TechSpot

Sirefef... darn you!!!

Inactive
By Kendra89
Jul 30, 2012
  1. Kendra89

    Kendra89 TS Rookie Topic Starter Posts: 24

    My disk cleanup does not have a "more options" tab...
  2. Kendra89

    Kendra89 TS Rookie Topic Starter Posts: 24

    Although I wasn't able to delete the old restore points as mentioned above, I moved on with the remainder of the steps. I ran OTC, CCleaner, and Security Check.

    Here is the checkup.txt:


    Results of screen317's Security Check version 0.99.43
    Windows 7 x64 (UAC is enabled)
    Out of date service pack!!
    Internet Explorer 9
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    Microsoft Security Essentials
    (On Access scanning disabled!)
    `````````Anti-malware/Other Utilities Check:`````````
    Java(TM) 6 Update 29
    Java version out of Date!
    Adobe Reader X (10.1.3)
    ````````Process Check: objlist.exe by Laurent````````
    Microsoft Security Essentials MSMpEng.exe
    Microsoft Security Essentials msseces.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 0%
    ````````````````````End of Log``````````````````````
  3. Kendra89

    Kendra89 TS Rookie Topic Starter Posts: 24

    I noticed it says my service pack is out of date, however windows update has failed to download and install the latest service pack for the past several months. I have gone through all of the suggestions from the help tab, but nothing helps it update successfully. Also, my java just popped up trying to update after OTC rebooted the comp, but I bypassed the update, trying to refrain from downloads until Ive been declared clean!
  4. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    You were declared clean...

    Java Update!

    Please download the newest version of Java from Java.com.

    Before installing: it is important to remove older versions of Java since it does not do so automatically and old versions still leave you vulnerable.
    Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
    Search in the list for all previous installed versions of Java. (J2SE Runtime Environment). Please uninstall/remove each of them.

    Once old versions are gone, please install the newest version.

    Read more about Java exploit problems


    For the service pack...

    1. Go to the Windows 7 Service Pack 1 download webpage on the Microsoft website, and then click Continue.
    2. Choose either the 32-bit (x86) or the 64-bit (x64) version of SP1 depending on whether you're running the 32-bit or the 64-bit version of Windows 7, and then click Download.
      • To find out which version you're running, click the Start button [​IMG], right-click Computer, and then click Properties. Under System, next to System type, you can view the operating system.
    3. To install SP1 immediately, click Open or Run, and then follow the instructions on your screen. To install SP1 later, click Save and download the installation file to your computer. When you're ready to install SP1, double-click the file.
    4. On the Install Windows 7 Service Pack 1 page, click Next.
    5. Follow the instructions on your screen. Your computer might restart during the installation.
    6. After installation is complete, log on to your computer at the Windows logon prompt. You might see a notification indicating whether the update was successful.
    7. If you disabled your antivirus software, enable it again.
    Source page


    Let me know how it all works out...
  5. Kendra89

    Kendra89 TS Rookie Topic Starter Posts: 24

    As soon as I deleted the old java, I turned on MSE which proceeded to run a quick scan and found a Trojan- DOS/alureon.a. I clicked the option to clean and it said it removed successfully but then it also had a pop up which said the cleaning wasnt complete and that iI needed to download windows defender offline in order to finish. It then said I needed to restart my computer to complete. What's happening?? I haven't downloaded anything new and have been running so many scans. It makes no sense that it would get reinfected so quickly!!
  6. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Rewinding time...

    Please download and run TDSSKiller to your desktop as outlined below:

    Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    For Windows XP, double-click to start.
    For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.


    [​IMG]

    -------------------------

    Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    [​IMG]

    ------------------------

    Click the Start Scan button.

    [​IMG]

    -----------------------

    If a suspicious object is detected, the default action will be Skip, click on Continue
    If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
    Skip and click on Continue


    [​IMG]

    ----------------------

    If malicious objects are found, they will show in the Scan results and offer three (3) options.

    Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.


    [​IMG]


    --------------------

    A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.
    Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

    -------------------

    Here's a summary of what to do if you would like to print it out:

    If a suspicious object is detected, the default action will be Skip, click on Continue
    If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
    Skip and click on Continue

    If malicious objects are found, they will show in the Scan results and offer three (3) options.

    Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  7. Kendra89

    Kendra89 TS Rookie Topic Starter Posts: 24

    The option to run as administrator does not appear when I right click the program. I am running windows 7. I tried double clicking and that brings me to the open with... screen. I did not know which program to choose, I didn't think I needed a specific program to host the killer. What do I do?
  8. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Please reboot to Safe Mode (tap the F8 key just before Windows starts to load and select the Safe Mode option from the menu). Then, try again...
  9. Kendra89

    Kendra89 TS Rookie Topic Starter Posts: 24

    Same things happens in safe mode; no option to run as admin, double clicking makes me choose a program to run with.
  10. Kendra89

    Kendra89 TS Rookie Topic Starter Posts: 24

    I noticed some system 32 drivers had a capital "S" for system and some had a lower case "s" at the beginning when safe mode was booting. Could those different ones be the virus disguising itself?
  11. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    It makes no difference for the capital versus lower-case S.

    Try this tool, and then after that try the tool before that I asked for....

    Please download and run RKill.

    Download mirror 1 - Download mirror 2 - Download mirror 3

    • Save it to your Desktop.
    • Double click the RKill desktop icon.
    • It will quickly run and launch a log. If it does not launch a log, try another download link until it does.
    • Please post its log in your next reply.
    • After it has run successfully, delete RKill.
    Note: This tool only kills the active infection, the actual infection will not be gone. Once you reboot the infection will be active again! Please do not reboot until instructed further to do so.
     
  12. Kendra89

    Kendra89 TS Rookie Topic Starter Posts: 24

    Rkill 2.3.3 by Lawrence Abrams (Grinler)
    http://www.bleepingcomputer.com/
    Copyright 2008-2012 BleepingComputer.com
    More Information about Rkill can be found at this link:
    http://www.bleepingcomputer.com/forums/topic308364.html
    Program started at: 08/26/2012 08:38:31 AM in x64 mode.
    Windows Version: Windows 7 Home Premium
    Checking for Windows services to stop.
    * No malware services found to stop.
    Checking for processes to terminate.
    * No malware processes found to kill.
    Checking Registry for malware related settings.
    * No issues found in the Registry.
    Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
    * HKLM\Software\Classes\.com "@" has been changed to ComFile!
    * HKLM\Software\Classes\.com "@" was reset to comfile!

    Performing miscellaneous checks.
    * Windows Defender Disabled
    [HKLM\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware" = dword:00000001
    Checking Windows Service Integrity:
    * Windows Defender (WinDefend) is not Running.
    Startup Type set to: Manual
    * CscService [Missing Service]
    * PeerDistSvc [Missing Service]
    * UmRdpService [Missing Service]
    Searching for Missing Digital Signatures:
  13. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Now, try working with TDSSKiller again, please.
  14. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hello. Are you still with us?

    Your thread has been marked as "Inactive" because of your lack of reply. Please let us know how your computer is running, or if you want to continue in this topic.

    Thanks.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.