start up scan results

So I ran Avast! on my Dell 1749/Windows 7 machine. I told it to move everything to the chest. Eventually it came across several things in the Windows file. I recognized the first one as something AVG tried to remove that crashed my system (had to do a restore), so I told Avast! not to put them in the chest and to ignore them. Happily, I wrote them all down first. Here they are:

Windows\Assembly\GAC_32\Desktop.ini
Infected by Win32:sirefef-FQ [Drp]
and by Win32:sirefef-HO [Rtk]

Windows\Assembly\temp\U\00000002.@|>[Embedded_R#00290]|>[UPX]
by Win32:PUP_gen [PUP]

Windows\Assembly\temp\U\80000004.@
by Win32:Malware-gen

Windows\System32\consrv.dll|>[Embedded_I#1ac7]
by Win32:sirefef-HO [Rtk]

Windows\System32\consrv.dll|>[Embedded_I#2ec7]
by Win32:sirefef-FQ [Drp]

Windows\System32\consrv.dll
by Win32:sirefef-HO [Rtk]

Now what? ???
Please and Thank You!

I recognized the first one as something AVG tried to remove that crashed my system
does this mean you have avast and AVG installed ?

if so, you can not trust the detection. Running multiple Antivirus can/will give all kind of windows errors and false positive detections
see reply from quietman7 here http://www.bleepingcomputer.com/forums/topic186533.html

you should also use a removal tool so all leftovers are gone after the uninstall

run and reboot - Uninstallers – Security Software
http://singularlabs.com/uninstallers/security-software/

if you still have problems after this, follow this guide and attach all logs (not copy and paste)
http://forum.avast.com/index.php?topic=53253.0

lower left corner > additional options > attach

No I don’t have AVG installed. When I restored the computer, the restore point was before the install of AVG. So, as far as my computer is concerned, it never happened. Will do, on the rest.

When I restored the computer, the restore point was before the install of AVG. So, as far as my computer is concerned, it never happened. Will do, on the rest.
System restore is not the same as a disk or partition image restore. System restore basically restores system files and registry settings but leaves applications and their corresponding files in place.

Best to run the manufacturer uninstaller/clean program for AVG.

this is the new version Of Zaccess rootkit and will need investigation by a malware expert so wait untill essexboy comed to help u by night…

Okay, here it is:

  1. I ran AVG uninstall, it said a lot of “file missing” “not installed” and other not-there messages. I reran all the called for logs anyway. Except mbam. That takes 2 hrs.
  2. Today has brought more than one system restores. Banging my head against the wall.
  3. OTL only gave me the OTL.txt there’s no sign of Extras.txt. I can rerun it as soon as I can keep my computer from having to restore.
  4. I’m getting an Avast! warning popup every 15ish minutes about the same trojan every time. 80000032.$ Win32:DNSChanger-VJ [Trj] Is this the same thing or are we dealing with multiple issues? (trying not to bang my head against a wall)
  5. Suddenly I have 2 items on my desktop called “desktop.ini” they say:
    [.ShellClassInfo]
    LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21799
    and
    [.ShellClassInfo]
    LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21769
    IconResource=%SystemRoot%\system32\imageres.dll,-183
    Didn’t know if this is relevant.
    Sorry for long post I hope you can make sense of it all.

Thanks again! ;D

. I reran all the called for logs anyway. Except mbam. That takes 2 hrs.
not if you use the[b] recomended[/b] quick scan ;) .....remember to update before you start

The Mbam quick scan doesn’t find any problems. Nor does the Flash scan. Only the full scan finds them. :slight_smile:

this is actually backdoor maxplus 90 infection…

u can also try this:
Download Dr Web from here Fill in the small form and download
http://www.freedrweb.com/download+cureit+free/?lng=en
It will download as an 8 digit file save it to your desktop
Restart in safe mode and run
Accept the enhanced version
Then run the full scan allow it to cure all infections found.
this should find and cure conserv.dll and its associates…

Happy to help!
true indian.

If so, they are not actively running malware files…and no danger untill you run them

Do you guys realize that every program you have told me to download and run doesn’t have a valid digital signature? Just sayin…

Essexboy is a certified malware remover so you can trust all his magic Harry Potter tools ;D no danger

Hi are you prepared to use a new version of aswMBR to fix this ? Or would you like to use the tried method

If you are happy to use aswMBR then please delete your current copy and download the latest

If not let me know

Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the “Scan” button to start scan

http://i1224.photobucket.com/albums/ee362/Essexboy3/aswMBR%20shots/aswMBRScan.gif

On completion of the scan click save log, save it to your desktop and post in your next reply

http://i1224.photobucket.com/albums/ee362/Essexboy3/aswMBR%20shots/aswMBRsavelog.gif

I ran Dr. Web and it fixed the conserve.dll. I am ready to try aswMBR. I’ll run it now.

“Essexboy is a certified malware remover so you can trust all his magic Harry Potter tools ;D no danger”

Yeah, I know. I was just sayin’. :wink:

"Essexboy is a certified malware remover so you can trust all his magic Harry Potter tools no danger"
if you want to quote....you find out how to here ;)

http://forum.avast.com/index.php?action=help;page=post

Here are the aswMBR results. Thanks again everyone!

Dr web cleared it - how is the computer running now ?

Could you run a fresh OTL scan please

Happy to help! ;D

I still can’t reset my windows firewall. It says it can’t reset some of the settings. Error code 0x80070424. (you didn’t think you were getting away that easy, did you True Indian?)

I ran OTL, but forgot to put the text in the custom scans/fixes area. That report is attached as OTL1.txt So I ran it again and attached the result as OTL2.txt. Didn’t know which you would want. Just for fun, I ran FSS again and attached it too. (I didn’t get an Extras.txt on either OTL scan.)

try this:

open run.[windows logo key+R]

copy paste this in:
sfc /scannow

if it asks u to insert windows installation cd insert it.

NEXT

open run again.

type in:
services.msc

in the services window

check the windows firewall service.

right click and hit on properties.

see if the startup type is on automatic if it isnt then set it to automatic.

Now try to enable windows firewall and see if it works…if not tell me and i have a other tool to the job…