Solved Antivirus found infection in srrstr.dll

Zrpizzaguy

New member
Local time
12:28 PM
Messages
6
Okay so I have been without a antivirus for quite a while and really needed one so I was able to get Kaspersky, after installing and updating I did a full system scan. In the scan it found 38 virus's thought it wasn't able to finish the scan due to a blue screen error. Of those 38 I was able to remove all except 1 which it said was the file srrstr.dll in my SysWOW64 folder. After finding that, I did some research and found out that the file srrstr.dll should actually be in System32 so I took a look in there and actualy found a second srrstr.dll file. So my question is, would it be wise to delete the srrstr.lll from my SysWOW64? Or would doing so actualy harm my computer even further.
If nessesary I can kill it with my File Assassin from MalwareBytes.
 

My Computer My Computer

At a glance

Windows 7 Home Premium 64 BitIntel(R) Core(TM)2 Duo CPU P7450 @ 2.13GHz 2....4.00 GB
Computer Manufacturer/Model Number
ASUSTeK Computer Inc.
OS
Windows 7 Home Premium 64 Bit
CPU
Intel(R) Core(TM)2 Duo CPU P7450 @ 2.13GHz 2.13 GHz
Memory
4.00 GB
Hi,

Which virus were you infected with?

Regards,
Golden
 

My Computer My Computer

At a glance

Windows 10 Pro x64 ; Xubuntu x64Intel i7 860 @ 2.80 GHz O/C'ed to 4.0GHz16GB Corsair Vengance DDR3 @ 661 MHz Dual Cha...EVGA NVidia GTX 560 1024MB
Computer type
PC/Desktop
Computer Manufacturer/Model Number
Golden Mk. I.4
OS
Windows 10 Pro x64 ; Xubuntu x64
CPU
Intel i7 860 @ 2.80 GHz O/C'ed to 4.0GHz
Motherboard
Gigabyte P55A-UD3R Rev.1. Award BIOS F13
Memory
16GB Corsair Vengance DDR3 @ 661 MHz Dual Channel (9-9-9-24)
Graphics Card(s)
EVGA NVidia GTX 560 1024MB
Sound Card
Realtek Integrated
Monitor(s) Displays
Dual Samsung SyncMaster 2494HS
Screen Resolution
1920*1080 and 1920*1080
Hard Drives
1*Samsung 840 EVO 120GB SSD;
1*OCZ Vertex 2 60GB SSD;
2*Samsung F3 SpinPoint 1TB in RAID0;
1*Samsung F1 SpinPoint 1TB;
2*Western Digital 1TB External USB 3.0
1*Western Digital 500GB External USB 3.0
1*Seagate 500GB External USB 2.0
PSU
Thermaltake ToughPower QFan 750W
Case
Thermaltake Element S VK60001W2Z
Cooling
Corsair H60 Water Cooling, 2*230mm and 2*80mm case fans
Keyboard
Logitech G110
Mouse
Logitech MX518
Umm a Trojan I believe. Basicly all it told me was Trojan.Win32.Searches.abv, then where it was.
 

My Computer My Computer

At a glance

Windows 7 Home Premium 64 BitIntel(R) Core(TM)2 Duo CPU P7450 @ 2.13GHz 2....4.00 GB
Computer Manufacturer/Model Number
ASUSTeK Computer Inc.
OS
Windows 7 Home Premium 64 Bit
CPU
Intel(R) Core(TM)2 Duo CPU P7450 @ 2.13GHz 2.13 GHz
Memory
4.00 GB
Hi,

It seems to be a variant of the Win32.Searches trojan which is known to be quite damaging. Here is a similar infection where the OP also reported srrstr.dll being flagged by Kaspersky:

Kaspersky Lab Forum > Kaspersky unable to remove Trojan.Win32.Searches.abt

Its unclear from the thread how they fixed the problem, or if they even did, so I would recommend the following:

- On a different clean PC, change all your passwords for any online forum/bank accounts etc.
- Do a format and clean install of your entire system to guarantee that the infection as been removed

http://www.sevenforums.com/tutorials/1649-clean-install-windows-7-a.html

If you have an OEM Windows installation, you might be able to do a factory reset/recovery from the recovery partition/disks.

