Avast WEBforum

Other => Viruses and worms => Topic started by: Wrrrtw on July 23, 2012, 04:02:21 AM

Title: Threat Win32:sirefef_Pl [Rtk]
Post by: Wrrrtw on July 23, 2012, 04:02:21 AM

Hello.

At the beginning of the month, I received one of those fake antiviruses viruses, and I had since believed I deleted it.  Using avast, Mbam, and a CCleaner, I had removed what i thought was the source, and thus 'got rid of it.'

I scanned daily for about a week to ensure there was nothing to pop back up, and all seemed fine save for a few issues involving flash, and the Opera broswer.  I have sense moved browsers, and thought my problems were solved until this afternoon when my computer started alerting me multiple times (and continues to do so) that a threat has been blocked.

After scanning the infected folder that said threats were in, I have found the following viruses.

Win32:Sirefef-pl [Rtk] within C:\windows\assembly\Gac_32\destop.ini and within ...\Gac_64\desktop.ini

I have been alerted by a friend that is is a potentially severe issue, and that i should consult this forum.

Here are the OTL files for starters.  I will post/edit with the Mbam log here soon, once Mbam's scan is complete.

Edit: OTL Extras

Title: Re: Threat Win32:sirefef_Pl [Rtk]
Post by: Wrrrtw on July 23, 2012, 05:02:58 AM

Double post

Here's the AswMBR.txt

EDIT
And i've added the Mbam log.

Due to fear of the severity of the Rootkit and the Trojan downloader, Along with no mods/admins/support on at the time of this post... I have deleted both rootkits in avast, and deleted the trojan downloader in Mbam.  The infected machine is running avast's boot scans.  I am hoping that this is the end of Sirefef-pl, but i've been wrong before.  any assistance involving removing unpacked files, or anything involving any rejuvenation of the deleted files would be appricated.

Title: Re: Threat Win32:sirefef_Pl [Rtk]
Post by: Wrrrtw on July 23, 2012, 09:54:27 AM

I have decided to format my machine to fully root out the issue, based on the warning that Jeffce has had with the users that have similar issues. 

I do not fault avast or the message board's user-base for a lack of reply, actually I appreciate all the information already logged here.  Keep up the good work.

Title: Re: Threat Win32:sirefef_Pl [Rtk]
Post by: Pondus on July 23, 2012, 01:00:45 PM

Quote

I do not fault avast or the message board's user-base for a lack of reply

all the helpers here do it on there own free time.....so consider family life / work / sleep and timezone issues
so when seeking help in a forum you need to be patient