Here is attach
http://virusinfo.info/attachment.php...1&d=1224577522
Please help
Here is attach
http://virusinfo.info/attachment.php...1&d=1224577522
Please help
I think, you have a more serious infection than some adware.
So, let the curing begin. :-)
First of all:
Switch off:
- Antivirus and, if you have - Firewall, an internet connection.
- System Restore
- Execute following script in avptool ( see how -to :http://avptool.virusinfo.info/en/AVP...curescript.htm )
You computer will reboot( if it will not, do it yourself)Код:begin SearchRootkit(true, true); SetAVZGuardStatus(True); QuarantineFile('C:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe',''); DelBHO('{EEDD6C11-FCCA-4153-A5A0-2AF0AC1612A4}'); QuarantineFile('C:\WINDOWS\system32\awttRLef.dll',''); DelBHO('{BF5D7127-12FE-403C-AA5C-07186D84A5CE}'); QuarantineFile('C:\WINDOWS\grfxbanomok.dll',''); DelBHO('{758F6D53-DCC7-4CCF-9080-4B6F9389F641}'); QuarantineFile('C:\WINDOWS\system32\geBuTNeb.dll',''); QuarantineFile('C:\Windows\system32\YUR24B.exe',''); QuarantineFile('C:\Windows\system32\YUR249.exe',''); QuarantineFile('C:\Windows\system32\YUR248.exe',''); QuarantineFile('C:\Windows\system32\YUR247.exe',''); QuarantineFile('C:\Program Files\BOINC\boinc.exe',''); QuarantineFile('C:\WINDOWS\System32\Drivers\azovaovs.SYS',''); QuarantineFile('C:\WINDOWS\system32\tojxwiqm.dll',''); DeleteFile('C:\WINDOWS\system32\tojxwiqm.dll'); DeleteFile('C:\Windows\system32\YUR247.exe'); DeleteFile('C:\Windows\system32\YUR248.exe'); DeleteFile('C:\Windows\system32\YUR249.exe'); DeleteFile('C:\Windows\system32\YUR24B.exe'); DeleteFile('C:\WINDOWS\system32\geBuTNeb.dll'); DeleteFile('C:\WINDOWS\grfxbanomok.dll'); DeleteFile('C:\WINDOWS\system32\awttRLef.dll'); DeleteFile('C:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe'); DeleteFile('C:\WINDOWS\System32\Drivers\azovaovs.SYS'); BC_ImportAll; BC_DeleteSvc('azovaovs'); ExecuteSysClean; BC_Activate; ExecuteRepair(6); ExecuteRepair(8); ExecuteRepair(9); RebootWindows(true); end.
Pack ( zip) (with pass 'virus' without the quotes ) "Qurantine_AVZ" ( it is subfolder where your avptool exist)
Please upload it by link http://virusinfo.info/upload_virus_eng.php?tid=32435
Then, close all your programs that you able to, including your "anti ", lunch an internet explorer & another browser that you might use.Only then make a new log in avp tool and attach it to your next post.We shall continue in the curing process...
Последний раз редактировалось drongo; 21.10.2008 в 15:37.
*Нажми и выполни, если хочешь чтобы помощь улучшилась и ускорилась
*MyFirefox Portable
special avz @ rapidshare.com
md5: 2091925798B7909E010E3F7E328C5F0D
Check Now
Последний раз редактировалось drongo; 22.10.2008 в 21:24.
Switch off:
- Antivirus and, if you have - Firewall, an internet connection.
- System Restore
- Execute following script in avptool ( see how -to :http://avptool.virusinfo.info/en/AVP...curescript.htm )
You computer will reboot( if it will not, do it yourself)Код:begin SearchRootkit(true, true); SetAVZGuardStatus(True); QuarantineFile('C:\WINDOWS\ngwstxfd.dll',''); QuarantineFile('C:\WINDOWS\qrbgltos.dll',''); QuarantineFile('geBuTNeb.dll',''); DelBHO('{FEE70430-89C4-4F02-BEE2-51A06B524851}'); QuarantineFile('C:\WINDOWS\system32\awttRLef.dll',''); QuarantineFile('C:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe',''); DeleteFile('C:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe'); DeleteFile('geBuTNeb.dll'); DeleteFile('C:\WINDOWS\system32\awttRLef.dll'); DeleteFile('C:\WINDOWS\qrbgltos.dll'); DeleteFile('C:\WINDOWS\ngwstxfd.dll'); BC_ImportAll; BC_DeleteSvc('azovaovs'); ExecuteSysClean; BC_Activate; ExecuteRepair(6); ExecuteRepair(8); ExecuteRepair(9); RebootWindows(true); end.
Pack ( zip) (with pass 'virus' without the quotes ) "Qurantine_AVZ" ( it is subfolder where your avptool exist)
Please upload it by link http://virusinfo.info/upload_virus_eng.php?tid=32435
Then, close all your programs that you able to, including your "anti ", lunch an internet explorer & another browser that you might use.Only then make a new log in avp tool and attach it to your next post.We shall continue in the curing process...
In English!!!
Последний раз редактировалось drongo; 22.10.2008 в 21:24.
In Russian in other section of the forum!
*Нажми и выполни, если хочешь чтобы помощь улучшилась и ускорилась
*MyFirefox Portable
special avz @ rapidshare.com
md5: 2091925798B7909E010E3F7E328C5F0D
Sorry i am lithuanian i am speek russian and english language
one more...
Please send us by http://virusinfo.info/upload_virus_eng.php?tid=32435, should be interestingКод:begin ClearQuarantine; SearchRootkit(true, true); SetAVZGuardStatus(True); QuarantineFile('C:\WINDOWS\System32\Drivers\at8llvmg.SYS',''); BC_ImportAll; BC_Activate; RebootWindows(true); end.
Добавлено через 1 минуту
i see
Последний раз редактировалось drongo; 22.10.2008 в 21:32. Причина: Добавлено
*Нажми и выполни, если хочешь чтобы помощь улучшилась и ускорилась
*MyFirefox Portable
special avz @ rapidshare.com
md5: 2091925798B7909E010E3F7E328C5F0D
I send
How i can disable autorun from removable devices ?
Still, only in Russian: http://virusinfo.info/showthread.php?t=20291
Could you help with translation?
Последний раз редактировалось drongo; 22.10.2008 в 23:32.
*Нажми и выполни, если хочешь чтобы помощь улучшилась и ускорилась
*MyFirefox Portable
special avz @ rapidshare.com
md5: 2091925798B7909E010E3F7E328C5F0D
I will help translate
I have 1 computer more infected
Download and launch the reg file that is contained in the zip file from this link:
http://virusinfo.info/attachment.php...9&d=1206283419
P.S.: When you copy the file and rename it, changing the .reg extension into .txt, you will see exactly what it does. There are some surprises in there. Spread the good news to whoever you can...
Paul