Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Need help with a sirefef trojan. DDS logs (DDS.txt & Attach.

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Need help with a sirefef trojan. DDS logs (DDS.txt & Att

Unread postby melboy » July 15th, 2012, 11:01 am

creamtheater wrote:Excellent. I went through the tutorial, pretty simple.. but it looks like it was prepared on XP? What if the options on Windows 7 are different?

They are for Windows 7. ;)

Document details:

Operating System: Windows 7 - 32 Bit, Windows 7 - 64 Bit, Windows Vista 32 Bit, Windows Vista 64 Bit
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK
Advertisement
Register to Remove

Re: Need help with a sirefef trojan. DDS logs (DDS.txt & Att

Unread postby creamtheater » July 15th, 2012, 11:12 am

Very well then.. I hope next you hear from me now is to tell you that it's done. ;)
creamtheater
Regular Member
 
Posts: 17
Joined: July 12th, 2012, 8:50 am

Re: Need help with a sirefef trojan. DDS logs (DDS.txt & Att

Unread postby melboy » July 15th, 2012, 11:26 am

Please, do let me know. :)
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Need help with a sirefef trojan. DDS logs (DDS.txt & Att

Unread postby creamtheater » July 15th, 2012, 3:06 pm

So.. we have a situation, buddy. The first procedure was completed successfully, however after that, the computer is only giving two messages then rebooting.

Here are (not exactly) screenshots of the notifications.
You do not have the required permissions to view the files attached to this post.
creamtheater
Regular Member
 
Posts: 17
Joined: July 12th, 2012, 8:50 am

Re: Need help with a sirefef trojan. DDS logs (DDS.txt & Att

Unread postby melboy » July 15th, 2012, 4:52 pm

Be patient - It may take some time & several reboots.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Need help with a sirefef trojan. DDS logs (DDS.txt & Att

Unread postby creamtheater » July 16th, 2012, 5:02 am

Hello champ! Just wanted to tell you, that the reinstallation is complete and the computer's working just fine now.. like new. However, the Procedure (b) could never be completed, because the system would not give the option to do that, so in order to be able to do it, we ended up repeating Process (a) again, but still didn't get through. So, I thought since Windows is installed and everything was working, I thought it's not important, as there wasn't anything we had to recover?
So, we did a Security Essentials scan last night, and everything was working with no any threats.
Should I provide you any sort of log again for you to diagnose and be completely assured that there's no threat anymore?
And one last thing, what you and I 'should' expect, my mom forgot to back up the centuries old Skype snapshots that were there, and is kind of upset about it. Is there a way we could retrieve them? Though I have consoled her and hinted that she better get over it, I just wanted to take a chance asking you. :P
creamtheater
Regular Member
 
Posts: 17
Joined: July 12th, 2012, 8:50 am

Re: Need help with a sirefef trojan. DDS logs (DDS.txt & Att

Unread postby melboy » July 16th, 2012, 2:56 pm

creamtheater wrote:Hello champ! Just wanted to tell you, that the reinstallation is complete and the computer's working just fine now.. like new.

Great! :thumbright:

creamtheater wrote:However, the Procedure (b) could never be completed, because the system would not give the option to do that, so in order to be able to do it, we ended up repeating Process (a) again, but still didn't get through. So, I thought since Windows is installed and everything was working, I thought it's not important, as there wasn't anything we had to recover?

Process a & process b relate to different types of recovery software - you can only do one or the other, depending on the recovery software that was installed on the machine. ;)
There are two different Recovery Wizards described below. The first one is the "TOSHIBA HDD Recovery" Tool and the second one is the "TOSHIBA Recovery Wizard"


creamtheater wrote:So, we did a Security Essentials scan last night, and everything was working with no any threats.
Should I provide you any sort of log again for you to diagnose and be completely assured that there's no threat anymore?
See below.


creamtheater wrote:And one last thing, what you and I 'should' expect, my mom forgot to back up the centuries old Skype snapshots that were there, and is kind of upset about it. Is there a way we could retrieve them?
I won't say it's not possible, but unlikely - And the more the machine is used, the less chance there is of recovery. If it really is necessary to recover them you'd be best posting in a forum that specialises in data recovery. There were warnings in place. ;)
If you continue, please be sure that you connected your AC adapter and that you backed up all your data from the operating system drive to another location! All data and programs of the operating system drive (usually C:) will be erased!


