Wednesday, June 13, 2012

60 Second shutdowns and Sirefef.Y

Recent just got in a computer that was claimed to be infected. Nothing obvious popping up but as soon as I ran D7 its new user mode rootkit cleaner jumped into action. Cool, everything else scanned without a trace of infection Malwarebytes, TDSS Killer, aswmbr, and malware scan no infections found anywhere. Then I notice their av was broken so I re-installed MSE and the the horror began. MSE finds Sirefef.Y linked to services.exe and removes and reboots. Every boot after that comes with another detection of Sirefef.Y and a popup saying critical error system shutting down in one minute. After a long search on the internet I come across a post talking about FRST (Farbar Recovery Scan Tool) this tool will only run in PE environment like Vista/7 start-up repair. It produces a log file with lots of information. The important part is the location of the rootkit and idea of what files like services.exe have been tampered with. You then can run a search for a particular file name to find a replacement for the hijacked file. Then to create a fixlist.exe containing the fixes that particular system needs. Such as:


SubSystems: [Windows] ==> ZeroAccess
C:\Windows\System32\consrv.dll
C:\Windows\Installer\{0cdfab67-65d2-56df-4b88-d692edc7ee5f}
Replace: C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe C:\Windows\System32\services.exe

Now remember this was created specifically for the computer in the link below, but gives you a good idea of what is needed to be put in the file to create one for your own situation. After running the fix the reboots have disappeared for me and everything appears to be smooth sailing.

Warning: Information is used at your own risk and is only a guide for an experience tech.

Source: http://www.techspot.com/community/topics/sirefef-removal-60-seconds-reboot.181609/
Posted by at No comments:
Labels: , , ,

Wednesday, June 6, 2012

Failed to Connect to Windows Service

Just had a laptop reporting "Failed to connect to a windows service: Windows could not connect to the System Event Notification Service service". I have seen this error before and was unable to repair it without clean loading windows. This time however I was able to find the solution.

  1. Boot to Safe Mode
  2. Log-in to an account with administrator privileges.
  3. Run Cmd as Administrator
  4. type "netsh winsock reset" enter
  5. reboot and enjoy
Source: http://www.techspot.com/community/topics/failed-to-connect-to-a-windows-service-problem.97813/
Post #12
Posted by at No comments:
Labels: , ,
Subscribe to: Posts (Atom)