Unable to repair, delete, or move to chest Win32:Sirefef-ZT [trj]

Earlier today avast blocked a malicious website. However, after running a quickscan, it has found one infected file. whenever I try to delete it or move it to the chest it says “Error: the specified file is read only (6009)” and when I try repairing it it says “Error: the process cannot access the file because it is being used by another process (32)”

I have also run Malwarebytes during and out of Safe Mode. It doesn’t find anything. I guess that means it’s not malware. But avast says it’s severity is high. I don’t really know what to do :-\

Error: the process cannot access the file because it is being used by another process (32)"
where is the file located?

can you attach a screen shot of the scan result

Here it is

since this is a Siref infection …a nasty rootkit that we have seen lots of infections from here for several weeks, i recomend Essexboy to have a look inside

follow this guide and attach logs from OTL and aswMBR
http://forum.avast.com/index.php?topic=53253.0

Monitoring

Here’s the one from Malwarebytes

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.30.02

Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking)
Internet Explorer 9.0.8112.16421
Owner :: OWNER-VAIO [administrator]

8/30/2012 8:52:45 AM
mbam-log-2012-08-30 (08-52-45).txt

Scan type: Full scan (C:|D:|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 313396
Time elapsed: 32 minute(s), 37 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

And OTL:

also attach aswMBR log

:

yepp aswMBR say you have Siref … Essexboy will remove it when he is back

OK this looks new, I will need to run another programme check first

[*] Download RogueKiller and save it on your desktop.
[*]Quit all programs
[*] Start RogueKiller.exe.
[*] Wait until Prescan has finished …
[*] Click on Scan

http://i1224.photobucket.com/albums/ee362/Essexboy3/RogueKiller/RGKRScan.png

[*]Wait for the end of the scan.
[*] The report has been created on the desktop.
[*] Click on the Delete button.

http://i1224.photobucket.com/albums/ee362/Essexboy3/RogueKiller/RGKRDelete.png

[*]The report has been created on the desktop.

[*]Next click on the ShortcutsFix

http://i1224.photobucket.com/albums/ee362/Essexboy3/RogueKiller/RGKRShortcutsFix.png

[*]The report has been created on the desktop.

Please post: All RKreport.txt text files located on your desktop.

It says it needs to restart. Is it okay if I do?

if rouge killer say so, yes

Essexboy is in bed now…but back tomorrow :wink:

:

OK 'tis different I will need to investigate the combofix log a bit deeper on completion

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

  • IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

[*]Double click on ComboFix.exe & follow the prompts.
[*]Accept the disclaimer and allow to update if it asks

http://img.photobucket.com/albums/v706/ried7/NSIS_disclaimer_ENG.png

http://img.photobucket.com/albums/v706/ried7/NSIS_extraction.png

[*]When finished, it shall produce a log for you.
[*]Please include the C:\ComboFix.txt in your next reply.

Notes:

  1. Do not mouse-click Combofix’s window while it is running. That may cause it to stall.
  2. Do not “re-run” Combofix. If you have a problem, reply back for further instructions.
  3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

I downloaded combofix but it saved to my downloads instead of desktop :confused: otherwise it just ran and it scanned and deleted some stuff, but now it won’t connect to the internet and an avast quickscan is taking a long time. I can’t attach the log since I can’t get on the internet on that computer. I’m borrowing someone’s right now.

Avast finished a scan and doesn’t find anything infected though.

Could you reboot please

To which point?

Ooops missed one post… Is the internet working now ?

I haven’t rebooted yet I’m not sure which point to restore to.