Sirefef spyware

Viruses and worms
21

:slight_smile: second one

22

no problems as of yet. Keep you updated

23

spywere oh its very slower and lower disege of mial.i very accept fun of spywere and its bored our life >:(

24

OK I have found a protector driver for the protection driverā€¦ 'Tis almost like Russian dolls this latest variant

Once we are done I would like to have copies of the files for onward transmission to Avast for analysis. I will give instructions for that later

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:
File:: c:\windows\system32\drivers\pzrastpk.sys C:\Windows\SysNative\SE26mdfl.dll C:\Windows\SysNative\dds_trash_log.cmd

NetSvc::
zpaction

Driver::
pzrastpk
zpaction

Save this as CFScript.txt, in the same location as ComboFix.exe

http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exeWhen finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

25

Sorry , was away :slight_smile:

Here is the last log.

26

OK any outstanding problems ?

27

Looking good so far. just installed fresh version of Avast free.

Updated Java and installing windows updates as we speak.

Need more info/logs?

28

Nope ;D

If you are still happy tomorrow let me know and I will remove my rubbish and tidy up

29
'Tis almost like Russian dolls this latest variant
matryoshka doll
30

Ah thank you I knew there was a technical term but my Russian is about as good as my Spanishā€¦ Non - existant ;D

31

One small problem

Cant Install IE9

  • error 800F081E

Dont know if its related

32

Did you have IE9 on before or is this the first try at it ?

33

had it on before when i thought the pc cleaned up.

34

How did you uninstall it - as that is the code for a bad uninstall

35

I didnt uninstallā€¦

I installed it, then came across more spyware, which I deleted. This caused my Windows to BSOD :slight_smile: Had to repair it with a restore point and IE9 was gone again.

Didnt bother to re-install untill we started our spyware removalā€¦

36

Could you look in programs and features (control Panel) on the left select installed updates
See if you can locate IE9
If so then uninstall it

37

Its not there :frowning:

I think I can manage to repair this myself and its not really spyware related :stuck_out_tongue: so I guess your work is done.

Did a great job. Machine is running great!

Need to clean up anything?

38

I did find this as a way to force uninstall the old IE9

1.Locate the installer you used to install Internet Explorer 9 or download a new copy from Microsoft. (This procedure might not work if you use a different version than the one installed.)
2.Go to Start > All Programs > Accessories > Command Prompt.
3.Drag and drop the installer in the black box that appears and the path to it will automatically be entered to the console. (You can also cd to the location and enter the executable if youā€™re familiar with the Windows console shell.)
4.Add a space and the following to the command line: /X:c:\ie9
5.Now, type c:\ie9\ie9-win7.msu /uninstall and press Enter.

Windows Installer should now attempt to uninstall Internet Explorer. Once you are done, you can safely delete the c:\ie9 directory.

39

That doesnt create a MSU file. Just some CAB files

40

Also, I cant run any microsoft fix its.

Crashing with the following error :

microsoft automated troubleshooting services bootstrap has stopped working