i got a infected by a virus who disabled my kaspersky antivirus 6.0, when i want to start it ,i got a message that its been used by an other application.
i got a infected by a virus who disabled my kaspersky antivirus 6.0, when i want to start it ,i got a message that its been used by an other application.
Update the signatures in AVZ (File/Database Update)!!!
Close/unload all the programs excepted AVZ and Internet Explorer
Switch off:
- Antivirus and and, if you have - Firewall.
- System Restore
- Close all the opended programs excepting AVZ and Internet Explorer
- Execute following script
After reboot:Код:begin SearchRootkit(true, true); SetAVZGuardStatus(True); QuarantineFile('C:\WINDOWS\system32\atmlibl.dll',''); QuarantineFile('C:\WINDOWS\WLXPGSS.SCR',''); DelBHO('{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}'); QuarantineFile('C:\WINDOWS\system32\dllcache\wuauclt.exe',''); QuarantineFile('C:\autorun.inf',''); QuarantineFile('C:\HNLJ.PIF',''); QuarantineFile('D:\autorun.inf',''); QuarantineFile('D:\HNLJ.PIF',''); DeleteFile('D:\HNLJ.PIF'); DeleteFile('D:\autorun.inf'); DeleteFile('C:\HNLJ.PIF'); DeleteFile('C:\autorun.inf'); DeleteFile('C:\WINDOWS\system32\dllcache\wuauclt.exe'); DeleteFile('C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL'); DeleteFile('C:\WINDOWS\system32\atmlibl.dll'); BC_ImportAll; ExecuteSysClean; BC_Activate; RebootWindows(true); end.
- Clean Temp-Maps, Cache of Browsers, Recycler. Use Windows service tool cleanmgr or CCleaner or ClearProg
- Close all the programs and start only Internet Explorer!!!
- Repeat 3 log files in accordance with the rules.
- Switch Antivirus and, if you have - Firewall, on.
- Go On-Line
- Attach 3 logs to your new post..
the antivirus can't start and show me message that the program is used by an other application.
and i got a DOS Windows withi really wonder what that DOS windows do ? can u explain me ?Код:0. Intel(R) 82566DM Gigabit Network Connection (Microsoft's Packet Scheduler) IP Address. . . . . : 10.124.0.152 Physical Address. . : 00-0F-FE-63-AA-95 Default Gateway . . : 10.124.0.50[*] Bind on 10.124.0.152 Intel(R) 82566DM Gigabit Network Connection (Microsoft' s Packet Scheduler) ... Scanning Alive Host...... Found Alive Host: 1: 125.12.16.2 00-09-E8-78-AF-40 2: 125.12.16.4 02-00-01-1E-C5-95 3: 125.12.16.5 00-09-6B-0D-10-43 4: 125.12.16.6 00-0F-FE-52-CE-89 . . . 29: 125.12.16.86 00-0D-56-78-E1-B2 Sniffing...... 79.140.80.75 209.85.154.30
The 2nd and the last time:Update the signatures in AVZ (File/Database Update)!!!. If you will not do it, your topic will be closed
Fulfill the paragraph 2 of ther rules
Close/unload all the programs excepted AVZ and Internet Explorer
Switch off:
- Antivirus and and, if you have - Firewall.
