At the beginning of the month, I received one of those fake antiviruses viruses, and I had since believed I deleted it. Using avast, Mbam, and a CCleaner, I had removed what i thought was the source, and thus ‘got rid of it.’
I scanned daily for about a week to ensure there was nothing to pop back up, and all seemed fine save for a few issues involving flash, and the Opera broswer. I have sense moved browsers, and thought my problems were solved until this afternoon when my computer started alerting me multiple times (and continues to do so) that a threat has been blocked.
After scanning the infected folder that said threats were in, I have found the following viruses.
Win32:Sirefef-pl [Rtk] within C:\windows\assembly\Gac_32\destop.ini and within …\Gac_64\desktop.ini
I have been alerted by a friend that is is a potentially severe issue, and that i should consult this forum.
Here are the OTL files for starters. I will post/edit with the Mbam log here soon, once Mbam’s scan is complete.
Due to fear of the severity of the Rootkit and the Trojan downloader, Along with no mods/admins/support on at the time of this post… I have deleted both rootkits in avast, and deleted the trojan downloader in Mbam. The infected machine is running avast’s boot scans. I am hoping that this is the end of Sirefef-pl, but i’ve been wrong before. any assistance involving removing unpacked files, or anything involving any rejuvenation of the deleted files would be appricated.
I have decided to format my machine to fully root out the issue, based on the warning that Jeffce has had with the users that have similar issues.
I do not fault avast or the message board’s user-base for a lack of reply, actually I appreciate all the information already logged here. Keep up the good work.
I do not fault avast or the message board's user-base for a lack of reply
all the helpers here do it on there own free time.....so consider family life / work / sleep and timezone issues
so when seeking help in a forum you need to be patient