Sirefef trojan problems continued

chipp

This is a continuation of yesterday's "sirefef trojan problem" post, which is now 3 pages long.

Last night I ran a full MSE scan while the computer was offline and it found sirefef and something called karagany. I zapped them both and shutdown for the night.

Here is a chronological summary of what I ran yesterday:
SFC/SCANNOW (offline)
MSE updates (online, error message unable to connect to server)
DDS (offline) found sirefef
combofix (online)
MSE updates (online, worked)
MBAM (online)
MSE full scan (offline, 2 trojans)

This morning the computer booted normally (still keeping it offline) and I ran combofix, forgot to disable MSE first and got an info msg about switching it off, all I could do was click OK as no option to cancel, then another dialogue box telling me I was proceeding at my own risk. Perhaps esc would have worked to cancel but too late now. Most of my taskbar (do I mean taskbar? bottom RH corner) icons had disappeared by the time I got my first OK message, combofix seemed to have taken full control by that time. I saved the log file to the desktop and shutdown, the taskbar icons hadn't come back but in all other areas the desktop looked normal. I've not inspected the log file yet but hope it hasn't found any nasties as the comp hasn't been online since I ran MBAM yesterday. It feels as if something is camping on my IP address waiting for me to go online, but I realise it's not personal and logic tells me that the problem lies with something on my computer which is saying "here I am, come and get me"; that's what needs to be beaten into submission.

It's my intention to leave it offline till I've re-run SFC/scannow, combofix, MBAM & MSE and seen nothing untoward, then I'll download and run aswMBR. If that reports back clean (I'll post the log) I'll repeat four earlier scans, having gone online to get the latest definitions.

In terms of time it might have been quicker to reformat and start from scratch! Watch this space

closed

You'll save yourself a lot of time if you create windows recovery discs, backup your data, and use the acer erecovery factory restore partition to restore it to factory condition. Then put avast free and malwarebytes on.

http://www.youtube.com/watch?v=qvXfnwfZXY4

http://support.acer.com/acerpanam/desktop/0000/acer/aspiree360/aspiree360faq40.shtml

http://support.acer.com/acerpanam/desktop/0000/Acer/AspireE360/AspireE360faq67.shtml

If you want to persist with trying to clean up infections, download some AV boot cd's, and scan from CD/DVD.

http://www.sarducd.it/

Multiple threads about the same problem confuse matters as people who respond won't know the full picture.

chipp

I do have recovery disks which I may yet end up having to use, but I want to be confident that my data backup disks aren't themselves harbouring anything. Perhaps I've misunderstood how things work, but if viruses etc can be passed on through a USB stick that has been written to by an infected machine then I don't want to take any chances.

Unrelated unforeseen events yesterday meant I wasn't able to do anything on the infected desktop and I probably won't make much progress today either. But when I eventually reach the stage that I go online with it, assuming I haven't gone the recovery/restore route, would clearing down my firewall "safe list" be a sensible precaution? I realise it will be a pain rebuilding it but I'd rather that than inadvertently have something on it that shouldn't be there.

Point taken about multiple threads.