===================================

aswMBR

Download aswMBR and save it to your Desktop.

  • Right click aswMBR.exe & choose "Run as Administrator" to run it.
  • Click Yes to the prompt to download Avast! virus definitions.
    (Please be patient whilst the virus definitions download)
  • With the AVscan set to Quick Scan, click the Scan button.
    (Please be patient whilst your computer is scanned.)
  • When the scan reports "Scan finished successfully", click Save log & save the log to your desktop.
  • Click OK
  • Two files will be created, aswMBR.txt & a file named MBR.dat
  • Save MBR.dat to to a form of removable media. (CD, DVD, USB flash drive etc) - This is a backup of your MBR. Do not delete this file.
  • NOTE: Do not click to fix anything at this stage!
  • Click EXIT.
  • Copy & Paste the contents of aswMBR.txt into your next reply.



Security Check

Please download and save SecurityCheck to your Desktop from one of the links below.

Link 1
Link 2

  • Right click SecurityCheck.exe and choose "Run as Administrator" to run it
  • Allow any UAC prompt.
  • Follow the onscreen instructions inside the black box.
  • A Notepad document should open automatically called checkup.txt
  • Please post the contents of that document in your next reply.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Need help with a sirefef trojan. DDS logs (DDS.txt & Att

Unread postby creamtheater » July 18th, 2012, 9:54 am

really sorry for not replying. Just couldn't match my timings with my mom. I shall update you with the logs in a couple of hours. Thanks.
creamtheater
Regular Member
 
Posts: 17
Joined: July 12th, 2012, 8:50 am

Re: Need help with a sirefef trojan. DDS logs (DDS.txt & Att

Unread postby creamtheater » July 18th, 2012, 5:39 pm

Finally! Here are the two logs.

aswMBR:

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-18 21:52:45
-----------------------------
21:52:45.920 OS Version: Windows x64 6.1.7600
21:52:45.920 Number of processors: 1 586 0x301
21:52:45.920 ComputerName: NAYLA-TOSH UserName: Nayla
21:52:49.243 Initialize success
21:57:34.171 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
21:57:34.186 Disk 0 Vendor: TOSHIBA_MK2555GSX FG001M Size: 238475MB BusType: 11
21:57:34.217 Disk 0 MBR read successfully
21:57:34.217 Disk 0 MBR scan
21:57:34.217 Disk 0 Windows 7 default MBR code
21:57:34.233 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 400 MB offset 2048
21:57:34.249 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 119237 MB offset 821248
21:57:34.280 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 118837 MB offset 245018624
21:57:34.311 Disk 0 scanning C:\Windows\system32\drivers
21:57:40.972 Service scanning
21:59:35.863 Modules scanning
21:59:35.925 Disk 0 trace - called modules:
21:59:35.941 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
21:59:35.957 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8003076790]
21:59:36.487 3 CLASSPNP.SYS[fffff8800161743f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0xfffffa8002fcb060]
21:59:36.487 Scan finished successfully
22:09:46.449 Disk 0 MBR has been saved successfully to "C:\Users\Nayla\Documents\MBR.dat"
22:09:46.605 The log file has been saved successfully to "C:\Users\Nayla\Documents\aswMBR.txt"


Checkup:

Results of screen317's Security Check version 0.99.43
Windows 7 x64 (UAC is enabled)
Out of date service pack!!
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
McAfee VirusScan
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java(TM) 6 Update 14
Java version out of Date!
Adobe Reader 9 Adobe Reader out of Date!
Google Chrome 20.0.1132.57
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
McAfee VIRUSS~1 mcshield.exe
McAfee VIRUSS~1 mcsysmon.exe
TOSHIBA Toshiba Online Product Information TOPI.exe
`````````````````System Healthi check`````````````````
Total Fragmentation on Drive C: 6%
````````````````````End of Log``````````````````````

------------

But here's some news for you, that i'd let the attached screenshot explain best:
You do not have the required permissions to view the files attached to this post.
creamtheater
Regular Member
 
Posts: 17
Joined: July 12th, 2012, 8:50 am

Re: Need help with a sirefef trojan. DDS logs (DDS.txt & Att

Unread postby melboy » July 18th, 2012, 8:02 pm

Hi

I'd be reasonably assured that is a false positive by Mcafee. Has there been any further detections?


