« Delete a File When Access is Denied | Restore or Disable Mouse Pad Tap to Click » |
© Computer Care 1/25/2012
We recently had an interesting virus removal problem come in.
Customer had an off the shelf computer by one of the big computer manufacturers, and it was one month out of warranty.
Windows 7 Home Premium 64bit.
The customer had let the trial version of McAfee anti-virus expire, it was still functioning but no longer updating to the latest virus definitions.
The customer had picked up one of the fake Windows Virus Removal malware’s.
(The ones that pop up and tell you that you have infections and if you click here for $49.95 they can remove them) It disabled access to programs and the internet.
Follow up:
We stopped the process from running and used Malware bytes anti-malware and spybot s&d to remove the infection.
We also removed the outdated McAffee anti-virus and then replaced it with Microsoft Security Essentials.
All was good.
Until we ran the quick scan and found:
coinminer
SireFeF.B
SireFeF.T
Alureon.TK
Infections on the system.
Removing and cleaning up coinminer was no problem, but SireFeF and Alureon presented a strange issue.
When either quarantined or removed by MSE, Windows could not reboot.
MSE instructs you to reboot the system to finish the cleanup process.
Computer would shut down but on restart we got the error screen presenting us with the Windows Repair option.
The repair option failed to restore functionality to the system.
So we booted from a Repair disk but the only way to get the system to reboot was to restore to a previous restore point, which then restored the infections.
Here is what we did, maybe not elegant but it worked.
Boot Windows to the desktop.
Allow MSE to quarantine all 3 of the infections.
Insert the MS Windows 7 installation disk and start the Repair Installation process.
Followed all the steps to run a repair and NOT a clean install, do not allow Windows to install to a different folder than original install or allow it to format the hard drive.
Windows has to reboot during the installation process and that went fine.
After the repair install we just ran MSE on a full scan and all was clean.
For good measure we ran MalwareBytes and SpyBot S&D again, all clean.
The process was a little more involved than appears here but I hit the highlights.
Customer data protection was our first and foremost concern, many things on this system the customer did not want to lose. Personal files and new baby pictures and what not.
When doing these types of removals make sure to make backups and set restore points, even if those are going to be of infected systems. Just remember to use a clean external hard drive and then sterilize it once you have been successful.
A backup of an infected system is still better than no backup at all. Just keep the files isolated.
Also keep in mind when removing McAfee or Norton, you must download and run the remover otherwise you will not get all of the processes and services removed.
McAfee Remover
Norton Remover
I posted this not so much as a tutorial on how to remove these infections as much as when I researched these infections, no one else seemed to have the boot issue with Windows 7 that we did.
Your own mileage may vary; use this information at your own risk.
Computer Care & Computer Care Online cannot assume responsibility for damage or loss due to this information or it’s use.
Computer Care does not claim to represent any of the mentioned software vendors or programs listed in the post. All trademarks, copyrights and patents remain the sole property of the respective companies, they are mentioned here for reference only.
Like Computer Care on FaceBook
Follow us on Twitter
computer Care on Pinterest
computer Care on instagram
Visit the Computer Care Catalog Online for all your part needs.
Comments are closed for this post.