Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with "Abnow" redirect virus


  • This topic is locked This topic is locked
24 replies to this topic

#16 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,739 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:45 AM

Posted 26 March 2012 - 06:45 PM

Greetings sympa,


Our patience finally paid off. Thanks for hanging in there.

Here are the next steps we need to take. Please perform the following for me.


===================================================


Running Combofix Script

-------------------

  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Open notepad and copy/paste the text below into the Notepad document

    NetSvc::
    usbatapi2000
    Folder::
    c:\documents and settings\Tizian\Local Settings\Application Data\d67d2d4d
    

  • Save this on your desktop as CFScript.txt.


    Posted Image

  • Refering to the picture above, drag CFScript.txt into ComboFix.exe
  • When finished, it will create a log for you at C:\ComboFix.txt. Please copy/paste the information in your next reply.

===================================================


OTL Custom Scan

--------------------

  • Please download OTL from one of the following mirrors:

  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Push the None button on the second row from the top
  • Copy and Paste the following code into the Posted Image textbox.

    netsvcs

  • Push the Scan button
  • When finished a report named OTL.txt will open. Please copy and paste that information in your reply

===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • ComboFix.txt
  • OTL.txt

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

BC AdBot (Login to Remove)

 


#17 sympa

sympa
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:45 PM

Posted 27 March 2012 - 01:49 AM

Greetings Oh My,


The log produced in the previous post was obtained by running Combofix from safe mode.
I am attaching a print screen of the warning which i get from combofix (not in safe mode)when i drop CFScript.txt onto Combofix.
What is your recommendation ?

Attached Files



#18 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,739 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:45 AM

Posted 27 March 2012 - 02:52 PM

Greetings sympa,


We need a fresh copy of ComboFix for the greatest degree of effectiveness.

Let's try this again just a little bit differently.


===================================================


Reinstalling ComboFix and Running a Combofix Script

-------------------

  • Right click on the ComboFix Icon Posted Image on your desktop and select Delete.
    Please download ComboFix from one of these locations and save it to your desktop:

    Bleepingcomputer
    ForoSpyware

  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Open notepad and copy/paste the text below into the Notepad document

    NetSvc::
    usbatapi2000
    Folder::
    c:\documents and settings\Tizian\Local Settings\Application Data\d67d2d4d
    

  • Save this on your desktop as CFScript.txt.


    Posted Image

  • Refering to the picture above, drag CFScript.txt into ComboFix.exe
  • When finished, it will create a log for you at C:\ComboFix.txt. Please copy/paste the information in your next reply.

===================================================


OTL Custom Scan

--------------------

  • Please download OTL from one of the following mirrors:

  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Push the None button on the second row from the top
  • Copy and Paste the following code into the Posted Image textbox.

    netsvcs

  • Push the Scan button
  • When finished a report named OTL.txt will open. Please copy and paste that information in your reply

===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • ComboFix.txt
  • OTL.txt

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#19 sympa

sympa
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:45 PM

Posted 28 March 2012 - 02:46 AM

Greeting Oh My,

many thanks for your patience with my issue

here are the logs :

