Other > Viruses and worms

I need help removing consrv.dll infection on 64 bit Windows 7. Logs Attached.

<< < (2/4) > >>

Dark_Matter:
Here is the new combofix log file. Thank you very much for your help on this.

essexboy:
One more run... Once completed can you let me know what problems are left

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Open notepad and copy/paste the text in the quotebox below into it:

--- Quote ---NetSvc::
sfilter
obvious

Driver::
sfilter
obvious

--- End quote ---
Save this as CFScript.txt, in the same location as ComboFix.exe


Refering to the picture above, drag CFScript into ComboFix.exeWhen finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3.  If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.

Dark_Matter:
Attached is the latest ComboFix log. I'll check around now for any residual issues. Thanks again!

essexboy:
OK let me know of any remaining problems

Dark_Matter:
I ran aswMBR with avast definitions and I still had these infected files:

File: C:\Windows\system32\consrv.dll  **INFECTED** Win32:Sirefef-HO [Rtk]
File: C:\Windows\system32\crauto.dll  **INFECTED** Win64:ZAccess-E [Rtk]
File: C:\Windows\system32\lxrjd31s.dll  **INFECTED** Win64:ZAccess-E [Rtk]
File: C:\Windows\system32\MobilePreInstallerService.dll  **INFECTED** Win64:ZAccess-E [Rtk]
File: C:\Windows\assembly\GAC_32\Desktop.ini  **INFECTED** Win32:Sirefef-FQ [Drp]
File: C:\Windows\assembly\GAC_64\Desktop.ini  **INFECTED** Win32:Sirefef-HO [Rtk]

They were cleaned. (before and after log is attached)

I ran combofix and it looks clean (attached) and then ran OTL which looks ok too (attached)

As a follow up I did a scan with Kapersky Virus Removal Tool which came back clean as well.

I am going to restore security center and enable defender and adaware.

Navigation

[0] Message Index

[#] Next page

[*] Previous page

Go to full version