Sirefef malware keeps hitting again or is it something else

April 5, 2013 at 21:45:20
Specs: Windows Vista/7, Intel Core-Duo 2.8Ghz / 6GB
Alright, I'm pretty versed in PC issues but this one has me stumped, my Fiancee works for a major ISP doing internet troubleshooting/repair from home (basically who you talk to if you call in with a problem) well everything usually runs fine for all the PC's around here, until today.

She was working the first half of her split sdhift when she got disconnected, running Vista Home, SP2, all security updates, up to date antivirus, no downloads go on the PC, etc, etc.

Says unidentified network access, pull a 169.* IP (should be 168 for our gateway/modem)

ESET Sirefef removal positively identified it (tried MalwareBytes anti-rootkit, avast antivirus, and malwarebytes scans they all found nothing)

However ESET's tool couldn't fix it (it'd just reboot and then say it found it again)

So at this point it was t-minus ~2 hours for her to go to work, I said the hell with it, pulled the hard drive, installed a brand new and feshley formatted/zeroed drive, and reinstalled with a copy of Windows 7 I had laying around, boot up, get all windows updates, install avast and malwarebytes, update both of them as well as get ALL windows updates, installed her work systems and everything was fine, she works for the same amount of time, boom, same thing happens on 7.

Things I've tried:

2 different DSL lines, 4 different modems, 2 different ethernet cables.
3 different NIC's
I get a network connection through Ubuntu live CD

I tried scanning with Avast, MalwareBytes, both find nothing, ESET removal tool does however still find it.

I've ran the ESET removal tool
etc, etc

Everything hardware wise checks out, I just don't get why the system would get infected 2 times within the same amount of time, with no real ryhme or reason.

Firewall is enabled on my routers, system has enabled firewall and never goes to any untrustworthy sites, it's used strictly for work.

See More: Sirefef malware keeps hitting again or is it something else

Report •

April 5, 2013 at 21:46:36
Could it possibly be an infection server side from the programs she uses to work from home with? (Citrix and a couple others)

Report •

April 5, 2013 at 23:08:00
Take the comp else ware & try it on their modem/router & see if it is Ok.

Then try your comp with your modem/router in their environment.

Just to get it out of your environment is the test.

Report •

April 5, 2013 at 23:32:41
Another thought, are you using Norton?

If so, remove it.

I use Microsoft Security Essentials ( MSE )
System requirements
Can Microsoft Security Essentials ( MSE ) protect me from online banking and shopping.
If you choose to use Security Essentials, please follow the steps in this thread first, especially the part about removing all existing realtime antimalware:

Report •
Related Solutions

Ask Question