Author Topic: Sirefef Trojan - Site redirects and more damage to my laptop  (Read 14790 times)

0 Members and 1 Guest are viewing this topic.

ssrisa

  • Guest
Sirefef Trojan - Site redirects and more damage to my laptop
« on: March 16, 2012, 06:50:07 PM »
Hi Experts,

My laptop (running on Windows XP) has been infected with a Sirefef Trojan and none of the softwares (Avast, McAffe, Spyware doctor, Microsoft Security Essentials, BitDefender) I have tried so far helped in removing this Trojan while they have been able to detect and protect everytime a new malicious dll gets into the C:\WINDOWS\System32 folder. This trojan is seriously affecting web browsing by site redirects and also affecting my wireless connectivity. I have currently disabled internet connections because when I am connected to the internet the Trojan is more active. I ran the TDSSKiller.exe but it did not detect the trojan. Please advise.

Regards,
Srisa

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89266
  • No support PMs thanks
Re: Sirefef Trojan - Site redirects and more damage to my laptop
« Reply #1 on: March 16, 2012, 07:30:38 PM »
This needs further analysis by a malware removal specialist:
Go to this topic http://forum.avast.com/index.php?topic=53253.0 for information on Logs to assist in cleaning malware. Use the information about getting and using the tools and attach the logs here, not in the LOGS topic.

Given you have now thrown the kitchen sink of AVs at it, if there were installed versions (not web based scans) you have to ensure that you have all remnants of these AVs or they in themselves could lead to conflict leaving your system less well protected.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.5.6116 (build 24.5.9153.762) UI 1.0.808/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Sirefef Trojan - Site redirects and more damage to my laptop
« Reply #2 on: March 16, 2012, 07:32:07 PM »
Monitoring

ssrisa

  • Guest
Re: Sirefef Trojan - Site redirects and more damage to my laptop
« Reply #3 on: March 16, 2012, 08:09:33 PM »
Thank you. I have been having trouble connecting to internet with the affected laptop. I will have to download these files on a different laptop and transfer it to the affected laptop to run the scan. Please do not close the thread as it might take 6 to 8 hrs for me to post the required files.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Sirefef Trojan - Site redirects and more damage to my laptop
« Reply #4 on: March 16, 2012, 08:40:20 PM »
We never close - Prior to transfering files from one computer to the other disinfect the flash drive with Panda Vaccinate http://www.pandasecurity.com/homeusers/downloads/usbvaccine/
Instructions are on the page

ssrisa

  • Guest
Re: Sirefef Trojan - Site redirects and more damage to my laptop
« Reply #5 on: March 17, 2012, 12:33:37 AM »
Thanks. I have attached logs of Malwarebytes' Anti-Malware and OTL here. Malwarebytes' Anti-Malware found few issues and they got fixed.
 aswMBR.exe showed 3 defects and a FIX option. I have shared logs of the same. Pls suggest me on handling/fixing it.

P.S:- I am attaching the logs in the next few messages due to upload limit
« Last Edit: March 24, 2012, 05:24:14 AM by ssrisa »

ssrisa

  • Guest
Re: Sirefef Trojan - Site redirects and more damage to my laptop
« Reply #6 on: March 17, 2012, 12:36:17 AM »
OTL first log
« Last Edit: March 24, 2012, 05:24:22 AM by ssrisa »

ssrisa

  • Guest
Re: Sirefef Trojan - Site redirects and more damage to my laptop
« Reply #7 on: March 17, 2012, 12:37:01 AM »
OTL extras log and aswMBR log
« Last Edit: March 24, 2012, 05:24:30 AM by ssrisa »

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37599
  • Not a avast user
Re: Sirefef Trojan - Site redirects and more damage to my laptop
« Reply #8 on: March 17, 2012, 12:50:54 AM »
you said Mawarebytes found a some bugs and fixed it!
you should attach that log also...

ssrisa

  • Guest
Re: Sirefef Trojan - Site redirects and more damage to my laptop
« Reply #9 on: March 17, 2012, 01:02:01 AM »
Here it is. The log obtained when MalwareBytes' Anti-Malware was run the first time ..
« Last Edit: March 24, 2012, 05:24:40 AM by ssrisa »

ssrisa

  • Guest
Re: Sirefef Trojan - Site redirects and more damage to my laptop
« Reply #10 on: March 17, 2012, 10:47:51 AM »
Any help? Please.

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76034
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: Sirefef Trojan - Site redirects and more damage to my laptop
« Reply #11 on: March 17, 2012, 10:56:42 AM »
Any help? Please.

You've to wait until essexboy returns. ;)
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37599
  • Not a avast user
Re: Sirefef Trojan - Site redirects and more damage to my laptop
« Reply #12 on: March 17, 2012, 11:06:04 AM »
remeber that we are not all on same time zone
http://www.timeanddate.com/worldclock/city.html?n=136

Essexboy is located in UK

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Sirefef Trojan - Site redirects and more damage to my laptop
« Reply #13 on: March 17, 2012, 01:15:35 PM »
OK it looks to be TDL3/Zero access attached to the afd sys file

Could you confirm that you set this proxy setting proxy-phoenix.aexp.com

Anyways three programmes to run now in sequence

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

If you have Malwarebytes 1.6 or better installed please disable it for the duration of this run

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Quote
    :OTL
    O33 - MountPoints2\{a7be5ea0-7566-11e0-9b73-0026c6d908ae}\Shell\AutoRun\command - "" = nasmejana//sharmira.exe
    O33 - MountPoints2\{a7be5ea0-7566-11e0-9b73-0026c6d908ae}\Shell\Explore\command - "" = nasmejana//sharmira.exe
    O33 - MountPoints2\{a7be5ea0-7566-11e0-9b73-0026c6d908ae}\Shell\Open\command - "" = nasmejana//sharmira.exe

    :Files
    ipconfig /flushdns /c

    :Commands
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
THEN

Download the latest version of TDSSKiller from here and save it to your Desktop.
 
 
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
     

     
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
     

     
  • Click the Start Scan button.
     

     
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
     

     
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
     

     
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

AND FINALLY

Download and Install Combofix
 
Download ComboFix from one of the following locations:
Link 1
Link 2
 
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
 
* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks
  • Allow the installation of the recovery console




  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.[/b]
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3.  If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.



Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

ssrisa

  • Guest
Re: Sirefef Trojan - Site redirects and more damage to my laptop
« Reply #14 on: March 17, 2012, 09:07:59 PM »
Thanks for the reply, essexboy.

The proxy is a known proxy and I had it in the browser settings.

I started executing the OTL. How long would it execute? Last time when I ran OTL, it didn't take this much time.