Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Have two computers with Sirefef-HO/F


  • Please log in to reply
2 replies to this topic

#1 salemgeek2012

salemgeek2012

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:10:16 PM

Posted 08 March 2012 - 01:13 PM

I have two computers and both are infected with Sirefef-HO and possibly more. I have attached an OTL scan log. Stupid thing won't go away!

Would use KAV to break it but it is down currently for updating and their rescue disk doesn't even see the dang thing. Avast sure picks it up though! Doesn't disinfect though :(

Attached Files



BC AdBot (Login to Remove)

 


#2 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:12:16 AM

Posted 09 March 2012 - 06:12 PM

Welcome to BC, salemgeek2012!

A new variant of ZeroAccess has a persistent virus dropper which disguises itself pretty well. Your OTL logs show some pieces of the puzzle, but, it looks as if a removal program has taken care of a certain portion of the infection.

Since your Desktop, as well as your laptop, are involved, will help you tackle this issue one machine at a time. Otherwise, it gets too confusing.

Starting with delldesk...

Please open OTL (Vista/Seven: Right-click and select 'Run as Administrator')

•Make sure all other windows are closed.
•When the OTL console appears, click the None button at the top.

•Copy/paste the following text inside the code box into the Custom Scans/Fixes of OTL.

netsvcs
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ASUSVRC /s
/md5start
Sntnlusb.*
/md5stop

•Click the Run Scan button.
•When the scan completes, it opens a notepad window with: OTL.txt

Please post the OTL.txt in your reply.



Also, download: aswMBR
Save it to the Desktop.

Vista/Windows 7: Right-click the file and select 'Run as Administrator'

When promped with: This Application can use the Avast! Free AntiVirus for scanning...etc.
Select: Yes

The last line of the run in progress will provide the status of the Avast! scan.
It will say: Downloading Avast! virus definitiond database, etc.
When the Avast! scan is done, the last line changes to: Avast Engine definitions #####

At this point, click the Scan button on the lower left of the aswMBR screen.
The last line will now say "Scanning" while in progress.

Upon completion of the scan, click Save log and save it to the Desktop.
Note: Please do NOT attempt to fix anything!!

Exit the program.

Please post the new aswMBR log in your reply.

Edited by Aaflac, 09 March 2012 - 09:34 PM.

Old duck...


#3 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:12:16 AM

Posted 09 March 2012 - 09:36 PM

salemgeek2012,

Note the Code box edit!!

Addded: netsvcs

Old duck...





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users