Back on Sunday, April 1st, I discovered via a scan with SAS, my computer had picked up a Trojan (the Sirefef variety). [i](The computer was not displaying any odd behavior. The scan is just something I have a habit of doing 2 or 3 times each day...especially after spending time on the Internet).[/i] Although SAS removed some of it, this trojan somehow managed to:
1. Disable Avast’s Web Shield & Mail Scanner functions - and I was unable to restart them. 2. It prevented ANY access to the Internet with either Firefox or IE8.
Subsequent scans with Avast, SAS & MBAM came up clean, both in Normal Mode & Safe Mode. I tried System Restore back to a period 7 days earlier, to no avail. From what I saw in the SAS log, this trojan managed to delete out the ipsec.sys file. Two registry keys and 1 file on the HD (in C:\WINDOWS…) were listed as being affected as well.
Since this is the only computer I have, there was no option but to take it to a repair shop to get it fixed. (Without Internet access, I obviously could not obtain needed help here in the forums).
My question is this: Are there some methods I can use to neutralize this type of infection if it should occur again…and I am unable to access the Internet?
The repair shop’s charge was just over $123.00 to resolve the problems caused by this trojan. Living on a very limited fixed monthly income as I do…that $123.00 is a LOT of money to me. I must say also…I’m rather surprised this trojan was able to disable the two aforementioned parts of the Avast AV (free version).
Unfortunately, every time I attempted to get on the Internet, all I got was the typical page which said, "Internet Explorer cannot display the page." Even while using Safe Mode with Networking, the result was the same. If I had been able to get on, I would have posted about the issue here.
*By the way…would there be any advantage to having my ISP install a router (which has a hardware firewall)? I.E. would that provide some improvement in security enhancement in addition to my Outpost Firewall Pro?
Blow-out and vacuum inside
Advanced Diagnostic plus exam
Dell 3000
Boots ok
Ran ComboFix - removed 3, replaced missing ipsec.sys file
Rootkit check = 0
DTF
Disabled unnecessary programs in start-up
Uninstalled Bing Bar, CP
Ran malware cleaning programs
You’re right about it being a shame I don’t have a 2nd computer around. I have no doubt the problem I had could have been resolved in no time had I been able to get on the Internet & come here!
There seems an important message and essential information to victims that you give here. In case of particular infections it is not advisable to run certain anti-malware programs because they could do more harm than good. Can you add this information in a sticky here in the “virus and worms”, so victims can take good notice of it. This thread seems to demonstrate how vital this information can be.
I agree. One of the advice I give, in the Spanish Forum to members complaining of an infection, is not to touch anything that Avast!, SAS or even MBAM find, and even less to use or clean temps files. I send them here if they know Inglish or to InfoSpyware in Spanish.