Triple Viruses: Malware-gen, Sirefef-A, and Downloader-PKU

[greengarden]

Well, goodness, that was quick. The FSS log is attached below. I'll be back later. Thank you so so so so so much!!!

[essexboy]

The FSS report will tell me if any repairs are needed, but so far looks good 

[greengarden]

Thank you! I'm back now.

You have such a wonderful gift and talent with this; I am truly amazed and humbled. If you haven't noticed, I'm not a very techy person. I love technology and cannot do without it, but with issues like this, it all appears to me as a second language.

I do have two questions (feel free to answer at your leisure -- no rush).

My first question is, how come NIS and AVAST failed to rectify this issue? Were these triple trojans an advanced virus?

And second: Am I now possibly disease/virus free? That is, have they been completely removed and can I have my peace?
 
Thank you both so much; especially essexboy! If you are from Essex, U.K., Americans LOVE Sophia Grace and Rosie, as well as Russell Brand. I believe all three are from Essex!

I sincerely appreciate your amazing help and assistance. You are a true doctor! Thank you for the cure. 

[essexboy]

There are no Av's at this time that can stop this from installaing as the dropper is changing on an almost hourly basis

But Avast will stop it from doing further damage

Once you have run this small registry fix then all should be well, but let me know as we have to remove the  tools and tidy up

So lets get at it

Any problems with this then just shout

From the link below download bits.zip to your desktop
https://dl.dropbox.com/u/73555776/BITSVista.zip
Double click the zip file to open
Then extract  the reg file to your desktop
Double click the reg file
Accept the warnings
Reboot

Once rebooted could you try windows updates please

[greengarden]

Sorry for the late response. I have downloaded the bits.zip and did as you instructed. I'm currently doing the Windows update and it is installing Windows Vista Service Pack 2 at the moment. Will update with the final outcome. Thank you SO much!

And lastly, I just wanted to make sure I understood you correctly. There are no anti-virus systems that can stop these trojans from installing, so therefore, these trojans are still present on my laptop? However, Avast will prevent the trojans from doing any further damage? Am I understanding this correctly? So there is no absolute "cure" for these viruses, but with all your amazing help, Avast will keep the viruses from doing any additional damage? I'm sorry if this sounds stupid and redundant. I'm just not technically gifted as many on this forum. 

Edit: I have successfully completed Windows update. If you need any updated logs or information, please do let me know. Again, I really appreciate all your help. Have a wonderful day.

[essexboy]

Avast held the malware in check until I was able to remove it..  You should now be nice and clean again ..  If all is working well then ..

Subject to no further problems   

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems 

Now the best part of the day ----- Your log now appears clean  :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset  System Restore points:

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  

  :Commands
  [resethosts]
  [emptytemp]
  [Reboot]

• Then click the Run Fix button at the top
  
• Let the program run unhindered, reboot the PC when it is done

Remove ComboFix

• Hold down the Windows key + R on your keyboard. This will display the Run dialogue box
  
• In the Run box, type in ComboFix /Uninstall (Notice the space between the "x" and "/") then click OK
  
  
  
  
• Follow the prompts on the screen
• A message should appear confirming that ComboFix was uninstalled

Run OTL and hit the cleanup button.  It will remove all the programmes we have used plus itself. 

We will now confirm that your hidden files are set to that, as some of the tools I use will change that

• Go to control panel
• Select folder options (Appearance > Folder options in category view)
• Select the View Tab.
• Under the Hidden files and folders heading select Do not show hidden files and folders.
  
• Click Yes to confirm.
• Click OK.

SPRING CLEAN

To manually create a new Restore Point
 

• Go to Control Panel and select System
  
• Select System
  
• On the left select System Protection and accept the warning if you get one
  
• Select System Protection Tab
  
• Select Create at the bottom
  
• Type in a name i.e. Clean
• Select Create
  

Now we can purge the infected ones

• GoStart > All programs > Accessories > system tools
  
• Right click Disc cleanup and select run as administrator
  
• Select Your main drive and accept the warning if you get one
  
• For a few moments the system will make some calculations
• Select the More Options tab
  
• In the System Restore and Shadow Backups select Clean up
  
• Select Delete on the pop up
  
• Select OK
• Select Delete

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Malwarebytes.  Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit

• Microsoft Windows Update

To learn more about how to protect yourself while on the internet read our little guide  How did I get infected in the first place ?

Keep safe  :wave:

[greengarden]

Dearest EssexBoy:

Thank you so much for your incredible patience, hard work, and care in regards to curing my computer. You are simply incredible and just amazing. A true doctor and magician--all in one! I have followed your instructions and sure enough, my desktop has been cleaned.

I will absolutely keep my laptop running for 24 hours and will report back if I have any problems. 

I do want to say a million thanks to you and to the others on this board who help cure people throughout the world and sincerely pray and hope you are massively blessed and favored in all that you do. I am so grateful to have come across this board and for fate to have our paths crossed. Thank you from the bottom of my heart for your careful individualized attention and care! You are the epitome of awesome! 

:wave: :hugs: :handshake: :thumbsup: 

[essexboy]

Shucks 

[greengarden]

I did a full system scan today and the Avast located a virus -- Sirefef-PL (Rtk). Is this something I should be concerned about? I'm attaching a screenshot of what Avast discovered in the full system scan. I'm no expert at this, so I would sincerely appreciate your opinion on this. Thank you so much again.

[essexboy]

Move that one to the Chest, by and of itself it is of no import as all the main files that it is try to run are no longer there...  I have found that sometimes this one does manage to hide and escape

[greengarden]

Thank you for your help! It would not allow me to move it to the chest, unfortunately, but it did allow me to "delete" it. After it was deleted, Avast recommended I rebooted. I will run another full system scan today to make it has been fully eradicated from the system. Thanks so much. I hope you have a wonderful day.

[greengarden]

Oh, well, this should be interesting.  I'm running Avast's full system scan again and so far the system scan has completed only 8% and it has already detected 82 infected files? I haven't downloaded anything since the amazing major clean-up. I have no idea where these infected files came from. Hopefully they are just tracking cookies? I will keep you posted. 


Edit: Here are screen captures of the various threats detected. The last three threats say: "Error: The system cannot find path specified (3)". I'm rebooting my laptop as the other 79 detections require a system reboot (action postponed until the next reboot).

[greengarden]

Part II of screenshot.

[greengarden]

Part III of screenshot.

[greengarden]

And finally, part IV. Thank you in advance for your review and input.