Daily Trojan

[Pondus]

It is not in the log you attached?

[REDACTED]

Problems with the page I guess, MBAR file didn't show up...trying again.

[Pondus]

Your log is here, but the first one you attached did not show any detections

The one you attached now does

Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org

Database version:
  main:    v2015.11.29.04
  rootkit: v2015.11.26.01

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Owner :: KATHYSLAPTOP [administrator]

11/29/2015 3:35:31 PM
mbar-log-2015-11-29 (15-35-31).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 352030
Time elapsed: 21 minute(s), 10 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKU\S-1-5-21-930250783-1986003217-1596953152-1000_Classes\CLSID\{FBEB8A05-BEEE-4442-804E-409D6C4515E9} (Hijack.Trojan.Siredef.C) -> Delete on reboot. [6266fa899dee0d29f6566d9451afa15f]

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

[REDACTED]

I have wasted the last hour trying to get a screen print or snipped copy of the scan done at 3:35pm, which is when the Trojan appeared.
MBAM is not performing as usual to export a scan log, and I don't have all night to work on it.  I want to get the exact location to you, but have trouble right now...wish you could just copy and paste a line from MBAM,,,can't. The log I sent earlier, was from an earlier scan, and it didn't show up on that scan...the reason I scanned again, is that the computer froze, as it often does when it is infected with this Trojan, so, I had to shut it down and restart it, then scan...what I always do when that happens.

The issue now, is how I can scan the external hard drive I've been using for backup...no doubt the Trojan is there, too.  Can I open MBAM within the Ext. HDD and run it in the drive? or is there a trick to it?  If I ever have to restore from that drive, I don't want to restore my old Trojan.

[REDACTED]

I got a pop-up notice "Malware Detected", so finally got you an instance in MBAM...this after I had rebooted, which was supposed to delete the one found earlier this afternoon.

[REDACTED]

Another instance of the "demon Trojan" located 11-30-15 at 12 15 am.

[dbrisendine]

Let's get a second opinion on this ....


Download the latest version of TDSSKiller from here and save it to your Desktop.

• Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  
  
  
  
• Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
  
  
  
  
• Click the Start Scan button.
  
  
  
  
• If a suspicious object is detected, the default action will be Skip, click on Continue.
  
  
  
  
• If malicious objects are found, they will show in the Scan results and offer three (3) options.
• Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
  
  
  
  
• Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.[/b]
  

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

[REDACTED]

No threats today, although the computer has frozen and had to be shut down 3 times,....I was online when that happened.

[dbrisendine]

Did you ever get your $Recycle.Bin folder back?  Does your Recycle Bin function properly (you can delete file and recover them from the Recycle Bin "trash can")?

[REDACTED]

The Recycle bin on the desktop is still functional...just no folder appears on the C drive.  MBAM and TDSS both scanned with no malware found!  (Happy Face)  Will hope it's beaten??

[REDACTED]

MBAR report: HKU\S-1-5-21-930250783-1986003217-1596953152-1000_Classes\CLSID\{FBEB8A05-BEEE-4442-804E-409D6C4515E9} (Hijack.Trojan.Siredef.C)
Am scanning with MBAM now...is there any way to get rid of this Trojan? On Bleeping Computer I saw some programs specifically aimed at the removal of this Trojan...would it be safe to try one of them??

Unfortunately, I forgot to run the TDSS scan first...it came back negative for malware, following the MBAR scan.

[dbrisendine]

First it's there and then it is not there ....

I would say to try the programs but use common sense.  If you want, tell me what they are and I will check them out first.

[REDACTED]

Ok, I'll do it tomorrow night, probably...it's nearly 2am, and I have to work in the afternoon...I've been trying to transfer photos to a zip drive, and it seems all 3 of my usb ports are disabled.  copied photos to a dvd drive, so I can transfer them to another computer, I'm trying to get them to my mini sd so I can transfer them to my tablet...I hope my drives aren't going to disappear like my desktop drives did...my computer guy has that one, and I'm hoping it can be rebuilt...I don't know yet.

[REDACTED]

Returned from 5 days with no internet...finished going through junk mail folder, scanned with MBAM, attaching report...same old Trojan still there.

[dbrisendine]

I don't give up easily but I feel that this is one that needs to be looked at over at the MalwareBytes forum.  You can find help and directions on getting start there in this post.  I just feel that they know their products better than anyone else and can handle the behind the scenes workings best.