This is my first post and I have read other posts like this one but I thought I could fix it myself. I have done like 100’s of scans on avast and Malwarebytes and almost every time win32 malware gen, win64 sirefef and I am sure others keep popping up. It used to take about 30 minutes to start windows and the screen would flicker and freeze if I clicked on the desktop. My brother made a new user account as administrator and deleted the old account which it stopped freezing and moving my desktop icons around but it still says threat detected and something new Malicious URL blocked which avast didn’t say before. I think i got the virus when i had uninstalled avast then a update for adobe popped up which didn’t look like adobe but i installed it anyway which i shouldn’t of, after that a day later it started acting weird. I thought I removed some of the viruses but I guess i still have some of them on there still. I will attach a scan log from avast in my next post.

Thanks in advance

I will have to get the scan log log from malewarebytes instead of avast.

Full information (text or screenshot of avast alert) provides more information.

But that said - This probably needs further analysis by a malware removal specialist:
Go to this topic http://forum.avast.com/index.php?topic=53253.0 for information on Logs to assist in cleaning malware. Use the information about getting and using the tools and attach the logs here, not in the LOGS topic.

Here is my MBAM log

it seems you may have a Siref rootkit

we also need OTL and aswMBR log

Here is my OTL logs. Please tell me if it is in ANSI Format.

Monitoring 8)

logs are okay… if they look like chinese after you have attached, then it is wrong

Hi,
I will be working on your Malware issues

Step 1

Download AVZ Antiviral Toolkit from the following link:

http://support.kaspersky.com/downloads/utils/avz4.zip

[*] Extract the archive to a folder.
[*] Run AVZ (double click on
http://amf.mycity.rs/pg/images/avz.png
icon);

[*] Click on File > Custom Scripts ;

[*] In the new window that opens, Copy/Paste everything inside the field code:

begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
QuarantineFile('C:\Windows\Installer\{f4dec249-1611-dc04-6b1c-c94ea645e833}\U\00000008.@','');
DeleteFile('C:\Windows\Installer\{f4dec249-1611-dc04-6b1c-c94ea645e833}\U\00000008.@');
QuarantineFile('C:\Windows\Installer\{f4dec249-1611-dc04-6b1c-c94ea645e833}\L\00000004.@','');
DeleteFile('C:\Windows\Installer\{f4dec249-1611-dc04-6b1c-c94ea645e833}\L\00000004.@');
QuarantineFile('C:\Windows\Installer\{f4dec249-1611-dc04-6b1c-c94ea645e833}\@','');
DeleteFile('C:\Windows\Installer\{f4dec249-1611-dc04-6b1c-c94ea645e833}\@');
QuarantineFile('C:\Windows\assembly\GAC\Desktop.ini','');
DeleteFile('C:\Windows\assembly\GAC\Desktop.ini');
DeleteDirectory('C:\Windows\Installer\{f4dec249-1611-dc04-6b1c-c94ea645e833}\L');
DeleteDirectory('C:\Windows\Installer\{f4dec249-1611-dc04-6b1c-c94ea645e833}\U');
DeleteDirectory('C:\Windows\Installer\{f4dec249-1611-dc04-6b1c-c94ea645e833}');
DeleteFileMask('%Tmp%' , '*.*' , true) ;
BC_ImportDeletedList;
BC_Activate;
ExecuteSysClean;
RebootWindows(true);
end.

[*] Click the Run and wait to execute the script.

Step 2

Download ComboFix from here and save it to your Desktop.
If you are unsure how ComboFix works please read this guide carefully.
note: ComboFix must be downloaded to your Desktop.

Temporarily disable your AntiVirus program.
If you are unsure how to do this please read this Instruction.

How to disable avast:

[*]Right-click on the avast! icon in the lower right corner of the screen and choose Open Avast! User Interface.
[*]In the window that opens on the top right corner, click Settings.
[*]In a new window that opens, choose the option Troubleshooting, Uncheck Enable avast! self-defense, and click OK.

[*]Right-click on the avast! icon in the lower right corner of the screen and select avast! shield controls .
[*]In the menu that appears, choose Disable Permanently. When you are prompted to turn off security, click Yes.

Note: Do not forget to turn on this option after the cleaning.

Run ComboFix. Click on I Agree!
ComboFix will check if there is a newer version of ComboFix available.
Click Yes if prompted to download.
ComboFix will display DISCLAIMER OF WARRANTY ON SOFTWARE.
Click Yes to allow ComboFix to continue.
If Recovery Console is not installed, ComboFix will offer download & installation.
Click Yes to allow ComboFix to install Recovery Console.
Note:Do not mouse-click Combofix’s window while it is running.

When the tool is finished, it will produce a log report for you. (typical location: C:[b]ComboFix.txt[/b] )
Attach log reports ( ComboFix.txt) back to topic.

Finally here is my aswMBR log. Please tell me if I need to do anything else. in aswMBR it says fix MBR after I did the scan.

no … follow magna86 instructions

Finished running combo fix here is the log, but for some reason my laptop won’t connect to the internet now, I am having to use my brothers computer to post the log. do you have any guess for the reason why.

I don’t know if you got the Combofix log or not but here it is again.

if you have not done so…try a restart again

and relax…magna will be back.

I fixed my internet connection by uninstalling my network adapter then installing it again.

The laptop seems to be running a little slower and lagging after i ran combofix.

I really don’t know if there is is a time difference, or what but please tell me if you got the combo-fix log.

This is my first post.

Since updating Avast yesterday I am getting a Win32:Malware-gen infection messagge every 5 mins on C:/Windows/Installer. I also had to deactivate my PC Tools Firewall in order to have my internet connection up and running since the Avast update. I’ve runned ComboFix which seems to have gotten rid of the other 2 threats (Win64: Sirefef-A & Win64: Sirefef-AO).

Any ideas? I would appreciate your help.

Gaby25

This needs further analysis by a malware removal specialist:
Go to this topic http://forum.avast.com/index.php?topic=53253.0 for information on Logs to assist in cleaning malware. Use the information about getting and using the tools and start your own new topic and attach the logs there, not in the LOGS topic.

• Please create your own new topic, here http://forum.avast.com/index.php?board=4.0 in the viruses and worms forum (click the New topic button at the top of the page see image) and we will try and help you there.

@Pubbly
Step1

It is necessary to uninstall AVZ Antiviral Toolkit .

[*] Re-run [color=darkblue] AVZ (double click on
http://amf.mycity.rs/pg/images/avz.png
icon);

[*] The menu choose File > Scripts Standard ;

[*] In the window that opens check the 6 and click Execute Selected Scripts;

[*] Click Yes ;

[*] After the procedure you will receive notification: Script Executed ;

[*] Quit the program and delete the folder where is program.

Step2

Open notepad and copy/paste the text present inside the code box below:

Folder::
c:\programdata\QSLLPSVCShare

DirLook::
c:\users\J

ClearJavaCache::

RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)

Save this as CFScript.txt

http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif

Close all browser windows and refering to the picture above.

Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will will re-run. When finished, it will produce a log for you.
Attach the contents of the log in your next reply. (typical location: C:[b]ComboFix.txt[/b] )