Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

STOP: c0000135 {Unable To Locate Component} consrv not found


  • This topic is locked This topic is locked
24 replies to this topic

#1 DKBN

DKBN

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:02 AM

Posted 22 November 2011 - 12:06 PM

Hello,

I am new to this site.

Our home computer which the kids use for projects reseach had the AV 2011 virus on it. In trying a few different tools to remove it, the malware program somehow delete the Consrv file(I think). Now each time I try to boot up, it give me the "STOP: c0000135 {Unable To Locate Component} consrv not found" message. I see several posts on this message board and can run the FRST program and provide the list file. I am not sure if my situationis different.

We have a Vista machine(few years old) and running McAfee.

Appreciate any assistance with this.

Thanks!

BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,109 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:10:02 AM

Posted 22 November 2011 - 02:42 PM

Hello,

Please follow the instructions in ==>This Guide<== starting at step 6. If you cannot complete a step, skip it and continue.

Once the proper logs are created, then post them in a reply to this topic by using the Add Reply button.

If you can produce at least some of the logs, then please create the post and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

Please note that I am not a member of the Malware Removal Team and will not be assisting you in removing the infection. I'm simply helping you to post the information they need in order to assist you.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

Orange Blossom :cherry:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Internet Security, NoScript Firefox ext.


animinionsmalltext.gif

#3 DKBN

DKBN
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:02 AM

Posted 22 November 2011 - 03:02 PM

thanks, I d/l'd the defrogger to my flashdrive(from another computer ofcourse), but since i cannot gett that other machine to boot up past this stop error blue screen, i am not sure how i can execute this program. can i execute it from the cmd line?

#4 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,109 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:10:02 AM

Posted 22 November 2011 - 03:11 PM

Are you able to boot into Safe Mode?
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Internet Security, NoScript Firefox ext.


animinionsmalltext.gif

#5 DKBN

DKBN
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:02 AM

Posted 22 November 2011 - 04:27 PM

No, I can get to that system recovery options when I do PF8 at boot

#6 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,929 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:11:02 AM

Posted 23 November 2011 - 12:01 AM

:welcome:

Lets give it a try. You will need a USB (Flash) drive.

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Click on Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
On the System Recovery Options menu you will get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the flash drive. Please copy and paste it to your reply.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#7 DKBN

DKBN
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:02 AM

Posted 23 November 2011 - 09:00 AM

Thanks, file is a little large(line wise), so hoping this attachment will work. If not, I will cut and paste. thx

Attached Files

  • Attached File  FRST.txt   66.47KB   8 downloads


#8 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,929 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:11:02 AM

Posted 23 November 2011 - 10:00 AM

Download the enclosed file:

Save it in the USB drive.

Insert the USB drive into the ailing computer and run FRST as you did before, except the this time around, click on the Fix button just once and wait.

The tool will make a log on the flash drive (Fixlog.txt) please post it to your reply.

If successful, boot in Normal Mode. If able to do so, run Combofix as follows:

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Please, never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link or this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      If AVG or CA Internet Security Suite is installed, you must remove these programs before using Combofix. If any of these applications will not uninstall, it is first recommended to uninstall it with AppRemover by Opswat. http://www.appremover.com/supported-applications. Do not use AppRemover on Norton

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combofix.exe & follow the prompts.
  • Install the Recovery Console if prompted.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" .
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.

Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#9 DKBN

DKBN
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:02 AM

Posted 23 November 2011 - 11:47 AM

my bad, i accidently closed th log, since i thought it saved it to the flash drive like the other programs. Is there any value in rerunning it since it deleted a few files and folders? Sorry.

#10 DKBN

DKBN
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:02 AM

Posted 23 November 2011 - 12:17 PM

here is the file from the c: drive. thx!Attached File  ComboFix.txt   26.37KB   7 downloads

#11 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,929 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:11:02 AM

Posted 23 November 2011 - 01:50 PM

Download the enclosed file:

Save it next to Combofix.

Posted Image

Once saved, referring to the picture above, drag CFScript.txt into ComboFix.exe, and post back the resulting report.

Lets try ESET online scannner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista or Windows 7, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  • First please Disable any Antivirus you have active, as shown in This topic.
  • Note: Don't forget to re-enable it after the scan.
  • Next hold down Control then click on the following link to open a new window to ESET online scannner.
  • Select the option YES, I accept the Terms of Use then click on Start.

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

  • All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:

    Scan for potentially unwanted applications
    Scan for potentially unsafe applications
    Enable Anti-Stealth Technology

  • Now click on Start.
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on Finish.
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Edited by JSntgRvr, 23 November 2011 - 01:51 PM.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#12 DKBN

DKBN
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:02 AM

Posted 23 November 2011 - 05:13 PM

results of the combofix run with the new file are attached. Thx

Attached Files

  • Attached File  log.txt   26.54KB   2 downloads


#13 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,929 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:11:02 AM

Posted 23 November 2011 - 05:39 PM

The ESET log was not included.

Many peer-to-peer networks are under constant attack by people with a variety of motives.

Examples include:

  • poisoning attacks (e.g. providing files whose contents are different than the description)
  • denial of service attacks (attacks that may make the network run very slowly or break completely)
  • defection attacks (users or software that make use of the network without contributing resources to it)
  • insertion of viruses to carried data (e.g. downloaded or carried files may be infected with viruses or other malware)
  • malware in the peer-to-peer network software itself (e.g. distributed software may contain spyware)
  • filtering (network operators may attempt to prevent peer-to-peer network data from being carried)
  • identity attacks (e.g. tracking down the users of the network and harassing or legally attacking them)
  • spamming (e.g. sending unsolicited information across the network- not necessarily as a denial of service attack)

Imesh is one of those programs. At this point it is injecting its code to every application is ran, and In as much as the last fix attempted to remove this action, it remained. In my opinion, It should be removed from your computer.


Please post the ESET report.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#14 DKBN

DKBN
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:02 AM

Posted 23 November 2011 - 08:10 PM

thanks, it was still running and just completed(it took a while). attached is the log file and what the scan found.

Attached Files



#15 DKBN

DKBN
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:02 AM

Posted 23 November 2011 - 08:15 PM

On Imesh, not sure how we got that, but i agree that we don't want this and rather hated when it kept surfacing. I am hoping that this latest scan found and removed it.

Once we are done with any other options, I would really like to get some basics to avoid situations like these.

I realize there is really no one tool that will minimize our exposure, but what anti virus and other tools should we consider based on what you saw. This was very frustrating, and since the kids are constantly doing research for school projects, it's hard to monitor their activities all the time, so any suggestions would be greatly appreciated since I think we got off lucky this time. Thx!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users