Yesterday at some point, avast started detecting Win32:Sirefef-BTT & Win32:Malware-gen over and over. It says it moved it to the chest but it keeps detecting it. I read a portion of “What to do if a file is infected” and did a scan of the particular file and it did detect it again. It is the File System Shield alert that pops up and it is usually 3 to 4 alerts simultaneously. I went to the next step which is the virus total scan but the link is broken. So then I typed the names of the virus in Google and decided it was just best to get help here…so help please! I don’t know if this helps any, but here are some screenshots of what avast has detected.
ollow this guide and attach logs…not copy and paste http://forum.avast.com/index.php?topic=53253.0
run in order listed
AdwCleaner / Malwarebytes / OTL / aswMBR
when done, malware experts will be notified and help you
when finish, all tools used will be removed
Latest version … Also run this analysis programme please
Please download Farbar Recovery Scan Tool and save it to your Desktop.
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
[*]Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will produce a log called FRST.txt in the same directory the tool is run from.
[*]Please copy and paste log back here.
[*]The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
It won’t let me download AdwCleaner…giving me this message
That is part of it go direct to FRST if you cannot download it from the main site I will put a copy in my dropbox for you … In fact I will do that now
Be right back
64 bit https://dl.dropboxusercontent.com/u/73555776/FRST64.exe
32 bit https://dl.dropboxusercontent.com/u/73555776/FRST.exe
Tried direct from FRST and your dropbox…I’m getting the same message. Sorry, not very good at this stuff.
Can you download it on another computer and transfer it across by USB drive ?
I have just renamed them see if they will download
https://dl.dropboxusercontent.com/u/73555776/winlogon.exe
https://dl.dropboxusercontent.com/u/73555776/winlogon64.exe
The renamed version did not work either. Unfortunately I cannot download it on another computer and transfer
Are you able to restart in safe mode with networking ?
yes, I was able to…try to download again?
Yes try from there as this one links to windows defender which should be inactive
still won’t let me
Can you download OTL ?
Download OTL to your Desktop
Secondary link
[*]Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
https://dl.dropbox.com/u/73555776/OTL_Main_Tutorial.gif
[*]Select All Users
[*]Under the Custom Scan box paste this in
netsvcs
BASESERVICES
%SYSTEMDRIVE%*.exe
/md5start
services.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
dir “%systemdrive%*” /S /A:L /C
CREATERESTOREPOINT
[*]Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
[*]When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
[*]Post both logs
it won’t let me do that either
Hmm this is a much more aggressive variant. From safe mode can you run task manager and stop all processes apart from explorer
Do you have your windows CD as we could use that ?
What version of windows do you have ?
I have stopped all processes apart from explorer…have windows 7, came already installed. If I had a disc, I can’t find it now (of course!)
OK I am now trying to out think this beast on the fly … Next please do the following
Go start and in the search box type Msconfig
Right click the file that appears and select run as administrator
Go to the services tab and remove the tick from windows defender
Ok out and exit without restart
Then go Start > All Programs > Accessories
Right click command prompt and select run as administrator
In the black box that open type the following command and then press enter :
net stop WinDefend
Now try a download of FRST
Am I missing something? Windows defender is not in the list??
Could you proceed with the net stop command please. Do you use Microsoft security essentials ?
Could you run the following additional command from the command prompt :
net stop *etadpug