Help: Win32:Trojan-gen, Win32:Sirefef-AAO[Trj] & now Win32:Malware-gen

Hi magna86,

Amazing, thank for you so much for your continued support, and super quick responses. Really appreciate it!

I did as you advised - Uninstalled Combofix, and then got OTL, and ran it with the code you provided. Rebooted, and attached the log to this thread. The computer has been running just fine. Since the first Combofix in fact, and continues to do so now.

Let me know if I need to do anything else.

Best regards,
Ankur

I think we are done here. 8)

Re-run OTL and click on CleanUp! button.

You will be asked to reboot the machine to finish the cleanup process, choose Yes.
After the reboot all the tools we used should be gone.
Note: Some more recently created tools may not yet be removed by OTL. Feel free to manually delete any tools it leaves behind.

======================================

I recommended to use Malwarebytes Anti-Malware.
http://www.malwarebytes.org/

I also recommended to use MCShield if you will.
You may download it from one of the following links:

MyCity - Official download link
Softpedija - Mirror download link

It will prevent infection by computer via USB flash drive, mobile phone or any other memory card.
And not only will prevent infection, but it will immediately clean flash drive, memory card or external HDD.

These two free software can be a great assistance to your current antivirus.

Be safe :wink:

Hey Bro! Amazing. I can’t thank you enough for all your help and patient advice.

If there is anyway I can help (reviews or rating or some such) please do let me know.

Thanks again!

Best,
Ankur

I’m sorry to sound so ignorant but I am getting the distinct feeling that trying to remove the "Win32:Sirefef-AOO[Trj]"virus is not a simple process. There is no single program to download that will rid my computer of this virus. Is that correct?
Since I do not feel comfortable doing some of the things described by many of the respondents, should I take it to a computer “specialist”?
Would that be the safest way? (Normally I would have my son handle this but he lives three hours away)

Mike, the problem is that rootkit does not just set&install some of his files as loading points. Antivirus/antimalware know thouse files but they cannot easily delete thouse.
Why? The trick is that this malware also patching some system file (it patching Service Control Manager’s executable file). Patched file should not be deleted
because file is system file and used by the OS. It is necessary to find a legitimate copy of the file and replace with patched-one.
(just to note that even the replacement is not simple procedure)
And here arises the problem for AV/AM.

So it’s not just enough to locate and try to do some violent deletion of thouse files (malware loading points) because the file system is still infected with patching one and malware on reboot continues to live.
Some tools have been updated and they have learned where to find a legitimate copy of the file with some Heuristic and triying to perform the replacement (if they even succeed).

But if a rootkit hiding a legitimate file to a different location or AV/AM does not know where to find or even there is no a valid copy of the legitimate file on the system…
…without this type of malware removal and scripting is generally not possible to completely (or fully) disinfect malware and then remove thouse loading points.


If you need help with malware removal, you need to open a new thread and follow this instructions:
http://forum.avast.com/index.php?topic=53253.0

@adhawan

Your wellcome :wink: Glad to help. :slight_smile: