Results 1 to 4 of 4

Thread: help with hldrrr.exe, srosa.sys

  1. 02-04-2009 #1
    Kuprin
    Kuprin is offline Member
    Join Date
    Apr 2009
    Posts
    29

    help with hldrrr.exe, srosa.sys

    My all .exe files got corrupted changing which weighted 56kb. I use Zone Alarm Security Suite which closed suddenly when this error occurred. i tried reinstalling it but it didnt worked.

    When i checked C: drive having a file named www.exe & a file in system32 naming hldrrr.exe. I deleted both the file & it worked fine but when i restarted the computer again & it shows that the file again.

    I also tried Combofix to solve the problem it showed me that srosa.sys file has been deleted.

    Can anyone tell me how to get rid of it!

    Edit: Now I've begun getting messages saying that explorer.exe is a malicious program and Microsoft's data execution protection (or sth. like that) is blocking it.
    Reply With Quote Reply With Quote
  2. 02-04-2009 #2
    Glenny
    Glenny is offline Member
    Join Date
    May 2008
    Posts
    4,570

    Re: help with hldrrr.exe, srosa.sys

    If you haven't already, please disable the Guest account in User accounts.

    Please use add/remove programs to uninstall:
    J2SE Runtime Environment 5.0 Update 11"
    J2SE Runtime Environment 5.0 Update 6"
    Java(TM) 6 Update 3"
    Java(TM) 6 Update 5"
    Java(TM) SE Runtime Environment 6 Update 1

    Run this: Disable/Remove Windows Messenger to remove Windows Messenger. Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

    Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

    Now download The Avenger by Swandog469, and save it to your Desktop.

    * Extract avenger.exe from the Zip file and save it to your desktop
    * Run avenger.exe by double-clicking on it.
    * Do not change any check box options!!
    * Copy everything in the Quote box below, and paste it into the Input script here: part of the window:


    Drivers to delete:
    srosa


    Registry Keys to delete:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA\0000
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA\0000\Control
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA\0000
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA\0000\Control
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SROSA
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SROSA\0000


    * Now click the Execute button.
    * Click Yes to the prompt to confirm you want to execute.
    * Click Yes to the Reboot now? question that will appear when Avenger finishes running.
    * Your PC should reboot, if not, reboot it yourself.
    * A log file from Avenger will be produced at C:\avenger.txt and it will popup for you to view when you login after reboot.

    Also delete all files in the below folders except ones from the current date (Windows will not let you delete the files from the current day).
    C:\WINDOWS\Temp
    C:\Documents and Settings\%username%\Local Settings\Temp

    Now download and install:
    Java Runtime 6

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file that will be created by running this and also attach the log from Avenger
    Reply With Quote Reply With Quote
  3. 02-04-2009 #3
    Sam.D
    Sam.D is offline Member
    Join Date
    Jan 2008
    Posts
    3,755

    Re: help with hldrrr.exe, srosa.sys

    I must say that with all my of experience that one was one of the hardest to remove ..
    It disables your current antivirus software, prohibit you from accessing system in safe mode , and changes names each time it starts.

    So.. Here are the steps

    1. Download PC Tool
    2. Run the tool and when it finds wintems.exe process kill him..
    3. Run regedit go to HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache and see all entries regarding “C:\WINDOWS\system32\drivers” .
    4. In Explorer window Go to> tools>folder options>view and select show hidden files
    5. Browse to your C:\WINDOWS\system32\drivers .. find drivers folder and try to delete all files listed in HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache
    6. Scan your system with panda online scanner (the only one that actually cleans , not only detects
    7. Install anti virus program, download last updates and do a full scan to your system


    Of course there is always an option to reapply service pack or do a reinstall to your system.
    Reply With Quote Reply With Quote
  4. 02-04-2009 #4
    chroma
    chroma is offline Member
    Join Date
    Apr 2008
    Posts
    2,139

    Re: help with hldrrr.exe, srosa.sys

    It sounds like you have a very nasty infection. Look out for Removing Malwares.

    OR

    You could wipe your harddrive clean and reinstall windows
    Reply With Quote Reply With Quote
« How to bookmark a website in Mozilla Firefox? | Microsoft Office 2007 SP2 Leaked and Available for Download »

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules

Page generated in 1,713,484,499.47426 seconds with 16 queries