ComboFix 12-03-27.03 - Tizian 28.03.2012 10:30:12.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.3070.2567 [GMT 3:00]
Running from: c:\documents and settings\Tizian\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Tizian\Desktop\CFScript.txt
AV: COMODO Antivirus *Disabled/Updated* {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
FW: COMODO Firewall *Disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Tizian\Local Settings\Application Data\d67d2d4d
c:\documents and settings\Tizian\Local Settings\Application Data\d67d2d4d\@
c:\documents and settings\Tizian\Local Settings\Application Data\d67d2d4d\print.txt
.
.
((((((((((((((((((((((((( Files Created from 2012-02-28 to 2012-03-28 )))))))))))))))))))))))))))))))
.
.
2012-03-10 18:52 . 2012-03-10 18:52 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-03-10 11:47 . 2012-03-10 11:47 -------- d-----w- c:\program files\Orban
2012-03-10 11:24 . 2012-03-19 14:41 -------- d-----w- c:\documents and settings\Admin
2012-03-10 11:19 . 2012-03-10 11:19 -------- d-----w- c:\documents and settings\Tizian\Local Settings\Application Data\COMODO
2012-03-09 12:25 . 2012-03-09 12:25 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-09 09:23 . 2012-03-09 09:23 -------- d-----w- c:\program files\CCleaner
2012-03-09 09:15 . 2012-03-09 09:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo
2012-03-09 09:15 . 2012-03-09 09:15 -------- d-----w- c:\program files\COMODO
2012-02-27 16:05 . 2012-02-27 16:05 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-10 18:52 . 2010-05-25 08:42 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-09 18:33 . 2011-06-14 18:25 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-09 12:26 . 2004-08-04 12:00 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
2012-02-03 09:22 . 2005-10-06 00:06 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-17 21:00 . 2011-12-19 16:59 494968 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2012-01-11 19:06 . 2012-02-16 12:01 3072 ------w- c:\windows\system32\iacenc.dll
2012-01-09 16:20 . 2008-02-20 14:24 139784 ----a-r- c:\windows\system32\drivers\rdpwd.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-03-26_10.15.32 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-03-28 07:11 . 2012-03-28 07:11 16384 c:\windows\temp\Perflib_Perfdata_1e8.dat
+ 2012-03-27 14:12 . 2012-03-27 14:12 22016 c:\windows\Installer\1495951.msi
+ 2012-01-19 16:23 . 2012-03-28 07:11 614144 c:\windows\system32\drivers\sfi.dat
- 2012-01-19 16:23 . 2012-03-26 10:14 614144 c:\windows\system32\drivers\sfi.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-08-01 1036288]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-03 13529088]
"nwiz"="nwiz.exe" [2008-05-03 1630208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-03 86016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 39792]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-12-20 6676808]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\ftp.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"=
"c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\Google\\Update\\GoogleUpdate.exe"=
"c:\\Program Files\\COMODO\\COMODO Internet Security\\cfpupdat.exe"=
"c:\\Program Files\\Common Files\\Java\\Java Update\\jucheck.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
.
R0 firedrv;Generic OHCILynx-1394 (intek);c:\windows\system32\drivers\firedrv.sys [16.11.2007 10:56 103528]
R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [19.12.2011 19:59 18056]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [19.12.2011 19:59 494968]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [19.12.2011 19:59 31704]
R2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [20.06.2011 11:03 2337144]
S2 gupdate;Serviciul Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [07.03.2011 18:08 136176]
S3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [07.03.2011 18:08 136176]
S4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?]
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-07 15:08]
.
2012-03-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-07 15:08]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/?ilc=8
mStart Page = hxxp://www.yahoo.com/?ilc=8
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
TCP: DhcpNameServer = 192.168.0.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-28 10:32
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwClose
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(744)
c:\windows\system32\guard32.dll
.
- - - - - - - > 'lsass.exe'(800)
c:\windows\system32\guard32.dll
.
- - - - - - - > 'csrss.exe'(716)
c:\windows\system32\cmdcsr.dll
.
Completion time: 2012-03-28 10:33:05
ComboFix-quarantined-files.txt 2012-03-28 07:33
ComboFix2.txt 2012-03-26 10:17
.
Pre-Run: 29.492.129.792 bytes free
Post-Run: 29.476.880.384 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect/3GB /USERVA=2990
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - B9AB7D1CD7E590BD4BF3ED253F9904B1


=====================================================================================


OTL logfile created on: 28.03.2012 10:44:20 - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\Tizian\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy

3,00 Gb Total Physical Memory | 2,55 Gb Available Physical Memory | 85,03% Memory free
4,87 Gb Paging File | 4,42 Gb Available in Paging File | 90,71% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 48,83 Gb Total Space | 27,49 Gb Free Space | 56,28% Space Free | Partition Type: NTFS
Drive E: | 175,80 Gb Total Space | 158,04 Gb Free Space | 89,90% Space Free | Partition Type: NTFS
Drive F: | 8,20 Gb Total Space | 7,59 Gb Free Space | 92,54% Space Free | Partition Type: NTFS

Computer Name: SCHUETZ-DENTAL | User Name: Tizian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

< End of report >

#20 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,739 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:45 AM

Posted 28 March 2012 - 03:31 PM

Greetings sympa,


It is my pleasure to help.

I would like us to run a couple of scans to see if there are any traces of malware on your computer. I would also like to know if you are still experiencing redirects or any other symptoms.

Please perform the following for me, if you would.


===================================================


Malwarebytes

--------------------

Please download Malwarebytes Anti-Malware and save it to your desktop.

  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.
Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet and double-click on the renamed file to install the application.
    For instructions with screenshots, please refer to this Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.
Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.


