Annoyingly persistant virus

Viruses and worms
1

Actually three, but Avast’s restart clipped that one out. It was a “Windows Protector” fake viruscan, which was taken care of.

however, two more have taken it’s place. They don’t appear to be doing much, but every 30 minutes or so Avast will alert me to the fact it has blocked something, and a new virus appears in the chest.

First:

MALWARE BLOCKED
Object: C:\Users[name]\AppData\Local\2381ea73\U\80000000.@
Infection: Win32:Malware-gen
Action: Moved to chest
Process: C:\Windows\explorer.exe

second:

ROOTKIT BLOCKED (this one has me the most worried as I have no idea what a rootkit is)
Object: C:\Users[name]\AppData\Local\2381ea73\U\800000cb.@
Infection: Win32:Sirefef-AO [Rtk]
Action: Moved to chest
Process: C:Windows\explorer.exe

In addition, every hour or so, another window will open up and attempt to load the website called

strikingsearchsystem.com/?search=ford+hd+2011&subid=76&key=734dd7df98a82bbbec57&f=1

I’m not sure if this is because of another virus, or a function of one of the previously listed ones. In either case, it’s irritating.

I have looked everywhere for the virus files and have not found anything that could be causing them (though it did give me an excuse to do some spring cleaning). A full system scan reveals nothing. How do I get rid of them? Are they dangerous or merely an annoyance? Help is needed, and a cookie/my eternal gratitude is your reward.

2

This needs further analysis by a malware removal specialist:
Go to this topic http://forum.avast.com/index.php?topic=53253.0 for information on Logs to assist in cleaning malware. Use the information about getting and using the logs and start your own new topic and attach the logs there, not in the LOGS topic.

Unfortunately it is 1:20am in the UK and essexboy will be in bed now and not back to the forums until around 7pm.

So if you can work on running the tools and posting the logs so he has something to work with when he is here. Or if someone else with the experience can check the logs and prepare a fix.

3

Actually that might not be necessary. The Malwarebyte program on there managed to track down and delete all of the infected files, and I haven’t had a virus alert since.

Thank you for your help, and I’ll make sure to follow the log guidelines in the future whenever I get another attack like that.

4

Believe me this one (zero access/conserv) hasn’t been that easy to get rid of.

At the very least running the OTL analysis tool to get the log if for no other reason but to confirm it is gone (or not).