Win32:Atraps-PF and Win64:Sirefef-A recurring problem

[brmeau]

Hello,

I downloaded the Farber Recovery Tool and have it saved on a flash drive.  I rebooted and am under the Advanced Boot Options but there is not a choice for System Repair.

[jeffce]

Did you try to use your Windows disk instructions or just the regular F8 button method?  If you did not try to use the Windows disk please try that set of instructions. 

[brmeau]

I apologize for that.  Yes, I had only tried the F8 method.  I have now used the Windows Install disk and the file is attached.

[jeffce]

Hi,

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt

Code: [Select]

4 vsserv;  [x]
C:\Users\Patrick\AppData\Local\{4cf4b664-1180-9b83-6774-88561b2659d8}

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system[/color]

On Vista or Windows 7: Now please enter System Recovery Options.
Run FRST and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

[brmeau]

Fixlog.txt is attached.

[jeffce]

Good job.  We have removed the worst part of it and hopefully there is not a lot of damage that was created by the infection.

Please download a new copy of ComboFix and see if you can get that to run.

[brmeau]

Thank you again for all of your efforts...I greatly appreciate it.  I apologize if I send too much info at times but I am just wanting to make sure that you know what is happening here.  With that in mind, I tried to download Combofix again in  Safe Mode but it would not let me (same exact issues as before).  I rebooted and went to normal desktop and for the first time I was able to click on my icon for Int. Exp. and it worked.  I went to download and got further than in Safe Mode.  I tried to download to C:\ but said that I did not have Adm. Priv., so, I put it in a user directory.  Once downloaded, I right clicked on the folder but there was not an option to Run as Administrator, so, I just ran it regularly.  As before I received the same warning message that Avast was running but I went ahead with the scan (Avast is still not appearing on my toolbar as being loaded).  After the Combofix rebooted the system and finished the report I tried to click on Int. Exp. icon again in normal mode but I am now locked out again from access.  So, I am currently back in Safe Mode to be able to send you the report.

[jeffce]

Hi,

Thanks for letting me know what is going on with your system.  Let me look over the new ComboFix log and I will return as quickly as I can. 

[jeffce]

Hi,

For the time being let's just do everything in Safe Mode with Networking.  I notice that you had Bitdefender on your system.  Do you use that any longer?

• Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:
  

Code: [Select]

ClearJavaCache::

RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]


• Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.
  
  
  
  
• Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  
• Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  
• ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
• When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
  

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
----------

Run a Quick Scan with OTL as well and attach that log to your next reply along with the ComboFix log.

[brmeau]

Ok, about Bitdefender, when I originally got these two viruses last week and the Avast program would not keep them in the chest and they kept recurring I purchased Bitdefender thinking that maybe it would work and quarantine my problems.  I loaded Bitdefender at the beginning of this week but it would never even scan.  I assumed that it was because the system was too infected but was not certain.  So, I have NEVER used Bitdefender.  This is when I then discovered this Avast forum and have been with you ever since.

Also, before I proceed with your last post how do I make certain that I disable any antivirus/malware programs?  I know that when I have run Combofix it keeps saying that Avast is running but I do not know how to bypass it in Safe Mode. 

[jeffce]

Hi,

Thanks for letting me know about BitDefender.  We will need to remove that shortly.
-----------

before I proceed with your last post how do I make certain that I disable any antivirus/malware programs?  I know that when I have run Combofix it keeps saying that Avast is running but I do not know how to bypass it in Safe Mode.

That warning is of no concern as Avast and ComboFix play nicely together.  Even if Avast is shut down, ComboFix is still picking up pieces of it that are there but won't create a problem. 

[brmeau]

I apologize, another question.  Does the CFScript.txt file go into the original Combofix or the second one that I renamed Vageta?  Just want to be sure.

[jeffce]

Put it into vageta.com    Good question.  As a matter of fact you can just delete the other one. 

[brmeau]

Ok..I deleted original Combofix.  I dragged CFScript.exe and it started gave me numerous error messages saying error saving erdnt files.  Then, received the same Avast warning message but chose to proceed.  The Combofix window box disappeared and has been sitting idle for quite some time.  Never rebooted and never created the new log file.

[jeffce]

Reboot and try it again.  Let me know what happens.  It might be wise to begin copying and saving all of your personal documents, pictures and music that you would like to be sure to keep.