===================================================


ESET Online Scanner

--------------------

I'd like us to scan your machine with ESET OnlineScan

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.

    Posted Image

  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:

    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • MBAM log
  • ESET log
  • How is your machine running?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#21 sympa

sympa
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:45 PM

Posted 30 March 2012 - 01:05 AM

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.29.06

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Tizian :: SCHUETZ-DENTAL [administrator]

29.03.2012 21:17:29
mbam-log-2012-03-29 (21-17-29).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 211383
Time elapsed: 2 minute(s), 13 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
============================

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=9d6c88bccb3ff84489e99924d6a8c8fc
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-03-29 07:01:55
# local_time=2012-03-29 10:01:55 (+0200, GTB Daylight Time)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=3073 16777189 80 71 17555 8735187 0 0
# compatibility_mode=8192 67108863 100 0 159 159 0 0
# scanned=78565
# found=166
# cleaned=166
# scan_time=2209
C:\Qoobox\Quarantine\C\Documents and Settings\Tizian\Local Settings\Application Data\d67d2d4d\U\000000c0.@.vir Win32/Redirector.A trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Program Files\COMODO\COMODO Internet Security\Quarantine\06AE1656-ECEE-42D5-9771-FB359A44D24B.data.vir Win32/Redirector.A trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Program Files\COMODO\COMODO Internet Security\Quarantine\070CD12D-0B48-43A3-8B26-3EB4F7482B49.data.vir Win32/Sirefef.EN trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Program Files\COMODO\COMODO Internet Security\Quarantine\08DB5B27-9115-4BA3-A063-6F135D609D5E.data.vir Win32/Redirector.A trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Program Files\COMODO\COMODO Internet Security\Quarantine\114E7551-C8EA-4BDA-AC34-AD1AC29EB915.data.vir Win32/Redirector.A trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Program Files\COMODO\COMODO Internet Security\Quarantine\12C8A5C6-C1DB-4273-BB85-F00D78652E9B.data.vir Win32/Sirefef.EN trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Program Files\COMODO\COMODO Internet Security\Quarantine\177B3978-5EE7-4472-8E7B-ADA0ACA60C34.data.vir a variant of Win32/Sirefef.CR trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Program Files\COMODO\COMODO Internet Security\Quarantine\1A5E96C7-1FCB-4A29-9578-3EC5E9753FEC.data.vir Win32/Redirector.A trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Program Files\COMODO\COMODO Internet Security\Quarantine\2181491F-972D-42FD-92AF-BF51A972E36A.data.vir Win32/Redirector.A trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Program Files\COMODO\COMODO Internet Security\Quarantine\3CFD6D96-97EB-4EE2-9B8C-274F216102F8.data.vir Win32/Redirector.A trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Program Files\COMODO\COMODO Internet Security\Quarantine\5BA4C9F5-7E94-4C85-91A8-6FF6CBFEAEED.data.vir Win32/Redirector.A trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Program Files\COMODO\COMODO Internet Security\Quarantine\6BB6364D-0E1A-40C7-8B11-67D5CBF66023.data.vir Win32/Redirector.A trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Program Files\COMODO\COMODO Internet Security\Quarantine\7673F67B-D810-4239-9E04-C8871ACC2EF7.data.vir Win32/Sirefef.EN trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Program Files\COMODO\COMODO Internet Security\Quarantine\8339CB54-FD6B-4BAB-9E97-B743EAF64B85.data.vir Win32/Sirefef.EN trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Program Files\COMODO\COMODO Internet Security\Quarantine\90E294E7-3E87-4C9D-B2A8-C2A35D5A2764.data.vir Win32/Sirefef.EN trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Program Files\COMODO\COMODO Internet Security\Quarantine\97D06055-F867-4EC5-8312-B344D914DFD4.data.vir Win32/Redirector.A trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Program Files\COMODO\COMODO Internet Security\Quarantine\97D960C5-7EF9-4AF4-8DD4-7D4AD5B52DB2.data.vir a variant of Win32/Sirefef.CR trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Program Files\COMODO\COMODO Internet Security\Quarantine\9B9CA7CE-0A5F-44CB-A33A-9BA7DE3F6E51.data.vir Win32/Sirefef.EN trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Program Files\COMODO\COMODO Internet Security\Quarantine\9CE95447-936D-4890-98D9-AD8744164B81.data.vir Win32/Redirector.A trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Program Files\COMODO\COMODO