TechSpot

Please help! That nasty Sirefef got me.

Solved
By Phasmos
May 20, 2012
  1. Broni

    Broni Malware Annihilator Posts: 46,479   +252

    Can you turn Windows firewall on now?
  2. Phasmos

    Phasmos Newcomer, in training Topic Starter Posts: 53

    YES!! Firewall is ON. Woo-hoo!!
  3. Broni

    Broni Malware Annihilator Posts: 46,479   +252

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [emptyjava]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. (Windows XP only) Run defrag at your convenience.

    11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    13. Please, let me know, how your computer is doing.
  4. Phasmos

    Phasmos Newcomer, in training Topic Starter Posts: 53

    OK! I'm gonna run these tomorrow, 'cause it's past my bedtime. THANKS again!!
  5. Phasmos

    Phasmos Newcomer, in training Topic Starter Posts: 53

    Good morning, Broni --
    I hate to say it, but this morning, Firefox is behaving as if the thing is still around. Very slow to load or change pages; cursor dragging and freezing in "hourglass" mode; and a suspicious flash or blink of the browser's top window edge (or title bar) every now and then.
    OK, wait...the Avast notice (the one that says "Your definitions have been updated") just popped up, so maybe it was the automatic update that was eating memory and making the browser sluggish. I hope that's all it was! Anyway, as of this moment, it seems fine, so maybe that was the culprit. Maybe if I disable it...?
    I'll go ahead and run these final tests...
  6. Broni

    Broni Malware Annihilator Posts: 46,479   +252

  7. Phasmos

    Phasmos Newcomer, in training Topic Starter Posts: 53

    A new problem: I've just turned the speakers on, and have realized that all system sounds are playing in a cracked, speeded-up manner. I tried an MP3 and got the same result, which leads me to believe that the sound driver has been damaged or corrupted somehow... Any suggestions?
  8. Broni

    Broni Malware Annihilator Posts: 46,479   +252

    In this forum, we make sure, your computer is free of malware and your computer is clean :)
    Because the access to malware forum is very limited, your best option is to create new topic about your current issue, at Windows section.
    You'll get more attention.
  9. Phasmos

    Phasmos Newcomer, in training Topic Starter Posts: 53

    OK, sorry - I'll run the other tests and see what happens.
  10. Phasmos

    Phasmos Newcomer, in training Topic Starter Posts: 53

    Here are the OTL results from this morning:

    All processes killed
    ========== OTL ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: All Users

    User: Ann
    ->Temp folder emptied: 12009 bytes
    ->Temporary Internet Files folder emptied: 98842 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 46558619 bytes
    ->Flash cache emptied: 707 bytes

    User: Ann.HOME1

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Guest
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Flash cache emptied: 0 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 109744 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 2386105 bytes

    Total Files Cleaned = 47.00 mb


    [EMPTYFLASH]

    User: Administrator

    User: All Users

    User: Ann
    ->Flash cache emptied: 0 bytes

    User: Ann.HOME1

    User: Default User

    User: Guest
    ->Flash cache emptied: 0 bytes

    User: LocalService
    ->Flash cache emptied: 0 bytes

    User: NetworkService

    Total Flash Files Cleaned = 0.00 mb


    [EMPTYJAVA]

    User: Administrator

    User: All Users

    User: Ann
    ->Java cache emptied: 0 bytes

    User: Ann.HOME1

    User: Default User

    User: Guest
    ->Java cache emptied: 0 bytes

    User: LocalService

    User: NetworkService

    Total Java Files Cleaned = 0.00 mb

    Error creating restore point.

    OTL by OldTimer - Version 3.2.43.1 log created on 05272012_084013

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...
  11. Phasmos

    Phasmos Newcomer, in training Topic Starter Posts: 53

    Broni, I have a bad feeling that the whole thing is starting over somehow... Cursor is sluggish again, icons starting to move around on their own again... Firefox just updated to the new version by itself and turned itself on with no prompting... and everything is very, very SLOW.

    Please tell me this thing isn't becoming reinfected...?? Could we have missed something?

