Win 7 Security 2012 Keeps Coming Back

Hi all,

I was infected with this malware just before XMAS. I returned and executed some resolution instructions from bleepingcomputer.com (twice now) (registry fix, malwarebytes, etc.) Each time I run the fix, it appears to work, yet the malware keeps coming back. It’s now back a third time.

I’ve been running Avast for years now with total protection and am up to date on everything. Tonight the malware resurfaced AGAIN when watching a Youtube video and shortly after AVAST intercepted something.

The message / capture from AVAST:

Name: consrv.dll
C:\Windows\System32
Virus: Win32:Sirefef-HO [RTK]

I’m running Windows 7 (64 bit)

Clearly what I’m doing isn’t solving the problem, so before I go any further, I thought I would send up a distress signal.

One other thing. I tried to activate my Windows Firewall this a.m. and that was failing, which I suspect is someway linked to this same problem. Whatever is on the machine is shutting down key services (?).

It would be great to fix everything. I’m anticipating needing to post some log files, yet not sure where to begin.

Assistance will be GREATLY appreciated.

I suggest you buy Malwarebytes Pro and run it in real time.

OA fw would also be good to do.

Why doesen’t Avast fix it? Isn’ that what we’re paying for?

Thanks. What’s ‘OA fw’?

no security program have 100% detection…but if you can give them the sample of this ?

Fake antivirus overwhelming scanners
http://news.techworld.com/security/3203072/fake-antivirus-overwhelming-scanners/

I was infected with this malware just before XMAS. I returned and executed some resolution instructions from bleepingcomputer.com (twice now) (registry fix, malwarebytes, etc.) Each time I run the fix, it appears to work, yet the malware keeps coming back. It's now back a third time.
i suggest you follow Essexboys guide so he can have a look inside

http://forum.avast.com/index.php?topic=53253.0

attach all logs…lower left corner > additional options > attach

That appears to be the zero access malware… Not even Kaspersky stops this one, in fact I have seen all AV’s infected by this

The aswMBR and OTL logs will confirm the variant

Tonight the malware resurfaced AGAIN when watching a Youtube video and shortly after AVAST intercepted something.
What browser were you using? Do you use FlashPlayer plugin?

Here is an interesting read from Facebook on how you can get infected by uTube/Facebook. The issue is not uTube/Facebook per se but the site hosting the uTube video:http://www.facebook.com/notes/webwiser-inc/youtubefacebook-virus/391033746224

Now a legit question is why Avast web shield is not catching this stuff before the download?

torrent download of a prior Howard Stern clip, thinking the P2P connection 'opened the door'.
Your on the tight track here. You must realize that any public P2P fileshareing is dangerous. I really can't understand why the younger generation of PC users really won't accept this. If one does P2P filesharing, they really have to "hardened" their system especially in the firewall and file access areas. Better yet create a virtual machine if you have hardware resources to support it and do your P2P stuff from the VM.

Thank God at least Limewire is out of business. :slight_smile:

Online Armor Firewall Run Malwarebytes Pro along side avast! in real time.