Cure script for AVPTools -
Код:
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
DelBHO('94ECEDCC-5772-41C7-95EE-6F0776204AC5');
DelBHO('EBF1652D-FC54-4654-8738-55A21A0B520B');
DelBHO('C8D5269D-E2D0-482C-901E-5EE3E4F2F40E');
DelBHO('D74135CA-766A-4A44-A22D-F4FBE04BF514');
QuarantineFile('C:\WINNT\qmafxprs.dll','');
QuarantineFile('C:\WINNT\lfstbwvd.dll','');
QuarantineFile('C:\WINNT\99629.exe','');
DeleteService('rpcapd');
QuarantineFile('C:\WINNT\System32\Drivers\UserPort.sys','');
QuarantineFile('C:\WINNT\vortsgbqasx.dll','');
QuarantineFile('C:\WINNT\system32\rqRJbcaw.dll','');
QuarantineFile('C:\WINNT\system32\khffgGWP.dll','');
QuarantineFile('C:\WINNT\olnmraew.dll','');
QuarantineFile('c:\winnt\system32\acs.exe','');
QuarantineFile('C:\WINNT\system32\MicroAV.cpl','');
DeleteFile('C:\WINNT\system32\MicroAV.cpl');
DeleteFile('C:\WINNT\olnmraew.dll');
DeleteFile('C:\WINNT\system32\khffgGWP.dll');
DeleteFile('C:\WINNT\system32\rqRJbcaw.dll');
DeleteFile('C:\WINNT\vortsgbqasx.dll');
DeleteFile('C:\WINNT\99629.exe');
DeleteFile('C:\WINNT\lfstbwvd.dll');
DeleteFile('C:\WINNT\qmafxprs.dll');
DelWinlogonNotifyByKeyName('rqRJbcaw');
CreateQurantineArchive(GetAVZDirectory+'quarantine.zip');
BC_ImportDeletedList;
ExecuteSysClean;
ExecuteRepair(1);
ExecuteRepair(2);
ExecuteRepair(3);
ExecuteRepair(4);
ExecuteRepair(5);
ExecuteRepair(6);
ExecuteRepair(8);
ExecuteRepair(9);
ExecuteRepair(11);
ExecuteRepair(16);
ExecuteRepair(17);
BC_Activate;
RebootWindows(true);
end.
After Script execute -
1. Upload quarantine.zip from AVPTools folder here for virus analists.
2. Uninstall AVPTools.
3. Read rules - http://virusinfo.info/showthread.php?t=9184 make 3 logs and check system with CureIt!
4. Attach 3 logs to next message.
5. Continue after virus analists check you quarantine.
PS: Change ALL critical passwords (Email, ICQ ....) after step 3 instruction be done.