Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Rootkit.0access Trojan:sirefef
#1
Hi,
In the video discussing how to remove Rootkit Access Trojan sirefef Brian speaks of going to the folder that is located in C:\Local disk/computer/windows/installer.
He comments there is a load of "Stuff" in this folder. He said that the folder that particularly interests him is the folder that is titled with all the jibberish numbers. I have numerous such folders in the same folder directory. I'm sending along a Snipping tool image to better show what I'm asking about.
So my question is: Should these folders be deleted as Brian has done in this tutorial or should they be left well enough alone?


Attached Files Thumbnail(s)
   
Reply

#2
Are you referring to this vid?



If so you may have to open each of those to see what files are in there.
Incidentally, what has led you to believe you have the Rootkit sirefef?

Have you checked the Temp folder for similar files?
Reply

#3
(06-30-2015, 01:33 PM)GuiltySpark Wrote:  Are you referring to this vid?





If so you may have to open each of those to see what files are in there.
Incidentally, what has led you to believe you have the Rootkit sirefef?

Have you checked the Temp folder for similar files?

Hi Guilty,
Thanks for your reply to my question.

Yes the vid that you have put up as part of the post is the one in which I was watching when this question came about.
What I found of interest is when Brian talks about the discovery of this folder he describes it as being a file of interest. What I am interested in is "what" makes this folder one of interest?
As I posted I have numerous folders with similar Gibberish for the names of the folders. What makes the folder that he found different from my folders with similar titles? Or for playing devils advocate "are" they different?
I don't believe that I have a rootkit currently running on my machine. After saying that I have a concern that if I'm seeing similar folders on my computer as such as similar names I'm curious once again what makes the folders that he is focusing on different from the ones that I have posted in the snipit attachment?
You suggested in your reply that one needs to look over the contents of these folders to determine the validity or lack there of regarding the folder. What am I to be looking for when inspecting the files?

Please understand there is no argument from me only doing what I can to get clarity from his vid.

Thanks again for responding!
Reply

#4
You can always use something like xuetr or PowerToolV3.4.1.zip 
These will detect that on the system real easy.
<left><form action="https://www.paypal.com/cgi-bin/webscr" method="post">If you are satisfied with my help, consider a donation. Thank you so much for your continued support! 
<input type="hidden" name="cmd" value="_s-xclick">
<input type="hidden" name="hosted_button_id" value="Y4ZDLXGFS4F8Q">
<input type="image" src="https://www.paypalobjects.com/en_US/GB/i/btn/btn_donateCC_LG.gif" border="0" name="submit" alt="PayPal — The safer, easier way to pay online.">
<img alt="" border="0" src="https://www.paypalobjects.com/en_GB/i/scr/pixel.gif" width="0" height="0">
</form>

   </div></left> 
Reply

#5
(07-01-2015, 01:33 AM)Britec Wrote:  You can always use something like xuetr or PowerToolV3.4.1.zip 
These will detect that on the system real easy.

Thank you so much for your reply.
After successfully installing the Zuetr program I was welcomed with tutorials on how to go about using the program all written in an Asian language?? (I only read English) After using 7-Zip to attempt to open and install the Powertool I was unable to start this program. Do you have any idea as to what the problem maybe?
My Windows 8.1 is running in 64 bit configuration. Would that be the issue that I may have download a 32 bit zip file?
Thanks.
Philip
Reply

#6
https://code.google.com/p/powertool-google/downloads/list
<left><form action="https://www.paypal.com/cgi-bin/webscr" method="post">If you are satisfied with my help, consider a donation. Thank you so much for your continued support! 
<input type="hidden" name="cmd" value="_s-xclick">
<input type="hidden" name="hosted_button_id" value="Y4ZDLXGFS4F8Q">
<input type="image" src="https://www.paypalobjects.com/en_US/GB/i/btn/btn_donateCC_LG.gif" border="0" name="submit" alt="PayPal — The safer, easier way to pay online.">
<img alt="" border="0" src="https://www.paypalobjects.com/en_GB/i/scr/pixel.gif" width="0" height="0">
</form>

   </div></left> 
Reply

#7
(07-01-2015, 04:48 PM)Britec Wrote:  https://code.google.com/p/powertool-google/downloads/list

Hi Brian,
Thanks for the update on the link for the power tool! It installed perfectly. I'm planning on doing study on how to use the program. Would you consider doing a Video on the program?
Thanks again
Philip
Reply

#8
I see what I can do.  Wink
<left><form action="https://www.paypal.com/cgi-bin/webscr" method="post">If you are satisfied with my help, consider a donation. Thank you so much for your continued support! 
<input type="hidden" name="cmd" value="_s-xclick">
<input type="hidden" name="hosted_button_id" value="Y4ZDLXGFS4F8Q">
<input type="image" src="https://www.paypalobjects.com/en_US/GB/i/btn/btn_donateCC_LG.gif" border="0" name="submit" alt="PayPal — The safer, easier way to pay online.">
<img alt="" border="0" src="https://www.paypalobjects.com/en_GB/i/scr/pixel.gif" width="0" height="0">
</form>

   </div></left> 
Reply

#9
(07-02-2015, 12:07 PM)Britec Wrote:  I see what I can do.  Wink


I would like to second the request for Power Tool Smile Also does xueter come in 64 bit ? When I tried to run it

on Win 7- 64 bit I got an error message.
Reply

#10
Was you running the x64 bit version? 
<left><form action="https://www.paypal.com/cgi-bin/webscr" method="post">If you are satisfied with my help, consider a donation. Thank you so much for your continued support! 
<input type="hidden" name="cmd" value="_s-xclick">
<input type="hidden" name="hosted_button_id" value="Y4ZDLXGFS4F8Q">
<input type="image" src="https://www.paypalobjects.com/en_US/GB/i/btn/btn_donateCC_LG.gif" border="0" name="submit" alt="PayPal — The safer, easier way to pay online.">
<img alt="" border="0" src="https://www.paypalobjects.com/en_GB/i/scr/pixel.gif" width="0" height="0">
</form>

   </div></left> 
Reply



Forum Jump:


Users browsing this thread:
1 Guest(s)

Powered By MyBB, © 2002-2024 Melroy van den Berg.