Jump to content

Recommended Posts

Dear, it's my first time i write here because it's the first time I'm experiencing such problem.

i will start from the beggining:

My pc is not able to boot anymore. after i have disabled the automatic restart on system failure i got the following blue screen:

STOP: c0000135 – The program can’t start because consrv is missing. Try resintalling the program.

post-100055-0-63079800-1321438987.jpg

I have tried to search the net and it seems to be an effect of ZeroAccess MAX++

i have tried to get access to system registry with a windows vista installation dvd

but the problem is that after the pc loaded windows files from the dvd post-100055-0-06707000-1321439231.gif

it start to load windows

post-100055-0-79868800-1321439234.png

but then it stuck on a black screen. and nothing more happen.

at this point i really don't what to do to try to solve this problem.

please help me.

i wish to thanks anyone who will spend time to help me.

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

These are links to Anti-virus vendors that offer free LiveCD or Rescue CD files that are used to boot from for repair of unbootable and damaged systems, rescue data, scan the system for virus infections. Burn it as an image to a disk to get a bootable CD. All (except Avira) are in the ISO Image file format. Avira uses an EXE that has built-in CD burning capability.

If you are not sure how to burn an image, please read How to write a CD/DVD image or ISO. If you need a FREE utility to burn the ISO image, download and use ImgBurn.

Let me know how it goes.

Link to post
Share on other sites

Hi. I would like to update you.

Actually I have followed this procedure:

• I boot the pc with xPUD bootable cd.

• I went to system32 folder and I created a copy of winsrv.dll

• I have renamed the copy as consrv.dll

In this way, my infected registry that has a key that ask him to find consrv.dll find the winsrv.dll renamed and it’s able to boot.

But now, if I boot normally, the pc reboots itself automatically after a short period of time

(if I’m fast I’m able to type the password of my account and so start the login procedure, but then the time runs out and it reboots, in the same way if I lose time on the log in screen of windows it reboots) without any reason (it seems really like if there is a script running that force the pc to reboot after a period of time, independently from what you are doing on the pc).

By the way the pc is stable in Safe Mode.

So right now for sure I have a wrong key into my registry related to consrv.dll

And then I have this problem related to an automatic reboot.

Any suggestion about how to proceed?

I was thinking to install MBAM and perform a complete scan from Safe Mode.

Link to post
Share on other sites

So i decided to try to scan the pc with MalawareBytes Anti-malaware

1 I have downloaded the last version, and i have installed on the infected pc (where a really old version of MBAM was already installed)

2 even if i try to install the last version available when i start it i see a database dated 31/08/2011 (i have tried the install file of MBAM on anothe pc and it gives me the last database)

3 i have tried to unistall it completly and i have installed again but still i see the database of 31/08/2011 (moreover i cannot get the infected pc connected to internet because i'm actually using a internet key and when i plug it in during safe mode the pc doesn't see it)

4 i have performed a complete scan here the log (sorry it's in italian, ask me for everythings you could need to translate):

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Versione database: 7622

Windows 6.0.6001 Service Pack 1 (Safe Mode)

Internet Explorer 8.0.6001.19088

24/11/2011 1.14.02

mbam-log-2011-11-24 (01-13-30).txt

Tipo di scansione: Scansione completa (C:\|E:\|)

Elementi esaminati: 337379

Tempo impiegato: 36 minuti, 16 secondi

Processi infetti in memoria: 0

Moduli di memoria infetti: 0

Chiavi di registro infette: 0

Valori di registro infetti: 0

Voci infette nei dati di registro: 0

Cartelle infette: 0

File infetti: 1

Processi infetti in memoria:

(Non sono stati rilevati elementi nocivi)

Moduli di memoria infetti:

(Non sono stati rilevati elementi nocivi)

Chiavi di registro infette:

(Non sono stati rilevati elementi nocivi)

Valori di registro infetti:

(Non sono stati rilevati elementi nocivi)

Voci infette nei dati di registro:

(Non sono stati rilevati elementi nocivi)

Cartelle infette:

(Non sono stati rilevati elementi nocivi)

File infetti:

c:\Users\Salvo\AppData\Roaming\mIRC\xdccb440_2138\userinput.dll (Backdoor.Bot) -> No action taken.

Link to post
Share on other sites

  • Staff

Hi,

I'm afraid I have bad news.

Your logs reveal a backdoor trojan. A backdoor severely compromises system integrity.

A compromised system may allow illicit network connections, disabling of security software, modifying critical system files and collection and transmiission of personal identifiable information without your consent.

I recommend that you disconnect this PC from the Internet immediately, and only reconnect to download any tools that are required. If you do any banking or other financial transactions on the PC or it if it contains any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the Trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS. If it were on my PC I would not hesitate for a moment to do so. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

Should you decide not to follow that advice, we will of course do our best to clean the computer of any infections that we can see but, as I already stated, we can in no way guarantee it to be trustworthy.

Should you have any questions, please feel free to ask.

Let me know what you decide.

Link to post
Share on other sites

  • 2 weeks later...

Hi Screen

i would like to update you, in the end i have solved my problem, thanks to the help of Bleeping Computers Forums.

Now the pc boot normally.

I'm able to use the Vista Installation DVD,

the only thing if you would like to check is the MBAM log report attached,

it founds a trojan.agent and a backdoor.bot, but from bleeping computer said i don't have to worry about because they are "legit". one comes with Mirc and the other one is connected to a game.

you have an opinion about that? they are really false positive?

thanks

Link to post
Share on other sites

  • 5 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.