BullGuard
 HomeLog InRegisterCommunity CalendarSearch the ForumView The Member ListHelp
How to safely remove trojan from SysWOW64\srrstr.dll
   
BullGuard Antivirus Forum > Virus information > Alerts & New Threats > How to safely remove trojan from SysWOW64\srrstr.dll  
Forum Quick Jump
 
You cannot post new topics in this forum. Locked Topic Printable version of : How to safely remove trojan from SysWOW64\srrstr.dll
[ << Previous Thread | Next Thread >> ]

chellethesouthernbelle
New Member


Date Joined Oct 2011
Total Posts : 6
 
   Posted 10/21/2011 6:10 PM (GMT +3)    Quote: How to safely remove trojan from SysWOW64\srrstr.dllAlert an admin about: How to safely remove trojan from SysWOW64\srrstr.dll
I have been having a redirect problem for a couple of days now...I currently run AVGFree and use Malware. Yesterday I ran Malware and it found about 4 trojans which it quarantined, so then the redirect began to use an different IP, so I ran AVG and it found 5 trojans 4 of which it quarantined or healed...but it did not heal the trojan in the
SysWow64\srrst.dll and I am afraid it will mess up the system if I force heal it.
Back to Top
 

Robert Mateescu
Forum Moderator




Date Joined Sep 2011
Total Posts : 294
 
   Posted 10/21/2011 6:43 PM (GMT +3)    Quote: How to safely remove trojan from SysWOW64\srrstr.dllAlert an admin about: How to safely remove trojan from SysWOW64\srrstr.dll
Hi there,

The srrst.dll file should be located in C:\Windows\System32 and not in C:\Windows\SysWow64\.

Reboot in Safe Mode with Networking, and download ComboFix from here www.softpedia.com/progDownload/Combofix-Download-152805.html. Run it as Administrator and follow the prompts (you may need to install Windows Recovery Console and close your current AV).
Note: Do not mouse click ComboFix's window while it is running. That may cause it to stall.

If the srrst.dll file is not deleted by Combofix, open your MalwareBytes tool ->More tools ->File assasin and browse to the file's location in order to select it to be deleted on the next reboot.

Run new, full computer scans with MBAM and AVG and post all the logs on your next reply (Combofix, Malwarebytes and AVG).

Moreover, follow this procedure to make sure that the redirect does not persists because of a corrupted hosts file/ DNS cache:

A. Delete the hosts file
Enable "show hidden files and folder" and uncheck "hide protected operating system files" options from the "Folder options". Go to C:\Windows\System32\drivers\etc and delete the hosts file.

B. Flush your DNS cache
1. Go to Start ->Run and type cmd , then press Enter.
2. Type ipconfig /flushdns and press Enter.
3. Repeat the second step 3 times.

C. Reset IE to the default settings, even if you are not using it.
1. Exit all programs, including Internet Explorer (if it is running).
2. Click Start, and then click Run. Type the following command in the Open box, and then press ENTER: inetcpl.cpl .
3. Click the Advanced tab.
4. Under Reset Internet Explorer settings, click Reset. Then click Reset again.
5. When Internet Explorer finishes resetting the settings, click Close in the Reset Internet Explorer Settings dialog box.

Cheers!


Robert Mateescu

Support Technician EN
support@bullguard.com
www.bullguard.com

Back to Top
 

chellethesouthernbelle
New Member


Date Joined Oct 2011
Total Posts : 6
 
   Posted 10/24/2011 6:41 PM (GMT +3)    Quote: How to safely remove trojan from SysWOW64\srrstr.dllAlert an admin about: How to safely remove trojan from SysWOW64\srrstr.dll
thanks guys...I was thinking that the forum should email me when I got a reply to my question ....so I'm just not getting back to see what you had to say... you must realize that I'm just a lil ole housewife who is addicted to my laptop but not a computer geek...some of your terms used here are familiar to me but I'm not exactly sure what they all mean...for instance deleting a host file...but I'll give all this a try...I've run combofix on another computer for a friend and had good results...it's amazing what you can learn how to do just by asking for help in the internet or doing research for yourself...I may have to do that, to do some of the things you've instructed me to do.

