BleepingComputer.com: Comsrv.dll Help

Jump to content

Forum Rules

When posting your problem, do not run and post a ComboFix log. ComboFix is a tool that should only be run under the supervision of someone who has been trained in its use. Using it on your own can cause problems with your computer. Any posts containing CF Logs will be ignored.

To receive help, you should instead provide a detailed description of your problem, detailed word-for-word error messages that you are receiving, screenshots of strange behaviour, and your operating system. This information is much more useful to our helpers than a ComboFix log.

If you have not received help after three days, please post a link to your topic HERE.
Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

Comsrv.dll Help

#1 User is offline   ajay101 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 2
  • Joined: 22-December 11

Posted 22 December 2011 - 09:28 AM

It seems I am another victim of this problem http://www.bleepingcomputer.com/forums/topic418470.html

AVG is reporting Comsrv.dll is infected. Removal makes the system unstable. It won't boot. I have restored the system and reinstalled AVG, but do not trust that it is working properly, so need to resolve the underlying issue. I followed the first few steps in the post and ran SystemLock with the script described, but I really need some help on what to do next:

SystemLook 30.07.11 by jpshortstuff
Log created at 08:12 on 22/12/2011 by Tina
Administrator - Elevation successful

========== filefind ==========

Searching for "consrv.dll"
C:\Windows\System32\consrv.dll	--a---- 54272 bytes	[23:31 13/07/2009]	[01:39 14/07/2009] (Unable to calculate MD5)
C:\Windows\system64\consrv.dll	--a---- 54272 bytes	[23:31 13/07/2009]	[01:39 14/07/2009] (Unable to calculate MD5)

Searching for "winsrv.dll"
C:\Windows\System32\winsrv.dll	--a---- 214528 bytes	[21:17 09/08/2011]	[05:34 24/06/2011] EB6A48CC998E1090E44E8E7F1009A640
C:\Windows\system64\winsrv.dll	--a---- 214528 bytes	[21:17 09/08/2011]	[05:34 24/06/2011] EB6A48CC998E1090E44E8E7F1009A640
C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7600.16385_none_12738849b6063c52\winsrv.dll	--a---- 214016 bytes	[23:38 13/07/2009]	[01:41 14/07/2009] 457B44AB6D502E55F64A867D4F35C76C
C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7600.16723_none_12b26ed5b5d7569a\winsrv.dll	--a---- 214016 bytes	[00:22 09/02/2011]	[06:16 21/12/2010] B200DECA2186858595A97FBE63E896CC
C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7600.16816_none_12c04185b5cc83d5\winsrv.dll	--a---- 214528 bytes	[14:31 13/07/2011]	[07:41 14/05/2011] 3739AA2F57FE492EA976E20C56CDF2F4
C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7600.16823_none_12b270bbb5d753c1\winsrv.dll	--a---- 214528 bytes	[14:30 13/07/2011]	[06:44 02/06/2011] DE09FA38A6544829F012B9531C18454F
C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7600.16850_none_128f0019b5f25b8f\winsrv.dll	--a---- 214528 bytes	[21:17 09/08/2011]	[05:26 16/07/2011] 0CB6EBF4B461A6043353C570BD72A1E1
C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7600.20864_none_1311cc3acf147f7f\winsrv.dll	--a---- 214016 bytes	[00:22 09/02/2011]	[07:15 22/12/2010] 571543B93AE0319185970848024C9E04
C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7600.20978_none_130aff5ccf18fdf3\winsrv.dll	--a---- 214528 bytes	[14:30 13/07/2011]	[06:59 03/06/2011] 55917E3ABDDC20D0AAEAC49F5CE67462
C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7600.20995_none_12f25ea6cf2be9d0\winsrv.dll	--a---- 214528 bytes	[21:17 09/08/2011]	[05:26 24/06/2011] 6D408ABD60A995A2DAB4BAAE38BCA04F
C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.17514_none_14a49c11b2f4bfec\winsrv.dll	--a---- 214016 bytes	[03:45 23/06/2011]	[13:27 20/11/2010] E0406AEF04B088D1C49FC78D0546F689
C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.17527_none_149ccd03b2fa27e2\winsrv.dll	--a---- 214016 bytes	[00:22 09/02/2011]	[11:42 17/12/2010] 15822E7206C7A0A893395CB07A63C7E1
C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.17617_none_14a79ed5b2f20918\winsrv.dll	--a---- 214528 bytes	[14:31 13/07/2011]	[07:24 14/05/2011] 3A8135A7DED2FA0DAD3BDE1B14865A8A
C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.17625_none_149ace55b2fbf25b\winsrv.dll	--a---- 214528 bytes	[14:30 13/07/2011]	[06:57 03/06/2011] 9F761CE1C6C013120B2F0DB27D48C06F
C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.17641_none_14812d55b30fc4e1\winsrv.dll	--a---- 214528 bytes	[21:17 09/08/2011]	[05:34 24/06/2011] EB6A48CC998E1090E44E8E7F1009A640
C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.21624_none_152368f0cc1a7ba7\winsrv.dll	--a---- 214016 bytes	[00:22 09/02/2011]	[08:52 18/12/2010] A199CC08A13EEB667412423F712FE817
C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.21728_none_15276bfecc16de2a\winsrv.dll	--a---- 214528 bytes	[14:31 13/07/2011]	[07:11 14/05/2011] 1A589228B6DC007120F877DBBD6CB79D
C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.21738_none_151c9c12cc1efa1b\winsrv.dll	--a---- 214528 bytes	[14:30 13/07/2011]	[07:01 03/06/2011] 5AA1C7B5F471C4657BE38447BC397665
C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.21756_none_1504fba6cc30ff4f\winsrv.dll	--a---- 214528 bytes	[21:17 09/08/2011]	[05:27 24/06/2011] C13D05A015346DED3D722BE285814495

========== reg ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems]
"Debug"=""
@="mnmsrvc"
"Kmode"="\SystemRoot\System32\win32k.sys"
"Optional"="Posix"
"Posix"="%SystemRoot%\system32\psxss.exe"
"Required"="Debug Windows"
"Windows"="%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=consrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16"


-= EOF =-

#2 User is offline   ajay101 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 2
  • Joined: 22-December 11

Posted 22 December 2011 - 01:54 PM

After doing some more research and reading up what I should do before getting started, I have decided it's going to be easier to reformat my drive and reinstall a new Operating System and Programs. I have all of my data backed up, so shouldn't be painful.

It's a pity that people are motivated to do this kind of malice! It's also amazing of the people here that are willing to help. The true warriors of the cyber world.

#3 User is offline   Broni 

  • The Coolest BC Computer
  • PipPipPipPipPipPip
  • Find Topics
  • Group: BC Advisor
  • Posts: 22,167
  • Joined: 01-February 08
  • Gender:Male
  • Location:Daly City, CA

Posted 23 December 2011 - 12:02 AM

Please follow the instructions in ==>This Guide<== starting at Step 6. If you cannot complete a step, skip it and continue.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.
My Website

Posted Image

My help doesn't cost a penny, but if you'd like to consider a donation, click Posted Image



Share this topic:


Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users