Internet Security\Quarantine\AFE990ED-A67F-490B-AE7E-36F6F7CF8F1F.data.vir Win32/Redirector.A trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Program Files\COMODO\COMODO Internet Security\Quarantine\AFEA739E-110E-4662-9D9D-EDBE9189FCB7.data.vir Win32/Redirector.A trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Program Files\COMODO\COMODO Internet Security\Quarantine\BB02DE7A-8B08-46F7-A23B-5F301000FB76.data.vir Win32/Sirefef.EN trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Program Files\COMODO\COMODO Internet Security\Quarantine\CD10530C-4B51-4005-86CD-4E43C90D2167.data.vir Win32/Redirector.A trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Program Files\COMODO\COMODO Internet Security\Quarantine\D2493497-C336-40E5-A178-F34E8CAEC95A.data.vir Win32/Redirector.A trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Program Files\COMODO\COMODO Internet Security\Quarantine\D8CA0489-173F-4FA8-BB13-590BAD63E5C1.data.vir Win32/Redirector.A trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Program Files\COMODO\COMODO Internet Security\Quarantine\D9A66857-A992-4DA6-8A09-75906763C368.data.vir Win32/Redirector.A trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Program Files\COMODO\COMODO Internet Security\Quarantine\DC0FC608-6FAC-4B49-8CCF-7E03D8436B91.data.vir Win32/Redirector.A trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Program Files\COMODO\COMODO Internet Security\Quarantine\E94662A4-9B90-4938-ABFE-E84B8228BBEF.data.vir Win32/Redirector.A trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Program Files\COMODO\COMODO Internet Security\Quarantine\E977561E-A514-42C5-A3A7-19BB3FEF589D.data.vir Win32/Sirefef.EN trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Program Files\COMODO\COMODO Internet Security\Quarantine\E9926040-8383-4816-B4D3-1EAB280C212F.data.vir Win32/Sirefef.EN trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Program Files\COMODO\COMODO Internet Security\Quarantine\FEE36863-F40E-48B7-924B-18CF701DCA1E.data.vir Win32/Redirector.A trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\assembly\GAC_MSIL\desktop.ini.vir a variant of Win32/Sirefef.EF trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\MRV6X32P.dll.vir probably a variant of Win32/Sirefef.ER trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\mrxsmb.sys.vir Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{441221E7-6F0C-4B5E-A269-780423DE5B07}\RP349\A0069628.ini a variant of Win32/Sirefef.EF trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{441221E7-6F0C-4B5E-A269-780423DE5B07}\RP349\A0069640.ini a variant of Win32/Sirefef.EF trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{441221E7-6F0C-4B5E-A269-780423DE5B07}\RP349\A0069652.ini a variant of Win32/Sirefef.EF trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{441221E7-6F0C-4B5E-A269-780423DE5B07}\RP349\A0069735.ini a variant of Win32/Sirefef.EF trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{441221E7-6F0C-4B5E-A269-780423DE5B07}\RP351\A0070214.ini a variant of Win32/Sirefef.EF trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{441221E7-6F0C-4B5E-A269-780423DE5B07}\RP351\A0070224.ini a variant of Win32/Sirefef.EF trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{441221E7-6F0C-4B5E-A269-780423DE5B07}\RP351\A0070234.ini a variant of Win32/Sirefef.EF trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{441221E7-6F0C-4B5E-A269-780423DE5B07}\RP355\A0070471.ini a variant of Win32/Sirefef.EF trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{441221E7-6F0C-4B5E-A269-780423DE5B07}\RP355\A0070488.ini a variant of Win32/Sirefef.EF trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{441221E7-6F0C-4B5E-A269-780423DE5B07}\RP358\A0070733.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{441221E7-6F0C-4B5E-A269-780423DE5B07}\RP358\A0070738.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{441221E7-6F0C-4B5E-A269-780423DE5B07}\RP358\A0070740.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{441221E7-6F0C-4B5E-A269-780423DE5B07}\RP358\A0070741.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{441221E7-6F0C-4B5E-A269-780423DE5B07}\RP358\A0070742.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{441221E7-6F0C-4B5E-A269-780423DE5B07}\RP358\A0070743.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{441221E7-6F0C-4B5E-A269-780423DE5B07}\RP358\A0070744.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{441221E7-6F0C-4B5E-A269-780423DE5B07}\RP358\A0070745.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{441221E7-6F0C-4B5E-A269-780423DE5B07}\RP358\A0070746.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{441221E7-6F0C-4B5E-A269-780423DE5B07}\RP358\A0070747.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{441221E7-6F0C-4B5E-A269-780423DE5B07}\RP358\A0070748.