Hi,
I recently got infected by Win32:Sirefef-HO, I tried to remove it using all the existing antimalawares without any success.
I saw on this forum some thread regarding the Win32:Sirefef-HO infection but I wasn’t sure I could apply the steps described in my case as well.
Now I’m running all the scan described in this trhead http://forum.avast.com/index.php?topic=53253.0 and I will post the logs, then could somebody help me?
Tipo di scansione: Scansione veloce
Opzioni di scansione attive: Memoria | Esecuzione automatica | Registro | File system | Euristica/Extra | Euristica/Shuriken | PUP | PUM
Opzioni di scansione disattivate: P2P
Elementi esaminati: 233521
Tempo impiegato: 4 minuti, 50 secondi
Processi rilevati in memoria: 0
(non sono stati rilevati elementi nocivi)
Moduli di memoria rilevati: 0
(non sono stati rilevati elementi nocivi)
Chiavi di registro rilevate: 0
(non sono stati rilevati elementi nocivi)
Valori di registro rilevati: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|MozillaAgent (Spyware.Sniffer) → Dati: C:\Windows\Temp_ex-68.exe → Spostato in quarantena ed eliminato con successo.
Voci rilevate nei dati di registro: 0
(non sono stati rilevati elementi nocivi)
Cartelle rilevate: 0
(non sono stati rilevati elementi nocivi)
File rilevati: 2
C:\Windows\System32\abRCrx.com_ (Trojan.Agent) → Spostato in quarantena ed eliminato con successo.
C:\Windows\SysWOW64\abRCrx.com_ (Trojan.Agent) → Spostato in quarantena ed eliminato con successo.
Download Combofix from either of the links below, and save it to your desktop. Link 1 Link 2
Note: It is important that it is saved directly to your desktop
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
Right-Click and Run as Administrator on ComboFix.exe & follow the prompts.
When finished, it will produce a report for you.
[*]Please post the C:\ComboFix.txt for further review.
[*]Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause “unpredictable results”.
[*]Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
[*]ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
[*]When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix’s window while it is running. That may cause it to stall.