Multiple Anti Virus programs.

You are operating multiple Anti Virus programs on your computer:

  • Mcafee
  • Microsoft Security Essentials

It is NOT safe to have more than one anti-virus installed on a system, and that doing so not only does not provide better protection, it will actually cause additional problems. Anti-virus programs patch into the system kernel. Having more than one anti-virus patching into the system kernel will not only destabilize a system, it can corrupt system files and it WILL cause crashes! You MUST remove all but one anti-virus program.


Security Updates for Windows, Internet Explorer & Microsoft Office

  • Manually check for & install Windows updates via Start > search box, type Update, and then, in the list of results, click Windows Update.
  • In the left pane, click Check for updates, and then wait while Windows looks for the latest updates for your PC,
  • Alternatively visit the Microsoft Update site.

Note: The update process uses ActiveX, so you will need to use internet explorer for it and allow the ActiveX control to install.



Update Java Runtime

You are using an old version of Java. Oracle's Java (Was Sun Java) is sometimes updated in order to eliminate the exploitation of vulnerabilities in an existing version. For this reason, it's extremely important that you keep the program up to date, and also remove the older more vulnerable versions from your system.
The most current version of Oracle Java is: Java Runtime Environment Version 7 Update 5.

  • Go to Oracle Java
  • Scroll down to where it says "Java Platform, Standard Edition. Java SE 7 Update 5"
  • Click the Download JRE button to the right.
  • Check the box to Accept License Agreement
  • In the list of files, Look to Windows x86 Offline & click on the link to the right which says "jre-7u5-windows-i586.exe" and save the downloaded file to your desktop.
  • Uninstall all old versions of Java via start > control panel > Programs > programs and features.
    Java(TM) 6 Update 14
  • Install the new version by running the newly-downloaded file with the java icon which will be at your desktop, and follow the on-screen instructions.



Update Adobe Reader

Your Adobe Reader is out of date.
Older versions may have vulnerabilities that malware can use to infect your system.

  • Uninstall via start > control panel > Programs > programs and features.
    Adobe Reader 9

    Please visit the Adobe Site & download & install Adobe Reader X (10.1.3).
    (Uncheck the Mcafee Security Scan or any other extras)



Malwarebytes' Anti-Malware (MBAM)

Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • When the program loads, Decline the Malwarebytes' Anti-Malware Trial (You can activate this when we've finished, if you wish)
  • Select the Settings tab, then the Scanner Settings tab
  • For Action for Potentially Unwanted Programs (PUP), choose Show in results list and check for removal
  • Select to the Scanner tab, select Perform Quick scan, then click on Scan
  • When done, you will be prompted. Click OK. If Items are found, then click on Show Results
  • Check all items then click on Remove Selected
  • After it has removed the items, Notepad will open. Please post this log in your next reply.

    The log can also be found here:
    1. C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
    2. Or via the Logs tab when the application is started.

Note: MBAM may ask to reboot your computer so it can continue with the removal process, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Need help with a sirefef trojan. DDS logs (DDS.txt & Att

Unread postby creamtheater » July 19th, 2012, 5:32 pm

Halo! Did everything as instructed. However, I uninstalled only one Java program as against your instruction of "all." I did not check for all, if there were any. Just did, this one "Java(TM) 6 Update 14." Are there more, that I should look for?
I installed the new one though as you said and it went through.

About Mbam, Here's the log:


Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.19.13

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Nayla :: NAYLA-TOSH [administrator]

19/07/2012 22:11:02
mbam-log-2012-07-19 (22-11-02).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 187823
Time elapsed: 5 minute(s), 10 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Everything looks positive. But the doctor makes the final call. :P
creamtheater
Regular Member
 
Posts: 17
Joined: July 12th, 2012, 8:50 am

Re: Need help with a sirefef trojan. DDS logs (DDS.txt & Att

Unread postby melboy » July 19th, 2012, 5:45 pm

Hi

It was just that one Java version to remove.

