Please note that your topic was not intentionally overlooked.Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.

Hi, My 64-bit windows 7 system is infected with Zero Access/Sirefef.

There were multiple infections, but booting from a few rescue CDs (F-Secure, e Set, Sophos) to run scans got rid of most of them.

keeps getting detected by my anti-virus software (Sophos) as ZAccess-L and it gets blocked. I have done multiple searches for this and generally if people delete it while booted to a rescue cd or something their computer will not boot.

I have booted to a rescue cd and deleted the file and rebooted, but the file comes back on next bootup.

I was expereincing high utilization previously of and services.exe, but I fixed that by fixing the registry key in Control Set XXX\Control\Session Manager\Sub Systems to have the correct instead of consrv.dll, after doing that my computer performance has returned to essentially normal, but I know I am still infected because keeps coming back and keeps getting detected as a virus, and because my antivirus program is kept very busy in terms of CPU blocking it when it appears. I tried running asw but it appears to crash upon a certain stage in the virus scan (always the same spot).

If I disable the virus scan in aswmbr then it completes just fine but the info is not very useful.

We apologize for the delay in responding to your request for help.

Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up.

AV: Sophos Anti-Virus *Enabled/Updated* {479CCF92-4960-B3E0-7373-BF453B467D2C} SP: Spybot - Search && Destroy *Enabled/Updated* {1EAF1D03-5480-F3B2-EB14-11F0F5EE2699} SP: Sophos Anti-Virus *Enabled/Updated* {FCFD2E76-6F5A-BC6E-49C3-843740C13791} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . C:\Windows\system32\C:\Windows\system32\C:\Windows\system32\-k Dcom Launch C:\Windows\system32\-k RPCSS C:\Windows\system32\C:\Windows\System32\-k Local Service Network Restricted C:\Windows\System32\-k Local System Network Restricted C:\Windows\system32\-k netsvcs C:\Windows\system32\-k Local Service C:\Windows\system32\C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Sav C:\Windows\system32\-k Network Service C:\Windows\System32\C:\Windows\system32\-k Local Service No Network C:\Program Files (x86)\Common Files\Adobe\ARM.0\C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\Apple Mobile Device C:\Windows\Sys WOW64\C:\Program Files (x86)\Microsoft\Bing Bar\Sea Port.

EXE C:\Program Files\Bonjour\m C:\Program Files\Prevx\C:\Program Files (x86)\Cisco Systems\VPN Client\C:\Windows\system32\-k Local Service And No Impersonation C:\Windows\system32\C:\Windows\Sys WOW64\-k hpdevmgmt C:\Windows\Sys WOW64\Lxr SII1C:\Windows\System32\-k HPZ12 C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\C:\Windows\System32\-k HPZ12 C:\Windows\system32\-k Network Service Network Restricted C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdmin C:\Program Files (x86)\Spybot - Search & Destroy 2\C:\Windows\system32\C:\Program Files (x86)\Sophos\Auto Update\C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_C:\Windows\system32\C:\Program Files (x86)\Team Viewer\Version6\Team Viewer_C:\Program Files (x86)\Team Viewer\Version7\Team Viewer_C:\Program Files (x86)\Tight VNC\C:\Program Files (x86)\VMware\VMware v Center Converter Standalone\C:\Program Files\Prevx\C:\Program Files (x86)\VMware\VMware v Center Converter Standalone\C:\Program Files (x86)\VMware\VMware v Center Converter Standalone\C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpd C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\C:\Program Files (x86)\Acronis\Disk Director\OSS\reinstall_C:\Program Files (x86)\Spybot - Search & Destroy 2\C:\Program Files\HP Toner Cartridge Authentication\hpcra112C:\Windows\system32\C:\Windows\Explorer.

EXE C:\Windows\System32\hdsp32C:\Windows\System32\C:\Program Files (x86)\HP\HP Color Laser Jet CM1312 MFP Series\C:\Windows\system32\Search C:\Program Files\Microsoft Intelli Type Pro\C:\Program Files\Microsoft Intelli Point\C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\C:\Program Files\Music Lab\Mol Cp III\C:\Program Files\Windows Media Player\C:\Program Files (x86)\u Torrent\u C:\Windows\system32\C:\Program Files (x86)\DAEMON Tools Lite\C:\Program Files (x86)\DVDFab Passkey\DVDFab C:\Program Files (x86)\Zoiper Communicator\C:\Program Files (x86)\f-secure\Online Backup\fshoster32C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08C:\Program Files (x86)\nerds.de\Loop Be30\C:\Windows\system32\C:\Program Files (x86)\Sophos\Auto Update\C:\Program Files (x86)\Tight VNC\C:\Program Files (x86)\Common Files\Java\Java Update\C:\Program Files (x86)\Common Files\Adobe\ARM.0\Adobe C:\Program Files (x86)\Div X\Div X Update\Div C:\Program Files (x86)\HP\HP Software Update\hpwuschd2C:\Program Files (x86)\ATI Technologies\ATI.