- System Restore
- Close all the opended programs excepting AVZ and Internet Explorer
- Execute following script
After reboot:Код:begin SearchRootkit(true, true); SetAVZGuardStatus(True); QuarantineFile('C:\WINDOWS\system32\atmlibl.dll',''); QuarantineFile('D:\HNLJ.PIF',''); QuarantineFile('D:\autorun.inf',''); QuarantineFile('C:\HNLJ.PIF',''); QuarantineFile('C:\autorun.inf',''); DelBHO('{0A1230F1-EB52-4CA3-9D34-DE2ABC2EED35}'); QuarantineFile('C:\Program Files\zzToolBar\ToolBand.dll',''); DelBHO('{489873CE-F3E1-44A3-8E89-04BE26BE4446}'); QuarantineFile('C:\Program Files\zzToolBar\Toolbar_bho.dll',''); QuarantineFile('C:\WINDOWS\360safe.exe',''); QuarantineFile('C:\WINDOWS\soni.exe',''); QuarantineFile('C:\WINDOWS\system32\wuauclt.exe',''); QuarantineFile('C:\WINDOWS\system32\wmpeisfect.dll',''); QuarantineFile('c:\windows\avtapit.dll',''); QuarantineFile('c:\windows\system32\dllcache\wuauclt.exe',''); QuarantineFile('c:\hnlj.pif',''); QuarantineFile('c:\6132t.exe',''); DeleteFile('c:\6132t.exe'); DeleteFile('c:\hnlj.pif'); DeleteFile('c:\windows\system32\dllcache\wuauclt.exe'); DeleteFile('c:\windows\avtapit.dll'); DeleteFile('C:\WINDOWS\system32\atmlibl.dll'); DeleteFile('C:\WINDOWS\system32\wmpeisfect.dll'); DeleteFile('C:\WINDOWS\system32\wuauclt.exe'); DeleteFile('C:\WINDOWS\soni.exe'); DeleteFile('C:\WINDOWS\360safe.exe'); DeleteFile('C:\Program Files\zzToolBar\Toolbar_bho.dll'); DeleteFile('C:\Program Files\zzToolBar\ToolBand.dll'); DeleteFile('C:\autorun.inf'); DeleteFile('C:\HNLJ.PIF'); DeleteFile('D:\autorun.inf'); DeleteFile('D:\HNLJ.PIF'); BC_ImportAll; ExecuteSysClean; BC_Activate; RebootWindows(true); end.
- Clean Temp-Maps, Cache of Browsers, Recycler. Use Windows service tool cleanmgr or CCleaner or ClearProg
- Close all the programs and start only Internet Explorer!!!
- Repeat 3 log files in accordance with the rules.
- Switch Antivirus and, if you have - Firewall, on.
- Go On-Line
- Attach 3 logs to your new post..
sorry for the Update
Fulfill the paragraph 2 of ther rules
CHECK A SYSTEM DATE OF YOUR PC
Scanning started at 13/09/2004 14:10:32
Close/unload all the programs excepted AVZ and Internet Explorer
Switch off:
- Antivirus and and, if you have - Firewall.
- System Restore
- Close all the opended programs excepting AVZ and Internet Explorer
- Execute following script
After reboot:Код:begin SearchRootkit(true, true); SetAVZGuardStatus(True); QuarantineFile('C:\WINDOWS\RavNT.exe',''); QuarantineFile('C:\WINDOWS\qqshel.exe',''); QuarantineFile('c:\windows\ias.dll',''); QuarantineFile('c:\windows\icpb.dll',''); QuarantineFile('C:\WINDOWS\360safe.exe',''); QuarantineFile('C:\WINDOWS\soni.exe',''); DelBHO('{285AB8C6-FB22-4D17-8834-064E2BA0A6F0}'); QuarantineFile('C:\WINDOWS\system32\oobe\pbhealth.dll',''); QuarantineFile('C:\Program Files\Fichiers communs\PushWare\cpush.dll',''); DelBHO('{11F09AFD-75AD-4E51-AB43-E09E9351CE16}'); DeleteFile('C:\Program Files\Fichiers communs\PushWare\cpush.dll'); DeleteFile('C:\WINDOWS\system32\oobe\pbhealth.dll'); DeleteFile('C:\WINDOWS\soni.exe'); DeleteFile('C:\WINDOWS\360safe.exe'); DeleteFile('c:\windows\icpb.dll'); DeleteFile('c:\windows\ias.dll'); DeleteFile('C:\WINDOWS\qqshel.exe'); DeleteFile('C:\WINDOWS\RavNT.exe'); DeleteFile('c:\windows\system32\dllcache\wuauclt.exe'); BC_ImportAll; ExecuteSysClean; BC_Activate; RebootWindows(true); end.