Regards,
Golden
 

My Computer My Computer

At a glance

Windows 10 Pro x64 ; Xubuntu x64Intel i7 860 @ 2.80 GHz O/C'ed to 4.0GHz16GB Corsair Vengance DDR3 @ 661 MHz Dual Cha...EVGA NVidia GTX 560 1024MB
Computer type
PC/Desktop
Computer Manufacturer/Model Number
Golden Mk. I.4
OS
Windows 10 Pro x64 ; Xubuntu x64
CPU
Intel i7 860 @ 2.80 GHz O/C'ed to 4.0GHz
Motherboard
Gigabyte P55A-UD3R Rev.1. Award BIOS F13
Memory
16GB Corsair Vengance DDR3 @ 661 MHz Dual Channel (9-9-9-24)
Graphics Card(s)
EVGA NVidia GTX 560 1024MB
Sound Card
Realtek Integrated
Monitor(s) Displays
Dual Samsung SyncMaster 2494HS
Screen Resolution
1920*1080 and 1920*1080
Hard Drives
1*Samsung 840 EVO 120GB SSD;
1*OCZ Vertex 2 60GB SSD;
2*Samsung F3 SpinPoint 1TB in RAID0;
1*Samsung F1 SpinPoint 1TB;
2*Western Digital 1TB External USB 3.0
1*Western Digital 500GB External USB 3.0
1*Seagate 500GB External USB 2.0
PSU
Thermaltake ToughPower QFan 750W
Case
Thermaltake Element S VK60001W2Z
Cooling
Corsair H60 Water Cooling, 2*230mm and 2*80mm case fans
Keyboard
Logitech G110
Mouse
Logitech MX518
Hmmm, alright thanks. I'm not sure if I have a partition for that in my computer but I do have a recovery disk. Just was hoping to not have to lose everything but sometimes seems its just out of our control.

Just 1 more thing, would it not be wise then to possibly just delete it with my File Assassin from MalwareBytes?
 
Last edited:

My Computer My Computer

At a glance

Windows 7 Home Premium 64 BitIntel(R) Core(TM)2 Duo CPU P7450 @ 2.13GHz 2....4.00 GB
Computer Manufacturer/Model Number
ASUSTeK Computer Inc.
OS
Windows 7 Home Premium 64 Bit
CPU
Intel(R) Core(TM)2 Duo CPU P7450 @ 2.13GHz 2.13 GHz
Memory
4.00 GB
I don't see why this needs to be a reload:huh:. I would try downloading and running tdsskiller from: Virus Removal Tools which does a great job at finding rootkits. If it finds anything, remove it and reboot. Repeat as necessary(You may have to turn off system restore to be successful). From there, Download and install Malwarebytes Antimalware and run that. Once that is completed, I would run Spybot S&D (I recommend unchecking the box for Teatimer during install) Finally, I would download and run the appropriate version of hitman pro for your os from: Downloads - SurfRight. If you are still having problems, I would try combofix which can be downloaded from bleepingcomputer.com, and eset's online virus scanner. Hope it helps!

-Mantis
 

My Computer My Computer

At a glance

Windows 7 All Versionsi5 2500kAsus GTX560TI
Computer Manufacturer/Model Number
Custom
OS
Windows 7 All Versions
CPU
i5 2500k
Motherboard
P8Z68-V PRO
Graphics Card(s)
Asus GTX560TI
Sound Card
Integrated
Monitor(s) Displays
Hanns-G 28"
Screen Resolution
1920x1200
Hard Drives
OCZ Agility2 120GB SSD
2x Seagate 7200.11 1TB HDD
PSU
Silverstone Strider Series 1000w Modular
Mouse
Logitch G7
Thing is, iv used MalewareBytes, but the file is in both System32 where it should be, and SysWOW64. So i'm not entirely sure if its safe for deleting or not. If it was I would have used File Assassin a while ago.
 

My Computer My Computer

At a glance

Windows 7 Home Premium 64 BitIntel(R) Core(TM)2 Duo CPU P7450 @ 2.13GHz 2....4.00 GB
Computer Manufacturer/Model Number
ASUSTeK Computer Inc.
OS
Windows 7 Home Premium 64 Bit
CPU
Intel(R) Core(TM)2 Duo CPU P7450 @ 2.13GHz 2.13 GHz
Memory
4.00 GB
If it is being detected as a virus in your syswow64 folder but not system32, then they are probably not really the same file. See if the file sizes match up, if they don't then delete the syswow64 one, if they do match and have the same modified date then delete them both and replace them with one from a windows disk. (If you need me to I can upload the file. I just need to know your windows version, service pack, and if it is 32 or 64 bit.

