Author Topic: Win32:Srefef-AII (Rtk)  (Read 5377 times)

0 Members and 1 Guest are viewing this topic.

Busymama62

  • Guest
Win32:Srefef-AII (Rtk)
« on: November 29, 2013, 06:29:26 PM »
Working on the processes suggested for this forum.  After running Malwarebytes and doing a restart, I got a blue screen twice.  I am now running in Safe Mode with Networking.  Upon restart I got this window   There was a problem starting C:Program Data\malwarebytes\malwarebytes' Anti-Malware\cleanup.dll    The specified module could not be found.   That is when I did the restart in Safe Mode. 

I have aquired this Toshiba laptop running windows 7.  I have been working at getting it operational.  At first it almost seemed as if it was a bad harddrive.  I have no info  on this system so if we need to do a complete wipe of the disk and start over that is no problem at all. 

Thanks again!

Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31080
  • Watching (over?) you
    • Malware removal, Biljart and other things.
Re: Win32:Srefef-AII (Rtk)
« Reply #1 on: November 29, 2013, 07:08:22 PM »
Since you do not have anything on it that you don't want to loose, I strongly suggest you do either a factory restore or a clean install of a os of your choose.

As far as the hard-drive, the manufacturer will have a diagnostic utility for it.
I suggest to use that before doing a factory restore/clean install.
Just to make sure it is working as it should.
Also have/run memtest to test the memory.

Ok, it will take some time. But at least you will know that both hd and memory are working as they should.

Busymama62

  • Guest
Re: Win32:Srefef-AII (Rtk)
« Reply #2 on: November 29, 2013, 07:13:24 PM »
Thank you Eddy!  Do I do a google search to find the Toshiba Diagnostic Utility and the same for the factory restore/clean install? 

Offline magna86

  • Anti Malware Fighter
  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4235
    • Ambulanta MyCity Forum - ASAP Member
Re: Win32:Srefef-AII (Rtk)
« Reply #3 on: November 29, 2013, 07:15:46 PM »
@ Busymama62
If you wish, me may check here and now for HDD sectors if you will? Also, logs shows active ZeroAccess rootkit. We can remove that if you wish?
Tell me how you wish to proceed?

Busymama62

  • Guest
Re: Win32:Srefef-AII (Rtk)
« Reply #4 on: November 29, 2013, 07:23:19 PM »
Magna86 both of those options sound great to me.  I remember doing a complete wipe etc of a Dell laptop I had years ago and I just remember it took a  long time and several long phone calls with their tech. support.  So just tell me how to proceed.  Thank you! 

Offline magna86

  • Anti Malware Fighter
  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4235
    • Ambulanta MyCity Forum - ASAP Member
Re: Win32:Srefef-AII (Rtk)
« Reply #5 on: November 29, 2013, 07:33:25 PM »
Eddy advice is perhaps the most secure solution. Fresh system install and hardware testing is always a good solution.

On the other hand, I can provide you a detailed analysis of the system and cleaning of active malware which can possibly solve other problems that you have with your computer.


Let's first remove malware and clean this software from junk ...


Step#1



1. Please download ComboFix by sUBs from here and save it to your Desktop.
If you are unsure how ComboFix works please read this guide carefully.
Note: ComboFix must be downloaded to your Desktop.


--------------------------------------------------------------------
2. Temporarily disable your AntiVirus program, usually via a right click on the System Tray icon. They may interfere with Combofix.
If you are unsure how to do this please read this or this Instruction.

Instructions how to disable avast:
  • Right click on the avast! system tray icon () in the lower right corner of the screen and scroll up to avast! shield controls;
  • In the menu that appears, choose Disable Permanently. When you are prompted to turn off security, click Yes.
Note: Do not forget to turn back on this option after the cleaning by choosing avast! shield controls > Enable all shield options.

--------------------------------------------------------------------
3. Run ComboFix. Click on I Agree!

- ComboFix will display DISCLAIMER of warranty on software.
By clicking I Agree ComboFix shall continue.

- ComboFix will check if there is a newer version of ComboFix available.
Click Yes if prompted to download.

