How to safely remove trojan from SysWOW64\srrstr.dll

Posted 10/21/2011 3:10 PM
#92562
User avatar

chellethesouthernbelle Member

Date Joined Nov 2016
Total Posts: 6
I have been having a redirect problem for a couple of days now...I currently run AVGFree and use Malware. Yesterday I ran Malware and it found about 4 trojans which it quarantined, so then the redirect began to use an different IP, so I ran AVG and it found 5 trojans 4 of which it quarantined or healed...but it did not heal the trojan in the
SysWow64\srrst.dll and I am afraid it will mess up the system if I force heal it.
Posted 10/21/2011 3:43 PM
#92563
User avatar

Robert Mateescu Advanced member

Date Joined Nov 2016
Total Posts: 427
Hi there,

The srrst.dll file should be located in C:\Windows\System32 and not in C:\Windows\SysWow64\.

Reboot in Safe Mode with Networking, and download ComboFix from here www.softpedia.com/progDownload/Combofix-Download-152805.html. Run it as Administrator and follow the prompts (you may need to install Windows Recovery Console and close your current AV).
Note: Do not mouse click ComboFix's window while it is running. That may cause it to stall.

If the srrst.dll file is not deleted by Combofix, open your MalwareBytes tool ->More tools ->File assasin and browse to the file's location in order to select it to be deleted on the next reboot.

Run new, full computer scans with MBAM and AVG and post all the logs on your next reply (Combofix, Malwarebytes and AVG).

Moreover, follow this procedure to make sure that the redirect does not persists because of a corrupted hosts file/ DNS cache:

A. Delete the hosts file
Enable "show hidden files and folder" and uncheck "hide protected operating system files" options from the "Folder options". Go to C:\Windows\System32\drivers\etc and delete the hosts file.

B. Flush your DNS cache
1. Go to Start ->Run and type cmd , then press Enter.
2. Type ipconfig /flushdns and press Enter.
3. Repeat the second step 3 times.

C. Reset IE to the default settings, even if you are not using it.
1. Exit all programs, including Internet Explorer (if it is running).
2. Click Start, and then click Run. Type the following command in the Open box, and then press ENTER: inetcpl.cpl .
3. Click the Advanced tab.
4. Under Reset Internet Explorer settings, click Reset. Then click Reset again.
5. When Internet Explorer finishes resetting the settings, click Close in the Reset Internet Explorer Settings dialog box.

Cheers!
Robert Mateescu
Senior Support Technician EN
[url]support@bullguard.com[/url]
www.bullguard.com

Download the Free Trial version of BullGuard Internet Security

You have a BullGuard related problem? Contact our Support team directly via Live Chat for immediate assistance: http://www.bullguard.com/support.aspx!
Posted 10/24/2011 3:41 PM
#92581
User avatar

chellethesouthernbelle Member

Date Joined Nov 2016
Total Posts: 6
thanks guys...I was thinking that the forum should email me when I got a reply to my question ....so I'm just not getting back to see what you had to say... you must realize that I'm just a lil ole housewife who is addicted to my laptop but not a computer geek...some of your terms used here are familiar to me but I'm not exactly sure what they all mean...for instance deleting a host file...but I'll give all this a try...I've run combofix on another computer for a friend and had good results...it's amazing what you can learn how to do just by asking for help in the internet or doing research for yourself...I may have to do that, to do some of the things you've instructed me to do.

As for the srrst.dll file, that is where my Malware said it was...i just typed it as it reported....My Malware program I believe, would have quarantined or healed it if I had of forced it to...it just warned me that it might make the system crash...so should I go that route first before running the combofix?

I am able to go to web sites so is it necessary to use safe mode to download combofix if I can get there without using safe mode....I've done that before as well but not on my laptop...When I used the combofix before, I was instructed to delete any anti-virus program and not to click the mouse...but it ran a long time, will it matter is the laptop goes into sleep mode or not...and what is Windows Recovery Console and should I download it or not before I do any of this you have suggested?

Like I said I'm no pro, by a long shot, but have had a computer now for about 10 years or so and have in that time learned a few tricks, so I'm not totally computer illiterate, but probably just the tip if the iceberg....But like anything you learn to do in the past if you don't do it often you soon forget how and since I also have had to unhide folders in the past, when working on a problem w/or with w/out a tech I think I might be able to figure out how to do so again....Still I'll wait to hear your reply before doing anything at this moment since the redirect problem is not totally taking over my computer like it was on the one I worked on for my totally computer illiterate friend.

thanks Michelle

ps this time I noticed the notify me of reply of postings by e-mail box :tongue:
Posted 10/27/2011 4:38 AM
#92616
User avatar

Robert Mateescu Advanced member

Date Joined Nov 2016
Total Posts: 427
Hi Michelle,

Sorry for the delayed reply.

The Safe Mode is recommended whilst scanning because some services does not start whilst in that mode. This ensure a faster and more efficient scan (some of the infection related processes may not start). I recommended to use this mode to also download the tool because some infections have the habit to inspect any downloaded files and corrupt them, so the sooner the scan is made after the download, the better.

You do not have to delete(uninstall) your antivirus, only to temporary disable it.

