Показано с 1 по 6 из 6.

How to remove trojan infection [Rootkit.Win32.TDSS.cmy ]

  1. #1
    Junior Member Репутация
    Регистрация
    29.12.2008
    Сообщений
    3
    Вес репутации
    30

    How to remove trojan infection [Rootkit.Win32.TDSS.cmy ]

    My PC has been infected by a Trojan.
    It is impossible to update my anti-virus application (AVG Free), windows. Some anti-virus sites are blocked.

    I ran the virus removal application of Kaspersky. This detected, deleted or quarantained 3 malicious files. Yet it remains impossible to update AVG.

    How can I remove all traces of infection?

    I have attached the system information after running the Kaspersky removal tool.
    Вложения Вложения

  2. #2
    Senior Member Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация
    Регистрация
    03.04.2006
    Сообщений
    21,108
    Вес репутации
    2997
    Switch off:
    - Antivirus and and, if you have - Firewall.
    - System Restore

    - Execute following script
    Код:
    begin
    SearchRootkit(true, true);
    SetAVZGuardStatus(True);
     QuarantineFile('C:\autorun.inf','');
     QuarantineFile('D:\autorun.inf','');
     QuarantineFile('E:\autorun.inf','');
     QuarantineFile('L:\autorun.inf','');
     DeleteFile('L:\autorun.inf');
     DeleteFile('E:\autorun.inf');
     DeleteFile('D:\autorun.inf');
     DeleteFile('C:\autorun.inf');
     DeleteService('Bonjour Service');
     DeleteFile('c:\program files\bonjour\mdnsresponder.exe');
     DeleteFile('C:\Program Files\Bonjour\mdnsNSP.dll');
    BC_ImportAll;
    ExecuteSysClean;
    BC_Activate;
    RebootWindows(true);
    end.
    After reboot:
    - Clean Temp-Maps, Cache of Browsers, Recycler. Use Windows service tool cleanmgr or CCleaner or ClearProg
    - Close all the programs and start only Internet Explorer!!!
    - Repeat 3 log files in accordance with the rules.
    - Switch Antivirus and, if you have - Firewall, on.
    - Go On-Line
    - Upload the quarantine over the link Upload quarantined files on the top of this page.
    - Attach 3 logs to your new post..

  3. #3
    Junior Member Репутация
    Регистрация
    29.12.2008
    Сообщений
    3
    Вес репутации
    30

    Done as said

    Tnx Rene-gad,

    I have uploaded the quarantined files. Attached are the log-files.

    Regards,

    FWPC
    Вложения Вложения

  4. #4
    Senior Member Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация
    Регистрация
    03.04.2006
    Сообщений
    21,108
    Вес репутации
    2997
    Switch off:
    - Antivirus and and, if you have - Firewall.
    - System Restore

    - Execute following script
    Код:
    begin
    SearchRootkit(true, true);
    SetAVZGuardStatus(True);
     QuarantineFile('C:\resycled\boot.com','');
     DeleteFile('C:\resycled\boot.com');
    BC_ImportAll;
    ExecuteSysClean;
    BC_Activate;
    RebootWindows(true);
    end.
    After reboot:
    - Clean Temp-Maps, Cache of Browsers, Recycler. Use Windows service tool cleanmgr or CCleaner or ClearProg
    - Close all the programs and start only Internet Explorer!!!
    - Repeat 3 log files in accordance with the rules.
    - Switch Antivirus and, if you have - Firewall, on.
    - Go On-Line
    - Upload the quarantine over the link Upload quarantined files on the top of this page.
    - Attach 3 logs to your new post..

  5. #5
    Junior Member Репутация
    Регистрация
    29.12.2008
    Сообщений
    3
    Вес репутации
    30
    Executed script, uploaded the quarantined files and attached the logfiles.

    The problem still has not been solved. It was for a certain amount of time (update of AVG worked) but then the problems started again.

    Regards,

    FWPC
    Вложения Вложения

  6. #6
    Senior Member Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация
    Регистрация
    03.04.2006
    Сообщений
    21,108
    Вес репутации
    2997
    We should remove the old Panda Driver

    - Execute following script
    Код:
    begin
    SearchRootkit(true, true);
    SetAVZGuardStatus(True);
      DeleteFile('C:\WINDOWS\system32\Drivers\pavboot.sys');
    BC_ImportAll;
    ExecuteSysClean;
    BC_Activate;
    RebootWindows(true);
    end.
    After reboot:
    - Clean Temp-Maps, Cache of Browsers, Recycler. Use Windows service tool cleanmgr or CCleaner or ClearProg
    - Close all the programs and start only Internet Explorer!!!
    - Repeat 3 log files in accordance with the rules.
    - Switch Antivirus and, if you have - Firewall, on.
    - Go On-Line
    - Upload the quarantine over the link Upload quarantined files on the top of this page.
    - Attach 3 logs to your new post..

    I cannot find any suspicious in your logs.

Похожие темы

  1. Trojan infection (заявка №100276)
    От CyberHelper в разделе Отчеты сервиса лечения VirusInfo
    Ответов: 1
    Последнее сообщение: 18.07.2011, 15:00
  2. unlimited trojan infection (downloader)
    От Yarnick в разделе Malware Removal Service
    Ответов: 4
    Последнее сообщение: 21.08.2010, 23:12
  3. Trojan Infection
    От Andreas777 в разделе Malware Removal Service
    Ответов: 1
    Последнее сообщение: 29.05.2010, 15:42
  4. Can't remove this: trojan.win32.generic.
    От Griautis в разделе Malware Removal Service
    Ответов: 9
    Последнее сообщение: 05.12.2009, 16:00
  5. I can't remove Trojan.Win32.Monderc.gen
    От pippi89 в разделе Malware Removal Service
    Ответов: 1
    Последнее сообщение: 12.07.2008, 19:30

Свернуть/Развернуть Ваши права в разделе

  • Вы не можете создавать новые темы
  • Вы не можете отвечать в темах
  • Вы не можете прикреплять вложения
  • Вы не можете редактировать свои сообщения
  •  
Page generated in 0.01124 seconds with 20 queries