Win-32:Sirefef-HO [Rtk] - Windows 7 64 bit

[coleton]

C:\Windows\system64\consrv.dll
C:\Windows\System32\consrv.dll

I have a computer that was infected with the "Win7 Antivirus 2012" bug. I was able to remove it, but I have been fighting to remove this a couple of times with different methods, it would cause BSOD after boot when removed, forcing a System Restore. For some reason Malwarebytes doesn't even detect it, but MSE, AVG Rescue CD, and Avast do.

Every 16 minutes I also get a "Trojan Horse Blocked" and Moved to Chest notification from Avast of C:\Windows\assembly\temp\U\80000032.$ Win32:DNSChanger-VJ[Trj]

I have posted the required logs. I won't touch the computer until a response. Let me know what else I need to do. Thank you.

[Pondus]

Essexboy is notified.

He usually arrive here around 08:00pm - 11:59pm UK time

[true indian]

This is the Backdoor maxplus 90 infection which needs atmost care to get rid off...

WARNING! do not Delete conserv.dll file it will cause boot failure.Wait until a malware removal expert arrives to help u.

[essexboy]

Yep 'tis consrv.dll.  The variants are changing on an almost daily basis

 Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  

  :OTL
  [2012/01/02 13:27:13 | 000,012,802 | -HS- | M] () -- C:\Users\Angie\AppData\Local\763517a2o517u317m874o8qoc6d8
  [2012/01/02 13:27:13 | 000,012,802 | -HS- | M] () -- C:\ProgramData\763517a2o517u317m874o8qoc6d8
  
  :Files
  ipconfig /flushdns /c
  
  :Commands
  [purity]
  [resethosts]
  [emptytemp]
  [CREATERESTOREPOINT]
  [Reboot]
• Then click the Run Fix button at the top
  
• Let the program run unhindered, reboot the PC when it is done
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download and Install Combofix
 
Download ComboFix from one of the following locations:
Link 1
Link 2
 
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
 
* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

• Double click on ComboFix.exe & follow the prompts.
  
• Accept the disclaimer and allow to update if it asks

• When finished, it shall produce a log for you.
• Please include the C:\ComboFix.txt in your next reply.[/b]
  

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3.  If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.



Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

[coleton]

Thank you for all the help. I ran OTL and then Combofix. Everything seemed to go smoothly. I'll run a full AV scan and check to see if anything is detected. Here are the logs.

[essexboy]

Could you now go to this MS site  and run the fixit about halfway down please http://support.microsoft.com/kb/299357

Once done can you let me know what problems remain