Author Topic: Win32:sirefef-Pl [Rtk] Question  (Read 3734 times)

0 Members and 1 Guest are viewing this topic.

Offline the_airwarrior

  • Newbie
  • *
  • Posts: 11
Win32:sirefef-Pl [Rtk] Question
« on: July 05, 2012, 01:37:11 AM »
Ok I was surfing, clicked on a page, and then Avast blocked a trojan and moved it to sandbox, Avast said it didn't harm my computer, but I ran a scan. It came out clean, but I ran a boot scan JIC, and it found the Sirefef virus. I tossed it in the chest, ran a couple of more scans and it says everything is clear. I just wanted to double check and see if there is everything else I needed to do.

Offline the_airwarrior

  • Newbie
  • *
  • Posts: 11
Re: Win32:sirefef-Pl [Rtk] Question
« Reply #1 on: July 05, 2012, 01:47:46 AM »
I looked for the log  and can't find it, but I took a screen shot, hope this helps. Also, I have not experienced any problems like popups or crashes, Avast said it blocked it, and everything seems fine I am just checking to make sure I don't have a problem.

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37014
Re: Win32:sirefef-Pl [Rtk] Question
« Reply #2 on: July 05, 2012, 01:56:28 AM »
if you suspect infection.....go to the virus and worms section...create a topic where you attach the logs from this guide
http://forum.avast.com/index.php?topic=53253.0

Offline the_airwarrior

  • Newbie
  • *
  • Posts: 11
Re: Win32:sirefef-Pl [Rtk] Question
« Reply #3 on: July 05, 2012, 04:18:23 AM »
I did run malwarebytes and it said it is clean, so that and avast saying it is clean (boot scan and deep scan) I think everything is ok. I guess I am being paranoid. Would that otl do anything that might verify that the other two are right?

Offline iroc9555

  • CCS, Vzla.
  • Avast Überevangelist
  • Starting Graphoman
  • *****
  • Posts: 7460
  • No soporte por PM.
Re: Win32:sirefef-Pl [Rtk] Question
« Reply #4 on: July 05, 2012, 04:23:16 AM »
OTL and aswMBR will indicate if you're still infected. So follow Pondus advice and attach logs for those programs. A qualify malware remover will take a look and tell you what to do.
Hernan.
Dim 9200. C2D E6600; 2.40GHz. 4GB DDR2RAM. XP Pro_86. Spk3. IE8 & FF41. Avast FREE 2015. CIS 5.12(FW/D+). MBAM Premium. MCShield. WinPatrol +. SpywareBlasterOpenDNS. uBlock. WOT. Sandboxie

Offline the_airwarrior

  • Newbie
  • *
  • Posts: 11
Re: Win32:sirefef-Pl [Rtk] Question
« Reply #5 on: July 05, 2012, 04:38:46 AM »
ok here is OTL scan

Offline the_airwarrior

  • Newbie
  • *
  • Posts: 11
Re: Win32:sirefef-Pl [Rtk] Question
« Reply #6 on: July 05, 2012, 04:48:19 AM »
and here is the other scan. I did the quick scan, and then one for drive C which I thought might be a deep scan?? anyway here they are.

Offline the_airwarrior

  • Newbie
  • *
  • Posts: 11
Re: Win32:sirefef-Pl [Rtk] Question
« Reply #7 on: July 05, 2012, 04:48:51 AM »
and the quick scan

Offline iroc9555

  • CCS, Vzla.
  • Avast Überevangelist
  • Starting Graphoman
  • *****
  • Posts: 7460
  • No soporte por PM.
Re: Win32:sirefef-Pl [Rtk] Question
« Reply #8 on: July 05, 2012, 04:54:33 AM »
Thanks. A malware analist will be notified. Mind you that it is really late in EU and 4 th of July in the USA so it will not be until tomorrow that you can have an answer.
« Last Edit: July 05, 2012, 05:04:10 AM by iroc9555 »
Hernan.
Dim 9200. C2D E6600; 2.40GHz. 4GB DDR2RAM. XP Pro_86. Spk3. IE8 & FF41. Avast FREE 2015. CIS 5.12(FW/D+). MBAM Premium. MCShield. WinPatrol +. SpywareBlasterOpenDNS. uBlock. WOT. Sandboxie

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40627
  • Dragons by Sasha
    • Malware fixes
Re: Win32:sirefef-Pl [Rtk] Question
« Reply #9 on: July 05, 2012, 03:24:22 PM »
Looks good, The detections in the bootscan were of Avast signatures ...  So you dodged the bullet  ;D

Offline the_airwarrior

  • Newbie
  • *
  • Posts: 11
Re: Win32:sirefef-Pl [Rtk] Question
« Reply #10 on: July 05, 2012, 10:28:22 PM »
thanks  essex I wanted to make certain as the more I read about this thing it is a nasty little booger! thanks to iroc and Pondus too!