infected with Win32:Sirefef-PL [Rtk]

Viruses and worms
1

Hi, my aunts computer has been infected, Avast just keeps popping up letting me know that it has blocked this. This infection is a little past my knowledge but after reading all the problems other people have been having, it doesn’t seem too bad, but i could be wrong. I have already ran OTL and Malwarebytes, and have attached the logs. From this point on I’m not entirely sure how to proceed with Combofix. If someone would be able to assist that would be greatly appriciated. Thanks.

2

Hello,
I will be working on your Malware issues. You need to re-run malwarebytes to remove detected.

[*]Re-run Malwarebytes, select “Perform Full Scan”, then click Scan.
[*]When the scan is complete, click OK, then Show Results to view the results.
[*]Make sure that everything is checked, and click Remove Selected.
[*]When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
[*]Please save the log to a location you will remember ( desktop for example ).
[]The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
[]Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Re-run OTL. Make sure all other windows are closed and to let it run uninterrupted.

[*] Click on Scan All Users

[*] Paste this into Custom Scans/Fixes box at the bottom



netsvcs
drives
%SYSTEMDRIVE%\*.exe
/md5start
services.*
/md5stop
CREATERESTOREPOINT

[*] Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

[*] When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.

[*] Please attach them in this thread.

3
From this point on I'm not entirely sure how to proceed with Combofix.
[b]only[/b] to be used when told so by a certified malware remover....

…like magna86. ;D

4

so i had no problem running malwarebytes and ran OTL with the script provided. Apparently the computer froze and is just sitting there at the create a restore point. Will it be ok to manually restart the computer? Do I need to rerun OTL or will it be ok and will i be able to retrieve the logs from this scan after restart?

5

OTL is only diagnostic tool, It do not make changes to the system except that he tried to create a new system restore point.
Try again to run OTL. If it still not wonna run, then be free to rebot your computer and repet OTL but instead repeat the above script, insert this one:


netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
services.*
/md5stop