Sirefef.B Removal

Hi, I noticed you guys were helping out others with this virus. I scoured the Internet, tried using Malwarebytes and MSE in Safe Mode, and then stumbled upon a VERY interesting ESET tool:

http://kb.eset.com/esetkb/index?page=content&id=SOLN2895


So I used that. Seemed like the problems were gone. However, after a few minutes, MSE gave me a big warning message about it still existing. I found some random folder in the Public Desktop folder under Users, and deleted it.

Warning gone.

Currently doing a full scan with MSE. No idea if it'll be helping at all.

I noticed you guys used that FRST tool. Should I be doing the same and posting the logs here, as others did, or no?

Thanks in advance for any help! I'm tech-savvy and careful, but have no idea how this one got onboard.

Also, I'm leaving the full MSE scan on while I sleep. So if I don't respond for some hours - that's why! I'll be sure to check this ASAP, however.

 

Nobody? That full MSE scan found three more items, and I removed them. THen during lunch I did a full Malwarebytes scan, and it found two more.

So far everything is running well, but I don't know if there's hidden stuff going on.

 

Here is my FRST.log

 

Welcome to MajorGeeks, PR0927

The tool you linked is still very new but in your case it doesn't look like it was successful so we will probably stick to manually removing the infection with tools like FRST.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Attached is fixlist.txt

• Save fixlist.txt to your flash drive.
• You should now have both fixlist.txt and FRST64.exe on your flash drive.

Now re-enter System Recovery Options.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt).
Please attach this to your next message. (How to attach)

Now attempt to boot normally.

 

Thanks so much for responding! I appreciate you taking time out of your day to help me.

I've attached Fixlog.txt, (its content is the following):

Code:

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 14-07-2012 01
Ran by SYSTEM at 2012-07-16 03:15:19 Run:1
Running from G:\

==============================================

C:\Windows\System32\services.exe.C14F9A5F5E189D9C moved successfully.
C:\Windows\System32\services.exe.40BBE77FEB668FE1 moved successfully.
C:\Windows\System32\services.exe.32877F0725FBA2AC moved successfully.
C:\Windows\SysWOW64\%APPDATA% moved successfully.
C:\Windows\Installer\{8e6b6b1e-112e-2b26-0ff9-aa1f9a3af279} moved successfully.
C:\Users\PR-0927\AppData\Local\{8e6b6b1e-112e-2b26-0ff9-aa1f9a3af279} moved successfully.

==== End of Fixlog ====

 

You're welcome.
You can delete the c:\FRST folder at this time.
Let me know if you need additional assistance.
If you are experiencing malware related problems or just want me to check additional logs for you, please read and follow this guide: READ & RUN ME FIRST Malware Removal Guide

 

Will do, and thanks so much! Glad I came to this place for help.