Hello.
Before execute script you should turn off system restore.
Download AVZ antiviral toolkit and Hijackthis utility using links from the rules of "Help me!" section, unzip them in separate folders and upgrade AVZ's databases.
While executing script you should also disable your antivirus monitor and turn off your internet connection.
Execute script in AVZ:
Код:
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
QuarantineFile('C:\WINDOWS\system32\alg.exe','');
QuarantineFile('C:\WINDOWS\system32\sopidkc.exe','');
QuarantineFile('C:\WINDOWS\system32\mabidwe.exe','');
QuarantineFile('C:\WINDOWS\system32\afisicx.exe','');
SetServiceStart('sopidkc', 4);
SetServiceStart('mabidwe', 4);
SetServiceStart('afisicx', 4);
DeleteFile('C:\WINDOWS\system32\afisicx.exe');
BC_DeleteFile('C:\WINDOWS\system32\afisicx.exe');
DeleteFile('C:\WINDOWS\system32\mabidwe.exe');
BC_DeleteFile('C:\WINDOWS\system32\mabidwe.exe');
DeleteFile('C:\WINDOWS\system32\sopidkc.exe');
BC_DeleteFile('C:\WINDOWS\system32\sopidkc.exe');
DeleteService('sopidkc');
DeleteService('mabidwe');
DeleteService('afisicx');
BC_DeleteSvc('sopidkc');
BC_DeleteSvc('mabidwe');
BC_DeleteSvc('afisicx');
BC_Activate;
ExecuteSysClean;
executerepair(1);
executerepair(6);
executerepair(8);
executerepair(9);
RebootWindows(true);
end.
Your system will be restarted. After restart, upload quarantine using the link http://virusinfo.info/upload_virus_eng.php?tid=41362 and make new logs as it's described in the rules