no, i didnt take any action on this one,but its in the windows xp drive,no connection to win7
my windows xp is working just like before
but the mentioned file is considered infected by malwarebytes anti-malware
and how can i be calm? why would someone do such thing to me?
PS: im using another computer now and it has eset smart security 4 installed on it , they have got the link in my first post blocked
We are not figting,we are here to help you.Sometimes some people don’t know how,and may cause further problems.After all it is your decision what you wan’t to do 
.
Nope I reckon Eset deleted consrv.dll which is in the subsystem boot registry key
OK next we will work outside of windows then
Please print these instruction out so that you know what you are doing
[*]Download OTLPENet.exe to your desktop
[*]Download sca.txt (attached at the bottomof this post) to the desktop (XP) or USB drive
[*]Ensure that you have a blank CD in the drive
[*]Double click OTLPENet.exe and this will then open imgburn to burn the file to CD
[*]Reboot your system using the boot CD you just created.Note : If you do not know how to set your computer to boot from CD follow the steps here
[*]As the CD needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads 
[*]Your system should now display a Reatogo desktop.Note : as you are running from CD it is not exactly speedy [*]Double-click on the OTLPE icon.[*]Select the Windows folder of the infected drive if it asks for a location
[*]When asked “Do you wish to load the remote registry”, select Yes[*]When asked “Do you wish to load remote user profile(s) for scanning”, select Yes
[*]Ensure the box “Automatically Load All Remaining Users” is checked and press OK
[*]OTL should now start
[*]Drag and drop this attached scan.txt into the Custom scans and fixes box, or double click the scan box
[*]Press Run Scan to start the scan.
[*]When finished, the file will be saved in drive C:\OTL.txt
[*]Copy this file to your USB drive if you do not have internet connection on this system
[*]Right click the file and select send to : select the USB drive.
[*]Confirm that it has copied to the USB drive by selecting it
[*]You can backup any files that you wish from this OS
[*]Please post the contents of the C:\OTL.txt file in your reply.
Thats good! since deleting it will cause boot failure…and as far as that guy who sent u the link…i should make u aware that do not trust any links to videos unless it seems to be from youtube…
@essexboy
unfortunately,this is a new varient…
this one gives out termsrv.dll instead of consrv.dll…correct me if i am wrong?
and i also reckon that this malware injects itsef into a reg value as u informed me before.
downloading OTLPENet.exe now,
its gonna take a while considering the slow internet connection here
PS: can i use flash memory instead of the cd? because its faster.
and is it safe to connect my infected pc to internet ? using win xp
right now im using another computer,
i disconnected my computer from internet right after the infection to prevent further automated download of maleware
Can u update avast definations please…
Then we should be able to prevent further infestation…
As long as the flash drive is bootable as OTLPE is linux based
The XP side should be OK to use
found this in site just now,
same maleware infected my pc
http://forum.avast.com/index.php?topic=92222.0
I answered there ;D
yes, but as you know my windows 7 doesnt boot right now,
ill follow your previous instructions to fix it and then get to removing the maleware
and can i ask you how much longer will you stay online essexboy?
On and off all day today untill about 10m - now 13.20
ok, guys some new s**t just happend to my infected pc
i downloaded the file you said and moved it to my flash drive i also downloaded avast and did the same, when i entered my flash drive and opened i saw the shocking scene of number1 photo
i quickly installed eset ,(no other choice) started a full in dept scan
after a couple of seconed i saw the second photo which caused me a slight heart attack (for real, im in pain right now )
help me out plz!!!
also i found these new unknown(to me) processes in task manager wuauclt.exe, mwyo.exe which i am unable to termanate , also eset found this:
operating memory>> services.exe(11088)- a variant of win32/rootkit.Agent.NUS trojan-unable to clean
help me out plz!!!
PS: please come to my online funeral tommarow at 8 am in youtube
forgot these
OK so you have an infected flash drive… Which does not help matters
Load OTLPE to a CD and run it from there. We will get the Windows 7 back in action and then look at the XP
ok , scann is finished the otl file is attached
do i still need to be in this os? i havent exited yet
Any fixes will be done from the Reatogo desktop
OK run OTLPE again and in the custom scans and fixes box type in the following
/md5start
afd.*
/md5stop
Then press the run scan button
Attaching the new log
If this is not the culprit then I will use a different tool to detemine the problem
I just noticed that you scanned the XP system and not the 7 one
When you start OTLPE and it asks for the windows folder - select the windows 7 one
sorry,had a quick meal
the problem is it doesnt ask two of the question you said:
only the last one
“Select the Windows folder of the infected drive if it asks for a location”
“When asked “Do you wish to load the remote registry”, select Yes”
it doesnt ask these two
Could you re-load Reatogo desktop please and using the explorer function select the windows 7 folder first before running OTL