-Mantis
 

My Computer My Computer

At a glance

Windows 7 All Versionsi5 2500kAsus GTX560TI
Computer Manufacturer/Model Number
Custom
OS
Windows 7 All Versions
CPU
i5 2500k
Motherboard
P8Z68-V PRO
Graphics Card(s)
Asus GTX560TI
Sound Card
Integrated
Monitor(s) Displays
Hanns-G 28"
Screen Resolution
1920x1200
Hard Drives
OCZ Agility2 120GB SSD
2x Seagate 7200.11 1TB HDD
PSU
Silverstone Strider Series 1000w Modular
Mouse
Logitch G7
Well I already know they aren't the same size, the one in System32 is somewhere in 200kb's, where as this one is 96kb's.
 

My Computer My Computer

At a glance

Windows 7 Home Premium 64 BitIntel(R) Core(TM)2 Duo CPU P7450 @ 2.13GHz 2....4.00 GB
Computer Manufacturer/Model Number
ASUSTeK Computer Inc.
OS
Windows 7 Home Premium 64 Bit
CPU
Intel(R) Core(TM)2 Duo CPU P7450 @ 2.13GHz 2.13 GHz
Memory
4.00 GB
Then I would recommend that you file assassin the one in syswow64 and run the programs I specified in my original post. That should get you going fine.

-Mantis
 

My Computer My Computer

At a glance

Windows 7 All Versionsi5 2500kAsus GTX560TI
Computer Manufacturer/Model Number
Custom
OS
Windows 7 All Versions
CPU
i5 2500k
Motherboard
P8Z68-V PRO
Graphics Card(s)
Asus GTX560TI
Sound Card
Integrated
Monitor(s) Displays
Hanns-G 28"
Screen Resolution
1920x1200
Hard Drives
OCZ Agility2 120GB SSD
2x Seagate 7200.11 1TB HDD
PSU
Silverstone Strider Series 1000w Modular
Mouse
Logitch G7
Hi,

The only sure way of knowing that your system is clean, is to do a clean install - you mentioned that other viruses were cleaned, whatwere they? - are you 100% confident that they didn't drop other payloads into your system? If you do not want to reinstall, I suggest posting your problem at the Kaspersky forum and see if someone can help there.

A word of warning : do NOT attempt Combofix without the guidance of a trained malware removal specialist. This software is extremely powerful and will render your system completely useless quicker than you can blink an eye. Every download of Combofix carries this very explicit warning.

Good luck,
Golden
 

My Computer My Computer

At a glance

Windows 10 Pro x64 ; Xubuntu x64Intel i7 860 @ 2.80 GHz O/C'ed to 4.0GHz16GB Corsair Vengance DDR3 @ 661 MHz Dual Cha...EVGA NVidia GTX 560 1024MB
Computer type
PC/Desktop
Computer Manufacturer/Model Number
Golden Mk. I.4
OS
Windows 10 Pro x64 ; Xubuntu x64
CPU
Intel i7 860 @ 2.80 GHz O/C'ed to 4.0GHz
Motherboard
Gigabyte P55A-UD3R Rev.1. Award BIOS F13
Memory
16GB Corsair Vengance DDR3 @ 661 MHz Dual Channel (9-9-9-24)
Graphics Card(s)
EVGA NVidia GTX 560 1024MB
Sound Card
Realtek Integrated
Monitor(s) Displays
Dual Samsung SyncMaster 2494HS
Screen Resolution
1920*1080 and 1920*1080
Hard Drives
1*Samsung 840 EVO 120GB SSD;
1*OCZ Vertex 2 60GB SSD;
2*Samsung F3 SpinPoint 1TB in RAID0;
1*Samsung F1 SpinPoint 1TB;
2*Western Digital 1TB External USB 3.0
1*Western Digital 500GB External USB 3.0
1*Seagate 500GB External USB 2.0
PSU
Thermaltake ToughPower QFan 750W
Case
Thermaltake Element S VK60001W2Z
Cooling
Corsair H60 Water Cooling, 2*230mm and 2*80mm case fans
Keyboard
Logitech G110
Mouse
Logitech MX518
Alright thank you, I should be able to do that except for the use of the Combofix program, cause im in no way trained to use that specific program.
 

My Computer My Computer

At a glance

Windows 7 Home Premium 64 BitIntel(R) Core(TM)2 Duo CPU P7450 @ 2.13GHz 2....4.00 GB
Computer Manufacturer/Model Number
ASUSTeK Computer Inc.
OS
Windows 7 Home Premium 64 Bit
CPU
Intel(R) Core(TM)2 Duo CPU P7450 @ 2.13GHz 2.13 GHz
Memory
4.00 GB
Back
Top