Please help me in getting out the virus which has infected my system.
I see autorun.inf files in each drive and some .dll files and some system files.
I am attaching the logs for the reference.
Thanks,
Ravi.
Please help me in getting out the virus which has infected my system.
I see autorun.inf files in each drive and some .dll files and some system files.
I am attaching the logs for the reference.
Thanks,
Ravi.
Your log is wrong, you can delete it We can't use it in order to help you.
If you have avptool you should attach the real log (it is an zip file ) : http://avptool.virusinfo.info/en/AVPTool_manual.htm
Otherwise, please follow this rules : http://virusinfo.info/showthread.php?t=9184
*Нажми и выполни, если хочешь чтобы помощь улучшилась и ускорилась
*MyFirefox Portable
special avz @ rapidshare.com
md5: 2091925798B7909E010E3F7E328C5F0D
Hi there,
I am attaching the correct zip file.
please check and let me know.
Thanks,
Ravi.
I have a question: when and where did you download the avptool itself ? It seems to be very old.
Please close all your security programes and disconnect from internet.
Execute the following script : ( How-to : http://avptool.virusinfo.info/en/AVP...curescript.htm )
Your computer will reboot automatically.Код:begin SearchRootkit(true, true); SetAVZGuardStatus(True); QuarantineFile('c:\windows\system32\inetsrv\inetinfo.exe',''); QuarantineFile('C:\WINDOWS\system32\SSVICHOSST.exe',''); QuarantineFile('C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe',''); QuarantineFile('C:\WINDOWS\system32\amvo0.dll',''); QuarantineFile('C:\autorun.inf',''); QuarantineFile('D:\autorun.inf',''); QuarantineFile('E:\autorun.inf',''); QuarantineFile('F:\autorun.inf',''); QuarantineFile('G:\autorun.inf',''); QuarantineFile('H:\autorun.inf',''); DeleteFile('C:\WINDOWS\system32\amvo0.dll'); DeleteFile('C:\WINDOWS\system32\SSVICHOSST.exe'); DeleteFile('C:\autorun.inf'); DeleteFile('D:\autorun.inf'); DeleteFile('E:\autorun.inf'); DeleteFile('F:\autorun.inf'); DeleteFile('G:\autorun.inf'); DeleteFile('H:\autorun.inf'); BC_ImportAll; ExecuteSysClean; ExecuteRepair(6); ExecuteRepair(8); ExecuteRepair(9); BC_Activate; RebootWindows(true); end.
Upload a quarantine ( it should be in avz sub -folder, remember to zip it with password virus )
using this page: http://virusinfo.info/upload_virus_eng.php?tid=20286.
Make a new log file from a fresh avptool or avz and attach it to your next post.
Последний раз редактировалось drongo; 23.03.2008 в 00:43.
*Нажми и выполни, если хочешь чтобы помощь улучшилась и ускорилась
*MyFirefox Portable
special avz @ rapidshare.com
md5: 2091925798B7909E010E3F7E328C5F0D
If your computer will not be automatically rebooted you should reboot it manually.
Thanks for the script! I have downloaded the file from phazeddl.com; Please suggest me a good tool on which I can trust. I shall execute the script and follow your suggestion. before that, I would like to tell you that, when I log into windows, I see a warning message regarding amvo.exe; I am pasting the sys log for your reference.
----------
"Application popup: amvo.exe - Application Error : The instruction at "0x10011fdd" referenced memory at "0x00ff8738". The memory could not be "read".
----------
AVPTool: http://devbuilds.kaspersky-labs.com/devbuilds/AVPTool/
Pls. follow the suggestions of drongo and AndreyKa, after reboot make the new logs. If you cannot do it, you cannot be helped from any tool anymore
We are didn't get a quarantine from you. Why?
*Нажми и выполни, если хочешь чтобы помощь улучшилась и ускорилась
*MyFirefox Portable
special avz @ rapidshare.com
md5: 2091925798B7909E010E3F7E328C5F0D