Hi there! Having a tought time on this one. My father's computer got infected with ZeroAccess/Sirefef, and neither Norton nor F-Secure rescue disk couldn't fix it. MSE says its got at least 3 variants:
Sirefef
Itens:
file:C:\Windows\Installer\{ecd941eb-127e-8664-93b6-fffd5903ae20}\U\00000001.@
Sirefef.AH
Itens:
containerfile:C:\Windows\system32\services.exe
file:C:\Windows\system32\services.exe->731
process:pid:712
Sirefef.AG
Itens:
file:C:\Windows\Installer\{ecd941eb-127e-8664-93b6-fffd5903ae20}\U\80000000.@
Sirefef.AL
Itens:
file:C:\Windows\Installer\{ecd941eb-127e-8664-93b6-fffd5903ae20}\U\800000cb.@
I anticipated some moves, disabled MSE and have downloaded aswMBR and updated it with the most up to date definitions. Run it, but couldn't finish the scan. The **bleep** trojan kept on crashing the program or trying to boot my system ("windows has encountered a critical error and will shut down in 1 minute"). I then loaded CMD with administrator privileges and run shutdown /a to stop the rebooting proccess. I was as fast as 3 seconds after the message.... but it didn't work:
C:\Users\Fabro>shutdown -a
A system shutdown is in process.(1115)
So I couldn't run it. Windows Vista 32 here. I think he got the thing on saturday (09/06/12) and I have several restauration points prior to that. Should I try to restore the system?
Please advice,
thank you very much.