Win32/sirefif infection

Status
Not open for further replies.
<The process known as Consent UI for administrative applications belongs to software Microsoft Windows Operating System or Betriebssystem Microsoft Windows by Microsoft (www.microsoft.com).

Consent.exe is enabled when you have UAC turned on. It launches when a non-windows program attempts to start up with administrator level access to files and system settings, and shows a message asking if you want to allow the program to load. This is an important file, do not delete it unless you're sure its a virus. If you want to disable it, turn off UAC and consent.exe will not load.

I'm assuming you're viewing this process from the Task Manager, correct?

We can also get the file scanned online to give you peace of mind, let me know.>

=========================

Still doing updates. Keep getting one or two more every time I search. I will let you know for sure when I get them all done and IE 10 downloaded as well. The consent.exe file just loaded today so I am assuming it's ok but after I get all the updates done if we could scan that file just to be sure it would be a weight off my mind. And yes I'm seeing it in Task Manager. I wasn't sure what that was for it's just odd it doesn't have a description (it does show System as a user name if I show all processes). That's what caught my eye, that it didn't have a description.

Thanks for being so patient with me. I cannot figure out why service pack 1 would not come up in Windows update no matter how many times I scanned for it. And I could swear I downloaded it before but then again switching between the machines I may have gotten it confused with the other one.

As soon as I get all the updating stuff done I will let you know. I have a feeling it's going to take a while.
 
Didn't take quite as long as I thought. All done with updates for now. If we can scan that one file that would be great and set my mind at ease. Await your instructions. Thanks for the help.
 
Hi NutherStamper,

Show Hidden Files & Folders in Windows 7
  • To show hidden files, just click on the Organize button in any folder, and then select “Folder and Search Options” from the menu.
  • Click the View tab, and then you should select “Show hidden files and folders” in the list.
  • Then click OK.
=========================

VirusTotal

Please go to: VirusTotal

virustotal2-SWI.png


  • Click the Browse button and search for the following file: C:\Windows\System32\consent.exe
  • Click Open
  • Then click Send File
  • Please be patient while the file is scanned.
  • Once the scan results appear, please provide them in your next reply.
If it says already scanned -- click "reanalyze now"

=========================

In your next post please provide the following:
  • VirusTotal results
 
Ok did the show hidden files and folders.

But I can't find that file when I browse with the program you wanted me to use. It just isn't in the list. When I got to Start , C drive, Windows , system32 I see the file but not when I try to browse for it.

Not sure what to make of this. Any ideas?
 
I just a side by side comparison between the browse and going through the start menu. There are a bunch of applications that don't show up the in the browse list. Maybe because they are apps? Also if I try to search for consent.exe in the search box through the start menu it comes up with nothing.
 
Hi NutherStamper,

But I can't find that file when I browse with the program you wanted me to use. It just isn't in the list. When I got to Start , C drive, Windows , system32 I see the file but not when I try to browse for it.

Not sure what to make of this. Any ideas?
Click to expand...

I tried also and my machine responded the same as yours. So what I did was "copy" the file to my desktop, then browse to it from there.

That seemed to work fine.
 
Ok did what you suggested. Don't see a log for the Virus total scan but it says probably harmless 0/48 detection ratio. So it seems ok.

Oh and just for your info, when I log on to the forums it always says redirecting now for a few seconds before the page refreshes. I'm assuming that this is normal.

I think we're good to go unless you have anything else you think we should check?
 
Hi NutherStamper,

when I log on to the forums it always says redirecting now for a few seconds before the page refreshes. I'm assuming that this is normal.
Click to expand...
Yes, that is normal.

I think we're good to go unless you have anything else you think we should check?
Click to expand...
Nothing I can think of, you should be good to go.

The consent file that I copied to the desktop, I'm assuming I can just delete that since it's a copy?
Click to expand...
Yes, you can just delete it.

If you have no more questions or issues that need addressing, you're free to go. :2thumb:
 
Hi NutherStamper,

You're very welcome. Glad I was able to help. :bigthumb: Have a great day.

Since this issue appears to be resolved ... this Topic will be closed.
 
Status
Not open for further replies.
Back
Top