win7 win64:sirefef-a, win32:sirefef-ao and win32:malware-gen

Viruses and worms
1

Please help cleaning win64:sirefef-a, win32:sirefef-ao and win32:malware-gen. logs attached.
aswMBR still runing.

2

last logs

3

Malware remover is notified…it may take several hours before he arrive

4

Before we start go to my skydrive (click the globe under my avatar) and download the zip file with your name on it to your desktop
Extract all four registry files to the desktop
Right click each in turn and select Merge
Accept the warnings

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

  • IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

[*]Double click on ComboFix.exe & follow the prompts.
[*]Accept the disclaimer and allow to update if it asks

http://img.photobucket.com/albums/v706/ried7/NSIS_disclaimer_ENG.png

http://img.photobucket.com/albums/v706/ried7/NSIS_extraction.png

[*]When finished, it shall produce a log for you.
[*]Please include the C:\ComboFix.txt in your next reply.

Notes:

  1. Do not mouse-click Combofix’s window while it is running. That may cause it to stall.
  2. Do not “re-run” Combofix. If you have a problem, reply back for further instructions.
  3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

5

it almost how it’s running. And it shows “completed stage_43”. Its very slow, because cpu load is 100% from win boot up. Mainly from services.exe.

6

“completed stage_48” and no more action all night. what to do next?

7

it found that proceses.exe is infected and can’t restore it. then program shutsdown and nothing happens.

8

so is it posible to do something without combofix log? becouse its not working stable.

9

Yes could you re-run OTL with the following scan and I will try to replace the file in question

/md5start
process.*
/md5stop