I’ve picked up some sort of ‘Win32:Sirefef-PL [Rtk]’ infection. Between Malawarebytes, Tdsskiller, and Avast! I can usually rid myself of anything that comes up, but this one seems nasty. So I would appreciate some help.
Questions answered in order from the sticky.
Blocked first as Infection: Win32:Downloader-PKU [Trj]. Win32:Sirefef-PL [Rtk] detected in scanning. Can be deleted but returns as Trojan Horse Block repeatedly.
Unsure. Using Chrome. Browsing Tour de France streams.
Possibly fake flash install.
Infection: Win32:Downloader-PKU [Trj]. Object: c:\Windows\Installer.…\80000032.@. Action: Moved to chest. Process: C:\Windows\System32\services.exe
Download Combofix from either of the links below, and save it to your desktop. Link 1 Link 2
Note: It is important that it is saved directly to your desktop
If you get a message saying “Illegal operation attempted on a registry key that has been marked for deletion”, please restart your computer.
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
Right-Click and Run as Administrator on ComboFix.exe & follow the prompts.
When finished, it will produce a report for you.
[*]Please post the C:\ComboFix.txt for further review.
One quick question, am I advised to turn wifi (and hence internet) off before disabling antivirus/antispyware software and launching ComboFix? My instinct would be to turn off wifi to stop anything else getting in whilst antivirus/antispyware software is disabled. But I’m, of course, happy to follow you lead on this.
To update, I’ve tried again and this time ComboFox rebooted the machine with the status bar at just over halfway (rather than just going to the end and disappearing), and is now running a process on a blue screen (which seems more promising).
I see that you have Malwarebytes already on your computer. Please open Malwarebytes, update it and then run a Quick Scan. Save the log that is created for your next reply.
Please run a free online scan with the ESET Online Scanner [i]Note: You will need to use Internet Explorer for this scan[/i]
[*]Tick the box next to YES, I accept the Terms of Use
[*]Click Start
[*]When asked, allow the ActiveX control to install
[*]Click Start
[*]Make sure that the options Remove found threats is NOT selected and the option Scan unwanted applications is selected.
[*]Click Scan (This scan can take several hours, so please be patient)
[*]Once the scan is completed, you may close the window Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner[b]log.txt
[*]Copy and paste that log as a reply to this topic
Download Security Check by screen317 from here or here.
[*]Save it to your Desktop.[*]Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.[*]A Notepad document should open automatically called checkup.txt; please post the contents of that document.
