Author Topic: Win32:Sirefef-zt - Services.exe infection (Read 3225 times)

cellorum · « **on:** March 28, 2013, 06:33:04 PM »

Hi,
I have this trojan for some time now, logs attached.

Thanks for the help.

magna86 · « **Reply #1 on:** March 28, 2013, 06:36:22 PM »

Hi,

You have been running Combofix. Attach c:\combofix.txt report.

cellorum · « **Reply #2 on:** March 28, 2013, 06:53:49 PM »

Combofix attached

magna86 · « **Reply #3 on:** March 28, 2013, 07:05:21 PM »

- Again, disable antivirus as before.
-Open notepad and copy/paste the text present inside the code box below:

Code: [Select]


FCopy::
c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe|c:\windows\system32\services.exe
ClearJavaCache:: 
DirLook::
C:\xno

Save this as CFScript.txt

Close all browser windows and refering to the picture above.

Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will will re-run. When finished, it will produce a log for you.
Attach the contents of the log in your next reply. (typical location: C:\ComboFix.txt )

magna86 · « **Reply #4 on:** March 28, 2013, 07:46:45 PM »

bump!

cellorum · « **Reply #5 on:** March 28, 2013, 08:31:15 PM »

Attached the new ComboFix.txt

magna86 · « **Reply #6 on:** March 28, 2013, 08:48:45 PM »

It is necessary to uninstall ComboFix :

Click Start (or ) then Run.

On Windows7 or Vista you may use Start Search field if Run is not available.
In the line of text type in (Copy) the following:

Code: [Select]

ComboFix /Uninstall

Note that there is a space between " ComboFix " and " /Uninstall " .

then click OK (or press Enter ).

Wait for the uninstall process is complete.

**************

How's your computer running now?

cellorum · « **Reply #7 on:** March 28, 2013, 08:57:54 PM »

Great!!! The trojan is gone!!

Thank you very much!!!

ComboFix uninstalled, thanks again!!!!

magna86 · « **Reply #8 on:** March 28, 2013, 08:59:53 PM »

Nice.

> Re-run OTL and click on CleanUp! button.

You will be asked to reboot the machine to finish the cleanup process, choose Yes.
After the reboot all the tools we used should be gone.
Note: Some more recently created tools may not yet be removed by OTL. Feel free to manually delete any tools it leaves behind.

-------------------------

I recommended to keep Malwarebytes and to use MCShield if you will.

You may download MCShield from one of the following links:

MyCity - Official download link
Softpedija - Mirror download link

It will prevent infection by computer via USB flash drive, mobile phone or any other memory card.
And not only will prevent infection, but it will immediately clean flash drive, memory card or external HDD.

-----------------------

Related for ComboFix, please read this info. Do not deploy CF without supervision.

http://www.techsupportforum.com/1829551-post6.html

http://www.bleepingcomputer.com/forums/topic273628.html

cellorum · « **Reply #9 on:** March 28, 2013, 09:26:58 PM »

MCShield now installed and running.
About ComboFix... yeah, I read the warning AFTER using it, my bad...

Thanks again!!!!

Author Topic: Win32:Sirefef-zt - Services.exe infection (Read 3225 times)

cellorum

Win32:Sirefef-zt - Services.exe infection

magna86

Re: Win32:Sirefef-zt - Services.exe infection

cellorum

Re: Win32:Sirefef-zt - Services.exe infection

magna86

Re: Win32:Sirefef-zt - Services.exe infection

magna86

Re: Win32:Sirefef-zt - Services.exe infection

cellorum

Re: Win32:Sirefef-zt - Services.exe infection

magna86

Re: Win32:Sirefef-zt - Services.exe infection

cellorum

Re: Win32:Sirefef-zt - Services.exe infection

magna86

Re: Win32:Sirefef-zt - Services.exe infection

cellorum

Re: Win32:Sirefef-zt - Services.exe infection