Author Topic: Infected with consrv.dll (Read 4529 times)

Kuari · « **on:** December 19, 2011, 01:51:37 AM »

Recently I got infected with this and it caused Win 7 Antivirus to pop up and hijack a lot of my stuff. I believe I fixed it, but to be certain, I'd like to go through the process. First here are the first two logs.

Kuari · « **Reply #1 on:** December 19, 2011, 01:52:04 AM »

Screenshot

Kuari · « **Reply #2 on:** December 19, 2011, 01:59:32 AM »

aswMBR log. I see a virus that needs to go... swore I've deleted that one already, so awaiting instructions.

Pondus · « **Reply #3 on:** December 19, 2011, 02:12:52 AM »

have you done a quick scan with Malwarebytes ?

if not do and attach the log...make sure it is updated before you start the scan

Essexboy will check your logs when he arrive here tomorrow....around 08:00pm - 11:59pm UK time

Kuari · « **Reply #4 on:** December 19, 2011, 02:18:33 AM »

Last two Malwarebyte's logs that detected something. Current scans detect nothing

essexboy · « **Reply #5 on:** December 19, 2011, 09:01:46 PM »

Hi on completion of this run can you let me know what problems you are having

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following
Quote
:OTL
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 97 55 DA 01 56 1C 31 4D BF A2 5A A9 6B A4 FE 29 [binary data]
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 97 55 DA 01 56 1C 31 4D BF A2 5A A9 6B A4 FE 29 [binary data]
IE - HKU\S-1-5-21-4162686938-2645483614-3529793939-1000\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 97 55 DA 01 56 1C 31 4D BF A2 5A A9 6B A4 FE 29 [binary data]
[2011/12/18 17:17:00 | 000,009,074 | -HS- | M] () -- C:\Users\Eric\AppData\Local\evmleo8d3rmy2idp7gyy6i865k5d
[2011/12/18 17:17:00 | 000,009,074 | -HS- | M] () -- C:\ProgramData\evmleo8d3rmy2idp7gyy6i865k5d
[2011/12/18 01:56:23 | 000,009,582 | -HS- | M] () -- C:\Users\Eric\AppData\Local\0q61ci1o46h636
[2011/12/18 01:56:23 | 000,009,582 | -HS- | M] () -- C:\ProgramData\0q61ci1o46h636
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Eric\AppData\Local\Temp\RarSFX0\procs\explorer.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Eric\AppData\Local\Temp\RarSFX0\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Eric\AppData\Local\Temp\RarSFX0\winlogon.exe

:Reg
[HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]
XMLHTTP_UUID_Default=-
[HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]
XMLHTTP_UUID_Default=-
[HKU\S-1-5-21-4162686938-2645483614-3529793939-1000\SOFTWARE\Microsoft\Internet Explorer\Main]
XMLHTTP_UUID_Default=-

:Files
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Kuari · « **Reply #6 on:** December 20, 2011, 01:22:32 AM »

How's it look, doc?

essexboy · « **Reply #7 on:** December 20, 2011, 08:34:17 PM »

Looks good - what problems do you have ?

Kuari · « **Reply #8 on:** December 21, 2011, 05:25:12 AM »

Nothing at this point. All seems well, just I know that can be deceptive at times. Thanks for the help.

essexboy · « **Reply #9 on:** December 21, 2011, 09:07:53 PM »

If all is still well tomorrow - let me know and I will tidy up

Kuari · « **Reply #10 on:** January 09, 2012, 08:26:49 PM »

OK, no issues on my PC... slow downs on my laptop, but that's a different problem I'll post elsewhere. What's the cleanup I need?

true indian · « **Reply #11 on:** January 10, 2012, 07:36:24 AM »

:'(

EDITED AND POST REMOVED.

CraigB · « **Reply #12 on:** January 10, 2012, 08:14:56 AM »

Quote from: true indian on January 10, 2012, 07:36:24 AM

Just Open OTL and hit the cleanup button

This will remove all the tools essexboy used...further recommendations will come from essexboy soon..

Copy paste the above in OTL custom scan box and hit run fix.

You have been repeatedly told not to offer advice in this section of the forum unless you need help, your either thick in the head or just plain insolent.

You have been reported

Kuari · « **Reply #13 on:** January 11, 2012, 06:23:35 PM »

Honestly since essex is the one that got this all set up, he's the only one I'd really trust with this, so no worries

Author Topic: Infected with consrv.dll (Read 4529 times)

Kuari

Infected with consrv.dll

Kuari

Re: Infected with consrv.dll

Kuari

Re: Infected with consrv.dll

Pondus

Re: Infected with consrv.dll

Kuari

Re: Infected with consrv.dll

essexboy

Re: Infected with consrv.dll

Kuari

Re: Infected with consrv.dll

essexboy

Re: Infected with consrv.dll

Kuari

Re: Infected with consrv.dll

essexboy

Re: Infected with consrv.dll

Kuari

Re: Infected with consrv.dll

true indian

Re: Infected with consrv.dll

CraigB

Re: Infected with consrv.dll

Kuari

Re: Infected with consrv.dll