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{441221E7-6F0C-4B5E-A269-780423DE5B07}\RP358\A0070749.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{441221E7-6F0C-4B5E-A269-780423DE5B07}\RP358\A0070750.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{441221E7-6F0C-4B5E-A269-780423DE5B07}\RP358\A0070751.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{441221E7-6F0C-4B5E-A269-780423DE5B07}\RP358\A0070752.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{441221E7-6F0C-4B5E-A269-780423DE5B07}\RP358\A0070753.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{441221E7-6F0C-4B5E-A269-780423DE5B07}\RP358\A0070754.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{441221E7-6F0C-4B5E-A269-780423DE5B07}\RP358\A0070755.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{441221E7-6F0C-4B5E-A269-780423DE5B07}\RP358\A0070756.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{441221E7-6F0C-4B5E-A269-780423DE5B07}\RP358\A0070757.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{441221E7-6F0C-4B5E-A269-780423DE5B07}\RP358\A0070758.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{441221E7-6F0C-4B5E-A269-780423DE5B07}\RP358\A0070759.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{441221E7-6F0C-4B5E-A269-780423DE5B07}\RP358\A0070760.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{441221E7-6F0C-4B5E-A269-780423DE5B07}\RP358\A0070761.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{441221E7-6F0C-4B5E-A269-780423DE5B07}\RP358\A0070762.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{441221E7-6F0C-4B5E-A269-780423DE5B07}\RP358\A0070763.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{441221E7-6F0C-4B5E-A269-780423DE5B07}\RP358\A0070764.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{441221E7-6F0C-4B5E-A269-780423DE5B07}\RP358\A0070765.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{441221E7-6F0C-4B5E-A269-780423DE5B07}\RP358\A0070766.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{441221E7-6F0C-4B5E-A269-780423DE5B07}\RP358\A0070767.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{441221E7-6F0C-4B5E-A269-780423DE5B07}\RP358\A0070768.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{441221E7-6F0C-4B5E-A269-780423DE5B07}\RP358\A0070769.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{441221E7-6F0C-4B5E-A269-780423DE5B07}\RP358\A0070770.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{441221E7-6F0C-4B5E-A269-780423DE5B07}\RP358\A0070771.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{441221E7-6F0C-4B5E-A269-780423DE5B07}\RP358\A0070772.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{441221E7-6F0C-4B5E-A269-780423DE5B07}\RP358\A0070773.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{441221E7-6F0C-4B5E-A269-780423DE5B07}\RP358\A0070774.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{441221E7-6F0C-4B5E-A269-780423DE5B07}\RP358\A0070775.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{441221E7-6F0C-4B5E-A269-780423DE5B07}\RP358\A0070776.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{441221E7-6F0C-4B5E-A269-780423DE5B07}\RP358\A0070777.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{441221E7-6F0C-4B5E-A269-780423DE5B07}\RP358\A0070778.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{441221E7-6F0C-4B5E-A269-780423DE5B07}\RP358\A0070779.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{441221E7-6F0C-4B5E-A269-780423DE5B07}\RP358\A0070780.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{441221E7-6F0C-4B5E-A269-780423DE5B07}\RP358\A0070781.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{441221E7-6F0C-4B5E-A269-780423DE5B07}\RP358\A0070782.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{441221E7-6F0C-4B5E-A269-780423DE5B07}\RP358\A0070783.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{441221E7-6F0C-4B5E-A269-780423DE5B07}\RP358\A0070784.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{441221E7-6F0C-4B5E-A269-780423DE5B07}\RP358\A0070791.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{441221E7-6F0C-4B5E-A269-780423DE5B07}\RP358\A0070792.ini a variant of Win32/Sirefef.EF trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{441221E7-6F0C-4B5E-A269-780423DE5B07}\RP358\A0070799.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{441221E7-6F0C-4B5E-A269-780423DE5B07}\RP358\A0070800.ini a variant of Win32/Sirefef.EF trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{441221E7-6F0C-4B5E-A269-780423DE5B07}\RP359\A0070887.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{441221E7-6F0C-4B5E-A269-780423DE5B07}\RP359\A0070888.ini a variant of Win32/Sirefef.EF trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{441221E7-6F0C-4B5E-A269-780423DE5B07}\RP359\A0070897.