    Sorry to be so much trouble... :(
     
  12. Phasmos

    Phasmos Newcomer, in training Topic Starter Posts: 53

    Also, I have uninstalled Avast as it was chewing up too much memory. Didn't seem to be much use anyway, and it was only the 30-day trial version.

    When I check the Task Manager window, there is always something called "svchost.exe" that seems to keep forcing itself to the top of the list. Is this another evil "germ?"
  13. Phasmos

    Phasmos Newcomer, in training Topic Starter Posts: 53

    It is definitely reinfected. Firefox is practically unusable, as before. Top title bar keeps blinking as if being redirected; right-click menus keep appearing in weird places, like the upper left-hand corner of the screen; cursor hangs and drags when trying to maneuver around in Google. Should I just start over? I'm way behind on a lot of work because of this damn thing...
  14. Broni

    Broni Malware Annihilator Posts: 46,479   +252

    Did you follow instructions from my reply #56?
  15. Phasmos

    Phasmos Newcomer, in training Topic Starter Posts: 53

    No, I was afraid to uninstall it for fear of losing my bookmarks and everything. Is it just a corrupted version of Firefox, you think?
  16. Broni

    Broni Malware Annihilator Posts: 46,479   +252

  17. Phasmos

    Phasmos Newcomer, in training Topic Starter Posts: 53

    Uninstalled Firefox and reinstalled it. Didn't work. Symptoms: Abberant behavior during Google searches. The FIrefox logo in the upper left-hand corner (in the title bar) disappears for seconds at a time and is replaced by a nondescript white box. The active tab in the system tray flashes as if another window is quickly being opened elsewhere. Cursor drags and/or freezes entirely.

    The whole system takes a very long time to respond upon startup.
  18. Broni

    Broni Malware Annihilator Posts: 46,479   +252

    Is any other browser affected?

    I can see a very possible culprit:
    You have very minimal amount of RAM.
    Windows XP needs at least 512MB of RAM to run decently (1GB preferably).
    Firefox is known for eating up a lot of RAM, especially if you have number of add-ons.
    When you first open Firefox it'll already be using around 50-70MB of RAM.
    After a while that number will go up quickly.
    You definitely need more RAM.
  19. Phasmos

    Phasmos Newcomer, in training Topic Starter Posts: 53

    Ah! OK, is there any way to increase the available RAM without installing more physical memory? (I don't know if this computer can take more RAM.) Deleting unused programs, perhaps?

    Also, I think I found the solution to my audio problems - my IDE driver seems to be stuck in PIO mode instead of DMA (whatever that means). Going to delete the driver and reinstall it, which may resolve the issue... (at least I hope so... got enough issues with this poor machine lately...)
  20. Phasmos

    Phasmos Newcomer, in training Topic Starter Posts: 53

    YAY! Reinstalling the driver fixed the sound issue.
    Let me see what I can find out re: freeing up RAM...
  21. Broni

    Broni Malware Annihilator Posts: 46,479   +252

    This can definitely cause all kind of problems including slowness.

    As for RAM you can't really get around it. You just need to get more RAM. It's cheap.
  22. Phasmos

    Phasmos Newcomer, in training Topic Starter Posts: 53

    OK... Is there a simple way to determine how much RAM the machine can take vs. what is already installed?
  23. Phasmos

    Phasmos Newcomer, in training Topic Starter Posts: 53

    Found the RAM answer via a little app from Crucial. Now to finish with the cleanup checklist from #60...
  24. Broni

    Broni Malware Annihilator Posts: 46,479   +252

    Very well....
  25. Phasmos

    Phasmos Newcomer, in training Topic Starter Posts: 53

    OK, I've run the diagnostics and nothing appears to be out of order - results of the OTL were the same as last time, so presumably the machine is free of infection. HOORAY!

    Still a bit slow and twitchy - especially with regard to a couple of processes called "svchost.exe" and "wualclt.exe" that seem to eat up a lot of RAM on startup. I know that the second one is related to Windows Update, and the first one is a sort of generic service module used by a number of programs (there are in fact 5 or 6 versions of it running now with the same name)... so I'm assuming that you're right in that the poor old thing just needs more RAM. I'll have to order some ASAP and hopefully that will speed things up.

    Thanks so much for all your help, Broni!
    Dziekuje!

    :)


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.