|
|
#1
June 20th, 2012, 03:43 PM
|
|||
|
|||
Sirefef.AI & .AE & AH Constant Notifications
Windows Vista Home Premium SP2 64-bit
EAV NOD32 AV 4.2.71.2 (cannot use 5.x because Notification messages blacked out) Update module: 1040 (20120313) Getting notification messaging regarding the trojan Sirefef with multiple different versions. Current and ongoing totals of 57 instances of Sirefef.AH, 79 instances of Sirefef.AE, 45 instances of Sirefef.AI. New count totals for those Sirefef versions now at 65, 87, and 51 while waiting for In-Depth scan to complete. There are also a couple separate Sirefef.AI versions and I now also see a Sirefef.W version which has 1 count of it. After doing an In-Depth scan this was shown in red: C:\Windows\Installer\{a7afd095-2f9b-9866-4f86-15b4904e357d}\U\00000001.@ - Win64/Sirefef.AI trojan - cleaned by deleting - quarantined [1] Wondering how to get the constant popups to stop. Seeing a new popup either within seconds of each other (just saw 3 in five seconds) or within minutes. Current totals: 80, 110, 70 Last edited by HAL900 : June 20th, 2012 at 05:20 PM. |
|
#2
June 20th, 2012, 07:14 PM
|
||||
|
||||
|
Re: Sirefef.AI & .AE & AH Constant Notifications
A good idea is to boot from your ESET SysRescue CD with latest signatures.
__________________
Pentium M| 512 RAM ESET NOD32 Antivirus 5 ESET Smart Security 6 RC |
|
#3
June 20th, 2012, 07:25 PM
|
|||
|
|||
|
Re: Sirefef.AI & .AE & AH Constant Notifications
Quote:
My ESET SysRescue CD? Didn't realize I had such a thing. Since I don't believe I do have such a thing, I'm hoping someone from ESET might have some other ideas. Thanks though. Current totals: 117, 139, 95. Pretty constant notifications and pretty annoying.  |
|
#4
June 20th, 2012, 11:29 PM
|
|||
|
|||
|
Re: Sirefef.AI & .AE & AH Constant Notifications
Trying to find more about this SysRescue disk I found some very interesting things in this particular thread:
SysRescue 5 - Comments and Questions Fidelius seems to nail it, commenting that "Eset is the only vendor using such a complicated method in order to have a rescue CD." Looking at all those convoluted steps I would have to agree. Current counts: 196, 174 and 139. There's another version that's up to 14 but I guess it's so small I'm just omitting that one. Funny, just typing this new message and I have to increase the counts before I submit this. Is there anyway to recoup some of the money spent on ESET? I foolishy paid for a 2-year subscription and reading AV-tests and reviews it might be much safer to go to another AV at this point. |
|
#6
June 21st, 2012, 01:49 AM
|
|||
|
|||
|
Re: Sirefef.AI & .AE & AH Constant Notifications
Quote:
Would you be able to say that in terms someone that isn't Microsoft certified might understand? Otherwise is there anyone that can interpret this for me please? |
|
#7
June 21st, 2012, 02:38 AM
|
|||
|
|||
|
Re: Sirefef.AI & .AE & AH Constant Notifications
What I think Marcos is trying to explain is to check a file (services.exe) located in the following directory: %WINDIR%\system32
Try to upload this file to the service VirusTotal to see if it is a "patched" (unclean) Microsoft file. And if it is, to repair it, copy this file from a clean source into your %WINDIR%\system32 directory (overwrite your patched services.exe file). I'm not sure if it will work to copy over this file booting from Safe Mode, but if it doesn't you might need a boot disk (can be a CD, USB memory/hard drive), just make sure to set up your system to boot from the source you choose. You might need to be familiar with DOS commands. If you're not this list should help depending on which boot disk solution you choose. |
|
#9
June 21st, 2012, 01:12 PM
|
|||
|
|||
|
Re: Sirefef.AI & .AE & AH Constant Notifications
Quote:
Thank you for something I think I understand somewhat. I "uploaded" my services.exe file to the virustotal website via the Choose File function. The subsequent page gave a "Detection ratio" of 0/42, which I'm assuming means the file is unpatched or clean. Ok I'm trying to understand why my $51 dollar AV isn't doing its job. I've read elsewhere that tests show that ESET AV has a shockingly low .5 repair rate and can see why that's a big problem for customers like myself. All these Sirefef.XX trojans are in "Quarantine" and yet I'm getting almost non-stop notifications saying they are "cleaned by deleting -- quarantined." Well if that were the case why is it still residing on my computer and why are these red warning notifications continually popping up?! Current totals: 249, 271, 202 and 23 These are only as low as they are since I turn off my computer at night. I'm unsure if I can even understand much less do whatever Marcos says. Thank goodness for English speaking people on this forum! |
|
#10
June 21st, 2012, 04:55 PM
|
|||
|
|||
|
Re: Sirefef.AI & .AE & AH Constant Notifications
HAL900,
Are you able to make a SysInspector log? How do I create a SysInspector log and submit it to ESET Customer Care for analysis? If yes, contact Customer Care: http://go.eset.com/us/support/contact/#home |
|
#11
June 21st, 2012, 05:54 PM
|
|||
|
|||
|
Re: Sirefef.AI & .AE & AH Constant Notifications
Quote:
Thanks FanJ, I will try to do that. I've been doing a lot of reading and these trojans are buggers, likely got my trojan(s) from a video game website. I'm currently doing a deep scan with Malwarebytes and waiting to see what that finds. I had installed SpyHunter briefly and it found some things but requires a purchase to fix or clean the objects. In the end I read some less than stellar reviews of it and decided to uninstall the software. Oddly, it almost seemed that the constant ESET red warning notifications stopped while SpyHunter was on my system. I may re-install it again and see if the ESET warnings stop. Current totals: 298, 320, 241, 4 and 28. |
| « Previous Thread | Next Thread » |
| Thread Tools | Search this Thread |
|
|
Not sure if running "sfc.exe /scannow" would fix it, you can try.
