« previous next »
Pages: [1]   Go Down

Author Topic: Threat Win32:sirefef_Pl [Rtk]  (Read 2009 times)

0 Members and 1 Guest are viewing this topic.

Wrrrtw

  • Guest
Threat Win32:sirefef_Pl [Rtk]
« on: July 23, 2012, 04:02:21 AM »
Hello.

At the beginning of the month, I received one of those fake antiviruses viruses, and I had since believed I deleted it.  Using avast, Mbam, and a CCleaner, I had removed what i thought was the source, and thus 'got rid of it.'

I scanned daily for about a week to ensure there was nothing to pop back up, and all seemed fine save for a few issues involving flash, and the Opera broswer.  I have sense moved browsers, and thought my problems were solved until this afternoon when my computer started alerting me multiple times (and continues to do so) that a threat has been blocked.

After scanning the infected folder that said threats were in, I have found the following viruses.

Win32:Sirefef-pl [Rtk] within C:\windows\assembly\Gac_32\destop.ini and within ...\Gac_64\desktop.ini

I have been alerted by a friend that is is a potentially severe issue, and that i should consult this forum.

Here are the OTL files for starters.  I will post/edit with the Mbam log here soon, once Mbam's scan is complete.

Edit: OTL Extras
« Last Edit: July 23, 2012, 04:59:23 AM by Wrrrtw »
Logged

Wrrrtw

  • Guest
Re: Threat Win32:sirefef_Pl [Rtk]
« Reply #1 on: July 23, 2012, 05:02:58 AM »
Double post

Here's the AswMBR.txt

EDIT
And i've added the Mbam log.

Due to fear of the severity of the Rootkit and the Trojan downloader, Along with no mods/admins/support on at the time of this post... I have deleted both rootkits in avast, and deleted the trojan downloader in Mbam.  The infected machine is running avast's boot scans.  I am hoping that this is the end of Sirefef-pl, but i've been wrong before.  any assistance involving removing unpacked files, or anything involving any rejuvenation of the deleted files would be appricated.
« Last Edit: July 23, 2012, 05:48:51 AM by Wrrrtw »
Logged

Wrrrtw

  • Guest
Re: Threat Win32:sirefef_Pl [Rtk]
« Reply #2 on: July 23, 2012, 09:54:27 AM »
I have decided to format my machine to fully root out the issue, based on the warning that Jeffce has had with the users that have similar issues. 

I do not fault avast or the message board's user-base for a lack of reply, actually I appreciate all the information already logged here.  Keep up the good work.
Logged

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37532
  • Not a avast user
Re: Threat Win32:sirefef_Pl [Rtk]
« Reply #3 on: July 23, 2012, 01:00:45 PM »
Quote
I do not fault avast or the message board's user-base for a lack of reply
all the helpers here do it on there own free time.....so consider family life / work / sleep and timezone issues
so when seeking help in a forum you need to be patient
Logged
Pages: [1]   Go Up
« previous next »