Author Topic: consrv.dll desktop.ini ping.exe Win32:Sirefef-HO [Rtk]  (Read 6701 times)

0 Members and 1 Guest are viewing this topic.

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89332
  • No support PMs thanks
Re: consrv.dll desktop.ini ping.exe Win32:Sirefef-HO [Rtk]
« Reply #15 on: February 09, 2012, 11:36:44 AM »
If you still have that file in the combofix quarantine, submit to the virus labs so that it can be added to the avast! detections.

Send the sample/s to avast as a Undetected Malware:
Open the chest and right click in the Chest and select Add, navigate to where you have the sample (combofix quarantine or still in the original location) and add it to the chest (see image). Once in the chest, right click on the file and select 'Submit to virus lab...' complete the form and submit, the file will be uploaded during the next update. Note: manually adding to the chest doesn't remove them from the original location, so they still have to be dealt with in that location, in due course by combofix, etc.
« Last Edit: February 09, 2012, 11:41:11 AM by DavidR »
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.5.6116 (build 24.5.9153.762) UI 1.0.808/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

DaManJ

  • Guest
Re: consrv.dll desktop.ini ping.exe Win32:Sirefef-HO [Rtk]
« Reply #16 on: February 09, 2012, 12:14:31 PM »
done :)

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89332
  • No support PMs thanks
Re: consrv.dll desktop.ini ping.exe Win32:Sirefef-HO [Rtk]
« Reply #17 on: February 09, 2012, 12:28:26 PM »
Thank you for helping to improve avast detections.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.5.6116 (build 24.5.9153.762) UI 1.0.808/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline oldman

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4142
  • Some days..... MOS...this bug's for you
Re: consrv.dll desktop.ini ping.exe Win32:Sirefef-HO [Rtk]
« Reply #18 on: February 09, 2012, 05:29:12 PM »
Hi DaManJ,

I'm not sure if combofix got all of it.

Next

Please open OTL.

  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, click the None button near the top (it may looked greyed out)

  • In the window under Custom Scans/Fixes copy and paste the following


    NetSvcs
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTIDrvr /s
    /md5start
    incdrm.*
    /md5stop
       


  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open a notepad window, OTL.Txt. Please post this log.

Please post back with
  • OTL.txt

DaManJ

  • Guest
Re: consrv.dll desktop.ini ping.exe Win32:Sirefef-HO [Rtk]
« Reply #19 on: February 10, 2012, 02:00:13 AM »
here it is,

OTL logfile created on: 10/02/2012 10:56:22 - Run 4
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Jeremy\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
7.89 Gb Total Physical Memory | 4.86 Gb Available Physical Memory | 61.68% Memory free
15.77 Gb Paging File | 12.37 Gb Available in Paging File | 78.41% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.20 Gb Total Space | 100.33 Gb Free Space | 35.18% Space Free | Partition Type: NTFS
Drive Q: | 11.72 Gb Total Space | 2.38 Gb Free Space | 20.30% Space Free | Partition Type: NTFS
Drive W: | 3.00 Gb Total Space | 2.18 Gb Free Space | 72.62% Space Free | Partition Type: FAT32
 
Computer Name: LACEY | User Name: Jeremy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
========== Custom Scans ==========
 
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTIDrvr /s >
 

< End of report >

Offline oldman

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4142
  • Some days..... MOS...this bug's for you
Re: consrv.dll desktop.ini ping.exe Win32:Sirefef-HO [Rtk]
« Reply #20 on: February 10, 2012, 05:41:31 PM »
Hi DaManJ,

Not sure why combofix showed traces of it but the OTL log shows it is gone.

You can remove combofix and OTL as prescribed below. aswMBR can simply be deleted.


Click the Start button, click Run. [Win7 users, go Start>"Start search"] Copy and paste the following line into the run box and click OK

Combofix /uninstall



Next


Open OTL then click the Clean Up button. You may get prompted by your firewall that OTL wants to contact the internet -  allow this.  A cleanup.txt will be downloaded, a message dialog will ask you if you want to proceed with the cleanup process, click Yes. This will do some clean up tasks and delete some of the tools you have downloaded plus itself.




Your java is out of date. Click your start button > Control Panel
  • Use the drop down menu beside view by and change it to small icons
  • locate java (32bit) in the list and click on it
  • when the java console opens click the update tab
  • Click update now
Do the same for java (64bit)

Next, clear the java cache

To clear the Java Plug-in cache:
  • Click Start > Control Panel.
  • Double-click the Java icon in the control panel.
  • On the General tab, Click Settings under Temporary Internet Files.
  • On the Temporary Files Settings screen, Click Delete Files.
  • check all boxes
  • Click OK

DaManJ

  • Guest
Re: consrv.dll desktop.ini ping.exe Win32:Sirefef-HO [Rtk]
« Reply #21 on: February 11, 2012, 03:24:59 AM »
all done. thanks for your help! :)

Offline oldman

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4142
  • Some days..... MOS...this bug's for you
Re: consrv.dll desktop.ini ping.exe Win32:Sirefef-HO [Rtk]
« Reply #22 on: February 11, 2012, 08:28:17 AM »
You are welcome.