2/9/2009 10:32:23 AM C:\WINDOWS\system32\uweyiwe1.dll --> Suspicion for Keylogger or Trojan DLL
this thing just would not go away! eventhough I did the scan numerous times and erased it.
2/9/2009 10:32:23 AM C:\WINDOWS\system32\uweyiwe1.dll --> Suspicion for Keylogger or Trojan DLL
this thing just would not go away! eventhough I did the scan numerous times and erased it.
Please download in my signature special avz, put it in new folder on desktop.
Please execute this script in avz: ( http://virusinfo.info/showthread.php?t=9207)
(Do remember to disable antivirus and disconnect from internet before that)
Read appendix#3 of the rules http://virusinfo.info/showthread.php?t=9184Код:begin SearchRootkit(true, true); SetAVZGuardStatus(True); QuarantineFile('G:\8bglj.cmd',''); QuarantineFile('G:\autorun.inf',''); QuarantineFile('F:\8bglj.cmd',''); QuarantineFile('F:\autorun.inf',''); QuarantineFile('C:\8bglj.cmd',''); QuarantineFile('C:\autorun.inf',''); QuarantineFile('c:\windows\config\csrss.exe',''); QuarantineFile('C:\WINDOWS\system32\kva8wr.exe',''); DeleteFile('c:\windows\config\csrss.exe'); DeleteFile('C:\WINDOWS\system32\uweyiwe1.dll'); DeleteFile('C:\WINDOWS\system32\kva8wr.exe'); DeleteFile('C:\autorun.inf'); DeleteFile('C:\8bglj.cmd'); DeleteFile('F:\autorun.inf'); DeleteFile('F:\8bglj.cmd'); DeleteFile('G:\autorun.inf'); DeleteFile('G:\8bglj.cmd'); BC_ImportAll; ExecuteSysClean; ExecuteRepair(6); ExecuteRepair(8); ExecuteRepair(9); BC_Activate; RebootWindows(true); end.
upload quarantine by http://virusinfo.info/upload_virus_eng.php?tid=39344
make a new logs according to rules http://virusinfo.info/showthread.php?t=9184 and attach them to your next post.
Последний раз редактировалось drongo; 09.02.2009 в 19:43.
*Нажми и выполни, если хочешь чтобы помощь улучшилась и ускорилась
*MyFirefox Portable
special avz @ rapidshare.com
md5: 2091925798B7909E010E3F7E328C5F0D
it says <AVZ_Scan> failed
????
*Нажми и выполни, если хочешь чтобы помощь улучшилась и ускорилась
*MyFirefox Portable
special avz @ rapidshare.com
md5: 2091925798B7909E010E3F7E328C5F0D
I modified the script a little and it worked
now I see
2/9/2009 11:35:46 AM Function kernel32.dll:CreateProcessA (99) intercepted, method ProcAddressHijack.GetProcAddress ->7C80236B->61F03F42
is this anything suspicious?
and Im posting the log after script
I don't see your quarantine. Until you will not send a quarantine as i did requested from you, i will not answer any question.
*Нажми и выполни, если хочешь чтобы помощь улучшилась и ускорилась
*MyFirefox Portable
special avz @ rapidshare.com
md5: 2091925798B7909E010E3F7E328C5F0D
I didn't know what I was doing at first, I erased the quarantine files by mistake.
also, I was using AVP instead of AVZ at first. No wonder.
I'm really sorry but didn't know what I was doing. I have same exact infection on my laptop. Can I post the quarantine file from there instead? Because that one has to be resolved as well.
I'm really really sorry, in my stupid haste I made waste.
No, every system separate theme.
*Нажми и выполни, если хочешь чтобы помощь улучшилась и ускорилась
*MyFirefox Portable
special avz @ rapidshare.com
md5: 2091925798B7909E010E3F7E328C5F0D