Redirecting Links

Recently, my google chrome has been redirecting google links to random suspicious websites that I had no intention of visiting. Since its been quite frustrating I recently scanned my computer and found that a file called consrv.dll was notified as high risk malware. Following this, I proceeded to remove it and the next morning I could not reboot my computer. I system restored to its infected state and now I have no idea on how to delete this virus.

Could anyone please help me with this problem? Thank you

Please attach your logs.
http://forum.avast.com/index.php?topic=53253.0

how to attach…

Lower left corner: additional options > attach

Here you go.

And OTL

And sorry one more post extras.

The malwarebytes log was not saved as ANSI and can not be read…looks like chinese

Oh sorry my bad. Reattached.

there you go …now wait for Essexboy, it may take some hours :wink:

OK we have another zero access

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL O4 - HKU\S-1-5-21-1539969128-733838407-862336560-1001..\Run: [1kAlMiG2Kb7FzP] C:\ProgramData\1kAlMiG2Kb7FzP.exe File not found O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\odrio.exe () O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ybrio.exe () O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\odrio.exe () O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ybrio.exe () [2012/01/19 20:47:29 | 000,000,000 | ---D | C] -- C:\Users\delacour\AppData\Roaming\Zouw [2012/01/19 20:47:29 | 000,000,000 | ---D | C] -- C:\Users\delacour\AppData\Roaming\Empul [2012/01/19 12:37:18 | 000,000,000 | ---D | C] -- C:\Users\delacour\AppData\Roaming\Igabmi [2012/01/19 12:37:18 | 000,000,000 | ---D | C] -- C:\Users\delacour\AppData\Roaming\Fyicad [2011/10/28 17:00:40 | 000,000,062 | ---- | C] () -- C:\ProgramData\1kAlMiG2Kb7FzP.lic [2011/10/28 16:47:24 | 000,000,224 | ---- | C] () -- C:\ProgramData\~1kAlMiG2Kb7FzP [2011/10/28 16:47:24 | 000,000,112 | ---- | C] () -- C:\ProgramData\~1kAlMiG2Kb7FzPr [2011/10/28 16:47:19 | 000,000,488 | ---- | C] () -- C:\ProgramData\1kAlMiG2Kb7FzP @Alternate Data Stream - 85 bytes -> C:\ProgramData:$SS_DESCRIPTOR_MVPUV9PFSVXJKX69UK1CWPP0DTVNYKM1UVXPJCEPP4DMJ3K1XYE7LRJEM53EPPJCFLPXB564BPLBB5N14D0B8F0LFUTVLJVMVFVV14TE

:Files
ipconfig /flushdns /c
xcopy %Temp%\smtmp\1 “%AllUsersProfile%\Start Menu” /H /I /S /Y /C
xcopy %Temp%\smtmp\2 “%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch” /H /I /S /Y /C
xcopy %Temp%\smtmp\3 “%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar” /H /I /S /Y /C
xcopy %Temp%\smtmp\4 “%AllUsersProfile%\Desktop” /H /I /S /Y /C

:Commands
[purity]
[resethosts]
[emptyjava]
[CREATERESTOREPOINT]
[Reboot]


[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

  • IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

[*]Double click on ComboFix.exe & follow the prompts.
[*]Accept the disclaimer and allow to update if it asks

http://img.photobucket.com/albums/v706/ried7/NSIS_disclaimer_ENG.png

http://img.photobucket.com/albums/v706/ried7/NSIS_extraction.png

[*]When finished, it shall produce a log for you.
[*]Please include the C:\ComboFix.txt in your next reply.

Notes:

  1. Do not mouse-click Combofix’s window while it is running. That may cause it to stall.
  2. Do not “re-run” Combofix. If you have a problem, reply back for further instructions.
  3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

ATM I’m using my phone to type this message. After using combofix and rebooting my computer, my internet connection doesn’t seem to work

did you reboot twice ?

Essexboy will be back tomorrow

Yes I’ve rebooted several times yet it still doesn’t work :cry:

OK restore to prior to the combofix run and we will then approach it a different way. This one is obviously meessing with the registry and internet files

run farbar service scanner

http://i1238.photobucket.com/albums/ff484/CompCav/Farbarservicesinternetticked-2.jpg

Tick “Internet services” and “Windows Firewall” options.
Press “Scan”.
It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.

Ok, I found out that I could connect to my router using the wireless on this computer. However, before this issue occurred, I was able (and preferred) to connect to the internet via cable.

After system restoring to before the combofix, I still have the same problem and can only connect wireless.

I used the Farbar scanner in the case it would help.

OK lets check that the malware is no longer present

Run a fresh OTL scan for me please

New OTL

How is the computer behaving at the moment - after the restore

Run the small fixit on this page please to reset the stack http://support.microsoft.com/kb/299357

Then go to control panel > Devices and let me know if there are any question marks against them… If so let me know which one

The computer is behaving normally except for the wireless problem i mentioned. Also, occasionally my internet has been stuttering and dropping out but I think thats just stemming from the fact I can only connect wireless.

As for checking devices, no question marks.

I’m really sorry if these continual problems are of inconvenience to you .

Not a problem

OK lets do a little trouble shooting connect to the network using the ethernet only

When it fails to connect right click the network icon and select trouble shoot

Let me know what errors that produces