Very good, at least now i am able to see some interesting files Lets try to copy them for investigation.
execute this script in special avz:
Код:
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
QuarantineFile('C:\WINDOWS.0\system32\athgina.dll','');
QuarantineFile('C:\WINDOWS.0\system32\drivers\UACxtlwbymb.sys','');
QuarantineFile('C:\WINDOWS.0\System32\drivers\f2773d53.sys','');
QuarantineFile('C:\WINDOWS.0\System32\drivers\ecab543b.sys','');
QuarantineFile('C:\WINDOWS.0\System32\drivers\7ea20a86.sys','');
QuarantineFile('C:\WINDOWS.0\system32\MsSip3.dll','');
QuarantineFile('C:\WINDOWS.0\system32\MsSip2.dll','');
QuarantineFile('C:\WINDOWS.0\system32\MsSip1.dll','');
BC_ImportAll;
BC_Activate;
RebootWindows(true);
end.
Please send a quarantine according to Appendix #3 of the rules by link: http://virusinfo.info/upload_virus_eng.php?tid=39828
Let us know, when you done.