Before scanning/manipulation with avptool you should disable your "anti" like mcafee, spybot
At least, try to do it
Execute in AVPTools a script from the box below :
Код:
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
QuarantineFile('C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\{5F3E5E8B-1F32-44CA-91B3-02F55004F364}\sidebar.exe','');
QuarantineFile('C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\{5F3E5E8B-1F32-44CA-91B3-02F55004F364}\SDPlugins\SDAnalogClock3.dll','');
QuarantineFile('C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\{5F3E5E8B-1F32-44CA-91B3-02F55004F364}\SDPlugins\DXTrash.dll','');
QuarantineFile('C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\{5F3E5E8B-1F32-44CA-91B3-02F55004F364}\SDPlugins\DXStats.dll','');
QuarantineFile('C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\{5F3E5E8B-1F32-44CA-91B3-02F55004F364}\SDPlugins\DXPlayer.dll','');
QuarantineFile('C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\{5F3E5E8B-1F32-44CA-91B3-02F55004F364}\SDPlugins\DXPerf4.dll','');
QuarantineFile('C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\{44BCF12F-79E3-4277-B82C-BA5DF67CF68A}\SDPlugins\DXAxHost.dll','');
QuarantineFile('C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\{44BCF12F-79E3-4277-B82C-BA5DF67CF68A}\SDPlugins\DXStart.dll','');
QuarantineFile('c:\docume~1\admini~1\locals~1\temp\{5f3e5e8b-1f32-44ca-91b3-02f55004f364}\sidebar.exe','');
QuarantineFile('c:\windows\explorer.exe','');
QuarantineFile('c:\docume~1\admini~1\locals~1\temp\{44bcf12f-79e3-4277-b82c-ba5df67cf68a}\blaero start orb.exe','');
BC_ImportAll;
BC_Activate;
RebootWindows(true);
end.
This operation will only make a copy from the original files, that we want to look
You computer will reboot( if it is not, do it yourself)
Pack ( zip) (with pass 'virus') "Qurantine_AVZ" ( it is subfolder where your avptool exist)
Please upload it by link http://virusinfo.info/upload_virus_eng.php?tid=32223
Ваши права в разделе
Ответить с цитированием