• Instructions for treatment

    Rules of request for assistance | VirusInfo

    To issue request correctly and get help, read and follow the instructions, cited in this topic, attentively.
    We advise you to download offline-version of the rules right away rules.zip, because you will have to reboot your PC during the diagnosis process.

    Please remember, you get help for free and on a voluntary basis. Don't demand help in categorical terms. If you don't understand what you are asked to do, then you better contact experts of closest computer firm. If you refuse follow the instructions given by helpers, or do it in your own way, don't be surprised, if your topic will be closed.

    First of all

    1.  If you have an antivirus, update its database and perform a full scan of your computer.
      * If you have Kaspersky Anti-Virus, make sure you do everything correct, as it indicated in instruction 
    2. Download one of these anti-virus utilities:
      AVPTool by "Kaspersky Lab";
      Dr.Web CureIt! by «Dr.Web»;
    3. Perform a full scan of your computer in safe mode. You should apply action "to cure" to found objects, and move and delete incurable ones. After that, necessarily reboot your PC(in common mode).

    * If you have Kaspersky Anti-Virus installed on your PC – use Dr.Web utility, and vice versa. If you have any other antivirus installed, or if you don't have any at all, use any of these utilities of your choice.

    * Attention! Before using Dr.Web CureIt! make sure it's used to cure only your own home PC
    * If safe mode doesn't work - check your PC in normal, herewith necessarily disable your antivirus.

    If these arrangements haven't solved your problem, you would have to do the set of protocols of system's scanning, which experts of the project could treatment your PC with.


    You will have to download the following tools, to scan your system with:
    1. AVZ antivirus utility
      * If you already have AVZ, make sure you use the latest version of it.
    2. HiJackThis
      * If you already have HiJackThis, make sure you use the latest version of it as well.

    After downloading the tools:
    1. Extract AVZ from the archive and place it into a new separate folder. Run AVZ and update its database ("File" => "Database Update"), after that close AVZ.
    2. Click image to enlarge it: Database Update


    3. Extract HiJackThis from the archive and place it into a new separate folder.


    If you have 64-bit or server OS, you should not perform this section's first item. Go directly to the second item.

    1. Disconnect from the Internet, disable antivirus and firewall (if you have) ; close games, text editors and any other programs, launch only a browser (e.g. Internet Explorer).

    Run AVZ*. Open in the menu "File"=>"Standard scripts" and select the item "Advanced System Analysis with malware removal mode enabled". Click “Execute selected scripts”. Automatic system scanning, treatment and analyzing will be performed, after which LOG folder will be created in the AVZ working folder, that will contain virusinfo_syscure.zip archive, with log in it.


    Click image to enlarge it: Standard script 3


    Be sure to restart your PC, because AVZ during the system scanning can disrupt work of some software (antiviruses and firewalls in particular). The software will continue to work properly after reboot.

    Attention! If some suspicious files are detected in consequence of scanning, they will be saved in virusinfo_cure.zip archive. Don't confuse it with protocol of system scanning virusinfo_syscure.zip and do not attach it to posts on the forum!

    2. Connect to the Internet, launch a browser (e.g. Internet Explorer).

    Run AVZ*. Open in the menu "File"=>"Standard scripts" and select the item "Advanced System Analysis". Click “Execute selected scripts”. Automatic system scanning will be performed, after which virusinfo_syscheck.zip archve will be created in LOG folder in the AVZ working folder, with log in it.


    Click image to enlarge it: Standard script 2


    3. Run HijackThis*. Click "I Accept" in the window with the user agreement.

    HijackThis user agreement

    If the program doesn't start or stops after starting, download renamed file of the program here and use it later on.

    Click "Do a system scan and save a log file". Save the log. By default, the log is saved in the program's folder and it is called hijackthis.log

    Click image to enlarge it: Do a system scan and save a logfile

    * These programs necessarily must be run as administrator. In Windows Vista and Windows 7 administrator rights are lowered by default, so you need to right-click on the program, select "Run as administrator", enter the administrator password in the dialog box and click "OK".