Your logs appear to be clean. Congratulations!
This is my general post for when your logs show no more signs of malware ;) - Please let me know if you still are having problems with your computer and what these problems are. If not, please continue with the instructions below.


Remove the following by right clicking each file in turn (If found) and choosing Delete:

aswMBR.exe
aswMBR.txt
SecurityCheck.exe
Checkup.txt




UAC

The User Account Control (UAC) helps protect your PC against malicious software. http://windows.microsoft.com/en-US/wind ... nt-control

  1. Click on Start > Control Panel.
  2. In the search box, type uac, and then click Change User Account Control settings.
  3. Move the slider to choose when you want to be notified (I recommend at least the Default level).
  4. Click OK.

  • Make sure that you keep your antivirus updated
    New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software.
    Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.
  • Security Updates for Windows, Internet Explorer & Microsoft Office
    Whenever a security problem in its software is found, Microsoft will usually create a patch so that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC. Keeping up with these patches will help to prevent malicious software being installed on your PC. Manually check for Windows updates via Start > All Programs > Windows Update > In the left pane, click Check for updates, and then wait while Windows looks for the latest updates for your PC, or visit the Microsoft Update site on a regular basis.
    Note: The update process uses ActiveX, so you will need to use internet explorer for it and allow the ActiveX control to install.
  • Update Non-Microsoft Programs
    Microsoft isn't the only company whose products can contain security vulnerabilities. To check whether other programs running on your PC are in need of an update, you can use the Secunia Software Inspector - I suggest that you run it at least once a month.


Recommended Programs

I would recommend the download and installation of some or all of the following programs (if not already present), and the updating of them on a regular basis.

  • Malwarebytes' Anti-Malware
    Malwarebytes' Anti-Malware is an anti-malware application that can thoroughly remove even the most advanced malware. You can find a tutorial HERE. As you already have Malwarebytes' Anti-Malware on board I would keep it regularly updated and run regular quick scans with it. The Full version can be used as an addition to an anti-virus & includes a number of features, including a built in protection monitor that blocks malicious processes before they even start. It's IP Protection provides an additional layer of security for your computer, by preventing access to known malicious IP addresses and IP ranges. You can now trial the full versions features within the program. Click the Protection Tab to see.
  • Hosts File
    For added protection you may also like to add a host file. A simple explanation of what a Hosts file does is HERE and for more information regarding host files read HERE.



Finally I am trying to make one point very clear. It is absolutely essential to keep all of your security programs up to date.

Also please read this great article by Tony Klein So How Did I Get Infected In First Place

I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.

Happy surfing and stay clean!
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Need help with a sirefef trojan. DDS logs (DDS.txt & Att

Unread postby creamtheater » July 19th, 2012, 6:04 pm

Sure, i'll be doing all of that. But that will only happen tomorrow, and I have completely wiped out McAfee, so it's just Security Essentials.
Thanks a lot though for informing about how careful do I need to be concerning the AV updates. I shall keep all of that in mind.
I would appreciate if you just wait till tomorrow so I can complete all the above instructions and confirm here that everything went alright.
Thanks a ton, again, man.
creamtheater
Regular Member
 
Posts: 17
Joined: July 12th, 2012, 8:50 am

Re: Need help with a sirefef trojan. DDS logs (DDS.txt & Att

Unread postby melboy » July 19th, 2012, 6:42 pm

....'til tomorrow :thumbup:
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Need help with a sirefef trojan. DDS logs (DDS.txt & Att

Unread postby creamtheater » July 20th, 2012, 2:17 pm

Ok, we're finally there. You can now close the thread. I'd just like to say you guys are doing an incredible job, and I cannot thank enough. You have been great help.. what would have cost me a good amount of money due to professional intervention, you sorted it out for me and I am very grateful for everything. Feels good to know people like you are around.
Wish you success with whatever you're doing in life.
Toodles.
creamtheater
Regular Member
 
Posts: 17
Joined: July 12th, 2012, 8:50 am
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 57 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware