Bad Bug Help

Discussion in 'ESET NOD32 Antivirus' started by Phazor, Dec 29, 2011.

Thread Status:
Not open for further replies.
  1. Phazor

    Phazor Registered Member

    Joined:
    Jun 27, 2002
    Posts:
    111
    I got hit today by a nasty bug or bugs...

    Bunch of boxes popped up all over my screen for XP Antispyware 2012. Saying it found 33 issues. And to click here to scan and/or purchase. Knowing full well I dont have this type of program on my computer I immediately pulled the cat3 cable out from the router and carefully closed the boxes out without clicking on a 'purchase now' or 'scan now' button.

    Ran Nod32 and it resulted in
    Documents&Settings/Local Settings/Application Data/Kyj.exe
    A variant of Win32/adware.XpAntispyware.Ac Application
    Cleaned by deleting (after the next restart)- Quarantined.

    So I restarted the computer-

    I Immediately noticed that Nod32 did not start up as there was no icon in the task bar. I then went to start/programs and clicked on Nod32 to start it up and all I got was a box asking me to 'open with' where you have to choose from the list a program or click browse to find the program. So I did that and got Nod32 to start up. Ran the Scanner again and the above apparently got cleaned, although Im not sure.

    In either case. in my log files under detected threats
    under 'name' it says now
    OperatingMemory>>/global??/149eb2dc/windows/$NTuninstallKB42562$/345944796/desktop.ini
    'Threat'
    A variant of Win32/Sirefef.DN trojan
    'Action'
    Cleaned by deleting

    Thinking that it was deleted. I Restarted the computer again, ran Nod again and now have the above listed twice under detected threats.

    I tried to open up other programs (whether located on the desktop or in the start menu) and I have the same problem where the 'open with' screen comes up and is wanting to know what program you want to use to open the program. So essentially I cant open anything unless I use 'Open with' and pick the program to use.

    I also have a newly created 'program' called 5y83wm7 but cant remember at this point where it was located.

    So it looks like at this point I need some help trying to figure out what I need to do to get Sirefef.Dn off my computer

    Thanks
     
  2. gugarci

    gugarci Registered Member

    Joined:
    Mar 30, 2009
    Posts:
    288
    Location:
    Jersey
  3. Phazor

    Phazor Registered Member

    Joined:
    Jun 27, 2002
    Posts:
    111
    Guess I screwed up not using Crtl/Alt/Delete.
     
    Last edited by a moderator: Dec 29, 2011
  4. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
  5. Phazor

    Phazor Registered Member

    Joined:
    Jun 27, 2002
    Posts:
    111
    Im sorry..am I not allowed to post logs?
     
  6. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
    there is no point to post them as this site does not assist directly with malware removal. see links for more suggestions
     
  7. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    You can also contact Customer care and provide them with an ESET SysInspector log for perusal. Also running Combofix might fix potential issues, it creates a log that you could supply to customer care as well.
     
  8. GreenWhite

    GreenWhite Registered Member

    Joined:
    Nov 23, 2004
    Posts:
    110
Thread Status:
Not open for further replies.