SOLVED Got infected by Trojan Siredef.C

[JAY B.]

I'm using Windows 8.1 Pro, and got a pretty bad infection with the Trojan Siredef.C, Kaspersky had never detected it !
And believe me, it was the second Trojan that was undetected by Kaspersky within a month !!!
So I'm starting to have second thoughts about the efficiency of Kaspersky.

Now, here's the problem, I disinfected the computer, but there's a lot of damage. WMP isn't working anymore, and the Metro tiles are active, but when I want to open (MSN Meteo, Microsoft Solitaires, 123 viewer), they appear for a split second and I'm back on the “ Bureau ” with a tab of the app. in task bar !
Even if I click on it, it doesn't open, the only thing I can do is closig it.
I uninstalled and reinstalled the apps from Windows store... Still the same issue !
I ran a « sfc /scannow », no violation of integrity.
Then I ran a « ScanHealth », no damage to the component store.
Finally, I ran a « RestoreHealth », and the restauration was successfull.
So, I went back to tha tiles and the problem remains.
I used two tools from Microsoft, and they had found nothing !

If someone has any idea, I'd be willing to give it a try !

If there's nothing that can be done, I believe the only option would be an up-grade in place ???
If I do so, will I loose all my settings and apps (LibreOffice, CCleaner, iTunes, etc...) ?

Thank You For your answers

Have a Nice Day !

 

[Norton]

Before you do anything rationale, create a disk image or back up your important data to an external drive.
1. Try running Malwarebytes.
2. Junk removal tool (JRT) from Malwarebytes.
https://www.malwarebytes.com/junkwareremovaltool/
3. Old timer Malware diagnostic and malware removal tool.
http://www.majorgeeks.com/files/details/otl_(oldtimers_list_it).html

 

[JAY B.]

Hi Norton,

The trojan was detected and put in quarantine by MalwareBytes.
I already have an ISO of 8.1, and all my data are on two external devices.
I will go through step #2 and #3.
I'll come back with the result.
One thing is sure my “ OS ” is in pretty bad shape !

Thank You for your Answer !

Bye

 

[JAY B.]

Here are all the tools I have used so far :

As for the Old timer Malware diagnostic and malware removal tool, it says that it is for professionnal use, so You can understand why I don't feel safe using it .

But I will take some time to read and understand what I will be doing.

Thanks again

Regards JAY B

 

[Trouble]

I disinfected the computer, but there's a lot of damage. WMP isn't working anymore, and the Metro tiles are active, but when I want to open (MSN Meteo, Microsoft Solitaires, 123 viewer), they appear for a split second and I'm back on the “ Bureau ” with a tab of the app. in task bar !

You may want to take an additional step to ascertain if the "damage" is global or if it simply unique to your specific profile, by.....
Creating a new user, as a member of the local administrators group and logging on as that user and see what works and what doesn't.
From an administrative command prompt ( Command Prompt (Admin) )

At the admin command prompt type
net user JohnSmith /add
hit enter
then type
net localgroup administrators JohnSmith /add
hit enter
type
exit
hit enter
Restart and log in as JohnSmith

Obviously it doesn't need to be JohnSmith, any Tom, Dick or Sally will do. It's only temporary and you can remove it later. It's only to further the diagnostic process.

 

[JAY B.]

Hi Trouble,

I created a second account, and after restarting I logged in as JohnSmith, and there was only five tiles, and they were not working unless I create a new Microsoft account !

Then I removed the first “ JohnSmith ”.
But for the second “ JohnSmith ”, it says that the local group doesn't exist ???
Do I have to delete the two accounts ?
I'll wait for your answer.
By the way the two only tiles working, was the one to go to the Windows store, and the one to switch to the Desktop.
Just like when I'm using my regular account.

Thank You

Have a Nice Day

 

[Trouble]

Do I have to delete the two accounts ?

Not sure what "two accounts" you are talking about. I only suggested creating the one "JohnSmith" account for testing purposes.
BUT
Yes you can delete a user account using the same technique from an Admin Command prompt simply type
net user JohnSmith /del
hit enter
You should see "The command completed successfully"
Type exit and the user account is gone.

 

[JAY B.]

Hello Trouble,

net localgroup administrators JohnSmith /add

It's when I try to delete this one that I get a message telling me that it doesn't exist anymore... So I guess it is the way it should be ?

What do you think of the tiles not working ?

Thank You

Bye

 

[Trouble]

What do you think of the tiles not working ?

Sadly, I don't remember very much about the general workings of Windows 8 / 8.1
However, I do believe, in much the same way you can perform a non-destructive in-place upgrade repair of Windows 10, you can also perform the same thing in a working version of Windows 8.1
http://www.intowindows.com/how-to-repair-windows-8-1-installation/

Generally speaking this type of repair is safe and all your software applications, drivers, devices, etc., will survive, however.....
I would never attempt anything like this without first performing a disk image of my current installation.
https://www.windows10forums.com/threads/please-for-your-own-peace-of-mind.794/

 

[JAY B.]

Thank You Trouble,

According to your reference, it works just like Windows 10 !

And all my data are already saved somewhere else.

Thank You, Norton and You have been of great help.

Have a Nice Day

P.S.: I'm marking this thread as solved.

 

[Norton]

Jay B Good luck. I never used Windows 8. I'm sure an in place upgrade or repair will solve your problem(s)

 

[Grizzly]

Maybe a last word of safety. A compromised computer, though maybe disinfected, cannot be trusted anymore. Unless one wrote the code of the system, there still can be remnants of the infection.I personally am not a friend of disinfecting a computer, rather than re installing the system. It maybe paranoid on my part, but that is the way I think about safety...

 

[JAY B.]

Hi Grizzly,

there still can be remnants of the infection

I think the same thing !

So far there's too much damage with the system, so I'll format and install Windows 10 1703 instead.

Thanks to All of You !

Regards JAY B.

 

[JAY B.]

Hi,

I've just finished an in place upgrade and it was unsuccessfull, still the same issues !

So I'll install Windows 10 1703 !
You might see me comin' more often !

Thanks again !

See you soon

 

[clementishutin]

Always try to use a vpn for windows applications to stay on the safe end. Your data is very important and it is wise to not take any chances with it.

 

[Garyw]

Not sure how using a VPN will help the OP with virus infection problems. Anyway, OP solved the problem almost 5 years ago.

You probably should post your comments in the networking forum.