- Clean Temp-Maps, Cache of Browsers, Recycler. Use Windows service tool cleanmgr or CCleaner or ClearProg
- Close all the programs and start only Internet Explorer!!!
- Repeat 3 log files in accordance with the rules.
- Switch Antivirus and, if you have - Firewall, on.
- Go On-Line
- Attach 3 logs to your new post..
the date change by it self to ../../2004
Did you make it: Fulfill the paragraph 2 of ther rules ?
You have got file infection , AVZ cannot heal your PC in this case.
the problem is that i cant access to the safe mode of my computer,eatch time that i chose to access to safe mode the computer reboot.
i don't know if it's ok to scan in noraml mode ?
AVZ, File/System Restore, mark the point 10, execute, reboot and try to logging in the safe mode.
i made scan with normal mode cause i coudn't access to safe mode even with AVZ .
Close/unload all the programs excepted AVZ and Internet Explorer
Switch off:
- Antivirus and and, if you have - Firewall.
- System Restore
- Close all the opended programs excepting AVZ and Internet Explorer
- Execute following script
After reboot:Код:begin SearchRootkit(true, true); SetAVZGuardStatus(True); QuarantineFile('C:\WINDOWS\system32\dllcache\wuauclt.exe',''); QuarantineFile('D:\CSG.PIF',''); QuarantineFile('D:\autorun.inf',''); QuarantineFile('C:\CSG.PIF',''); QuarantineFile('C:\autorun.inf',''); DeleteFile('C:\autorun.inf'); DeleteFile('C:\CSG.PIF'); DeleteFile('D:\autorun.inf'); DeleteFile('D:\CSG.PIF'); DeleteFile('C:\WINDOWS\system32\dllcache\wuauclt.exe'); BC_ImportAll; ExecuteSysClean; BC_Activate; RebootWindows(true); end.
- Clean Temp-Maps, Cache of Browsers, Recycler. Use Windows service tool cleanmgr or CCleaner or ClearProg
- Close all the programs and start only Internet Explorer!!!
- Repeat 3 log files in accordance with the rules.
- Switch Antivirus and, if you have - Firewall, on.
- Go On-Line
- Attach 3 logs to your new post..
good luck
Pls. repair you PC in the such way, that you could set a correct system data.
Without it we have not got any chance to heal it.
Close/unload all the programs excepted AVZ and Internet Explorer
Switch off:
- Antivirus and and, if you have - Firewall.
- System Restore
- Close all the opended programs excepting AVZ and Internet Explorer
- Execute following script
After reboot:Код:begin SearchRootkit(true, true); SetAVZGuardStatus(True); QuarantineFile('D:\autorun.inf',''); QuarantineFile('C:\autorun.inf',''); QuarantineFile('C:\WINDOWS\system32\dllcache\wuauclt.exe',''); QuarantineFile('D:\CSG.PIF',''); QuarantineFile('C:\Documents and Settings\9.pif',''); QuarantineFile('C:\Documents and Settings\6.pif',''); QuarantineFile('C:\Documents and Settings\3.pif',''); QuarantineFile('C:\Documents and Settings\2.pif',''); QuarantineFile('C:\CSG.PIF',''); DelBHO('{92780B25-18CC-41C8-B9BE-3C9C571A8263}'); DelBHO('{36ECAF82-3300-8F84-092E-AFF36D6C7040}'); DelBHO('{7E853D72-626A-48EC-A868-BA8D5E23E045}'); DelBHO('{285AB8C6-FB22-4D17-8834-064E2BA0A6F0}'); QuarantineFile('C:\WINDOWS\Aseo\pbhealth.dll',''); QuarantineFile('C:\Documents and Settings\Administrateur\Bureau\obj2.sys',''); QuarantineFile('C:\WINDOWS\system32\drivers\acpidisk.sys',''); QuarantineFile('C:\WINDOWS\system32\winlib .dll',''); QuarantineFile('C:\WINDOWS\system32\cardses.dll',''); DeleteFile('C:\WINDOWS\system32\cardses.dll'); DeleteFile('C:\WINDOWS\system32\winlib .dll'); DeleteFile('C:\WINDOWS\system32\drivers\acpidisk.sys'); DeleteFile('C:\Documents and Settings\Administrateur\Bureau\obj2.sys'); DeleteFile('C:\WINDOWS\Aseo\pbhealth.dll'); DeleteFile('C:\CSG.PIF'); DeleteFile('C:\Documents and Settings\2.pif'); DeleteFile('C:\Documents and Settings\3.pif'); DeleteFile('C:\Documents and Settings\6.pif'); DeleteFile('C:\Documents and Settings\9.pif'); DeleteFile('D:\CSG.PIF'); DeleteFile('C:\WINDOWS\system32\dllcache\wuauclt.exe'); DeleteFile('C:\autorun.inf'); DeleteFile('D:\autorun.inf'); BC_ImportAll; ExecuteSysClean; BC_DeleteSvc('acpidisk'); SetAVZPMStatus(True); BC_Activate; RebootWindows(true); end.
