Antivirus found infection in srrstr.dll

Zrpizzaguy · 26 Jan 2012

Okay so I have been without a antivirus for quite a while and really needed one so I was able to get Kaspersky, after installing and updating I did a full system scan. In the scan it found 38 virus's thought it wasn't able to finish the scan due to a blue screen error. Of those 38 I was able to remove all except 1 which it said was the file srrstr.dll in my SysWOW64 folder. After finding that, I did some research and found out that the file srrstr.dll should actually be in System32 so I took a look in there and actualy found a second srrstr.dll file. So my question is, would it be wise to delete the srrstr.lll from my SysWOW64? Or would doing so actualy harm my computer even further.
If nessesary I can kill it with my File Assassin from MalwareBytes.

Golden · 26 Jan 2012

Hi,

Which virus were you infected with?

Regards,
Golden

Zrpizzaguy · 26 Jan 2012

Umm a Trojan I believe. Basicly all it told me was Trojan.Win32.Searches.abv, then where it was.

Golden · 26 Jan 2012

Hi,

It seems to be a variant of the Win32.Searches trojan which is known to be quite damaging. Here is a similar infection where the OP also reported srrstr.dll being flagged by Kaspersky:

Kaspersky Lab Forum > Kaspersky unable to remove Trojan.Win32.Searches.abt

Its unclear from the thread how they fixed the problem, or if they even did, so I would recommend the following:

- On a different clean PC, change all your passwords for any online forum/bank accounts etc.
- Do a format and clean install of your entire system to guarantee that the infection as been removed

Clean Install Windows 7

If you have an OEM Windows installation, you might be able to do a factory reset/recovery from the recovery partition/disks.

Regards,
Golden

Zrpizzaguy · 26 Jan 2012

Hmmm, alright thanks. I'm not sure if I have a partition for that in my computer but I do have a recovery disk. Just was hoping to not have to lose everything but sometimes seems its just out of our control.

Just 1 more thing, would it not be wise then to possibly just delete it with my File Assassin from MalwareBytes?

EKMantis · 26 Jan 2012

I don't see why this needs to be a reload

. I would try downloading and running tdsskiller from: Virus Removal Tools which does a great job at finding rootkits. If it finds anything, remove it and reboot. Repeat as necessary(You may have to turn off system restore to be successful). From there, Download and install Malwarebytes Antimalware and run that. Once that is completed, I would run Spybot S&D (I recommend unchecking the box for Teatimer during install) Finally, I would download and run the appropriate version of hitman pro for your os from: Downloads - SurfRight. If you are still having problems, I would try combofix which can be downloaded from bleepingcomputer.com, and eset's online virus scanner. Hope it helps!

-Mantis

Zrpizzaguy · 26 Jan 2012

Thing is, iv used MalewareBytes, but the file is in both System32 where it should be, and SysWOW64. So i'm not entirely sure if its safe for deleting or not. If it was I would have used File Assassin a while ago.

EKMantis · 26 Jan 2012

If it is being detected as a virus in your syswow64 folder but not system32, then they are probably not really the same file. See if the file sizes match up, if they don't then delete the syswow64 one, if they do match and have the same modified date then delete them both and replace them with one from a windows disk. (If you need me to I can upload the file. I just need to know your windows version, service pack, and if it is 32 or 64 bit.

-Mantis

Zrpizzaguy · 26 Jan 2012

Well I already know they aren't the same size, the one in System32 is somewhere in 200kb's, where as this one is 96kb's.

EKMantis · 26 Jan 2012

Then I would recommend that you file assassin the one in syswow64 and run the programs I specified in my original post. That should get you going fine.

-Mantis