Sorry for waiting...
Please, disable your "anti" and disconnect from the internet !
Execute in AVPTools this script (from the box below )
Код:
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
QuarantineFile('G:\autorun.inf','');
QuarantineFile('F:\autorun.inf','');
QuarantineFile('E:\autorun.inf','');
QuarantineFile('D:\autorun.inf','');
QuarantineFile('C:\autorun.inf','');
QuarantineFile('C:\WINDOWS\svchost.exe','');
QuarantineFile('C:\WINDOWS\system32\Rundll32.exe','');
QuarantineFile('C:\Program Files\\Outlook Express\setup50.exe','');
QuarantineFile('C:\WINDOWS\inf\unregmp2.exe','');
QuarantineFile('c:\windows\system32\svchost.exe','');
QuarantineFile('C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE','');
QuarantineFile('C:\WINDOWS\system32\MGB_SC~1.SCR','');
QuarantineFile('C:\WINDOWS\system32\CTFMON.EXE','');
QuarantineFile('C:\WINDOWS\system32\DRIVERS\tcpip.sys','');
DeleteService('abp470n5');
QuarantineFile('C:\WINDOWS\system32\msiexec.exe','');
QuarantineFile('C:\WINDOWS\system32\drivers\rsmhn.sys','');
QuarantineFile('C:\WINDOWS\system32\drivers\oljor.sys','');
QuarantineFile('C:\WINDOWS\system32\wmdrtc32.dll','');
QuarantineFile('C:\WINDOWS\system32\SHELL32.dll','');
QuarantineFile('C:\WINDOWS\system32\sfc_os.dll','');
QuarantineFile('C:\WINDOWS\system32\mydocs.dll','');
QuarantineFile('C:\WINDOWS\Explorer.exe','');
QuarantineFile('C:\DOCUME~1\sherif\LOCALS~1\Temp\winpdrjsp.exe','');
QuarantineFile('C:\DOCUME~1\sherif\LOCALS~1\Temp\pfkct.exe','');
TerminateProcessByName('c:\docume~1\sherif\locals~1\temp\winpdrjsp.exe');
QuarantineFile('c:\docume~1\sherif\locals~1\temp\winpdrjsp.exe','');
TerminateProcessByName('c:\docume~1\sherif\locals~1\temp\pfkct.exe');
QuarantineFile('c:\docume~1\sherif\locals~1\temp\pfkct.exe','');
QuarantineFile('c:\windows\explorer.exe','');
DeleteFile('c:\docume~1\sherif\locals~1\temp\pfkct.exe');
DeleteFile('c:\docume~1\sherif\locals~1\temp\winpdrjsp.exe');
DeleteFile('C:\DOCUME~1\sherif\LOCALS~1\Temp\pfkct.exe');
DeleteFile('C:\DOCUME~1\sherif\LOCALS~1\Temp\winpdrjsp.exe');
DeleteFile('C:\WINDOWS\system32\wmdrtc32.dll');
DeleteFile('C:\WINDOWS\system32\drivers\oljor.sys');
DeleteFile('C:\WINDOWS\system32\drivers\rsmhn.sys');
DeleteFile('C:\WINDOWS\svchost.exe');
DeleteFile('D:\autorun.inf');
DeleteFile('E:\autorun.inf');
DeleteFile('F:\autorun.inf');
DeleteFile('G:\autorun.inf');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
ExecuteRepair(6);
ExecuteRepair(8);
ExecuteRepair(9);
ExecuteRepair(11);
ExecuteRepair(16);
ExecuteRepair(17);
RebootWindows(true);
end.
Your computer will reboot( if it is not, do it yourself)
Pack ( zip) (with pass 'virus') "Qurantine_AVZ" ( it is subfolder where your avptool exist)
Please upload it by link http://virusinfo.info/upload_virus_eng.php?tid=32032
Then, please disable your internet connection, antivirus/firewall, all messengers and other staff that you can.
Lunch your internet explorer.
Only after these simple steps, please make a new log in avp tool and attach it to your next post.