Triple Viruses: Malware-gen, Sirefef-A, and Downloader-PKU

[greengarden]

Hello everyone!

Three days ago, I downloaded this stupid program that included Babylon Search. Ever since, I have been plagued with viruses. I've used Norton Internet Security, Ccleaner, Search and Destroy, Malware Bytes, and now Advast Antivirus. I've done full system scans and other miscellaneous scans with no success. Every time I think I got the virus(es) out of my system and restart my laptop, I get the dreaded, "Detected virus" pop-up as soon as I'm logged into my account.

According to Advast, I have Malware-gen, Downloader-PKU, and Sirefef-A. I'm so distressed about this and unfortunately do not have the re-boot/recovery CD that originally came with my laptop. Any help would be greatly appreciated. Thank you! Attached are my logs.

P.S. Since I do have "sirfef" as well, I'm including the farbar service scanner log as well. Thank you in advance. A good weekend to all.

[Pondus]

malware removers are notified. it may take hours before one arrive so be patient

[greengarden]

Thank you for that immediate update. I have all the patience in the world. I have been trying to battle this one out on my own for the past three days, so I can most certainly wait. Thank you for your assistance. 

[essexboy]

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  
  

  :OTL
  IE - HKU\S-1-5-21-51124437-1587450825-3072365709-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=109597&tt=3212_1&babsrc=SP_ss&mntrId=4da068f000000000000000ff9aad576a
  IE - HKU\S-1-5-21-51124437-1587450825-3072365709-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 61.54.82.130:808
  [2012/08/08 11:24:34 | 000,002,349 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
  
  :Reg
  [HKEY_CLASSES_ROOT\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InprocServer32]
  ""="%systemroot%\system32\wbem\wbemess.dll"
  [-HKCU\Software\Classes\clsid\{12d0253a-7c96-815c-11e0-3034bbd97cc0}]
  
  :Files
  C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}
  C:\Users\Isaac\AppData\Local\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}
  ipconfig /flushdns /c
  netsh int ip reset c:\resetlog.txt  /c
  ipconfig /release /c
  ipconfig /renew /c
  
  :Commands
  [purity]
  [resethosts]
  [emptytemp]
  [CREATERESTOREPOINT]
  [Reboot]
• Then click the Run Fix button at the top
  
• Let the program run unhindered, reboot the PC when it is done
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download and Install Combofix
 
Download ComboFix from one of the following locations:
Link 1
Link 2
 
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
 
* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

• Double click on ComboFix.exe & follow the prompts.
  
• Accept the disclaimer and allow to update if it asks

• When finished, it shall produce a log for you.
• Please include the C:\ComboFix.txt in your next reply.[/b]
  

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3.  If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

FINALLY

Re-run FSS and attach the log please

[greengarden]

I'm so sorry, but I need your help. I tried running ComboFix after disabling Norton Internet Security and Advast but it prompted me that Norton Antivirus was still running. I disabled both Smart Firewall and Antivirus Auto-Protect for NIS. I tried to do CTRL-ALT-DELETE to manually turn off NIS and ComboxFix closed in the process. You said not to re-run ComboFix and to consult with you. What should I do?

I did do the OTL as you instructed (with the reboot and QuickScan) and that log is attached. Sorry for messing up the ComboFix!

[essexboy]

No problem accept the combofix warnings but do not allow anything to be deleted or quarantined... You really should only have one AV

[greengarden]

I know, I started with Norton Internet Security first. When it failed to remove the viruses, I googled and heard rave reviews about Advast. I'll remove Norton Internet Security straight away and will do the ComboFix thereafter. Thanks so much for all your patience and help. You are awesomeness!

[Pondus]

so you have avast and Norton installed   

never install multiple AV... as this will give you...a slower machine / mysterious windows errors / false positive detections.....
so uninstall one, and then run the removal tool to clear any leftover files that may conflict     http://singularlabs.com/uninstallers/security-software/

I googled and heard rave reviews about Advast

and why do you keep  calling it advast ?   the name is     a v a s t     

[essexboy]

'Cos it adds vastly to your protection silly 

[Pondus]

ahaaa.....forgot that   

[greengarden]

I apologize for the delay AND for the typo! I'm not familiar with Avast and just recently became introduced to it. I uninstalled NIS and ran the ComboFix. I am no longer able to use Firefox or Internet Explorer for some reason ("Illegal operation attempted on a registry key that has been marked for deletion"). I had to save the log on a USB and am posting the log on another uninfected computer. Thanks again.

[Pondus]

("Illegal operation attempted on a registry key that has been marked for deletion")

restart the computer one more time...should fix it

[greengarden]

Thank you for both your help!!! It means so much. I will restart right now! 

Edit: Firefox and Internet Explorer are both working now!!! Thank you for the restart tip, Pondus! 

[essexboy]

Could you attach the combofix log please and the re-run of FSS

Also how is the computer behaving ?

[greengarden]

My computer is acting normal!! No constant pop-ups from A-V-A-S-T () about trojans. I'm doing the FSS right now. Attached is the log from ComboFix. I have to leave for church in a few but will post the log for the FSS before I leave. Thank you most sincerely for your help. You are magic!