Ok guys I have serious security problem here and I need your help quickly
A friend of my friend in my xfire account just gave me a link to a video file
He told me its a trailer
I opened the link and it asked me to update my flash player and gave me download link
And I made the terrible mistake of opening the link and downloading the file ( I know, but I trusted that <censored>) I think you know the rest
When the download completed I quickly noticed that I made a terrible mistake
The downloaded file icon (which was on desktop) vanished after a second
I’m no idiot so I quickly went to control panel to check my firewall then I saw it was fully disabled and I wasn’t able to turn it on, then I checked my anti virus (eset smart security 4) and the same had happened to it , it was fully disabled, so I quickly turned off the router and started a full in dept computer scan(scan still works)
Please help me! What should I do ? right now im using another computer
And here is that link to the corrupt flash player don’t download if you don’t know what your doing itll disable antivirus and firewall very quickly
WARNING: don’t go if you don’t know what your doing!
I need some professional help !
Thank you and please answer me as quickest as possible.

Recommended Answers

All 12 Replies

New info
i just finished scaning, the anti virus found this very Suspicious file that required system reboot to clean
Operating memory> c:\Windows\assembly\GAC_32\Desktop.ini
after restart it asked for reboot again so i assume this file cant be easily removed so i didnt reboot again
also after restart i noticed a new process in my task manager named
which i Terminated
any help would be appreciated

Please run through all the processes given here www.daniweb.com/forums/thread134865.html and post all the requested logs.
You will need to download them to a flash drive or similar, then transfer them to the infected PC.
Download the latest definitions for MalwareBytesAnti-Malware from here http://malwarebytes.gt500.org/ and install after installing MBA-M, but before scanning.

thanks for reply,
i am now unable to enter my windows 7
luckly i have windows xp installed on the infected computer as well,
anything to do from there?
windows start up repair is running , waiting for possible results(or none at all)

Update:no result still unable to enter (dont know the reason,probably the virus)

possibility of a sirefef.w trojan based on eset warning earlier

Boot to XP and follow my instructions and have MBA-M scan the drive/partition that is infected.

thanks for reply,
english isnt my first language and im no expert in computer stuff,
what do you mean by MBA-M?
waiting for instructions
ps:i have a fully updated eset smart security 4 on xp, will it help in anyway?

MalwareBytesAnti-Malware :).

ok,will do so
ps:xp eset found 4 threats all named something around sirefef.w but quickly removed them, restarted the pc and they arent in log or quarantine to be seen again(didnt even ask for my permission to restart,they were all in infected windows drive)

installing MBA-M now:-/

scanning takes a long time!
ps:while scaning with MBA-M(8 detected files till now)eset smart security gave several notification of Win64/sirefef.w trojan in the directory of infected windows:
D:\System Volume information\_restore{91cf95dc-9968-4480-A6b4-0b63cbb781d2}\rp4b\a0002535.ini
D:\System Volume information\_restore{91cf95dc-9968-4480-A6b4-0b63cbb781d2}\rp4b\a0002532.ini

by the way the infected windows is a win7 professional 64 bit

scanning is finished
windows 7 still not working
here is the scan log
Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 275742
Time elapsed: 23 minute(s), 37 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 1
C:\WINDOWS\system32\termsrv.dll (Trojan.Downloader) -> No action taken.

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 7
C:\WINDOWS\system32\termsrv.dll (Trojan.Downloader) -> No action taken.
D:\System Volume Information\_restore{91CF95DC-9968-4480-A6B4-0B63CBB781D2}\RP48\A0002533.exe (RiskWare.Tool.CK) -> No action taken.
D:\System Volume Information\_restore{91CF95DC-9968-4480-A6B4-0B63CBB781D2}\RP48\A0002534.ini (Rootkit.0Access) -> No action taken.
D:\System Volume Information\_restore{91CF95DC-9968-4480-A6B4-0B63CBB781D2}\RP48\A0002552.exe (RiskWare.Tool.CK) -> No action taken.
D:\Windows\assembly\tmp\U\000000c0.@ (Trojan.Agent) -> No action taken.
D:\Windows\assembly\tmp\U\000000cb.@ (Trojan.Agent) -> No action taken.
D:\Windows\System32\lwwlicenseservice.dll (Trojan.Siredef) -> No action taken.


as you see it says no action taken,guess i have to buy it,should i?

Alireza_021, crunchie has very patiently given you the correct instructions to follow but you have not followed those instructions for the correct use of MBA-M which clearly say, Post the Full Log, which you did not do, you only posted items found, the entire log from the very first line at the top which gives the following information:
Malwarebytes Anti-Malware

Database version:
Operating System
Version of Internet Explorer
Time and date the scan was run
Type of scan run.
You posted none of the above, which is vital information needed for the helper to see.
You also didn't follow the very clear instructions given in the instructions which say;

Be sure that everything is checked, and click Remove Selected.
We know that you did not do this because your log shows for every item found;
-> No action taken.
Meaning you only ran the scan and then closed the program. So no wonder your system is not running, you didn't do the Key step with the program which is tell it to clean.
You need to UPDATE the program once again and run another Full Scan and this time Have it Clean, reboot and come back here and post the entire log from top to bottom. Then we can give you the additional steps needed and based on the findings in the log there will be other steps needed.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.