1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Please help have troj_sirefef and trend micro will not remove access denied

Discussion in 'Virus & Other Malware Removal' started by smithml, Feb 19, 2013.

Thread Status:
Not open for further replies.
Advertisement
  1. smithml

    smithml Thread Starter

    Joined:
    Sep 16, 2007
    Messages:
    21
    AM,C:\$Recycle.Bin\S-1-5-21-3096220378-1427923024-2035405488-1003\$c6b7a2b314445fdcb28c0577e618cdef\n,TROJ_SIREFEF.AFP,Access
    Hi there,

    I have attached the logs above is the log I am getting from trendmicro.

    Please can you help trendmicro seems to block it but I am worried that I cant get rid of it.

    thanks

    marc
     

    Attached Files:

  2. Glaswegian

    Glaswegian Malware Specialist

    Joined:
    Dec 5, 2004
    Messages:
    3,823
    Hi

    My name is Iain and I will be helping you clean your system.

    You may wish to Subscribe to this thread (Thread Tools > Subscribe to this thread) so that you are notified when you receive a reply.

    Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix. You should not have any open browsers or live internet connections when you are following the procedures below.

    Note that the fix may take several posts. Please continue to respond to my instructions until I confirm that your logs are clean. Remember that although your symptoms may vanish, this does NOT mean that your system is clean.

    If there is anything you don't understand, please ask BEFORE proceeding with the fixes.

    Please ensure that you follow the instructions in the order I have them listed. Note that if you do not respond within 3 days I shall no longer check this thread for replies.

    Please do not install or uninstall any programmes, or run any other scanners or software, unless I specifically ask you to do so. Also please copy and paste logs into the thread, rather than add them as attachments.


    IMPORTANT - for Windows Vista and Windows 7 start all tools by using right click > Run as Administrator.



    Please download TDSSKiller.zip and extract TDSSKiller.exe to your desktop.

    Execute TDSSKiller.exe by doubleclicking on it. Press Start Scan.

    [​IMG]

    • If Malicious objects are found, ensure Cure is selected (it should be by default)

      [​IMG]

    • Click Continue then click Reboot now

      [​IMG]

    • Once complete, a log will be produced at the root drive which is typically C:\

      For example, C:\TDSSKiller.2.4.0.0_24.07.2010_13.10.52_log.txt.

    Please attach that log.
     
  3. smithml

    smithml Thread Starter

    Joined:
    Sep 16, 2007
    Messages:
    21
    Hi Iain thank you for your help, tdss killer did not pick up anything.
     
  4. Glaswegian

    Glaswegian Malware Specialist

    Joined:
    Dec 5, 2004
    Messages:
    3,823
    Hi again

    Can you post the log please? I don't doubt you but there are other things I need to check - thanks.
     
  5. smithml

    smithml Thread Starter

    Joined:
    Sep 16, 2007
    Messages:
    21
    Hi Iain,

    My apologies I checked the details and it was blank, did not check the report, please see attached log
    thanks
     

    Attached Files:

  6. Glaswegian

    Glaswegian Malware Specialist

    Joined:
    Dec 5, 2004
    Messages:
    3,823
    Hi again

    Thanks for that.

    I also maintain records of each fix and it helps to keep everything together. Let’s move on.


    We will now use ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

    http://www.bleepingcomputer.com/combofix/how-to-use-combofix

    Please read all the information carefully! If using Windows XP you should ensure you install the Recovery Console.

    You MUST disable your AntiVirus and AntiSpyware applications - please read this thread as a guide. They may otherwise interfere with our tools and interrupt the cleansing process.

    Please include the log C:\ComboFix.txt in your next reply for further review.
     
  7. smithml

    smithml Thread Starter

    Joined:
    Sep 16, 2007
    Messages:
    21
    HI Iain,

    Please find attached log some scary times could not get it to restart, so left it last night - today registry deletion errors, but just restarted and seems to have resolved itself
    thanks
     

    Attached Files:

  8. Glaswegian

    Glaswegian Malware Specialist

    Joined:
    Dec 5, 2004
    Messages:
    3,823
    Hi again

    How is your system running now?

    Please copy and paste any logs directly into the thread – do not attach them.


    Download Malwarebytes' Anti-Malware to your desktop.

    • Double-click mbam-setup.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to the following:
      • Update Malwarebytes' Anti-Malware
      • Launch Malwarebytes' Anti-Malware
    • Then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select Perform Quick scan, then click Scan.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Be sure that everything is checked, and click Remove Selected.
    • When completed, a log will open in Notepad. Save it to your desktop.
    Note: Malwarebytes' Anti-Malware may require a reboot to complete removals. After a reboot, if required, post that saved log in your next reply.
     
  9. smithml

    smithml Thread Starter

    Joined:
    Sep 16, 2007
    Messages:
    21
    Hi Iain,

    The system seems to be fine now thanks

    Malwarebytes Anti-Malware (Trial) 1.70.0.1100
    www.malwarebytes.org

    Database version: v2013.03.01.02

    Windows 7 Service Pack 1 x86 NTFS
    Internet Explorer 9.0.8112.16421
    marcs :: MARC [administrator]

    Protection: Enabled

    2013/03/01 05:56:48 AM
    mbam-log-2013-03-01 (05-56-48).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 246052
    Time elapsed: 16 minute(s), 7 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
     
  10. Glaswegian

    Glaswegian Malware Specialist

    Joined:
    Dec 5, 2004
    Messages:
    3,823
    Hi again

    Logs look good – glad to hear your system is running well. We’ll run an online scan to check for any remnants.