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{441221E7-6F0C-4B5E-A269-780423DE5B07}\RP359\A0070898.ini a variant of Win32/Sirefef.EF trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{441221E7-6F0C-4B5E-A269-780423DE5B07}\RP360\A0070908.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{441221E7-6F0C-4B5E-A269-780423DE5B07}\RP360\A0070909.ini a variant of Win32/Sirefef.EF trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{441221E7-6F0C-4B5E-A269-780423DE5B07}\RP361\A0070941.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{441221E7-6F0C-4B5E-A269-780423DE5B07}\RP361\A0070942.ini a variant of Win32/Sirefef.EF trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{441221E7-6F0C-4B5E-A269-780423DE5B07}\RP362\A0071099.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{441221E7-6F0C-4B5E-A269-780423DE5B07}\RP362\A0071100.ini a variant of Win32/Sirefef.EF trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{441221E7-6F0C-4B5E-A269-780423DE5B07}\RP362\A0071108.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{441221E7-6F0C-4B5E-A269-780423DE5B07}\RP362\A0071109.ini a variant of Win32/Sirefef.EF trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{441221E7-6F0C-4B5E-A269-780423DE5B07}\RP362\A0071117.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{441221E7-6F0C-4B5E-A269-780423DE5B07}\RP362\A0071118.ini a variant of Win32/Sirefef.EF trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{441221E7-6F0C-4B5E-A269-780423DE5B07}\RP362\A0071133.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{441221E7-6F0C-4B5E-A269-780423DE5B07}\RP362\A0071134.ini a variant of Win32/Sirefef.EF trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{441221E7-6F0C-4B5E-A269-780423DE5B07}\RP363\A0071357.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{441221E7-6F0C-4B5E-A269-780423DE5B07}\RP363\A0071358.ini a variant of Win32/Sirefef.EF trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{441221E7-6F0C-4B5E-A269-780423DE5B07}\RP363\A0071375.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{441221E7-6F0C-4B5E-A269-780423DE5B07}\RP363\A0071376.ini a variant of Win32/Sirefef.EF trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{441221E7-6F0C-4B5E-A269-780423DE5B07}\RP363\A0071384.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{441221E7-6F0C-4B5E-A269-780423DE5B07}\RP363\A0071385.ini a variant of Win32/Sirefef.EF trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{441221E7-6F0C-4B5E-A269-780423DE5B07}\RP363\A0071394.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{441221E7-6F0C-4B5E-A269-780423DE5B07}\RP363\A0071395.ini a variant of Win32/Sirefef.EF trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{441221E7-6F0C-4B5E-A269-780423DE5B07}\RP363\A0071402.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{441221E7-6F0C-4B5E-A269-780423DE5B07}\RP363\A0071406.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{441221E7-6F0C-4B5E-A269-780423DE5B07}\RP363\A0071407.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{441221E7-6F0C-4B5E-A269-780423DE5B07}\RP363\A0071408.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{441221E7-6F0C-4B5E-A269-780423DE5B07}\RP363\A0071494.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{441221E7-6F0C-4B5E-A269-780423DE5B07}\RP363\A0071495.ini a variant of Win32/Sirefef.EF trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{441221E7-6F0C-4B5E-A269-780423DE5B07}\RP363\A0071583.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{441221E7-6F0C-4B5E-A269-780423DE5B07}\RP363\A0071584.ini a variant of Win32/Sirefef.EF trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{441221E7-6F0C-4B5E-A269-780423DE5B07}\RP363\A0071668.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{441221E7-6F0C-4B5E-A269-780423DE5B07}\RP363\A0071669.ini a variant of Win32/Sirefef.EF trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{441221E7-6F0C-4B5E-A269-780423DE5B07}\RP364\A0071833.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{441221E7-6F0C-4B5E-A269-780423DE5B07}\RP364\A0071834.ini a variant of Win32/Sirefef.EF trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{441221E7-6F0C-4B5E-A269-780423DE5B07}\RP364\A0071937.ini a variant of Win32/Sirefef.EF trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{441221E7-6F0C-4B5E-A269-780423DE5B07}\RP364\A0071938.dll probably a variant of Win32/Sirefef.ER trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{441221E7-6F0C-4B5E-A269-780423DE5B07}\RP364\A0071972.data Win32/Redirector.A trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{441221E7-6F0C-4B5E-A269-780423DE5B07}\RP364\A0071973.data Win32/Sirefef.EN trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{441221E7-6F0C-4B5E-A269-780423DE5B07}\RP364\A0071974.data Win32/Redirector.A trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{441221E7-6F0C-4B5E-A269-780423DE5B07}\RP364\A0071975.data Win32/Redirector.A trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{441221E7-6F0C-4B5E-A269-780423DE5B07}\RP364\A0071976.data Win32/Sirefef.EN trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{441221E7-6F0C-4B5E-A269-780423DE5B07}\RP364\A0071977.data a variant of Win32/Sirefef.CR trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{441221E7-6F0C-4B5E-A269-780423DE5B07}\RP364\A0071978.data Win32/Redirector.A trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{441221E7-6F0C-4B5E-A269-780423DE5B07}\RP364\A0071979.data Win32/Redirector.A trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{441221E7-6F0C-4B5E-A269-780423DE5B07}\RP364\A0071980.data Win32/Redirector.A trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{441221E7-6F0C-4B5E-A269-780423DE5B07}\RP364\A0071981.data Win32/Redirector.A trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{441221E7-6F0C-4B5E-A269-780423DE5B07}\RP364\A0071982.data Win32/Redirector.A trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{441221E7-6F0C-4B5E-A269-780423DE5B07}\RP364\A0071983.data Win32/Sirefef.EN trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{441221E7-6F0C-4B5E-A269-780423DE5B07}\RP364\A0071984.data Win32/Sirefef.EN trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{441221E7-6F0C-4B5E-A269-780423DE5B07}\RP364\A0071985.data Win32/Sirefef.EN trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{441221E7-6F0C-4B5E-A269-780423DE5B07}\RP364\A0071986.data Win32/Redirector.A trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{441221E7-6F0C-4B5E-A269-780423DE5B07}\RP364\A0071987.data a variant of Win32/Sirefef.CR trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{441221E7-6F0C-4B5E-A269-780423DE5B07}\RP364\A0071988.data Win32/Sirefef.EN trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{441221E7-6F0C-4B5E-A269-780423DE5B07}\RP364\A0071989.data Win32/Redirector.A trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{441221E7-6F0C-4B5E-A269-780423DE5B07}\RP364\A0071990.data Win32/Redirector.A trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{441221E7-6F0C-4B5E-A269-780423DE5B07}\RP364\A0071991.data Win32/Redirector.A trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{441221E7-6F0C-4B5E-A269-780423DE5B07}\RP364\A0071992.data Win32/Sirefef.EN trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{441221E7-6F0C-4B5E-A269-780423DE5B07}\RP364\A0071993.data Win32/Redirector.A trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{441221E7-6F0C-4B5E-A269-780423DE5B07}\RP364\A0071994.data Win32/Redirector.A trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{441221E7-6F0C-4B5E-A269-780423DE5B07}\RP364\A0071995.data Win32/Redirector.A trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{441221E7-6F0C-4B5E-A269-780423DE5B07}\RP364\A0071996.data Win32/Redirector.A trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{441221E7-6F0C-4B5E-A269-780423DE5B07}\RP364\A0071997.data Win32/Redirector.A trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{441221E7-6F0C-4B5E-A269-780423DE5B07}\RP364\A0071998.data Win32/Redirector.A trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{441221E7-6F0C-4B5E-A269-780423DE5B07}\RP364\A0071999.data Win32/Sirefef.EN trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{441221E7-6F0C-4B5E-A269-780423DE5B07}\RP364\A0072000.data Win32/Sirefef.EN trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{441221E7-6F0C-4B5E-A269-780423DE5B07}\RP364\A0072001.data Win32/Redirector.A trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{441221E7-6F0C-4B5E-A269-780423DE5B07}\RP364\A0072007.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
E:\C drive backup 10032012\Tizian\Local Settings\Application Data\d67d2d4d\U\00000001.@ a variant of Win32/Sirefef.CR trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
E:\C drive backup 10032012\Tizian\Local Settings\Application Data\d67d2d4d\U\000000c0.@ Win32/Redirector.A trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
E:\C drive backup 10032012\Tizian\Local Settings\Temp\C.tmp a variant of Win32/Kryptik.ABLK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
esets_scanner_update returned -1 esets_gle=53251
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=9d6c88bccb3ff84489e99924d6a8c8fc
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-03-29 08:04:59
# local_time=2012-03-29 11:04:59 (+0200, GTB Daylight Time)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=3073 16777189 80 71 552 8739027 0 0
# compatibility_mode=8192 67108863 100 0 3999 3999 0 0
# scanned=78389
# found=0
# cleaned=0
# scan_time=2154
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251


