Avast notified me of a win32 sirefef-A virus that it had moved to the chest.
I am following the general guidelines here: http://forum.avast.com/index.php?topic=53253.0
Attached are the logs.
aswMBR Log.
21:40:06.875 File: C:\Documents and Settings\All Users\Application Data\AVAST Software\Avast\arpot\TEMP\01CD3F47FA31C5EA **INFECTED** Win32:Aluroot-C [Rtk]
this could be a problem…something is in avast folder…jeff notified 
Hi and welcome.
Please double click the aswMBR icon to run it.
Vista and Windows 7 users right click the icon and choose “Run as administrator”.
[*]Click the Scan button to start scan.
[*]When scan finishes, press the Fix Button. Once the Fix is done, press the Save Log button and save the log to your desktop. You need to reboot your computer when its done before you do anything else, then post the log that will be on your desktop.
http://i1190.photobucket.com/albums/z454/Blottedisk/aswMBRfix-1.png
Click the image to enlarge it
Fix is not an option. FixMBR is executable, but Fix is greyed out.
Thanks for the help.
Hi,
Ok…do the following…
Please download TDSSKiller.zip
[*]Extract it to your desktop
[*]Double click TDSSKiller.exe
[*]when the window opens, click on Change Parameters
[*]under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
[*]click OK
[*]Press Start Scan
[*]Only if Malicious objects are found then ensure Cure is selected
[*]Then click Continue > Reboot now
[*]Attach the log in your next reply
[*]A copy of the log will be saved automatically to the root of the drive (typically C:)
To be clear:
One “Threat Detected” however the dropdown menu lists: Skip, copy to quarantine, or delete. There is no “cure” option. Which should I select?
Thanks!
Could you attach the log please so that I can see what the file is?
Pardon, I thought you wanted me to “cure” before attaching logs. Thanks.
Hi,
Good job.
Please read through these instructions to familarize yourself with what to expect when this tool runs
Download ComboFix from one of these locations:
* IMPORTANT !!! Save ComboFix.exe to your Desktop
[*]Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : How to Disable your Security Programs
[*]Double click on ComboFix.exe & follow the prompts.
[*]As part of it’s process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it’s strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
[*]Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it’s malware removal procedures.
http://img.photobucket.com/albums/v706/ried7/RCUpdate1.png
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
http://img.photobucket.com/albums/v706/ried7/RC2-1.png
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1.Do not mouse-click Combofix’s window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer’s settings, including making I-E the default browser.
3. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
Perhaps a silly question. I’ve been running the diagnostic tools in safe mode with networking. Should I continue to do so when I run ComboFix or boot windows normally? Thank you.
Hi,
If you are able to run ComboFix in Normal Mode please do so…if not you can do so in Safe Mode.
Ran just fine in normal. Log attached. Thank you.
Quick question…are you aware your system is set to work with a proxy server?
It is not.
Hi,
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
[*]Double-click SystemLook.exe to run it.
[*]Copy the content of the following codebox into the main textfield:
:filefind
sndvol32.exe
[*]Click the Look button to start the scan.
[*]When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
[/list]Note: The log can also be found on your Desktop entitled SystemLook.txt
[list]
[*]Please open Notepad (Start → Run → type notepad in the Open field → OK) and copy and paste the text present inside the code box below:
ClearJavaCache::
DDS::
uStart Page = hxxp://www.yahoo.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"27750:TCP"=-
"2078:TCP"=-
"21:TCP"=-
"1172:TCP"=-
"5000:UDP"=-
[*]Save this as CFScript.txt and change the “Save as type” to “All Files” and place it on your desktop.
http://img.photobucket.com/albums/v706/ried7/CFScriptB-4.gif
[*]Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause “unpredictable results”.
[*]Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
[*]ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
[*]When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix’s window while it is running. That may cause it to stall.
In your next reply please attach the logs made by SystemLook and ComboFix.
Logs attached.
When I dragged the CFScript.txt file onto ComboFix, ComboFix asked if I wanted to upgrade, which I did. It then rebooted and began the process, but I am not sure if that included the command associated with the CFScript.txt file as you had intended. Please let me know if not and I will perform again. Thank you.
Hi,
[*]Please open Notepad (Start → Run → type notepad in the Open field → OK) and copy and paste the text present inside the code box below:
ClearJavaCache::
FCopy::
C:\WINDOWS\system32\dllcache\sndvol32.exe | c:\windows\system32\sndvol32.exe
Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1171:TCP"=-
[*]Save this as CFScript.txt and change the “Save as type” to “All Files” and place it on your desktop.
http://img.photobucket.com/albums/v706/ried7/CFScriptB-4.gif
[*]Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause “unpredictable results”.
[*]Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
[*]ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
[*]When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix’s window while it is running. That may cause it to stall.
Log attached.
Hi,
Malwarebytes
I see that you have Malwarebytes already on your computer. Please open Malwarebytes, update it and then run a Quick Scan. Save the log that is created for your next reply.
Please run a free online scan with the ESET Online Scanner
[i]Note: You will need to use Internet Explorer for this scan[/i]
[*]Tick the box next to YES, I accept the Terms of Use
[*]Click Start
[*]When asked, allow the ActiveX control to install
[*]Click Start
[*]Make sure that the options Remove found threats is NOT selected and the option Scan unwanted applications is selected.
[*]Click Scan (This scan can take several hours, so please be patient)
[*]Once the scan is completed, you may close the window
Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner[b]log.txt
[*]Copy and paste that log as a reply to this topic
In your next reply please attach the logs made by Malwarebytes and ESET online scanners.