Hi,
Several weeks ago I started getting messages in the bottom-right corner of my screen saying “Trojan Horse Blocked … Infection: Win32:Maware-gen”
and “Trojan Horse Blocked … Infection Win32:Sirefef-BTT[Trj]”
I tried running your diagnostic programs here: http://forum.avast.com/index.php?topic=53253.0
They didn’t all complete properly, but I have attached the log files for your info.
Thanks for any help you can provide!
Jon
Hi there lets clear this bad boy
Please download Farbar Recovery Scan Tool and save it to your Desktop.
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
[*]Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will produce a log called FRST.txt in the same directory the tool is run from.
[*]Please copy and paste log back here.
[*]The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
I downloaded FRST64.exe and pressed SCAN. The two log files are attached.
Download the attached fixlist.txt to the same location as FRST
Run FRST and press fix
On completion a log will be generated please post that and let me know how the computer is behaving
Sorry for the delay. I am having problems with the Verification and a message saying I have submitted the same post already.
I did get one pop-up message saying “Malwarebytes Anti-Malware has blocked and quarantined a threat C:\FRST\Quarantine\Desktop.ini Rootkit.oaccess Click here to display quarantine.”
I am also still getting a message saying the Windows Security Center is off. When I try to turn it on, it says “The Security Center service can’t be started.”
Also, one of things I did a few days ago was I disabled User Account Control in preparation to do a mirror backup. Should I re-enable that?
Yes re-enable UAC. No more captcha things now 
OK it is now repair time
Download and Install Combofix
Download ComboFix from one of the following locations:
Link 1
Link 2
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
[*]Double click on ComboFix.exe & follow the prompts.
[*]Accept the disclaimer and allow to update if it asks
http://img.photobucket.com/albums/v706/ried7/NSIS_disclaimer_ENG.png
http://img.photobucket.com/albums/v706/ried7/NSIS_extraction.png
[*]When finished, it shall produce a log for you.
[*]Please include the C:\ComboFix.txt in your next reply.
Notes:
Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
ComboFix stalled halfway through with the screen shown in the attached jpg. However, I may have inadvertently clicked on something - I can’t be sure. Force of habit, I guess.
I haven’t re-run it or re-booted.
I just came across the message shown in the first attached jpg, so it looks as though I might not have properly turned off the Avast anti-virus.
The second and third attachments show the settings I had when I ran ComboFix, so I am not sure what else I need to do to turn off Avast.
Avast is aware of combofix so if you disable all shields until re-boot and allow combofix to run it should be OK
If combofix stalls again then stop it and run a fresh OTL scan please
It appears as though I was simply impatient. ComboFix was not stalled, but continued to run. It produced the message about Avast anti-virus not being properly turned off, it produced a message about creating a new restore point for about 10 minutes, and it produced messages about doing a file scan for about 30 minutes. It then produced messages about deleting files and folders, and went into a re-boot process. This took close to 2 hours in total I would say. After re-booting, it spent about 10 minutes writing the ComboFix.txt file (attached). Theneverything seemed to be fine except I needed to re-enable UAC. I did that, and then re-booted one more time to have it take effect.
I have control of the security settings again and have re-enabled virus protection in Avast. I currently have Defender turned off. I ditched Java and hope I can live without it since I understand it can be a security concern. I am still using IE8 because later versions of IE don’t work well with a Favorites index I’ve built up.
Do you have any advice about using Avast on its own as a means of providing protection against malware attacks in the future?
Also, should I go ahead and remove aswmbr.exe, OTL.exe, FRST64.exe and ComboFix.exe? What about Malwarebytes?
Thanks for all your help with this! My computer is running much better.
Jon
The length of the run was due to removing the sirfef folder and repairing services But that looks good now. How is the computer behaving ? Any further problems before I remove the tools and tidy up
Personally the only protection I use is Avast, I may sometimes run MBAM just for the sheer hell of it
The computer appears to be rock solid. It’s running fast and flawlessly for the first time in a few months I believe.
For the past few months I have been regularly getting messages in IE saying something along the lines of “This tab has been recovered. A problem with this web page caused Internet Explorer to close and reopen the tab.” I have not experienced this at all in using IE over the past couple of hours since we got rid of the infection, and that’s good news.
The only problem I know of now is that I only have 12 GB left on my 500 GB c: drive, but that’s a problem that’s been around for a while, and I can move more files off onto an external drive.
I do have one other question. Do I need to scan USB memory sticks that were used in the computer when it was it was infected? If so, should I be just insert the stick, then use MBAM since Avast didn’t really find this problem until it was too late?
Thanks.
For any memory sticks I would recommend McShield
Download McShield to your desktop and install
It will initially run a scan and show the result as a toaster by the system clock
Then in the control centre select scanner and tick unhide items on flash drives
https://dl.dropbox.com/u/73555776/mcshield%20unhide.JPG
Plug in the drive and McShield will start a scan
Then get the log which will be here :
Start > all programs > MCShield > logs > all scans
CLEAN UP
In that case methinks I will send you on your merry way
Subject to no further problems
I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems
Now the best part of the day ----- Your log now appears clean 
A good workman always cleans up after himself so…The following will implement some cleanup procedures as well as reset System Restore points:
Remove ComboFix
[*]Hold down the Windows key + R on your keyboard. This will display the Run dialogue box
[*]In the Run box, type in ComboFix /Uninstall
(Notice the space between the “x” and “/”)
then click OK
http://i1224.photobucket.com/albums/ee362/Essexboy3/Misc%20screen%20shots/CF_Uninstall-1.jpg
[]Follow the prompts on the screen
[]A message should appear confirming that ComboFix was uninstalled
Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.
Clear Restore Points
Go Start > All Programmes > Accessories > System tools
Right click Disc Cleanup and select run as administrator
When it pops up at the first prompt select OK after it has done some calculations the tabs will appear
Select More Options tab
Press Sytem Restore and Shadow Copies Cleanup button
: Keep Java Updated :
WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article and this article.
I would recommend that you completely uninstall Java unless you need it to run an important software.
In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser and How to unplug Java from the browser)
Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
Update and run weekly to keep your system clean
Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link
If you use on-line banking then as an added layer of protection install Trusteer Rapport
It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit
[*]Microsoft Windows Update
To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?Keep safe 
:o
Hi EssexBoy,
I’m also having a similar problem, but I fear I’ve actually made things worse by my lack of knowledge and my general impatience! I’m currently running ComboFix so I’ll let you know how it turns out. My PC is absolutely ancient - I believe around 8 years old actually but it’s been a great system and despite my using and abusing it with multiple downloads it’s continued to serve me well - until now. I fear my old pal will be heading for the bin. Do you think there’s any hope for me to fix it?!!
I do have a laptop which I’m currently using to type this so it’s not all bad. I’m just stubborn and don’t want to bin my old faithful!
Any thoughts?!!
Leon, please start your own thread if you want help.
Provide the logs as requested in that thread.
Thanks Eddy - did already.