Trojan Win32/Sirefef!cfg on my pc, MSE supposedly removed, but PC still infected I think.

[DexSadPC]

I followed the instructions for malware removal assistance, and didn't realize until now that ADWCleaner Scan log is also required. I have uploaded the scan logs for the other two and will try to find ADW and perform that scan to add its log to the thread.

It appeared that the scan by aswMBR froze mid scan, so I waited 30 minutes, and when it had not updated or moved, I saved the log. I was planning to try to scan again, but can't figure out how to get it to go again.

Any assistance to help me clean my PC and get it working properly is greatly appreciated.

All my best,
Ms. DexSadPC

 

[kuttus]

Hi and welcome to the malwaretips.com forums!

I'm Kuttus and I am going to try to assist you with your problem. Please take note of the below:

• I will start working on your malware issues, this may or may not, solve other issues you have with your machine.
• The fixes are specific to your problem and should only be used for this issue on this machine!
• The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
• If you don't know, stop and ask! Don't keep going on.
• Please reply to this thread. Do not start a new topic.
• Refrain from running self fixes as this will hinder the malware removal process.
• It may prove beneficial if you print of the following instructions or save them to notepad as I post them.

Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.


Before we start:
Please be aware that removing malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.
------------------------------------------------------------------------------------------------------------------------------

Please run the following utility so that I can get a log of your system...
STEP 1 : Run a scan with Combofix

Please read and follow very carefully the below instructions​

Download ComboFix from one of the following locations:

COMBOFIX DOWNLOAD LINK #1 (This link will automatically download Combofix on your computer)
COMBOFIX DOWNLOAD LINK #2 (This link will automatically download Combofix on your computer)
----------------------------------------------------------------
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

• Close any open browsers.
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
• WARNING: Combofix will disconnect your machine from the Internet as soon as it starts.Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

-----------------------------------------------------------------

How to run the Combofix scan :

1. Double click on ComboFix.exe & follow the prompts.
2. Accept the disclaimer and allow to update if it asks
3. When finished, it shall produce a log for you.
4. Please include the C:\ComboFix.txt in your next reply.

Additional notes:

1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programms being marked for deletion then reboot, that will cure it.

 

[DexSadPC]

Do you want me to do adwcleaner for its log before Combofix?

 

[kuttus]

No RUn Combofix first.

 

[DexSadPC]

Here is the log for Combofix. Please let me know what's next.

Thank you for your help!

 

[kuttus]

STEP 1: Run a scan with Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.

• Double-click to run it. When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
• The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

[DexSadPC]

If I've already downloaded the fabar recovery scan tool, do I need to download it again or may I simply rescan my computer with it?

 

[kuttus]

Please rescan...

 

[DexSadPC]

Here is the FRST.txt file from the most recent scan. I have also attached the Addition.txt file that was originated when I first downloaded the tool, as well as the txt file that was created the first time I ran the tool (renamed "FRST_1st scan before running combofix.txt") in case you needed them to compare. Let me know what's next.

Thanks again for your help! Dex.

 

[kuttus]

There is nothing in the FRST Scan file you uploaded. It is Blank.. But no issues please do the following.

STEP 1: Run a scan with Junkware Removal Tool

Please download Junkware Removal Tool to your desktop from here

• Turn off your antivirus software now to avoid potential conflicts
• Double-click to run the tool. For Windows Vista or 7 users, right-click the file and select Run as Administrator
• The tool will open and start scanning your system
• Please be patient as this can take a while to complete depending on your system's specifications
• On completion, a log (JRT.txt) will be saved to your desktop and will automatically open
• Post the contents of JRT.txt into your next reply

---

STEP 2: Run a scan with AdwCleaner

1. Download AdwCleaner from the below link.
   ADWCLEANER DOWNLAOD LINK (This link will automatically download Security Check on your computer)
   
2. Close all open programs and internet browsers.
3. Double click on adwcleaner.exe to run the tool.
4. Click on Scan,then confirm each time with Ok.
5. After the Scan is Over press on Clean ,then confirm each time with Ok.
6. Your computer will be rebooted automatically. A text file will open after the restart.
7. Please post the contents of that logfile with your next reply.
8. You can find the logfile at C:\AdwCleaner[S1].txt as well.

------------------------------------------------------------------------------------------------------------------------------

Download Malwarebytes Anti-Rootkit from here to your Desktop

• Unzip the contents to a folder on your Desktop.
• Open the folder where the contents were unzipped and run mbar.exe
• Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
• Make sure there is a check next to Create Restore Point and click the Cleanup button to remove any threats. Reboot if prompted to do so.
• After the reboot, perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If there are threats, click Cleanup once more and reboot.
• When done, please post the two logs in the MBAR folder(mbar-log.txt and system-log.txt)

---

Please download Malwarebytes' Anti-Malware to your desktop.

• Double-click mbam-setup.exe and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to
  • Update Malwarebytes' Anti-Malware
  • and Launch Malwarebytes' Anti-Malware
• then click Finish.
• If an update is found, it will download and install the latest version.
• When it prompts you to try their 30-day trail, click decline
• Once the program has loaded, select Perform quick scan, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
• When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidently close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

---

 

[DexSadPC]

Here is the txt file generated from the Junkware removal tool. I realize it is basically blank. not sure why. I am in the process of running step 2 Adwcleaner, but wanted to post the results from step one first.

 

[DexSadPC]

Here is the txt file generated by AdwCleaner. I am now going to run the third scan with Malwarebytes Anti-Rootkit.

 

[kuttus]

Okay.

 

[DexSadPC]

Completed scanning with Malwarebytes Anti-Rootkit twice with reboot inbetween. Both scans came up clean. I only received one log (perhaps the other is only generated with dirty scans. I'm about to scan with Malwarebytes Anti-Malware, then the list of "to-do"s you sent is complete.

 

[kuttus]

Okay Cool... How's Everything working on your computer now?

 

[DexSadPC]

It seems to reboot quicker, however I have not done anything except the scans since we started. I hope we kill this thing!

 

[kuttus]

Scan logs seems good to me... Please check how's everything working on your computer and replay back..

 

[DexSadPC]

Here's the final scan log from Malwarebytes Anti-Malware:

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Database version: v2014.01.20.01
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.16476
sony vgn-tt290 :: LT-SJACOBSON-SD [administrator]
1/19/2014 9:01:23 PM
mbam-log-2014-01-19 (21-01-23).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 262943
Time elapsed: 10 minute(s), 26 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)

-----------------------------
Everything seems okay, however it will be tough to tell until I am using it normally again over the next few days. Then I will know if it is rebooting itself without my prompts, etc.

I am wondering if I should uninstall all of the programs, or some of them that I have installed to clear this thing up, or wait a period of time before doing anything with them. I would like to clear off of the computer whatever is unnecessary, because I don't think there is a lot of free space.

Some time ago I tried to set it up to be able to run as virtual pc with an older operating system to run a program that wasn't compatible with windows 7. I think that may have used a lot of available space. I never did get that to run appropriately, so have abandoned trying. Do you know how I can undo what I did to set up the virtual pc part? I believe I tried to set up an antivirus software on that portion of the pc, which may have taken up a lot of resources.

 

[kuttus]

You can remove the unwanted programs from the computer...

 

[DexSadPC]

I ran a full scan with Microsoft security essentials, and it froze my computer after completing approximately 3/4 of the scan. This happened twice before we did all the scans you suggested. I am currently running a full scan in safe mode. Do you have any ideas why the scan freezes in normal mode? I'll post another response upon completion of the scan in safe mode.