.
(7) Once the computer has completed its restoration, it will restart. After the restart, if the same happens for you that did for me, some or all of the Sirefef trojan/virus bugs will be disabled. They may, however, still be on your computer!
The fact that the bugs may still on your computer is the reason for downloading and saving the Microsoft Safety Scanner on a disk or flash drive... If all goes well, this program will remove the bugs for you! :}
(8) Insert the medium with the saved safety scanner on it in the appropriate drive of the infected computer. After inserting the disk or flash, you may need to locate it in "Computer" and then right click the scanner icon. At this point, a list of options will come up... Click on "Run as Administrator".
Depending on your computer's speed, it will take roughly 50 minutes, give or take a few, for the safety tool to scan your computer. By watching the tool enact its scan, you will be able to see the number of infected files it finds by looking at the "Files Infected" line (3 lines from the bottom). In my daughter's case, the safety tool found the first two infected files within the first 2-3 minutes. As it continued the process, it found 5 more infected files! Infected files translates to trojans/viruses!
(9) Once the scanner finishes finding infected files, the program will prompt you to choose how you would like to remove those files. Unless you are a pro, I suggest that you choose the "recommended" method!
Once you select a method, the tool will proceed to remove the Sirefef trojans/viruses from your computer. At the end of this process you may see a prompt that says all of the infection was not removed. Don't panic... yet... because you are not done yet...
(10) Go to Microsoft.com and download their virus protection program, "Microsoft Security Essentials". This is a FREE virus protection program! Run/Save the program on your computer. This will take a few minutes... (If you prefer to use a different virus protection program, however, do that instead.)
Okay.. a problem I encountered at this point was that I noticed the firewall would not let me turn it back on. Security Essentials is set up to turn the firewall on once it finishes downloading - but this did not happen. Remember... as stated above... Sirefefy trojans/viruses disable security functionality... Getting rid of them may have additional impacts on security as well as other programs on an infected computer...
Any who, I checked to see if there were any Windows Updates waiting to be installed on the computer... Odds were that there would be... Remember I restored the computer to an earlier date. The restore process wiped away updates that occurred after that date, and thus, those updates needed to be re-installed. So... Yes... There were updates ready to be installed... I installed them... Unfortunately... None of them seemed to be related to why the firewall would not turn on again...
(11) I was a tad concerned about running Security Essentials on the computer since the firewall would not let me turn and it is best to run this virus protection program with the firewall going. I did so anyway with hopes that while scanning, Security Essentials would pick up any leftover trojans or viruses infecting the computer.
First, I ran a quick scan... Then I ran a full scan... Neither scans picked up the two, what I believed to be, still hidden bugs, and I was still unable to turn on the firewall. It was actually at this point, that I noticed the "Security Center" was inoperable as well... and in fact, none of the programs on the computer related to virus protection operated anymore!
It was while trying to solve the inoperable firewall dilemma, that I came across posts that said Sirefef infections could hide in the restore areas as well as in root kits. My strategy, at this point, became a combination of how to get the firewall turned back on and how to remove remaining infections from the root kit, if in fact, the computer had been infected at that level.
At length, after spending a few more hours trying fixes to get the firewall turned on again and trying to find out how to get potential remaining infections from the root kit, I decided to go with restoring the computer further back than I had initially restored it. I went all the way back to next to the last restore point available and restored the computer. My plan was to keep one restore available in case I needed it if things didn't go the way I hoped they would...
I don't know if keeping one restore available would have helped had another problem arose, but still, I wanted to keep a restore point ready in case the bugs had infected the restore... Maybe keeping the one restore point available would have given me a chance to move back one date where the viruses/trojans had not impacted the data. Of course, I was merely working on a hunch...
Fortunately... The restore worked without a hitch! The firewall came back and the security center came back as well.
After getting the built-in security features to work again, for good measure, I scanned the computer once more using the Safety Scanner, and then again with Security Essentials to see if I could catch anymore threats. None were detected during these scans and the computer worked fine after I completed these procedures.
NOTES:
(1) There is a possibility that you may be able to remove a Sirefef infection by restoring an infected computer from the get go; however, because of what I read during this process regarding these trojans' abilities to infect restore points, I chose to try to get rid of (delete) the infections instead. Remember, that if your restore has been infected, you may not be able to eliminate the bug(s) this way.
(2) There is a possibility that performing the system restore from safe mode rather than from the regular desktop may not be necessary for some computers. In my case, I went this route because trying to get the safety tool to install from the normal desktop view did not work for the computer I was fixing.
(3) Safety scanners from Microsoft, at the time of this posting, are only good for 10 days! So if it takes longer than that to use it, go back and download the updated version....
(4) I do not remember the names of each individual Trojan/Virus that were on the infected computer but can say that Sirefef.B and Sirefef.Y were among the others. As noted above, this string of infections may work collectively to do severely damage computers and thus should be completely eliminated.
(5) Scan all drives that were attached to your computer while it was infected!
(6) If these steps do not work for you and you can find no other means of cleaning your computer, you may need to do a complete recovery!
