Win32:Sirefef-BMH

[darth_shaker]

A couple of days ago I downloaded and installed an app. After that, avast instantly detected an exe file as Win32:Sirefef-BMH and deleted it. So i got a little paranoid and downloaded malwarebytes and performer full scans with it, and also with avast run on startup. Zero detections. Is there a way to be sure i'm not infected anymore?

[Eddy]

Please follow the instructions as listed: http://forum.avast.com/index.php?topic=53253.0

[darth_shaker]

As I said, 0 detections with malwarebytes. And there are the other logs.

[Michael (alan1998)]

I'll notify essex.

[essexboy]

Looks like Avast killed it stone dead

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  
  

Code: [Select]

:Commands
[CREATERESTOREPOINT]

:OTL
IE - HKU\S-1-5-21-1915086392-106916708-128322944-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snapdo.com/?publisher=SnapdoGOblidooYB&dpid=SnapdoGOblidooYB&co=ES&userid=408f8b70-fd73-9426-422d-cbe5ee30225e&searchtype=ds&q={searchTerms}&installDate=31/08/2013
IE - HKU\S-1-5-21-1915086392-106916708-128322944-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://feed.snapdo.com/?publisher=SnapdoGOblidooYB&dpid=SnapdoGOblidooYB&co=ES&userid=408f8b70-fd73-9426-422d-cbe5ee30225e&searchtype=ds&q={searchTerms}&installDate=31/08/2013
IE - HKU\S-1-5-21-1915086392-106916708-128322944-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://feed.snapdo.com/?publisher=SnapdoGOblidooYB&dpid=SnapdoGOblidooYB&co=ES&userid=408f8b70-fd73-9426-422d-cbe5ee30225e&searchtype=hp&installDate=31/08/2013
IE - HKU\S-1-5-21-1915086392-106916708-128322944-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snapdo.com/?publisher=SnapdoGOblidooYB&dpid=SnapdoGOblidooYB&co=ES&userid=408f8b70-fd73-9426-422d-cbe5ee30225e&searchtype=ds&q={searchTerms}&installDate=31/08/2013
IE - HKU\S-1-5-21-1915086392-106916708-128322944-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snapdo.com/?publisher=SnapdoGOblidooYB&dpid=SnapdoGOblidooYB&co=ES&userid=408f8b70-fd73-9426-422d-cbe5ee30225e&searchtype=ds&q={searchTerms}&installDate=31/08/2013
IE - HKU\S-1-5-21-1915086392-106916708-128322944-1000\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKU\S-1-5-21-1915086392-106916708-128322944-1000\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snapdo.com/?publisher=SnapdoGOblidooYB&dpid=SnapdoGOblidooYB&co=ES&userid=408f8b70-fd73-9426-422d-cbe5ee30225e&searchtype=ds&q={searchTerms}&installDate=31/08/2013
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [] File not found
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found

:Commands
[resethosts]
[emptytemp]
[Reboot]

• Then click the Run Fix button at the top
  
• Let the program run unhindered, reboot the PC when it is done
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

[darth_shaker]

It's a relief to know avast killed it. Many thanks to all of you for your fast and helpfull attention. There are the logs for the quick scan.

[essexboy]

Looking good, any problems ?

[darth_shaker]

No problems or sympthoms at the moment

[essexboy]

Avast seems to be getting ontop of stopping them before thay can even install..  Prevention is best

If you are happy run Adwcleanr and click uninstall
Run OTL and click cleanup

[darth_shaker]

Done