Author Topic: Win32:Sirefef-PL, Win64:Sirefef-A, and Win32:DNSChanger-VJ HELP!  (Read 2886 times)

0 Members and 1 Guest are viewing this topic.

ZephyrWind

  • Guest
You guys have no idea how excited I am to find someone who might be able to get me through this!!

Starting last evening, my Avast! has been alerting me every five minutes to the presence of these threats.  Each alert says the threat has been quarantined to the chest, but it continues to alert.

I did a complete system scan with Avast! and it reported the threats as having been quarantined, and I allowed it to do a full boot scan as well, which also found the threats and showed them as quarantined. 

But the alerting continues every three to five minutes, and the system has slowed down to a crawl.

I have downloaded MBAM and Combofix, but have not run either yet.

Help me Obi Wan Kenobi....you're my only hope!!!

Thanks guys in advance.

ZephyrWind

  • Guest
Re: Win32:Sirefef-PL, Win64:Sirefef-A, and Win32:DNSChanger-VJ HELP!
« Reply #1 on: June 01, 2012, 06:41:05 AM »
Found the thread on logs to add, sorry I am not really good at this stuff!

Here is the MBAM log file.

Tried repeatedly to run OTL, but it will not start, and only generates an error message, "Exception EReadError in module OTL.exe 1t 0016A6B. Error reading DiskPartitionInfo1.Active: ."


Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37509
  • Not a avast user
Re: Win32:Sirefef-PL, Win64:Sirefef-A, and Win32:DNSChanger-VJ HELP!
« Reply #2 on: June 01, 2012, 06:52:15 AM »
also attach aswMBR log

http://forum.avast.com/index.php?topic=53253.0


the malware remover is notified......it may be several hours wait, so be patient

ZephyrWind

  • Guest
Re: Win32:Sirefef-PL, Win64:Sirefef-A, and Win32:DNSChanger-VJ HELP!
« Reply #3 on: June 01, 2012, 07:07:59 AM »
working on that now....taking forever, will post as soon as I have it...thanks!

jeffce

  • Guest
Re: Win32:Sirefef-PL, Win64:Sirefef-A, and Win32:DNSChanger-VJ HELP!
« Reply #4 on: June 01, 2012, 02:18:32 PM »
Hi,

**WARNING**Unfortunately one or more of the infections I have identified are Backdoor Trojans, IRCBots or other Malware capable of stealing very important information. You need to stop using all Internet Banking sites, change passwords to all sites with sensitive information from a clean computer and phone your bank to inform them that you may be a victim of identify theft. More often than not, we advise users that a full reinstallation of their Operating System is the only way to ensure that their computer will ever be 100% clean again.

Unfortunately I have found what is known as the ZeroAccess rootkit on your system. It is an especially nasty infection that can take quite some time to clean as well as may have damaged your system files itself. As a warning, during the cleaning (if you choose to do so) you may lose internet access with this computer and in the end we may need to reinstall the operating system anyway depending on the extent of the infection.

If you would like to format and reinstall your Operating System please let me know and we can assist you with that.

If you would like to continue with the cleaning, please continue with the following instructions and I will be more than happy to help.  :)
----------

If you are having problems running OTL still and you want to attempt cleaning, please do the following after you get aswMBR ran.

Please download DDS from either of these links

LINK 1
LINK 2

and save it to your desktop.
  • Disable any script blocking protection
  • Right-click and Run as Administrator dds to run the tool.
  • When done, two DDS.txt's will open.
  • Save both reports to your desktop.
---------------------------------------------------
Please include the contents of the following in your next reply:

DDS.txt

Attach.txt
----------