Other > Viruses and worms

Yet more conserv.dll / Sirefef.. Please save me essexboy

<< < (3/10) > >>

Vincent Hoshino:
running combofix now. It will say in the report that it detected AVG, but AVG has been uninstalled for a while now and I can verify that no AVG program files or services are left on this box. It must be detecting some reg entries that never got completely removed on uninstall.

Yeah this one is quite resilient and I had already resorted to running combofix before I came here with no luck.  And Microsoft safety scanner just messed things up to where it would not boot and had to be restored to repair when removing Fakerean.

Vincent Hoshino:
combofix results are ready

Vincent Hoshino:
Blue screened after a bit and then failed to restart windows.. had to restore from OTL restore point to get it back up.  Reaction to combofix removing conserv.dll?

Vincent Hoshino:
ok after reading up a bit more and looking thru the registry this is the consrv.dll variant that loads via csrss.exe via replacing winsrv.dll

Time to die Max++ consrv

Need a way to remove consrv.dll and fix the reg keys during reboot or off a bootable drive

Not sure why combofix failed

essexboy:
OK I can remove it - it is the new variant - but I do need to see the netsvc name to remove it
You must have missed scripting this part

So run OTL again with this in the custom scans box

[*]Run OTL.
[*]Select All Users
[*]Under the Custom Scan box paste this in
netsvcs
%SYSTEMDRIVE%\*.exe
CREATERESTOREPOINT
[*]Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
[*]When the scan completes, it will open one notepad. [/list][/list]

Navigation

[0] Message Index

[#] Next page

[*] Previous page