Consrv.dll removal?

Hello

I had the Consrv.dll virs was able to remove it at least I am not being redirected to other pages like before and my system seem to be working fine BUT Avast still recognizes in

C:\Windows\system32
the consrv.dll virus

As soon as it is moved to vault or deleted and my system is rebooted the computer does not start properly
and I have to do a system repair and restore it to the last working version.
It is a new laptop with Windows7 64bit

I have tried various removal descriptions but the result was always the same.
Thank you for any advice.

we also need the OTL log…thats the important one :wink:

Certifed malware remover is notified

oh sorry thought that one was there too. Here you go.
I have tried to edit the file using regedit to as advised during my research on the net but like I said same results.

Thanks

consrv.dll
if you remove this the wrong way you may damage the machine, so wait for one of the malware removers to arrive

I cannot see the protection driver, so lets take a different look

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

If you have Malwarebytes 1.6 or better installed please disable it for the duration of this run

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL O3 - HKU\S-1-5-21-3270904038-70173572-1634540911-1001\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. [2012/01/08 23:50:03 | 000,028,012 | -HS- | C] () -- C:\Users\Nifer\AppData\Local\55tkv58dkt0336uqqar78tkqkr3kj23eyr2d13t6s48tse [2012/01/08 23:50:03 | 000,028,012 | -HS- | C] () -- C:\ProgramData\55tkv58dkt0336uqqar78tkqkr3kj23eyr2d13t6s48tse

:Files
ipconfig /flushdns /c
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini

:Commands
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]


[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

  • IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

[*]Double click on ComboFix.exe & follow the prompts.
[*]Accept the disclaimer and allow to update if it asks

http://img.photobucket.com/albums/v706/ried7/NSIS_disclaimer_ENG.png

http://img.photobucket.com/albums/v706/ried7/NSIS_extraction.png

[*]When finished, it shall produce a log for you.
[*]Please include the C:\ComboFix.txt in your next reply.

Notes:

  1. Do not mouse-click Combofix’s window while it is running. That may cause it to stall.
  2. Do not “re-run” Combofix. If you have a problem, reply back for further instructions.
  3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

sorry for the delay…
ok I ran OTL with the Custom Scans/Fixes I was immediately asked to run OTL after the reboot and it produced the logfile.
Avast gave an alert about the virus again then which I moved out of the virus vault back into it’s original location.
I installed the combofix and let it run but I received an error it is only compatible with win2000 and xp I’ve attached the message.

Could you delete that copy of combofix and download a fresh one please… I does work with all variants of windows after 2K

Hi
I used the other version but with the same error message it is not compatible with my system. The 2links you gave me the combo fixes are different sizes… I used 2nd link not like the first time I used the first but the result is still the same.

Any suggestions as to what I am doing wrong? I did deactivate my Avast via Avast shields control Disable permanently
Thanks

you mean right click avast tray icon and disable shields ?

yes exactly that is how I disabled it.

OK could you try combofix from safe mode - if that fails I will use aswMBR

Re-Run aswMBR

Click Scan

On completion of the scanClick the Fix Button

http://i1224.photobucket.com/albums/ee362/Essexboy3/aswMBR%20shots/aswMBR_Zero.png

Save the log as before and post in your next reply

Ok I tried the combofix in safe mode to no avail.
Then I let the aswMBR run. Attached is the logfile
After reboot a automatic CHKDSK was done.

I just ran an avast quickscan results 1 virus in a tempfile which I moved to the virus-chest. No other virus files were found. Does this mean the consrv.dll virus is really gone??

On to remove that Avast is doubtfull about

On completion can you delete the aswMBR logs and run a fresh scan for me please

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

If you have Malwarebytes 1.6 or better installed please disable it for the duration of this run

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

:Files ipconfig /flushdns /c C:\Windows\assembly\GAC_32\Desktop.ini C:\Windows\assembly\GAC_64\Desktop.ini

:Commands
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]


[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Sorry, I read over the line about the aswMBR that is why let it run after I had let the OTL run. I hope it doesn’t make that much of a difference. Otherwise I will rerun the programs again.

How is the computer behaving now ?

Could you run the MSFixit on this page please
http://support.microsoft.com/kb/811259

Looks good no complaints about the consrv.dll being found from Avast. Running smoothly. I ran the MSFixit.
No problems. Boots quickly.

Nice - let me know if all is well tomorrow and I will remove my tools and tidy up ;D

SUPERB!! I will let you know, thank you! :slight_smile: