This is my first post and really appreciate your voluntary efforts to help people like me.
I have read what checks to perform & I am certain my issue is virus- and/or malware-related. Here is the story:
- 2 days ago while I was browsing (no suspicious sites), an Adobe Flash player updater window appeared. This was already installed so I allowed it to proceed. Next thing I know a 'SecurityShield' application installed itself (I may have unwittingly allowed it to, I honestly don't remember). Before this, MSE was running; it was now gone. The task manager could not be launched, the firewall was also gone (I use the standard Windows version). I was also warned about viruses etc. and was prompted to purchase the pro version of securityshield.
- I ended up uninstalling securityshield (from the Control Panel if I remember correctly), then reinstalled MSE and did a full system scan. The Sirefef trojan was detected but could not be removed. The system then rebooted within about a minute after the virus was detected (a prompt indicated this would occur).
- Every startup after that MSE would detect Sirefef, attempt to remove it and the system would reboot again (after it prompted that it would). At this stage, task manager could be launched.
- Trojan:Win64/Sirefef.W (6 instances, dates are 3/6 and 4/6/2012)
- VirTool:Win32/Evidpatch.A (17/4/2012)
- Trojan:Win64/Sirefef.Y => reboot
- I uninstalled MSE via the control panel. To avoid another reboot before this could be completed, I killed the MSE client process before it could try removing the virus. The continuous reboots then stopped.
- I tried removing it with a number of tools. Here is a list:
- Microsoft security essentials (first & last attempted, behaviour always as described above).
- Microsoft Malware removal tool (nothing found)
- Malwarebytes anti-malware tool (1 virus removed - I don't have a record of which, nothing found after that)
- Super antispyware (nothing found)
- Kaspersky virus removal tool (nothing found)
- Kaspersky TDSS rootkit removal tool (suspicious objects: one locked file [sptd service], 6 unsigned files, medium risk, skip preselected for all)
- Microsoft fixit (tried to fix the firewall, no joy)
- Combofix (installation aborts)
I have not archived the reports. All AV tools are now uninstalled.
My OS is Win7 64-bit home premium, AV software was Microsoft Security Essentials (now uninstalled)
I have stopped any further attempts to fix this and am at your disposal regarding how to proceed...