Regarding the Recovery console, I do not think you need to install it.

In order to show hidden files and folders, open any folder from your hard drive and go to the upper left corner of the window ->Organize ->Folders and search options ->view tab.

Best wishes!
Robert Mateescu
Senior Support Technician EN
[url]support@bullguard.com[/url]
www.bullguard.com

Download the Free Trial version of BullGuard Internet Security

You have a BullGuard related problem? Contact our Support team directly via Live Chat for immediate assistance: http://www.bullguard.com/support.aspx!
Posted 10/27/2011 6:20 PM
#92621
User avatar

chellethesouthernbelle Member

Date Joined Nov 2016
Total Posts: 6
Hi Robert,

Problem...I using Windows 7...Combofix does not work with 7...what now? should I try deleting the force deleting or healing the trojan from the malware scan?
Posted 10/28/2011 1:26 AM
#92628
User avatar

Robert Mateescu Advanced member

Date Joined Nov 2016
Total Posts: 427
Hi Michelle,

Combofix works on both 32 and 64 bit versions of Windows 7. I have attached a screenshot of a Combofix scan running on my x64 machine.

Please download a new version of the tool from here: [url]http://download.bleepingcomputer.com/sUBs/ComboFix.exe [/url]

Cheers!
Post attachments:
Combofix on Win7x64.jpg
Robert Mateescu
Senior Support Technician EN
[url]support@bullguard.com[/url]
www.bullguard.com

Download the Free Trial version of BullGuard Internet Security

You have a BullGuard related problem? Contact our Support team directly via Live Chat for immediate assistance: http://www.bullguard.com/support.aspx!
Posted 10/28/2011 2:17 AM
#92630
User avatar

chellethesouthernbelle Member

Date Joined Nov 2016
Total Posts: 6
I'll give it a try...I had downloaded it from your first link and attempted to run it...got the message that it only worked with windows XP and millienium I believe it said...wouldn't let me do anything else...will let you know if I have any problem.
thanks
Posted 10/29/2011 3:56 AM
#92645
User avatar

Robert Mateescu Advanced member

Date Joined Nov 2016
Total Posts: 427
Hi Michelle,

Let me know if the issue is solved after running Combofix.
If not, post the log and I will further assist you.

All the best!
Robert Mateescu
Senior Support Technician EN
[url]support@bullguard.com[/url]
www.bullguard.com

Download the Free Trial version of BullGuard Internet Security

You have a BullGuard related problem? Contact our Support team directly via Live Chat for immediate assistance: http://www.bullguard.com/support.aspx!
Posted 10/30/2011 12:42 AM
#92655
User avatar

chellethesouthernbelle Member

Date Joined Nov 2016
Total Posts: 6
sorry Robert...got a little problem here...my laptop is on the fritz for the moment...the battery won't charge cause the case is cracked where the charger plugs in...grandbaby knocked if off the table...wondering if you think it might be feasible to fix it...looks the top piece of the laptop will have to be replaced and the hinges are very loose...not sure if your expertise runs along these lines...but for now I can not do anything with the laptop or it's trojan...having to use the old desktop...not sure if I should try and fix it or not.
Posted 10/30/2011 1:38 PM
#92658
User avatar

Robert Mateescu Advanced member

Date Joined Nov 2016
Total Posts: 427
Hi Michelle,

I am very sorry to hear this. You should take the laptop to a computer service and have a cost estimation.

If the price is greater than 1/3 of the cost of new laptop and the broken computer is more than 3 years old, I do not think it worth to be repaired. If the motherboard or other internal components are also damaged, the cost will increase drastically, since older components may cost twice as the regular ones (for example a 160 GB 5400rpm IDE hard drive costs as much as a 1000GB 7200 rpm SATA II one).
If you decide to buy a new laptop, my personal advice is to wait until the end of the year, when most shops have special offers (Christmas or New Year offers).

All the best!
Robert Mateescu
Senior Support Technician EN
[url]support@bullguard.com[/url]
www.bullguard.com

Download the Free Trial version of BullGuard Internet Security

You have a BullGuard related problem? Contact our Support team directly via Live Chat for immediate assistance: http://www.bullguard.com/support.aspx!
Posted 10/30/2011 6:33 PM
#92663
User avatar

chellethesouthernbelle Member

Date Joined Nov 2016
Total Posts: 6
thanks Robert...Acer says the charging port is connected to the mother board and it would have to be replaced as well as a new cover...+ taxes+shipping=199+...thinking though I can just buy a new one like my old one which is 1 1/2 years old...and use the new one to charge the battery the old one...and pass the old one on to hubby to search craigs list on...LOL..might wait a while longer to get a sale price though and use the desktop:) then I'll get back with you on getting rid of the virus on the laptop.
  • Unread posts or replies
  • No unread posts or replies
  • Unread Posts (Read Only Forum)
  • No Unread Posts (Read Only Forum)

Forum Information

Currently it is Saturday, December 10, 2016, 12:14 AM (GMT +1)
There are a total of 61,163 posts in 13,450 threads.
In the last 3 days there were 1 new threads and 3 reply posts.

Who's online

This forum has 37,969 registered members. Please welcome our newest member, Heisenberg.
There are currently no users on-line.