Please download avz special edition in my signature, put it in some new clear folder that you want to (not in temporary, please) for example on desktop.
Switch off:
- antivirus, internet connection
- System Restore
(read in our faq,how to do it)
- Execute following script(http://virusinfo.info/showthread.php?t=9207)
Код:
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
QuarantineFile('C:\WINDOWS\system32\DRIVERS\nvmini.sys','');
QuarantineFile('G:\boot.exe','');
QuarantineFile('G:\autorun.inf','');
QuarantineFile('D:\autorun.inf','');
QuarantineFile('C:\autorun.inf','');
QuarantineFile('C:\WINDOWS\System32\rundll32.exe','');
QuarantineFile('C:\WINDOWS\inf\unregmp2.exe','');
QuarantineFile('C:\WINDOWS\system32\regsvr32.exe','');
QuarantineFile('C:\WINDOWS\System32\Drivers\SjyPkt.sys','');
QuarantineFile('C:\WINDOWS\system32\DRIVERS\tcpip.sys','');
QuarantineFile('C:\WINDOWS\system32\Drivers\mchInjDrv.sys','');
QuarantineFile('C:\WINDOWS\system32\SHELL32.dll','');
QuarantineFile('C:\WINDOWS\system32\sfc_os.dll','');
QuarantineFile('C:\WINDOWS\system32\RTPSvc.exe','');
QuarantineFile('C:\WINDOWS\system32\RTPScan.dll','');
QuarantineFile('C:\WINDOWS\system32\CopyToSendTo.dll','');
QuarantineFile('C:\Documents and Settings\Nurul\Desktop\pcmav1.92\PCMAV.VDB','');
QuarantineFile('C:\Documents and Settings\Nurul\Desktop\pcmav1.92\riltaim.exe','');
QuarantineFile('c:\windows\system32\rtpsvc.exe','');
DeleteFile('C:\autorun.inf');
DeleteFile('D:\autorun.inf');
DeleteFile('G:\autorun.inf');
DeleteFile('G:\boot.exe');
BC_ImportAll;
ExecuteSysClean;
ExecuteRepair(6);
ExecuteRepair(8);
ExecuteRepair(9);
ExecuteRepair(10);
BC_Activate;
RebootWindows(true);
end.
After reboot:
- Clean Temp-Maps, Cache of Browsers, Recycler. Use Windows service tool cleanmgr or CCleaner or ClearProg
- Close all the programs and start only Internet Explorer!!!
- Repeat 3 log files in accordance with the rules.
- Switch Antivirus and, if you have - Firewall, on.
- Go On-Line
- Upload the quarantine over the link Upload quarantined files on the top of this page.
Also, please read carefully appendix#2 of rules and search, copy and send to us files:
Код:
Acha.exe
AmyMastura.exe
csrsz.exe
registry.exe
I believe, then you will be able to go to safe mode and scan with latest avptool and cureit . Let us know what it will find if any.
Don't forget make a windows update.Service Pack 3 etc...