i need help with this win32:sirefef-HO virus

hello guys have 4 day surfing this forum trying to fix this i tried at all and i can’t end with this virus

my computer have the win32:sirefef-HO virus, with the consrv.dll,

i put my combofix log in attach

Hi,

Welcome!!

I need to say to not run ComboFix any longer without the guidance of a trained malware remover. ComboFix is a powerful tool that, if used incorrectly, can turn your computer into a nice door stop. :slight_smile:

[*]Download OTL to your desktop.
[*]Right-click and Run as Administrator on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
[*]When the window appears, underneath Output at the top change it to Minimal Output.
[*]Check the boxes beside LOP Check and Purity Check.
[*]In the Custom Scans box put the following:
netsvcs
[*]Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

[*]When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
[*]Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

have to attach the two log files ,cause it dont let me post the log here is so big

Hi,

Download Combofix from either of the links below, and save it to your desktop.
Link 1
Link 2

Note: It is important that it is saved directly to your desktop


IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here


Right-Click and Run as Administrator on ComboFix.exe & follow the prompts.
When finished, it will produce a report for you.
[*]Please post the C:\ComboFix.txt for further review.

hello

ok this is the combofix log

Hi,

[*]Please open Notepad (Start → Run → type notepad in the Open field → OK) and copy and paste the text present inside the code box below:


ClearJavaCache::

File::
c:\windows\system32\dds_trash_log.cmd
c:\programdata\abelhadigital.com
c:\users\TEMP\AppData\Roaming\abelhadigital.com
C:\Windows\SysNative\mfeavfk.dll

RegLock::
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

Registry::
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
"{043C5167-00BB-4324-AF7E-62013FAEDACF}"=-

Netsvc::
nmwcdcj

Driver::
idrictgp
wpihrrbu
nmwcdcj

[*]Save this as CFScript.txt and change the “Save as type” to “All Files” and place it on your desktop.

http://img.photobucket.com/albums/v706/ried7/CFScriptB-4.gif

[*]Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause “unpredictable results”.
[*]Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
[*]ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
[*]When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix’s window while it is running. That may cause it to stall.

hi
here is the combofix log

Hi,

Ok now run a new scan with OTL

In the Custom Scans section be sure to put the following:

netsvcs /md5start consrv.dll mfeavfk.dll /md5stop

In your next reply please post the new OTL log.

ok this is my OTL log, since i did the CF scan i dont have the ping.exe and the consrv virus notified by avast

Hi,

Download CKScanner by askey127 from Here & save it to your Desktop.
[*] Right-click and Run as Administrator CKScanner.exe then click Search For Files
[*] When the cursor hourglass disappears, click Save List To File
[*] A message box will verify the file saved
[*] Double-click the CKFiles.txt icon on your desktop then copy/paste the contents in your next reply

here’s the log file

Hi,

CKScanner has detected illegal software on your system. Besides being illegal, it’s the number one way of infecting your system as all cracked/keygen software is infected. This forum, as well as all the other malware removal forums, do not support the use of illegal software except for their removal. If I were to continue helping you with illegal software installed, it could be construed in the eyes of the law as aiding and abetting a crime.

I have worked up a fix for their removal. If you do not agree to this then this thread will be closed and no further help will be offered due to not being able to be sure the system will ever be clean. Please let me know if you wish to continue.

ok , ill delete those file

Hi,

Please download and run ERUNT (Emergency Recovery Utility NT). This program allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed. **Remember if you are using Windows Vista as your operating system right-click the executable and Run as Administrator.

Download and open the .txt file I have uploaded for you here >> http://www.mediafire.com/?63yzcaiyr8vk5z6

Run OTL.exe

[*]Copy/paste the text written inside of the text file you downloaded into the Custom Scans/Fixes box located at the bottom of OTL

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot when it is done
[*]Then run a new scan and post a new OTL log ( don’t check the boxes beside LOP Check or Purity this time )

When I run the fix than u gave me with otl it’s stop responding after two hours I close the windows and restarted when it back to windows I see a lot of files everywhere an the system is unstable can’t close
The windows and it froze a lot

Hi,

Ok…lets try a different fix as that may have been quite a bit to do at once.

Follow the same instructions before but this time download and use the fix I provided here >> http://www.mediafire.com/?xih9pc15w9vhmgb

If you still have problems please let me know. :slight_smile:

hi,

ok let me check it out

Ok…let me know how it works for you. :slight_smile:

hi,

sorry for the late answer , but the OTL everytime i try to make the fix it froze , and i dunno what to do

Hi,

Please delete the current version of Combofix.exe from your desktop and download a new version from here to your desktop.

Disable your AntiVirus and AntiSpyware applications.

[*]Please download the text file found here >> http://www.mediafire.com/?1ynmwtj12g81lzj
[*]Please open Notepad (Start → Run → type notepad in the Open field → OK) and copy and paste the text present inside the text file I had you download:
[*]Save this as CFScript.txt and change the “Save as type” to “All Files” and place it on your desktop.

http://img.photobucket.com/albums/v706/ried7/CFScriptB-4.gif

[*]Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause “unpredictable results”.
[*]Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
[*]ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
[*]When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix’s window while it is running. That may cause it to stall.

In your next reply please post the log made by ComboFix.