=========================================================================

computer seems to be running fine, no redirects


Thank you for all your patience

#22 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,739 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:45 AM

Posted 30 March 2012 - 04:03 PM

Greetings sympa,


Those deletions were mainly things that had already been detected and quarantined during our clean up process. Things are looking good.

I would like you to perform the following steps for me to update a couple programs which will close some vulnerabilities on your machine.


===================================================


Update Adobe Reader

--------------------

Your Adobe Reader is out of date and a security concern.

Please download Adobe Reader

After installing the latest Adobe Reader, uninstall all previous versions.

  • If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed Uncheck the box which says Also Download Adobe Photoshop® Album Starter Edition.
Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

  • When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or any other addons.

===================================================


Update Java

-------------------

Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.

Please follow these steps to remove older version Java components and update:

  • Download the latest version of Java Runtime Environment (JRE) Version 7 and save it to your desktop.
  • Look for "Java Platform, Standard Edition".
  • Click the "Download JRE" button to the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • From the list, select your OS and Platform (32-bit or 64-bit).
  • If a download for an Offline Installation is available, it is recommended to choose that and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Posted Image > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.

  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-7-windows-i586.exe to install the newest version.
  • If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
  • The McAfee Security Scan Plus tool is installed by default unless you uncheck the McAfee installation box when updating Java.
Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.

To disable the JQS service if you don't want to use it:

  • Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
  • Click Ok and reboot your computer.

===================================================


Things I would like to see in your next reply. :thumbsup2:

  • Were you able to update the programs successfully?
  • How is your computer behaving now?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#23 sympa

sympa
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:45 PM

Posted 31 March 2012 - 02:33 AM

Greetings Oh My !

- uninstalled adobe reader and replaced it with foxit
- removed old java and installed 7th version
- activated all comodo internet security features
- computer is running fine, no redirects

Many many thanks :)

#24 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,739 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:45 AM

Posted 01 April 2012 - 01:53 PM

Greetings Sympa,


===================================================


Congratulations! :clapping:


All Clean

--------------

Your machine appears to be clean. Please take the time to read below on how to secure the machine and take the necessary steps to keep it clean :thumbsup:


===================================================


Removing Combofix and Other Tools

--------------------

Please do the following to delete ComboFix:

  • Press windows key Posted Image + r on your keyboard at the same time
  • Type combofix /uninstall and press enter and type combofix /uninstall, press enter.

Posted Image


This will remove Combofix and other tools we used from your computer.

----------

Please do the following to delete OTL:

  • Delete the tools used during the disinfection:

  • Double click Posted Image on your desktop
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the Posted Image
  • Say Yes to the prompt and then allow the program to reboot your computer

--------------------


Please read the following in order to prevent reinfecting your PC:

  • Install and update the following programs regularly:
  • Outbound firewall.
    If you are connected to the internet through a router, you are already behind a hardware firewall and as such you do not need an extra software firewall.
    A comprehensive tutorial and a list of possible firewalls can be found here.
  • AntiVirus Software
    It is imperative that you update your AntiVirus Software on regular basis.If you do not update your AntiVirus Software then it will not be able to catch the latest threats.
  • Anti-Spyware program
    Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
    SUPERAntiSpyware is another good scanner with high detection and removal rates.
    Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
  • Spyware Blaster
    A tutorial for Spywareblaster can be found here. If you wish, the commercial version provides automatic updating.

--------------------


Keep Windows (and your other Microsoft software) up to date!

  • I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.
  • Therefore, please, visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!
  • Keep your other software up to date as well

    • Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on your machine
    .
  • Stay up to date!

    • The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing.

--------------------


Some more links you might find of interest:


--------------------


We will leave this topic open for just a few days in case you have any further issues then it will be closed shortly thereafter.

Thank you for placing your trust in BleepingComputer. It was a pleasure serving you. Posted Image
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#25 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:45 PM

Posted 30 April 2012 - 02:21 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users