ghanson Posted February 21, 2017 ID:1103508 Share Posted February 21, 2017 About 4 weeks ago I noticed my computer (Win 10 Pro x64) running a bit slow and ran MBAM as a check. MBAM discovered and deleted two Trojan.Siredef.C files in the recycle bin. Today a similar slow system and running MBAM again found two instances of Trojan.Siredef.C in the recycle bin. MBAM got them but I'm concerned that I'm not eliminating all vestiges of the problem. Can you help me confirm this trojan is not still lurking in my system? Thank you, Greg Link to post Share on other sites More sharing options...
TwinHeadedEagle Posted February 21, 2017 ID:1103509 Share Posted February 21, 2017 Hello and Please download Farbar Recovery Scan Tool and save it to your desktop. Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. Double-click to run it. When the tool opens click Yes to disclaimer. Press Scan button. button. It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply. The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply. Link to post Share on other sites More sharing options...
ghanson Posted February 22, 2017 Author ID:1103555 Share Posted February 22, 2017 TwinHeadedEagle, Thank you for taking my case. I will download FARBAR and follow your instructions. Again, thank you for your help. Greg Link to post Share on other sites More sharing options...
ghanson Posted February 22, 2017 Author ID:1103557 Share Posted February 22, 2017 One question before I run FARBAR: I mount an encrypted volume using VeraCrypt ver 1.19 64-bit which holds sensitive data files. Should I have the volume mounted when running FARBAR? Greg Link to post Share on other sites More sharing options...
TwinHeadedEagle Posted February 22, 2017 ID:1103635 Share Posted February 22, 2017 No, it is not needed. Link to post Share on other sites More sharing options...
ghanson Posted February 22, 2017 Author ID:1103693 Share Posted February 22, 2017 FARBAR FRST.txt and Addition.txt attached. I noticed in Addition.txt that there are two Russian files in the format Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x64) - RUS (Version: 11.0.51108 - Microsoft Corporation) Hidden There are also two MS Visual Studio tools which are titled in Portuguese. Where do such files come from as I am an english-only installation? Greg FRST.txt Addition.txt Link to post Share on other sites More sharing options...
TwinHeadedEagle Posted February 23, 2017 ID:1104005 Share Posted February 23, 2017 These entries in Control Panel are hidden and I don't know why are they non-english. Probably something related to Microsoft. Fix with Farbar Recovery Scan Tool This fix was created for this user for use on that particular machine. Running it on another one may cause damage and render the system unstable. Download attached fixlist.txt file and save it to the Desktop: Both files, FRST and fixlist.txt have to be in the same location or the fix will not work! Right-click on icon and select Run as Administrator to start the tool. (XP users click run after receipt of Windows Security Warning - Open File). Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finishes FRST will generate a log on the Desktop, called Fixlog.txt. Please attach it to your reply. fixlist.txt Link to post Share on other sites More sharing options...
ghanson Posted February 24, 2017 Author ID:1104102 Share Posted February 24, 2017 I completed the run and Fixlog.txt is attached. Fixlog.txt Link to post Share on other sites More sharing options...
TwinHeadedEagle Posted February 24, 2017 ID:1104103 Share Posted February 24, 2017 How is your PC behaving now? Link to post Share on other sites More sharing options...
ghanson Posted February 24, 2017 Author ID:1104105 Share Posted February 24, 2017 It is running quickly. Snappy performance loading browser tabs. It appears to be clean. Do you believe the final vestiges of Trojan.Siredef.C are gone? Does it hide itself somewhere so as to reappear even after it was scrubbed by MBAM? I read through the FARBAR text files and semi-understand that it was clearing out keys and extensions. Were any of those part of Siredef? Did FARBAR find anything or had MBAM already deleted the trojan? Thanks for your help, Greg Link to post Share on other sites More sharing options...
TwinHeadedEagle Posted February 24, 2017 ID:1104172 Share Posted February 24, 2017 I haven't seen the obvious signs of Sirefef, but we removed some suspicious files. Part of the fix included some maintenance and cleaning of temporary files and suspicious shortcuts arguments. Link to post Share on other sites More sharing options...
ghanson Posted February 24, 2017 Author ID:1104174 Share Posted February 24, 2017 Am I cured? :-) Link to post Share on other sites More sharing options...
TwinHeadedEagle Posted February 24, 2017 ID:1104175 Share Posted February 24, 2017 Yep Link to post Share on other sites More sharing options...
ghanson Posted February 24, 2017 Author ID:1104177 Share Posted February 24, 2017 Thank you very much for your help and for sharing your expertise. Heading over to PayPal to show my appreciation in a more tangible fashion. Again, thank you. Greg Link to post Share on other sites More sharing options...
Recommended Posts