serious security problem,HELP!

[true indian]

P.S. Hope i am not rude but even i know what i am doing...

So did all your banned friends from India say.........so not strange that we are a bit suspicious.  

My bad that the 1 guy who got banned was from my workstation...no wonder even u doubt me too 

[essexboy]

Hi what is the current status with the 7 partition.. Does it boot at all ?

ESET may have removed a file that was set as a boot device in the subsytem reg.  That will need to be replaced

 

[Alireza_021]

hi, guys
sorry for the long delay
i was too tired and had to get some rest
if you read my posts before,youll see that my windows 7 is already not working
and as i said i think it was my anti virus which automatically removed the infected files ,and made my windows not bootable , right now i am using my other windows on the infected computer (xp sp2)
as you all have said i need to clean the infected files but the problem is that they dont exist anymore,removed by anti virus ,so right now my problem is to make my win7 bootable again,any suggestions on that?
should i try repairing windows from its disk?
and i'm dowaloading dr.web and will run a full scan and tell you the results(without removing)
PS: there is still a chance that the damn maleware,viruses or whatever they are arent fully removed yet
thanks for help guys
and guys please dont fight with each other the only person to blame here is that **** , who gave me the damn link

[true indian]

and guys please dont fight with each other the only person to blame here is that **** , who gave me the damn link

OK Calm down,calm down...Relax!...essexboy will help u further..


Cheers.

[true indian]

Hi essexboy,

If were lucky enough The OP hasnt taken action to this item:

Code: [Select]

C:\WINDOWS\system32\termsrv.dll (Trojan.Downloader) -> No action taken.

[Alireza_021]

Hi essexboy,

If were lucky enough The OP hasnt taken action to this item:

Code: [Select]

C:\WINDOWS\system32\termsrv.dll (Trojan.Downloader) -> No action taken.

no, i didnt take any action on this one,but its in the windows xp drive,no connection to win7\
my windows xp is working just like before
but the mentioned file is considered infected by malwarebytes anti-malware
and how can i be calm? why would someone do such thing to me?
PS: im using another computer now and it has eset smart security 4 installed on it , they have got the link in my first post blocked

[Left123]

hi, guys
sorry for the long delay
i was too tired and had to get some rest
if you read my posts before,youll see that my windows 7 is already not working
and as i said i think it was my anti virus which automatically removed the infected files ,and made my windows not bootable , right now i am using my other windows on the infected computer (xp sp2)
as you all have said i need to clean the infected files but the problem is that they dont exist anymore,removed by anti virus ,so right now my problem is to make my win7 bootable again,any suggestions on that?
should i try repairing windows from its disk?
and i'm dowaloading dr.web and will run a full scan and tell you the results(without removing)
PS: there is still a chance that the damn maleware,viruses or whatever they are arent fully removed yet
thanks for help guys
and guys please dont fight with each other the only person to blame here is that **** , who gave me the damn link

We are not figting,we are here to help you.Sometimes some people don't know how,and may cause further problems.After all it is your decision what you wan't to do   .

[essexboy]

Nope I reckon Eset deleted consrv.dll which is in the subsystem boot registry key

OK next we will work outside of windows then
Please print these instruction out so that you know what you are doing

• Download OTLPENet.exe to your desktop
  
• Download sca.txt (attached at the bottomof this post) to the desktop (XP) or USB drive
• Ensure that you have a blank CD in the drive
• Double click OTLPENet.exe and this will then open imgburn  to burn the file to CD
  
• Reboot your system using the boot CD you just created.Note : If you do not know how to set your computer to boot from CD follow the steps here
  
• As the CD needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads 
• Your system should now display a Reatogo desktop.Note : as you are running from CD it is not exactly speedy
• Double-click on the OTLPE icon.
• Select the Windows folder of the infected drive if it asks for a location
• When asked "Do you wish to load the remote registry", select Yes
• When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  
• Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  
• OTL should now start
• Drag and drop this attached scan.txt into the Custom scans and fixes box, or double click the scan box
  
• Press Run Scan to start the scan.
  
• When finished, the file will be saved  in drive C:\OTL.txt
  
• Copy this file to your USB drive if you do not have internet connection on this system
• Right click the file and select send to : select the USB drive. 
• Confirm that it has copied to the USB drive by selecting it
• You can backup any files that you wish from this OS
• Please post the contents of the C:\OTL.txt file in your reply.

[true indian]

no, i didnt take any action on this one,but its in the windows xp drive,no connection to win7\
my windows xp is working just like before
and how can i be calm? why would someone do such thing to me?

Thats good! since deleting it will cause boot failure....and as far as that guy who sent u the link...i should make u aware that do not trust any links to videos unless it seems to be from youtube...


@essexboy
unfortunately,this is a new varient...

this one gives out termsrv.dll instead of consrv.dll....correct me if i am wrong?

and i also reckon that this malware injects itsef into a reg value as u informed me before.

[Alireza_021]

downloading OTLPENet.exe now,
its gonna take a while considering the slow internet connection here
PS: can i use  flash memory instead of the cd? because its faster.
and is it safe to connect my infected pc to internet ? using win xp
right now im using another computer,
i disconnected my computer from internet right after the infection to prevent further automated download of maleware

[true indian]

Can u update avast definations please..

Then we should be able to prevent further infestation...

[essexboy]

As long as the flash drive is bootable as OTLPE is linux based

The XP side should be OK to use

[Alireza_021]

found this in site just now,
same maleware infected my pc
http://forum.avast.com/index.php?topic=92222.0

[essexboy]

I answered there 

[Alireza_021]

yes, but as you know my windows 7 doesnt boot right now,
ill follow your previous instructions to fix it and then get to removing the maleware
and can i ask you how much longer will you stay online essexboy?