    4. Start new topic in Help Me! section with a brief description of the problem in the title and a detailed description in the message; attach to the message log files obtained during the diagnostic process (AVZ - virusinfo_syscure.zip, AVZ - virusinfo_syscheck.zip, HJT - hijackthis.log)- it must be log files. We will try to help you. 

    * The log files should be attached to topic as attachs (but not written in topic). Please, don't rename the log files, download them with the names by default.
    * Do not open uninformative topics with the title like "Help Me", etc. 
    * Do not attach any other files, archives or logs, except for log files of HijackThis and AVZ, if you weren't asked to.
    * If you have several infected operating systems or computers, you should start seperate topic for each one of them.
    * Please, do not direct requests for assistance through private messages or e-mail, place them only on forum .

    Important Notice

    Please, do not run scripts and do not follow any other recomendations written for other users! Each case is unique and you may harm your PC! VirusInfo is not responsible for effects of non-fulfillment of this item! In this case, VirusInfo administration has the right to refuse to assist without explanation of reasons.

    Appendix 1. How to disable system restore in Windows XP/Vista/7.

    Windows protects system restore folders from any external program. When malware gets onto your computer, Windows may also keep them in recovery's folders, but anti-virus and other utilities cannot always remove them from these folders. For the treatment you need to temporarily disable System Restore. After treatment, you must enable it back.

    Windows XP:
    Control Panel > System, "System Restore" tab. Put the checkbox on "Turn off System Restore on all drives", press "Apply". A message about deleting all restore points will appear. Confirm by clicking "OK".

    Windows Vista:
    "Start Button" > right click on the "Computer" item, and select "Properties".
    Select System Protection item in the left side of the System window.
    In the "Automatic restore point" remove the checkbox for the system drive which Windows Vista installed on.
    Click "Turn off System Restore" to confirm.
    Click OK and restart your computer.

    Windows 7:
    "Start Button" > right click on the "Computer" item, and select "Properties".
    Select System Protection item in the left side of the System window.
    Select local drive, which you installed Windows 7 on in the window that appears in the list of available drives.
    Click "Configure".
    In appeared window, select "Turn off System Protection" and click "OK" .
    At the request "really disable the protection system for this drive?" Click "Yes".......

    Appendix 2. Searching files by AVZ.
    1. Run AVZ, Open in the menu "File" - "Automatic Quarantining".
    2. In the upper window, enter a list of files that you are asked to send.
    3. Click on "Start" and wait for the inscription "The process of adding files is completed" in the lower window
    4. Close the current window "Automatic Quarantining"
    5. For further actions, see Appendix 3.

    Appendix 3. How to send requested files.
    1. Run AVZ, choose on the menu "File" -> "Quarantine Folder Viewer".
    2. On the right , in the file list, select files you need to send.
    3. Click on "Export files to ZIP" and specify a location on disk where the file will be saved. It is strongly recommended to accept the default filename, ie virus.zip.
    4. Load the resulting archive, using the link to the download page (Upload quarantined files) in the header of your topic.

    If you have not received confirmation of successful download of archive, ask in topic whether your quarantine was recieved, or loading must be repeated. 

    "Frequently asked questions" (FAQ):

    How to "Fix in HijackThis":

    Executing script in AVZ:

    Copyright (с) VirusInfo, 2004-2012
    All rights reserved.

    This text, as the product of creative activity, is the intellectual property of the VirusInfo collective . If you want to use all or part of the text of the Rules on your site, apply for participation in the "Treatment" program; in all other cases, reproduction of this text is permitted only by written permission of VirusInfo Administration.

    attachments Тип файла: zip instruction.zip (6.4 Кб)

    Page generated in 0.00446 seconds with 31 queries
Page generated in 0.00446 seconds with 31 queries