Hi All,

I require your help to make my system malware free.

I had Windows Security Essentials installed on my Windows 7 (64 Bit) system. Suddenly last night, The Security Essential got disabled and my system rebooted after every 3-4 minutes. I tried running Security Essential in Safe Mode with Networking, but encountered the same behaviour.

Some how I managed to install Avast, now at least my system does not boot every 3-4 minutes however I am greeted with message “Threat has been detected” every 3-4 minutes

The detail of the threat is provided below :

Object : C:\Windows\Installer.…\80000000.@

Process : C:\Windows\System32\services.exe

Infection : Win32:Malware-gen

Action : Moved to Chest

I suspect that my system has Sirefef Y and B trojan however I was not able to remove it even after full scan of system with Avast.

Please help.

Regards

Puneet Jain

OTL Log File Part 1 attached

OTL Log File Part 2 attached

Did you uninstall MSE PRIOR to installing Avast?

How to uninstall MSE: http://support.microsoft.com/kb/2435760/

Having 2 AV’s on your system can cause conflicts and false positives and create havoc.

Yes I did uninstall the MSE before installing Avast.

What version of Avast are you using?
What product of Avast are you using?
What other security software do you have on this machine now and in the past?

Operating system: Windows 7 64-bit
Product: avast! Free Antivirus
Program Version: 7.0.1456
Definitions Version: 120707-1

I had MSE prior to Avast and currently have Windows Defender [Which is not working anymore, receiving the missing service error message] and Avast

I’m looking through your logs now.

What other problems are you having with your machine?

Windows Defender is no longer working and you have outdated software and browser as well, but these we can fix.

Nothing specific. Please let me know if you want me to update certain software and try again. I am able to browse the web apart from annoying popup.

What does the pop-up say?

I have notified Essexboy, the malware removal specialist to assist with your case. He is on UK time zone, and during the week comes on the forum late UK time; weekends he comes on earlier. Please follow his directions only and do not make any changes to your machine now that you have posted your logs.

Do not sync anything to your machine and if you are on a network disconnect this machine from the network. Try not to use the machine if possible until Essexboy cleans things up. Do you have any questions?

The popup is from Avast. As mentioned in the first post “Threat has been detected”. I will wait for the Essexboy.

Thanks for your assistance.

Hi there this is a new type so the first run will not kill it all the the main driver is not showing in OTL

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Download the attached fix.txt to your desktop

Run OTL

[*]Press Run Fix button at the top

https://dl.dropbox.com/u/73555776/OTL_Fix.GIF

[*]A dialogue will open
[*]Navigate to and select the fix.txt that you downloaded
[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

• IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

[*]Double click on ComboFix.exe & follow the prompts.
[*]Accept the disclaimer and allow to update if it asks

http://img.photobucket.com/albums/v706/ried7/NSIS_disclaimer_ENG.png

http://img.photobucket.com/albums/v706/ried7/NSIS_extraction.png

[*]When finished, it shall produce a log for you.
[*]Please include the C:\ComboFix.txt in your next reply.

Notes:

1. Do not mouse-click Combofix’s window while it is running. That may cause it to stall.
2. Do not “re-run” Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

Hello. I just had this infection happen to my system today. I found this forum by doing a google search. I would like to know how to repair this infection. I have never seen anything like this before where Avast didn’t just simply get rid of the error right away.

With mine Avast will report as a Trojan Horse Alert. “Threat has been detected” periodically, (like once every 4 minutes).

Infection type: Win64:Sirefef

also

Infection Type: Win32:atraps

I have read the instructions posted here by Essexboy and wondered where can I download the fix text file?

Hi the fix text will be different for each system

Could you create a new topic and attach the logs there, I will then create a fix

The alert is Avast stopping it from running

Also, let me ask has anybody else tried to search for this infection?

I mean the 80000000 file. I cannot seem to even find this “Windows/Installer…” area on my computer.
Has anybody else experienced this or is there something I am missing or doing wrong?

If you create your own topic I will answer the questions there, this is just cluttering up this thread ;D

Hi,

Please see the logs attached and advice.

Thanks puneetjain2710 and Essexboy I did start a topic about my problem. Thanks again for the help you have shared because currently I do not seem to be experiencing the threat any longer. ;D

Hmm that appeared to go quietly

How is the computer behaving now ?