Author Topic: Please Help remove infection by Win64:Sirefef-A + Win32:Sirefef-AO  (Read 9675 times)

0 Members and 1 Guest are viewing this topic.

Vinsorama

  • Guest
Should I try to run Combofix in safe mode then?

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Yes run Combofix in safe mode.

Vinsorama

  • Guest
I've just did...and nothing happened :( I mean it went through the installation phase and then just dissapeared. I don't know how to start it or has it even been installed at all. I think not since it seems there's no trace of its files...

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Hmm OK lets run a clean boot and then run combofix from normal mode

Step 1:

Start the System Configuration Utility
Click Start, click Run, type msconfig, and then click OK.
The System Configuration Utility dialog box is displayed.

Step 2:

Configure selective startup options
In the System Configuration Utility dialog box, click the General tab, and then click Selective Startup.
Click to clear the Process SYSTEM.INI File check box.
Click to clear the Process WIN.INI File check box.
Click to clear the Load Startup Items check box. Verify that Load System Services and Use Original BOOT.INI are checked.
Click the Services tab.
Click to select the Hide All Microsoft Services check box.
Click Disable All, and then click OK.
When you are prompted, click Restart to restart the computer.

Step 3: Log on to Windows

If you are prompted, log on to Windows.
When you receive the following message, click to select the Don't show this message or launch the System Configuration Utility when Windows start check box, and then click OK.

Quote
You have used the System Configuration Utility to make changes to the way Windows starts.
The System Configuration Utility is currently in Diagnostic or Selective Startup mode, causing this message to be displayed and the utility to run every time Windows starts.
Choose the Normal Startup mode on the General tab to start Windows normally and undo the changes you made using the System Configuration Utility.

THEN

Now run combofix please

Vinsorama

  • Guest
Well the windows started up normally and there's no hangups this time.
But as for the Combofix the same thing as before happens. It starts says copying files...the green bar runs to completion and then...nothing at all.
which to be frank is not something which hasn't happened before...for instance some games I've tried long time ago acted in the same way. But I just removed them and didn't think about it. 

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
OK we will skip Combofix for now as I did not expect it to find anything...  Lets track down the programme that is hanging

Now we get to the tedious part,:

If windows behaves itself then do the following

Restart MSConfig and select half of the disabled services and reboot

Is the problem still present ?

If Yes then deselect half of the services that you resumed and reboot

If no then select half of the remaining services and reboot

The intention here is to isolate the one service/driver that is causing the problem

Vinsorama

  • Guest
OK. I've done that. I've enabled them all (except avast for which it claimed I have to be logged in as an administrator and it disappeared off the list after that) and it's working as good as it ever did. I can try to enable that too...from Safe mode I guess (since I can't seem to find how to log in as an admin...and I've given my only profile admin privileges anyway). 
But I guess that could be the problem then.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
No the problem may well be related to system restore, if you use that without disabling Avast self protection it can damage the programme

I would recommend that you do the following

Download a fresh copy of Avast to your desktop http://files.avast.com/iavs5x/avast_free_antivirus_setup.exe

Download aswClear to your desktop http://files.avast.com/files/eng/aswclear.exe

Uninstall Avast via add remove programmes
Reboot to safe mode and run aswClear

Reboot to normal mode and install Avast
I would also recommend that you update to SP3

Vinsorama

  • Guest
I've done all of that as you specified and nothing...the same problem. It's obviously some issue with Avast and interference with something else. To me it looks like everything hangs up after the network connection is starting to load in the Task bar tray.


Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Open the Avast GUI

Go to settings and set Avast to start after other services
And select I only connect using dial up

Vinsorama

  • Guest
OK. That changed very little.Avast has not loaded...it's still hanging up (task manager says access denied). And the Task bar is non existent, anything that you minimize just disappears and won't show up again (including the task manager) but is obviously still working in the background (Firefox asked to allow a cookie).

Vinsorama

  • Guest
I've played around with the system a bit (nothing too drastic :) ) and I think I've figured out what's the problem. Avast is apparently interfering with explorer.exe.
Anybody has any ideas how to take care of that? I like avast and I don't want to deinstall it if there's some soultion.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
What makes you think it is explorer ?

There appear to be a few cases where Avast and XP have problems, it looks like a conflict with other software but as of yet no common denominator has been found

 Could you run a clean boot again, but this time just keep Avast enabled... Is the problem still present ? 

Vinsorama

  • Guest
Because explorer runs the task bar. And I've tried ending explorer and then starting it up again from the run box, after that it works better and other applications (like firefox) will run. Although after a while it all breaks down again.

I've tried a clean boot with only avast (which causes the problem same as always)  and without only avast (in which case the task bar and everything else works normally). 
Plus I've been trying to remember since when is this happening: Since I've upgraded Avast to the newest version the other day trying to find a way to get rid of the rootkit it kept reporting. (And I'm still a little bit worried about that :P )

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
There is no sign of sirferfr on your system so you can rest assured on that

Have you tried a full uninstal/re-install of Avast using aswClear