Hi, have been infected with a Trojan. Apparently sirefef-ahf, although I see a couple of other names popping up.
Tried to work through some removal on my own but to no avail. Keeps coming back when I reboot from Avast or Malwarebytes.
Any help appreciated.
A malware removal specialist has been informed of your topic.
Hi,
Step1
Re-run OTL.exe.
[*]Copy and paste the following text written inside of the quote box into the Custom Scans/Fixes box.
:OTL
IE - HKU\S-1-5-21-482354840-2848161697-1293443058-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={BB561734-1F7F-45E8-AB87-E13F568A2391}&mid=798010d8459e47d1a08a25244278e6c6-518eca2199f98d902e5a215baf45248b1089007d&lang=en&ds=AVG&pr=fr&d=&v=&sap=dsp&q={searchTerms}
O33 - MountPoints2\{8530d56d-55bc-11e1-8886-f46d049c0f35}\Shell - "" = AutoRun
O33 - MountPoints2\{8530d56d-55bc-11e1-8886-f46d049c0f35}\Shell\AutoRun\command - "" = F:\HPLauncher.exe
O33 - MountPoints2\{aded6f8d-575c-11e1-92f4-f46d049c0f35}\Shell - "" = AutoRun
O33 - MountPoints2\{aded6f8d-575c-11e1-92f4-f46d049c0f35}\Shell\AutoRun\command - "" = F:\Setup.exe
:Files
C:\Windows\Installer\{ac36cd21-c1c1-4a73-ca15-827516d8ff80}
C:\Users\DAD\AppData\Local\{ac36cd21-c1c1-4a73-ca15-827516d8ff80}
ipconfig /flushdns /c
:commands
[CREATERESTOREPOINT]
[emptytemp]
[EMPTYFLASH]
[EMPTYJAVA]
[Reboot]
[*]Then click the Run Fix button at the top.
[*]Let the program run unhindered; it will reboot the system when it is done and open notepad with logreport. Attach here that logreport.
Step2
Download ComboFix from here and save it to your Desktop.
If you are unsure how ComboFix works please read this guide carefully.
note: ComboFix must be downloaded to your Desktop.
Temporarily disable your AntiVirus program.
If you are unsure how to do this please read this Instruction.
How to disable avast:
[*]Right-click on the avast! icon in the lower right corner of the screen and choose Open Avast! User Interface.
[*]In the window that opens on the top right corner, click Settings.
[*]In a new window that opens, choose the option Troubleshooting, Uncheck Enable avast! self-defense, and click OK.
[*]Right-click on the avast! icon in the lower right corner of the screen and select avast! shield controls .
[*]In the menu that appears, choose Disable Permanently. When you are prompted to turn off security, click Yes.
Note: Do not forget to turn on this option after the cleaning.
Run ComboFix. Click on I Agree!
ComboFix will check if there is a newer version of ComboFix available.
Click Yes if prompted to download.
ComboFix will display DISCLAIMER OF WARRANTY ON SOFTWARE.
Click Yes to allow ComboFix to continue.
If Recovery Console is not installed, ComboFix will offer download & installation.
Click Yes to allow ComboFix to install Recovery Console.
Note:Do not mouse-click Combofix’s window while it is running.
When the tool is finished, it will produce a log report for you. (typical location: C:[b]ComboFix.txt[/b] )
Attach log reports ( ComboFix.txt) back to topic.
Notes:
Thanks a tonne for this. Here are the two log reports. Will check back later and also update if I get any hits on avast again. Combofix kept insisting that I had a couple of avg programs running so I downloaded a complete removal tool and ran but combo still isisted they were running so I ran it at my own risk and it seemed to work.
Thanks again.
It seems all right, how’s your computer behaving now?
Seems good. Haven’t been on alot did some work on kitchen counters and plumbing. But no warnings or internet slowdowns anymore. Thanks again.
It is necessary to uninstall the ComboFix :
[*] Click Start (or
http://amf.mycity.rs/pg/images/VistaStartButton.png
) then Run.
On Windows7 or Vista you may use Start Search field if Run is not available.
[*] In the line of text type in (Copy) the following:
ComboFix /Uninstall
Note that there is a space between " ComboFix " and " /Uninstall " .
[*] then click OK (or press Enter ).
Wait for the uninstall process is complete.
Run OTL and hit the CleanUp button.