-If Recovery Console is not installed, ComboFix will offer download & installation.
Click Yes to allow ComboFix to install Recovery Console.
- ComboFix will scan your computer in stages, total of 50 stages.
Do not mouse-click around while ComboFix is running.
Note:If you see a message like "Illegal operation attempted on a registry key that has been marked for deletion" just restart your computer.

--------------------------------------------------------------------
4. When the tool is finished, it will produce a log report for you. (typical location: C:\ComboFix.txt )
Attach log reports ( ComboFix.txt) back to topic.






Step#2




Download TDSSKiller  and save it to your desktop

  Execute TDSSKiller.exe by doubleclicking on it.
Confirm "End user Licence Agreement" and "KSN Statement" dialog box by clicking on Accept button.
  •   Press Start Scan
  •   If Suspicious object is detected, the default action will be Skip, click on Continue.
  •   If Malicious objects are found, select Cure.
Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt


Please post the contents of that log in your next reply.



Step#3

Post me fresh OTL log.




--------------------------------------------------


How to test HDD sectors:
This can be done later, has nothing to do with Malware Cleaning progress...

Download MHDD utility from here:
 MHDD download link


Unpack and burn to disk as ISO (bootable) ...
Boot MHDD from disk ( in the same way as Live CD )

  • When you load the file select option 1
  • When the menu appears, select the disk that you'll scan

    Type in:
Code: [Select]
scan
    ...and hit enter

  • In the next menu, click F4
  • It will begin HDD scanning, allow him to finish scan.

>> If there is more than 3 inputs in the district UNC X then your hard disk is damaged.

Busymama62

  • Guest
Re: Win32:Srefef-AII (Rtk)
« Reply #6 on: November 29, 2013, 07:49:40 PM »
I do not have the option of disabling Avast in Safe mode.  Do I continue with Combofix?  I am concerned that I would have a lot of difficulty with Eddy's suggestion.  Also, Not sure if I would have to pay for tech support with Toshiba.  Since we did not pay for thes laptop I don't think we want to put money in it until we know for sure it can be fixed.  Thanks!

Offline magna86

  • Anti Malware Fighter
  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4235
    • Ambulanta MyCity Forum - ASAP Member
Re: Win32:Srefef-AII (Rtk)
« Reply #7 on: November 29, 2013, 08:16:13 PM »
Hi,
Sorry, can you please verify this, that is to explain to me? Is this your personal computer or company computer? Who are the "we"?

Quote
Also, Not sure if I would have to pay for tech support with Toshiba.  Since we did not pay for thes laptop I don't think we want to put money in it until we know for sure it can be fixed.  Thanks!

Busymama62

  • Guest
Re: Win32:Srefef-AII (Rtk)
« Reply #8 on: November 29, 2013, 09:38:09 PM »
Sorry, I guess I should have given more details.  We clean rental properties as part of our business.  My husband found a briefcase type bag and brought it home.  I discovered the laptop.  We waited about 10 days for someone to call the office and claim it.  We felt that it had been long enough to boot the laptop yesterday.  Once I did finally get it to boot, I looked thru some files etc. and it appears that nothing has been added since 2012.  The majority of the time someone leaves the properties that we clean they just leave items they no longer want.  Some we trash, some we sell at a yard sell and yes some items we use.



Offline magna86

  • Anti Malware Fighter
  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4235
    • Ambulanta MyCity Forum - ASAP Member
Re: Win32:Srefef-AII (Rtk)
« Reply #10 on: November 29, 2013, 10:07:05 PM »
I would say that you should keep follow Eddy's advice.

Busymama62

  • Guest
Re: Win32:Srefef-AII (Rtk)
« Reply #11 on: November 29, 2013, 10:18:26 PM »
Thank you!  Have printed the instructions from my desk top and will start on the process in a few moments.

Busymama62

  • Guest
Re: Win32:Srefef-AII (Rtk)
« Reply #12 on: November 30, 2013, 03:42:27 AM »
It appears that the Harddrive is starting to fail.  I will do more research tomorrow if I can and see if we will replace it or not.  I doubt it is under warranty but you never know.

Thank you all for your help!
Linda