So I ran Avast! on my Dell 1749/Windows 7 machine. I told it to move everything to the chest. Eventually it came across several things in the Windows file. I recognized the first one as something AVG tried to remove that crashed my system (had to do a restore), so I told Avast! not to put them in the chest and to ignore them. Happily, I wrote them all down first. Here they are:
Windows\Assembly\GAC_32\Desktop.ini
Infected by Win32:sirefef-FQ [Drp]
and by Win32:sirefef-HO [Rtk]
Windows\Assembly\temp\U\00000002.@|>[Embedded_R#00290]|>[UPX]
by Win32:PUP_gen [PUP]
Windows\Assembly\temp\U\80000004.@
by Win32:Malware-gen
Windows\System32\consrv.dll|>[Embedded_I#1ac7]
by Win32:sirefef-HO [Rtk]
Windows\System32\consrv.dll|>[Embedded_I#2ec7]
by Win32:sirefef-FQ [Drp]
Windows\System32\consrv.dll
by Win32:sirefef-HO [Rtk]
I recognized the first one as something AVG tried to remove that crashed my system
does this mean you have avast and AVG installed ?
if so, you can not trust the detection. Running multiple Antivirus can/will give all kind of windows errors and false positive detections
see reply from quietman7 here http://www.bleepingcomputer.com/forums/topic186533.html
you should also use a removal tool so all leftovers are gone after the uninstall
No I don’t have AVG installed. When I restored the computer, the restore point was before the install of AVG. So, as far as my computer is concerned, it never happened. Will do, on the rest.
When I restored the computer, the restore point was before the install of AVG. So, as far as my computer is concerned, it never happened. Will do, on the rest.
System restore is not the same as a disk or partition image restore. System restore basically restores system files and registry settings but leaves applications and their corresponding files in place.
Best to run the manufacturer uninstaller/clean program for AVG.
I ran AVG uninstall, it said a lot of “file missing” “not installed” and other not-there messages. I reran all the called for logs anyway. Except mbam. That takes 2 hrs.
Today has brought more than one system restores. Banging my head against the wall.
OTL only gave me the OTL.txt there’s no sign of Extras.txt. I can rerun it as soon as I can keep my computer from having to restore.
I’m getting an Avast! warning popup every 15ish minutes about the same trojan every time. 80000032.$ Win32:DNSChanger-VJ [Trj] Is this the same thing or are we dealing with multiple issues? (trying not to bang my head against a wall)
Suddenly I have 2 items on my desktop called “desktop.ini” they say:
[.ShellClassInfo]
LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21799
and
[.ShellClassInfo]
LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21769
IconResource=%SystemRoot%\system32\imageres.dll,-183
Didn’t know if this is relevant.
Sorry for long post I hope you can make sense of it all.
u can also try this:
Download Dr Web from here Fill in the small form and download http://www.freedrweb.com/download+cureit+free/?lng=en
It will download as an 8 digit file save it to your desktop
Restart in safe mode and run
Accept the enhanced version
Then run the full scan allow it to cure all infections found.
this should find and cure conserv.dll and its associates…
I still can’t reset my windows firewall. It says it can’t reset some of the settings. Error code 0x80070424. (you didn’t think you were getting away that easy, did you True Indian?)
I ran OTL, but forgot to put the text in the custom scans/fixes area. That report is attached as OTL1.txt So I ran it again and attached the result as OTL2.txt. Didn’t know which you would want. Just for fun, I ran FSS again and attached it too. (I didn’t get an Extras.txt on either OTL scan.)