As for the srrst.dll file, that is where my Malware said it was...i just typed it as it reported....My Malware program I believe, would have quarantined or healed it if I had of forced it to...it just warned me that it might make the system crash...so should I go that route first before running the combofix?

I am able to go to web sites so is it necessary to use safe mode to download combofix if I can get there without using safe mode....I've done that before as well but not on my laptop...When I used the combofix before, I was instructed to delete any anti-virus program and not to click the mouse...but it ran a long time, will it matter is the laptop goes into sleep mode or not...and what is Windows Recovery Console and should I download it or not before I do any of this you have suggested?

Like I said I'm no pro, by a long shot, but have had a computer now for about 10 years or so and have in that time learned a few tricks, so I'm not totally computer illiterate, but probably just the tip if the iceberg....But like anything you learn to do in the past if you don't do it often you soon forget how and since I also have had to unhide folders in the past, when working on a problem w/or with w/out a tech I think I might be able to figure out how to do so again....Still I'll wait to hear your reply before doing anything at this moment since the redirect problem is not totally taking over my computer like it was on the one I worked on for my totally computer illiterate friend.

thanks Michelle

ps this time I noticed the notify me of reply of postings by e-mail box tongue
Back to Top
 

Robert Mateescu
Forum Moderator




Date Joined Sep 2011
Total Posts : 294
 
   Posted 10/27/2011 7:38 AM (GMT +3)    Quote: How to safely remove trojan from SysWOW64\srrstr.dllAlert an admin about: How to safely remove trojan from SysWOW64\srrstr.dll
Hi Michelle,

Sorry for the delayed reply.

The Safe Mode is recommended whilst scanning because some services does not start whilst in that mode. This ensure a faster and more efficient scan (some of the infection related processes may not start). I recommended to use this mode to also download the tool because some infections have the habit to inspect any downloaded files and corrupt them, so the sooner the scan is made after the download, the better.

You do not have to delete(uninstall) your antivirus, only to temporary disable it.

Regarding the Recovery console, I do not think you need to install it.

In order to show hidden files and folders, open any folder from your hard drive and go to the upper left corner of the window ->Organize ->Folders and search options ->view tab.

Best wishes!


Robert Mateescu

Support Technician EN
support@bullguard.com
www.bullguard.com

Back to Top
 

chellethesouthernbelle
New Member


Date Joined Oct 2011
Total Posts : 6
 
   Posted 10/27/2011 9:20 PM (GMT +3)    Quote: How to safely remove trojan from SysWOW64\srrstr.dllAlert an admin about: How to safely remove trojan from SysWOW64\srrstr.dll
Hi Robert,

Problem...I using Windows 7...Combofix does not work with 7...what now? should I try deleting the force deleting or healing the trojan from the malware scan?
Back to Top
 

Robert Mateescu
Forum Moderator




Date Joined Sep 2011
Total Posts : 294
 
   Posted 10/28/2011 4:26 AM (GMT +3)    Quote: How to safely remove trojan from SysWOW64\srrstr.dllAlert an admin about: How to safely remove trojan from SysWOW64\srrstr.dll
Hi Michelle,

Combofix works on both 32 and 64 bit versions of Windows 7. I have attached a screenshot of a Combofix scan running on my x64 machine.

Please download a new version of the tool from here: download.bleepingcomputer.com/sUBs/ComboFix.exe

Cheers!


Robert Mateescu

Support Technician EN
support@bullguard.com
www.bullguard.com



Image Attachment :
Image Preview
Combofix on Win7x64.jpg
  113KB (image/jpeg)
This image has been viewed 638 time(s).
Back to Top
 

chellethesouthernbelle
New Member


Date Joined Oct 2011
Total Posts : 6
 
   Posted 10/28/2011 5:17 AM (GMT +3)    Quote: How to safely remove trojan from SysWOW64\srrstr.dllAlert an admin about: How to safely remove trojan from SysWOW64\srrstr.dll
I'll give it a try...I had downloaded it from your first link and attempted to run it...got the message that it only worked with windows XP and millienium I believe it said...wouldn't let me do anything else...will let you know if I have any problem.
thanks
Back to Top
 

Robert Mateescu
Forum Moderator




Date Joined Sep 2011
Total Posts : 294
 
   Posted 10/29/2011 6:56 AM (GMT +3)    Quote: How to safely remove trojan from SysWOW64\srrstr.dllAlert an admin about: How to safely remove trojan from SysWOW64\srrstr.dll
Hi Michelle,

Let me know if the issue is solved after running Combofix.
If not, post the log and I will further assist you.

