Win32:Srefef-AII (Rtk)

Working on the processes suggested for this forum. After running Malwarebytes and doing a restart, I got a blue screen twice. I am now running in Safe Mode with Networking. Upon restart I got this window There was a problem starting C:Program Data\malwarebytes\malwarebytes’ Anti-Malware\cleanup.dll The specified module could not be found. That is when I did the restart in Safe Mode.

I have aquired this Toshiba laptop running windows 7. I have been working at getting it operational. At first it almost seemed as if it was a bad harddrive. I have no info on this system so if we need to do a complete wipe of the disk and start over that is no problem at all.

Thanks again!

Since you do not have anything on it that you don’t want to loose, I strongly suggest you do either a factory restore or a clean install of a os of your choose.

As far as the hard-drive, the manufacturer will have a diagnostic utility for it.
I suggest to use that before doing a factory restore/clean install.
Just to make sure it is working as it should.
Also have/run memtest to test the memory.

Ok, it will take some time. But at least you will know that both hd and memory are working as they should.

Thank you Eddy! Do I do a google search to find the Toshiba Diagnostic Utility and the same for the factory restore/clean install?

@ Busymama62
If you wish, me may check here and now for HDD sectors if you will? Also, logs shows active ZeroAccess rootkit. We can remove that if you wish?
Tell me how you wish to proceed?

Magna86 both of those options sound great to me. I remember doing a complete wipe etc of a Dell laptop I had years ago and I just remember it took a long time and several long phone calls with their tech. support. So just tell me how to proceed. Thank you!

Eddy advice is perhaps the most secure solution. Fresh system install and hardware testing is always a good solution.

On the other hand, I can provide you a detailed analysis of the system and cleaning of active malware which can possibly solve other problems that you have with your computer.

Let’s first remove malware and clean this software from junk …

Step#1

  1. Please download ComboFix by sUBs from here and save it to your Desktop.
    If you are unsure how ComboFix works please read this guide carefully.
    Note: ComboFix must be downloaded to your Desktop.

  1. Temporarily disable your AntiVirus program, usually via a right click on the System Tray icon. They may interfere with Combofix.
    If you are unsure how to do this please read this or this Instruction.

Instructions how to disable avast:

[*]Right click on the avast! system tray icon (
http://www.mcshield.net/pg/images/avast5.png
) in the lower right corner of the screen and scroll up to avast! shield controls;
[*]In the menu that appears, choose Disable Permanently. When you are prompted to turn off security, click Yes.

Note: Do not forget to turn back on this option after the cleaning by choosing avast! shield controls > Enable all shield options.


  1. Run ComboFix. Click on I Agree!

[i][size=7pt]- ComboFix will display DISCLAIMER of warranty on software.
By clicking I Agree ComboFix shall continue.

  • ComboFix will check if there is a newer version of ComboFix available.
    Click Yes if prompted to download.[/size]
    -If Recovery Console is not installed, ComboFix will offer download & installation.
    Click Yes to allow ComboFix to install Recovery Console.
  • ComboFix will scan your computer in stages, total of 50 stages.
    Do not mouse-click around while ComboFix is running.
    Note:If you see a message like “Illegal operation attempted on a registry key that has been marked for deletion” just restart your computer.
    [/i]

  1. When the tool is finished, it will produce a log report for you. (typical location: C:[b]ComboFix.txt[/b] )
    Attach log reports ( ComboFix.txt) back to topic.

Step#2

Download TDSSKiller and save it to your desktop

Execute TDSSKiller.exe by doubleclicking on it.
Confirm “End user Licence Agreement” and “KSN Statement” dialog box by clicking on Accept button.

[*] Press Start Scan
[*] If Suspicious object is detected, the default action will be Skip, click on Continue.
[*] If Malicious objects are found, select Cure.

Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt

Please post the contents of that log in your next reply.

Step#3

Post me fresh OTL log.


How to test HDD sectors:
This can be done later, has nothing to do with Malware Cleaning progress…

Download MHDD utility from here:
MHDD download link

Unpack and burn to disk as ISO (bootable) …
Boot MHDD from disk ( in the same way as Live CD )

[*] When you load the file select option 1
[*] When the menu appears, select the disk that you’ll scan

Type in:

scan

…and hit enter

[*]In the next menu, click F4
[*]It will begin HDD scanning, allow him to finish scan.

If there is more than 3 inputs in the district UNC X then your hard disk is damaged.

I do not have the option of disabling Avast in Safe mode. Do I continue with Combofix? I am concerned that I would have a lot of difficulty with Eddy’s suggestion. Also, Not sure if I would have to pay for tech support with Toshiba. Since we did not pay for thes laptop I don’t think we want to put money in it until we know for sure it can be fixed. Thanks!

Hi,
Sorry, can you please verify this, that is to explain to me? Is this your personal computer or company computer? Who are the “we”?

Also, Not sure if I would have to pay for tech support with Toshiba. Since [b]we[/b] did not pay for thes laptop I don't think [b]we[/b] want to put money in it until we know for sure it can be fixed. Thanks!

Sorry, I guess I should have given more details. We clean rental properties as part of our business. My husband found a briefcase type bag and brought it home. I discovered the laptop. We waited about 10 days for someone to call the office and claim it. We felt that it had been long enough to boot the laptop yesterday. Once I did finally get it to boot, I looked thru some files etc. and it appears that nothing has been added since 2012. The majority of the time someone leaves the properties that we clean they just leave items they no longer want. Some we trash, some we sell at a yard sell and yes some items we use.

http://support.toshiba.com/support/viewContentDetail?contentId=2737864

I would say that you should keep follow Eddy’s advice.

Thank you! Have printed the instructions from my desk top and will start on the process in a few moments.

It appears that the Harddrive is starting to fail. I will do more research tomorrow if I can and see if we will replace it or not. I doubt it is under warranty but you never know.

Thank you all for your help!
Linda