[GEEgee57]

i checked off the five things u said before when the fss didnt run.....then clicked scan

[Advertisements]

Great! How is the computer running now?

[Jasmyne]

Great! How is the computer running now?

[GEEgee57]

idk i think ok....is the infection gone? lol

[GEEgee57]

when u ran the logs in the beginning.....did it show virus or did the combofix take care of that?............the scans and commands we have been running, were they to look for traces or what were they for? lol

[GEEgee57]

what seemed to be going on? lol thats really my question.....was it as simple as the default setting or no?

[GEEgee57]

and also....lol now if the infection is gone....besides using those programs mentioned in beginning that are on this system......what antivirus program should i dwnld here? and if u can maybe suggest a good program to clean up the system.....i saw something like the PC decrapifier....lol idk....almost like a program to basically get rid of junk thats not needed or being used on the system....

[Jasmyne]

idk i think ok....is the infection gone? lol

I will venture to say from the last logs I looked at the worst of the infection is gone but we still need to scan for any extras that might still be lurking.

when u ran the logs in the beginning.....did it show virus or did the combofix take care of that?............the scans and commands we have been running, were they to look for traces or what were they for? lol

The logs in the beginning did show the virus, combofix did not remove it. The last scans/commands (FSS, resetting IE, and sfc) were to help or pinpoint where the problems with downloading issue and the error you were getting when you originally tried to run FSS.

what seemed to be going on? lol thats really my question.....was it as simple as the default setting or no?

The download problems you had tend to be a symptom of this type of infection. Before we wrap things up I'll get you more detailed information on the main infection that was present on your computer.

and also....lol now if the infection is gone....besides using those programs mentioned in beginning that are on this system......what antivirus program should i dwnld here? and if u can maybe suggest a good program to clean up the system.....i saw something like the PC decrapifier....lol idk....almost like a program to basically get rid of junk thats not needed or being used on the system....

Combofix and TDSSKiller you mentioned in the beginning are removal tools not antivirus programs. MalwareBytes is an anti-malware program and can be kept on your machine, but as far as an antivirus is concerned Microsoft Security Essentials or Avast! Antivirus both are good antivirus programs and both are free to use. Just remember you only need one antivirus on a computer at a time. Once we are completely finished I'll advise what of our tools need to be removed and what is okay to keep. Use your computer some this evening and let me know how things are running so if there are anymore issues we can trouble shoot those before running the last scans.

Hope that helps answer some of your questions. If you have any more feel free to ask.

Jasmyne

[GEEgee57]

cool....ok...ty

[Jasmyne]

GEEgee57,

You've ask a few times about the infection that was on your machine and I'll try to explain it as best I can. This infection is a new variant that belongs to the Sirefef family, also commonly known as ZeroAccess rootkits. The infections can be found in exploits in common PC programs like Internet Explorer, Acrobat, Flash and Java. They are also commonly found in keygens or torrents from illegally obtained software. At this time there is little to no published information on this particular variant of Sirefef but from observation it has been seen that it causes the user will be unable to download files, it creates reparse points that previous versions did not create, and it also makes changes in the registry to better hide itself from the user. You can find more information about the ZeroAccess infection in general here.

Now let's get started on making sure everything on your computer is gone as best we can see.

Step 1 Malwarebytes Scan

Since you already have the program installed:

• Please open the program.
• Click on the Update tab then click Check for Updates
• If an update is found, it will download and install the latest version.
• Once the program has loaded, check the following settings:
  -- On the Scanner tab, check Perform quick scan.
  -- On the Settings tab, Scanner Settings, leave the default boxes checked but change the drop-down boxes to Show in results list and check for removal.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, EXCEPT items in System Restore.
• Click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See the Note below)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

** Note ** If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Please post the MBAM log in your next reply.

Step 2 ESET Online Scan
Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here

• You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.
• Please go here then click on:
  
  

  Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

• All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
• Select the option YES, I accept the Terms of Use then click on:
• When prompted allow the Add-On/Active X to install.
• Make sure that the option Scan archives is checked.
• Make sure that the option Remove found threats is NOT checked.
• Now click on Advanced Settings and select the following:
  
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
• Now click on:
• The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
• When completed the Online Scan will begin automatically. The scan may take several hours.
• Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
• When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
• Now click on:
• Use notepad to open the logfile located at C:\Program Files (x86)/ESET/ESET Online Scanner\log.txt.
• Copy and paste that log as a reply to this topic.

Step 3 Fresh OTL Scan

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open one notepad file, OTL.Txt. It will be saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of this file, and post it in your topic.

Step 4 Security Check
Download Security Check from here or here.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

~~~~~~~~~~~~~~~~~~~~ Things Needed for Your Next Post ~~~~~~~~~~~~~~~~~~~~
1. Malwarebytes Log
2. ESET Scan Log
3. New OTL Scan
4. Security Check Log (checkup.txt)

[GEEgee57]

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.05.24.05

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
anthony's :: ANTHONYS-PC [administrator]

5/24/2013 9:22:53 AM
mbam-log-2013-05-24 (09-22-53).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 243786
Time elapsed: 6 minute(s), 33 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\anthony's\AppData\Local\Temp\srbcdxc\seiwrtm\wow.dll (Rootkit.0Access) -> Quarantined and deleted successfully.

(end)

[GEEgee57]

i tried to click on how to disbale the MBAM and it doesnt open....it just circles like to wait while it tries to open.......

[GEEgee57]

it opened

[GEEgee57]

other than MBAM idk if theres any other antivirus programs on here.....how can i tell?

[GEEgee57]

and also.....should i delete that file i uploaded yesterday....with the two links? does it matter? or can i just leave it there?

[Jasmyne]

Unless you added one of the two antivirus programs I gave you links to yesterday I do not believe that you have an antivirus that would need to be disabled for the ESET Scan. Also, until we are finished please leave the uploaded file, once we are done feel free to delete it.