I’d been having all sorts of problems with my Win7 64bit laptop, including search being hijacked, and had run Malawarebytes Anti-Malware, which kept finding and removing stuff, but some of it kept coming back. I then downloaded and installed avast and let it do the scan on boot.
It found a bunch of stuff which I told it to delete, but when it came to the files in the windows folder (consrv.dll and desktop.ini) the warning of “Are you sure you want to delete files in the windows folder?” made me think twice and I told it to do nothing for those files (they couldn’t be repaired). Having done some searches, I’m sure glad I didn’t delete them as it sounds like my OS wouldn’t boot then!
I then launched Windows and updated my mbam and re-ran it - it now found nothing. I re-ran avast from within windows and once again and obviously it found the same problems with desktop.ini and consrv.dll:
Windows\Assembly\GAC_32\Desktop.ini
Infected by Win32:sirefef-FQ [Drp]
Windows\Assembly\GAC_64\Desktop.ini
Infected by Win64:sirefef-C [Drp]
Windows\System32\consrv.dll|>[Embedded_I#1ac7]
infected by Win64:sirefef-C [Drp]
Windows\System32\consrv.dll|>[Embedded_I#2ac7]
infected by Win64:sirefef-FQ [Drp]
Windows\System32\consrv.dll|>[Embedded_I#46ff]
infected by Win64:sirefef-D [Drp]
Windows\System32\consrv.dll
infected by Win64:sirefef-C[Drp]
I launched my browser and was pleased to see that my search is no longer hijacked, however I’m not comfortable having any remnants of any form of malware on my PC, especially those rated high severity, and searches in this forum tend to result in answers that are specific to that person’s system alone, so I figured I’d start my own thread…
pre and post running avant mbam logs attached
I hope someone can please help me!!!
Thanks in advance!
magichappens
p.s.
Here is what Avast found and deleted:
C:\Users\me\AppData\LocalLow\Sun\Java\Deployment\cache\6.8\8\db32fc8-640cdbf7|>Final.class
Infected by Java:CVE-2011-3554-AB [Expl]
C:\Windows\assembly\temp\U\00000002.@|>[Embedded_R#00290]
Infected by PUP:Win32:Agent-ANSR [PUP]
C:\Windows\assembly\temp\U\00000002.@
Infected by PUP:Win32:Agent-ANSR [PUP]
C:\Windows\assembly\temp\U\80000004.@
Infected by Win64f:ZAccess-A [Trj]