Sirefef-PL Removal

Hi guys! I’ve been having problems with my laptop about the said virus/malware. I got rid of the sirefef-ZT I think but still having problems with this one cause it slows down my laptop and I even try to end process the scvhost.exe a lot of times.

Here I am attaching the OTL and aswMBR logs.

malware removers are notified…

have you also run AdwCleaner and Malwarebytes… if so attach the logs

Hi,

Please download Malwarebytes AntiRootkit and save it to your desktop.
http://www.malwarebytes.org/products/mbar/

Full instructions how to use MBAR
http://www.bleepingcomputer.com/virus-removal/how-to-use-malwarebytes-anti-rootkit
Please note: This is a beta version so please be sure to read the disclaimer and note of it.

[*] Unzip/unrar MBAR in a folder to your Desktop
[*] Open the folder where the contents were unzipped to run mbar.exe

[*] Click on Next > then on Update button to download fresh definitions.
[*] When database updates click Next
[*] In the following window ensure “Targets” scan for Drivers; Sectors; System are ticked. Then select “Scan button”

[*] If an infection/s are found ensure “Create Restore Point” is checked, then select the “Cleanup Button” to remove threats.
Or if you are sure any entries should not be kept, just untick them. A list of infected files will be listed.

[*] The Clean up procedure will be Scheduled for process.
[*] When complete pop-up will show you. Select the Yes button and the system should re-boot to complete the cleaning process.

Please attach the two following logs from the mbar folder:

system-log.txt
and
mbar-log-year-month-day (hour-minute-second).txt.


Please download zoek.exe and save it to your desktop.

[*] Close any open browsers.

[*] Temporarily disable your AntiVirus program. (If necessary)
If you are unsure how to do this please read this or this Instruction.

[*] Double click on zoek.exe to run the tool .
Please wait while the tool does not start…

[*] Copy the text present inside the code box below and paste it into the large window in the zoek tool:



startupall;
filesrcm;
skipfix-iedefaults;
firefoxlook;
Chromelook;

[*] Click on Run script button
Please wait until a logreport will open (this can be after reboot)

[*] Save notepad to your Desktop and attach here zoek-results.log

Note: It will also create a log in the C:\ directory named “zoek-results.log

attaching adwCleaner & mbam logs.

i dont think that was the correct malwarebytes log as it is dated 2012. :wink:
anyway magna86 is already here and may not need it…

Oops I place the wrong log. Anyway, here it is.

mbar & system logs. :slight_smile:

zoek log attached.

whan was the last time you updated your Malwarebytes program?
as the database and program version shown in the log is from 2012

malwarebytes can have up to 10 updates a day…so always click the update button before you run a scan

Here’s the updated ver mbam log.

2nd aswMBR log after doing the step by step procedure magna86 posted.

Hi,
There is no need to re-run tools (aswMBR) that I have not asked. We are doing diagnostic & malware removal via specialized tool and scripting.

Re-run zoek.exe as you did before but you will use this script:

services.exe;z
bejbohlohkkgompgecdcbbglkpjfjgdj;chr
C:\Users\K-ANND~1\AppData\Local\Temp\crx1C1B.tmp;f
[-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BBE86E52-A75D-495B-B405-CC296F2BFAE8}];r
autoclean; 

Click on RunScript button. Attach here fresh zoek log.

zoek log new result.

How is your computer running now?

When I open it up, it took awhile for the startup to load for a mere 5-10 mins and I still have to end process the svchost.exe and it still shoots up to CPU Usage: 100%. The GUI seems to act weird cause it keeps changing to Windows 7 then to Windows Classic theme and vice-versa. What step should I do next?

Also, I am trying to update everything as of now and gonna check if this would run smoothly after.

Some updates…

It seems to run smoothly and and I’m on keen observation of it. GUI and Windows Firewall seems to work fine after updating and using Windows Repair software. The startup seems a bit slow but maybe it was the windows services that makes it sluggish but after that everything is normal.

Any logs needed and am I free from the malware/virus? Thanks!

Hi,
Logs look good…

The GUI seems to act weird cause it keeps changing to Windows 7 then to Windows Classic theme and vice-versa.
By description I would say problem in here is the video card or its related drivers. Not malware related.

Let’s run tool below for final system checking with another perspective.

Download ComboFix from here and save it to your Desktop.
If you are unsure how ComboFix works please read this guide carefully.
note: ComboFix must be downloaded to your Desktop.

Temporarily disable your AntiVirus program.
If you are unsure how to do this please read this or this Instruction.

How to disable avast:

[*]Right-click on the avast! icon in the lower right corner of the screen and choose Open Avast! User Interface.
[*]In the window that opens on the top right corner, click Settings.
[*]In a new window that opens, choose the option Troubleshooting, Uncheck Enable avast! self-defense, and click OK.

[*]Right-click on the avast! icon in the lower right corner of the screen and select avast! shield controls .
[*]In the menu that appears, choose Disable Permanently. When you are prompted to turn off security, click Yes.

Note: Do not forget to turn on this option after the cleaning.

Run ComboFix. Click on I Agree!
ComboFix will check if there is a newer version of ComboFix available.
Click Yes if prompted to download.
ComboFix will display DISCLAIMER OF WARRANTY ON SOFTWARE.
Click Yes to allow ComboFix to continue.
If Recovery Console is not installed, ComboFix will offer download & installation.
Click Yes to allow ComboFix to install Recovery Console.
Note:Do not mouse-click Combofix’s window while it is running.
If you see a message like “Illegal operation attempted on a registry key that has been marked for deletion” just restart computer once more.

When the tool is finished, it will produce a log report for you. (typical location: C:[b]ComboFix.txt[/b] )
Attach log reports ( ComboFix.txt) back to topic.