All the best!


Robert Mateescu

Support Technician EN
support@bullguard.com
www.bullguard.com

Back to Top
 

chellethesouthernbelle
New Member


Date Joined Oct 2011
Total Posts : 6
 
   Posted 10/30/2011 3:42 AM (GMT +3)    Quote: How to safely remove trojan from SysWOW64\srrstr.dllAlert an admin about: How to safely remove trojan from SysWOW64\srrstr.dll
sorry Robert...got a little problem here...my laptop is on the fritz for the moment...the battery won't charge cause the case is cracked where the charger plugs in...grandbaby knocked if off the table...wondering if you think it might be feasible to fix it...looks the top piece of the laptop will have to be replaced and the hinges are very loose...not sure if your expertise runs along these lines...but for now I can not do anything with the laptop or it's trojan...having to use the old desktop...not sure if I should try and fix it or not.
Back to Top
 

Robert Mateescu
Forum Moderator




Date Joined Sep 2011
Total Posts : 294
 
   Posted 10/30/2011 4:38 PM (GMT +3)    Quote: How to safely remove trojan from SysWOW64\srrstr.dllAlert an admin about: How to safely remove trojan from SysWOW64\srrstr.dll
Hi Michelle,

I am very sorry to hear this. You should take the laptop to a computer service and have a cost estimation.

If the price is greater than 1/3 of the cost of new laptop and the broken computer is more than 3 years old, I do not think it worth to be repaired. If the motherboard or other internal components are also damaged, the cost will increase drastically, since older components may cost twice as the regular ones (for example a 160 GB 5400rpm IDE hard drive costs as much as a 1000GB 7200 rpm SATA II one).
If you decide to buy a new laptop, my personal advice is to wait until the end of the year, when most shops have special offers (Christmas or New Year offers).

All the best!


Robert Mateescu

Support Technician EN
support@bullguard.com
www.bullguard.com

Back to Top
 

chellethesouthernbelle
New Member


Date Joined Oct 2011
Total Posts : 6
 
   Posted 10/30/2011 9:33 PM (GMT +3)    Quote: How to safely remove trojan from SysWOW64\srrstr.dllAlert an admin about: How to safely remove trojan from SysWOW64\srrstr.dll
thanks Robert...Acer says the charging port is connected to the mother board and it would have to be replaced as well as a new cover...+ taxes+shipping=199+...thinking though I can just buy a new one like my old one which is 1 1/2 years old...and use the new one to charge the battery the old one...and pass the old one on to hubby to search craigs list on...LOL..might wait a while longer to get a sale price though and use the desktop:) then I'll get back with you on getting rid of the virus on the laptop.
Back to Top
 
You cannot post new topics in this forum. Locked Topic Printable version of : How to safely remove trojan from SysWOW64\srrstr.dll
 
Forum Information
Currently it is Sunday, September 21, 2014 3:00 AM (GMT +3)
There are a total of 60,610 posts in 13,319 threads.
In the last 3 days there were 2 new threads and 3 reply posts. View Active Threads
Who's Online
This forum has 36377 registered members. Please welcome our newest member, Emma S.
2 Guest(s), 0 Registered Member(s) are currently online.  Details
5 Latest Threads
Two Questions - Changelog & License (1)9/20/2014 10:19:12 PM (Robert Mateescu)
Crackling Audio With Bullguard (8)9/20/2014 2:21:23 PM (Robert Mateescu)
I definitely have Malware, I've tried everything I know how to do (1)9/19/2014 6:47:25 PM (Robert Mateescu)