Solved Do I have the w32 Blaster?

[Prescottbob]

I did try an uninstall from control panel and restarted but the uninstall showed them removed but they were still someplace?

 

[Jacee]

Run both AdwareCleaner and MBam ... I'd like to see the logs please.

EDIT >>>> close all other open Windows, while scanning.

 

[VistaKing]

Wouldn't it be ideal to do a clean install ?

 

[Prescottbob]

IT's looking better every second!!!!

 

[Jacee]

Let's finish with these scans and then we'll do one more ... If they don't pan out, then we'll head to the last resort.

 

[Prescottbob]

MBAM should finish about 9 pm then I'll run adw and send reports later tonight or in the morning. Scanning this 1.5 tab drive is time consuming. This machine was acquired for a project and just became the everyday computer.

 

[Jacee]

"acquired as a project" ... what kind of project? One to see how infections can be cleaned up on line?!

 

[Prescottbob]

That is what is turned out to be for me. Origional use by an employee was to edit and archive films of field inspections for backup to the written reports if disputed.

 

[Jacee]

So you are the IT guy for the company you work for?

 

[Prescottbob]

Hardly! I had a small firm specializing in construction site inspections for specs, quality and safety. None of us were techies just hard charging guys who contracted our services to large construction firms. When the construction downturn hit most of those firms downsized and did not renew contracts with outsiders-just brought everything in house. It became the opportunity to retire. I am now an "Official Consultant" to anybody who thinks I know more than they do--they become fewer each day!

 

[Jacee]

Okay, you're on your own ... wipe the computer and re-install the OS.

Thanks for letting us know what you were up to on page 17 ... a lot of wasted time here.

 

[cottonball]

Prescottbob,

When we left off last night, had requested you download FRST. However, at the point you are right now, following up with FRST seems inconsequential.

My apology for not following up, but, been hit by a bad cold, or something that knocked me off my feet. My head is just "stuffed".

The Internet Security 2013 infection you were initially confronted with also brought with it an infection that affects Microsoft Security Essenials and/or Windows Defender by creating symbolic links (also called junctions) to their folders and files. In turn, this affects pathname resolution, which, in plain English means "can't get there from here".

Work has begun to beat this infection, but, it does not appear that a solution will come overnight.

If you are considering a clean install, you are on the right track.

 

[Prescottbob]

Thank you and everyone for going past the point of reasonableness in trying to resolve this machine's problems and leading me through unfamiliar territory. I'll do a clean install.

 

[Jacee]

I want to thank you for being a gentleman.

 

[cottonball]

Prescottbob,

Have you done a clean install yet?

 

[Prescottbob]

No, I won't be doing that until next week when I return from my other home with the doc. package for this machine.

 

[Layback Bear]

You have a .doc package for this computer. I feel a lot better now. Let us know how things go.

 

[cottonball]

This is up to you, of course, but, a very competent tool developer at another forum where I work has come up with a way of getting rid of the damage done by the infection on your system.

It has been tried successfully several times, and we can use it here.

You will have to go through one last round of instructions with me, but, it may get the machine going where you can download, etc.

If you want to give it a whirl, fine, if you do not, that is fine also. Just let me know.

Going out for a while...should be back o/a 7:00PM CST.

 

[Jacee]

After looking at another forum I frequent, this is a type of ZeroAccess/Sirefef ... I don't believe at this point, the computer is "recoverable".

I see some MS-MVP's saying it's best to nuke and do a clean install. Which I agree with. With that kind of "Rootkit", how could the computer ever be reliable again?

It's totally up to the user to try the new tool, but don't have any critical/personal information on that machine, or any other computers that can connect with it on the Network. Keep it outside of the Network connection!

 

[cottonball]

Prescottbob,

Quoting Jacee: I see some MS-MVP's saying it's best to nuke and do a clean install

In turn, I look for the MS-MVP's and Malware Tool Developers saying: "Here is a tool to fix this."
Namely: Trojan Dropper:Win32/Sirefef.gen!E

Jacee and I have different opinions on this issue. Rootkits are not "the thing" for some, but Rootkits are "the thing" for others. I belong to the latter group.

This all boils down to your decision, and is fine with me, any way you go.