    Go here to run an online scannner from ESET. Vista and Windows 7 users - run as Administrator.
    • Note: You will need to use Internet explorer for this scan. For browsers other than Internet Explorer, you will need to download and install esetsmartinstaller_enu.exe. Click on it and save the file to a convenient location. Double click on it to install and a new window will open..
    • Turn off the real time scanner of any existing antivirus program while performing the online scan
    • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
    • When asked, allow the activex control to install
    • Click Start
    • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
    • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
    • Click Scan
    • Wait for the scan to finish
    • Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
    • Copy and paste that log as a reply to this topic and also let me know how things are now.
     
  11. smithml

    smithml Thread Starter

    Joined:
    Sep 16, 2007
    Messages:
    21
    hi
    Thinks seem fine, trend did find a virus today (2013/03/01 14:53 C:\Users\marcs\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24\45d9898-51ccb8ef TROJ_SPNR.16BF13 Removed
    )
    and below is from eset as requested

    C:\usb\brokenusb1107.zip Win32/PrcView application
    C:\Users\marcs\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39\151ae4e7-4e776670 multiple threats
    C:\Users\marcs\Downloads\Programs\cnet_dlpro615_exe.exe a variant of Win32/InstallCore.D application
    C:\Users\marcs\Downloads\Programs\cnet_FLVPlayerSetup_exe.exe a variant of Win32/InstallCore.D application
    C:\Users\marcs\Downloads\Programs\cnet_Q_Landscape_exe.exe a variant of Win32/InstallCore.D application
    C:\Users\marcs\Downloads\Programs\cnet_SweetHome3D-3_3-windows_exe.exe a variant of Win32/InstallCore.D application
    C:\Users\marcs\Downloads\Programs\cnet_Tile3D_51_Setup_en_exe.exe a variant of Win32/InstallCore.D application
     
  12. Glaswegian

    Glaswegian Malware Specialist

    Joined:
    Dec 5, 2004
    Messages:
    3,823
    Hi again

    Let’s clear your Java cache.

    Go into the Control Panel and double-click the Java Icon. (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH Checked

      • Applications and Applets
        Trace and Log Files
    • Click OK on Delete Temporary Files Window
      Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
    • Click OK to leave the Temporary Files Window
    • Click OK to leave the Java Control Panel.


    The files Eset found look to be downloaded installers for games/programmes. If you do not know what they are then please delete them.



    All your logs are clean. If there are no more problems we’ll just tidy up and I’ll let you go, along with my recommendations for staying safe and secure.



    The following procedure will clear out the tools we've used as well as the backups and quarantines created by the fix. It will also reset your System Restore by flushing out previous restore points (which contain the infections) and create a new restore point.

    Referring to the image below

    [​IMG]

    Click All Programs > Accessories > Run and copy/paste, or type the following bold text into the Run box and click OK:


    ComboFix /Uninstall


    You can keep MBAM - it’s a useful scanner that can be run whenever you wish. Delete any remaining tools.



    Disabling / Removing Java


    Due to continued exploits of zero-day vulnerabilities in Oracle's Java application, it is the recommendation of many security experts that you disable Java in your web browsers.

    US-CERT Alert TA13-010A - Oracle Java 7 Security Manager Bypass Vulnerability
    Vulnerability Note VU#625617 - Java 7 fails to restrict access to privileged code
    How to turn off Java on your browser - and why you should do it now | Naked Security


    Oracle has now included a way to disable Java in all browsers. Starting with version j7u10 there is now the capability to disable Java in your web browsers.

    Detailed instructions are here:
    How do I disable Java in my web browser?

    Another option is to uninstall Java completely via your Control Panel.
    How do I uninstall Java on my Windows computer?

    Many home users will not miss it. If you use OpenOffice, play online games or use business applications which require Java, leave it installed but disable it in your web browsers as previously outlined. If an application or website requires it, you should receive a notification indicating that when you attempt to launch that application or access that website.



    Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs:


    General Protection

    Spyware Blaster to help prevent spyware from installing in the first place.
    Spyware Guard to catch and block spyware before it can execute.




    MVPS Hosts File

    The MVPS Hosts file replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is the IP of your local computer. Note that if you use a company provided HOSTS file you should not use the MVPS HOSTS file.


    Alternate Browsers
    Try the following free alternate browsers rather than Internet Explorer
    Firefox
    Opera
    Chrome
    Maxthon
    Safari



    Other Protection
    Winpatrol - Download and install the free version of Winpatrol. A tutorial for this product is located here:
    Using Winpatrol to protect your computer.


    Web of Trust
    WOT warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an addon available for both Firefox and IE.


    Do Not Track Me
    DNTMe protects your online privacy and prevents advertising companies and social networks from collecting personal information. This means they cannot serve you adverts nor follow you throughout the web. Every time you go online you are being watched and your habits recorded. DNTMe allows you to control your personal details. How DNTMe works.



    Additional Reading
    In light of your recent troubles, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles

    PC Safety & Security - What Do I Need?.
    Making Internet Explorer Safer.
    Think Prevention!

    Have a look here if your PC is still running a bit slow
    Is your PC running slow...?


    Keep clean and safe and enjoy your computing!

    Please respond to this thread one more time so we can mark this thread as resolved.
     
  13. smithml

    smithml Thread Starter

    Joined:
    Sep 16, 2007
    Messages:
    21
    Thank you Iain for all your help, please close post
     
  14. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1090194

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice