Do I have the w32 Blaster?

Jacee · 18 May 2013

Okay, you're on your own ... wipe the computer and re-install the OS.

Thanks for letting us know what you were up to on page 17

... a lot of wasted time here.

cottonball · 18 May 2013

Prescottbob,

When we left off last night, had requested you download FRST. However, at the point you are right now, following up with FRST seems inconsequential.

My apology for not following up, but, been hit by a bad cold, or something that knocked me off my feet.

My head is just "stuffed".

The Internet Security 2013 infection you were initially confronted with also brought with it an infection that affects Microsoft Security Essenials and/or Windows Defender by creating symbolic links (also called junctions) to their folders and files. In turn, this affects pathname resolution, which, in plain English means "can't get there from here".

Work has begun to beat this infection, but, it does not appear that a solution will come overnight.

If you are considering a clean install, you are on the right track.

Prescottbob · 18 May 2013

Thank you and everyone for going past the point of reasonableness in trying to resolve this machine's problems and leading me through unfamiliar territory. I'll do a clean install.

Jacee · 18 May 2013

I want to thank you for being a gentleman.

cottonball · 21 May 2013

Prescottbob,

Have you done a clean install yet?

Prescottbob · 21 May 2013

No, I won't be doing that until next week when I return from my other home with the doc. package for this machine.

Layback Bear · 21 May 2013

You have a .doc package for this computer. I feel a lot better now. Let us know how things go.

cottonball · 21 May 2013

This is up to you, of course, but, a very competent tool developer at another forum where I work has come up with a way of getting rid of the damage done by the infection on your system.

It has been tried successfully several times, and we can use it here.

You will have to go through one last round of instructions with me, but, it may get the machine going where you can download, etc.

If you want to give it a whirl, fine, if you do not, that is fine also. Just let me know.

Going out for a while...should be back o/a 7:00PM CST.

Jacee · 21 May 2013

After looking at another forum I frequent, this is a type of ZeroAccess/Sirefef ... I don't believe at this point, the computer is "recoverable".

I see some MS-MVP's saying it's best to nuke and do a clean install. Which I agree with. With that kind of "Rootkit", how could the computer ever be reliable again?

It's totally up to the user to try the new tool, but don't have any critical/personal information on that machine, or any other computers that can connect with it on the Network. Keep it outside of the Network connection!

cottonball · 21 May 2013

Prescottbob,

Quoting Jacee: I see some MS-MVP's saying it's best to nuke and do a clean install

In turn, I look for the MS-MVP's and Malware Tool Developers saying: "Here is a tool to fix this."
Namely: Trojan Dropper:Win32/Sirefef.gen!E

Jacee and I have different opinions on this issue. Rootkits are not "the thing" for some, but Rootkits are "the thing" for others. I belong to the latter group.

This all boils down to your decision, and is fine with me, any way you go.