Computer infected sirefef.ac and ah virus. Need advice RRS feed

  • Question

  • I know I have the Trojan:Win32/Sirefef.AH, AC and AA on my pc - and believe it or not it is my second occurance getting infected by it.  This time microsoft has more information on the subject, and they suggest reinstalling windows, as its the only way to purge it out of my system.

    I am prepared to do that, but want to back up as much as I can without bringing over any files corrupted.  Can I get a list of what files I should back up? I am leary of backing up the win32 files and the program files for instance, if I back those up won't I be copying the virus or part of it? 

    I can easily reinstall the programs I have that are not on the Windows XP Pro disk, but I know I need the registry and all my drivers.

    Dawn M Brown

    Saturday, April 28, 2012 6:57 AM

All replies

  • Dawn

    There is no need to backup the registry or anything from the Windows folder as ‘new’ versions of it will be created when you reinstall.

    If you don’t already have backups of your personal data, do it now. To backup all your drivers so that they don’t have to be downloaded, use Double Driver which is an excellent little program that allows you to backup, restore, view, save and print all the drivers on your system. Download it, unzip it and install it, from here http://www.boozet.org/dd.htm  Also, make sure you know the Windows product code. If you don’t, Magic Jelly Bean Keyfinder will disclose the key, here http://www.magicaljellybean.com/keyfinder/

    • Marked as answer by Springgirltks Saturday, April 28, 2012 5:21 PM
    • Unmarked as answer by Springgirltks Saturday, April 28, 2012 5:22 PM
    Saturday, April 28, 2012 7:40 AM
  • BurrWalnut

    Thank you for your quick and informitive response.  You saved me alot of unnecessary time backing up things I did not need, plus lightened the load on what I do have to do. 

    Because of your e-mail I went in to look at the driver file in detailed system information and into the driver section under hardware. I found 19 files that had descriptions that were the same as the as the driver name and in all caps, which is not true with the rest. 

    I checked the Malware Site Support and it had a list of known system files containing part of the malware for this group, they had 7 listed, and all 7 are in my driver file.  The others I compared properties in the system32/drivers files and they all say Microsoft Corp. , but they all have 4/13/2008 as date created or date modified and their application is unknown.

    If I copy my drivers won't I be copying the virus files as well?  What should I do? I may be able to identify each of these files but I doubt I will be able to delete them, they will say they are write protected or being used by a program right now.

    Dawn M Brown

    • Marked as answer by Springgirltks Saturday, April 28, 2012 5:21 PM
    • Unmarked as answer by Springgirltks Saturday, April 28, 2012 5:22 PM
    Saturday, April 28, 2012 3:33 PM
  • If you’re concerned about copying infected files, either copy those you know are clean or make a list of them and download them prior to the Windows reinstall.
    Saturday, April 28, 2012 6:17 PM
  • Hi Dawn,

    I suggest we backup personal data files (such as documents, music, video, etc.) to an external storage device. If it is
    possible, we shall put the storage device to another computer and perform virus scan on those backed up files. We shall only copy them back to the new system after making sure they are clean.
    After doing the backup, we can prepare the
    driver CDs of this computer and perform a clean install of the Windows XP system (the hard drive shall be formatted).

    After reinstalling the system, we shall install the hardware drivers and make sure to install anti-virus program to
    protect the system.


    TechNet Community Support

    • Edited by 朱鸿文 Monday, April 30, 2012 9:18 AM
    Monday, April 30, 2012 9:13 AM