- Close all the programs and start only Internet Explorer!!!
- Repeat 3 log files in accordance with the rules.
- Attach 3 logs to your new post..
can you explain me please how to repair my PC ?
the problem of the date is not from a hardware,but the virus who is repensable of the change of date.
Very interesting.
Lets try this one:
After reboot:Код:begin SearchRootkit(true, true); SetAVZGuardStatus(True); TerminateProcessByName('c:\documents and settings\3.pif'); QuarantineFile('c:\documents and settings\3.pif',''); SearchRootkit(true, true); SetAVZGuardStatus(True); QuarantineFile('D:\xk2n.bat',''); QuarantineFile('D:\autorun.inf',''); QuarantineFile('C:\xk2n.bat',''); QuarantineFile('C:\autorun.inf',''); QuarantineFile('C:\WINDOWS\system32\wglsp.dll',''); DelBHO('{489873CE-F3E1-44A3-8E89-04BE26BE4446}'); QuarantineFile('C:\Program Files\zzToolBar\Toolbar_bho.dll',''); QuarantineFile('C:\WINDOWS\Aseo\pbhealth.dll',''); QuarantineFile('C:\WINDOWS\WLXPGSS.SCR',''); QuarantineFile('C:\WINDOWS\system32\winlib .dll',''); QuarantineFile('C:\WINDOWS\system32\dllcache\wuauclt.exe',''); QuarantineFile('C:\WINDOWS\system32\ckvo0.dll',''); QuarantineFile('C:\WINDOWS\system32\ChsBrKrs.dll',''); DeleteFile('C:\WINDOWS\system32\ChsBrKrs.dll'); DeleteFile('C:\WINDOWS\system32\ckvo0.dll'); DeleteFile('C:\WINDOWS\system32\winlib .dll'); DeleteFile('C:\Program Files\zzToolBar\Toolbar_bho.dll'); DeleteFile('c:\documents and settings\3.pif'); DeleteFile('C:\autorun.inf'); DeleteFile('C:\xk2n.bat'); DeleteFile('D:\autorun.inf'); DeleteFile('C:\WINDOWS\system32\dllcache\wuauclt.exe'); BC_ImportAll; ExecuteSysClean; BC_Activate; executerepair(6); executerepair(8); executerepair(9); RebootWindows(true); end.
- Close all the programs and start only Internet Explorer!!!
- Repeat 3 log files in accordance with the rules.
- Attach 3 logs to your new post..
-send us the quarantine by link http://virusinfo.info/upload_virus_eng.php?tid=29883
*Нажми и выполни, если хочешь чтобы помощь улучшилась и ускорилась
*MyFirefox Portable
special avz @ rapidshare.com
md5: 2091925798B7909E010E3F7E328C5F0D
Hello
i fixecd the problem of date by uninstaling Kaspersky antivirus 6.0 and installing AVG.
but i still doubt that my PC still unfected cause i tried to install kaspersky 2009 ,and just when i finish the installtion it got disabled .