Other > Viruses and worms
I need help removing consrv.dll infection on 64 bit Windows 7. Logs Attached.
Dark_Matter:
Here is the new combofix log file. Thank you very much for your help on this.
essexboy:
One more run... Once completed can you let me know what problems are left
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Open notepad and copy/paste the text in the quotebox below into it:
--- Quote ---NetSvc::
sfilter
obvious
Driver::
sfilter
obvious
--- End quote ---
Save this as CFScript.txt, in the same location as ComboFix.exe
Refering to the picture above, drag CFScript into ComboFix.exeWhen finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.
Dark_Matter:
Attached is the latest ComboFix log. I'll check around now for any residual issues. Thanks again!
essexboy:
OK let me know of any remaining problems
Dark_Matter:
I ran aswMBR with avast definitions and I still had these infected files:
File: C:\Windows\system32\consrv.dll **INFECTED** Win32:Sirefef-HO [Rtk]
File: C:\Windows\system32\crauto.dll **INFECTED** Win64:ZAccess-E [Rtk]
File: C:\Windows\system32\lxrjd31s.dll **INFECTED** Win64:ZAccess-E [Rtk]
File: C:\Windows\system32\MobilePreInstallerService.dll **INFECTED** Win64:ZAccess-E [Rtk]
File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-FQ [Drp]
File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-HO [Rtk]
They were cleaned. (before and after log is attached)
I ran combofix and it looks clean (attached) and then ran OTL which looks ok too (attached)
As a follow up I did a scan with Kapersky Virus Removal Tool which came back clean as well.
I am going to restore security center and enable defender and adaware.
Navigation
[0] Message Index
[#] Next page
[*] Previous page
Go to full version