Do you need BackWeb ? I suggest you to go to add/remove programs and uninstall it. It is kind of nasty program.
Don't forget to disable norton antivirus and disconnect from internet, only then execute this script in avz:
Код:
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
QuarantineFile('C:\WINDOWS\COUPON~1.OCX','');
QuarantineFile('C:\Program Files\NetZero\qsacc\X1IEBHO.dll','');
QuarantineFile('C:\WINDOWS\system32\ps2.exe','');
QuarantineFile('C:\WINDOWS\system32\UACphwtkuin.dll','');
QuarantineFile('C:\WINDOWS\system32\UACqeystrqv.dll','');
QuarantineFile('C:\WINDOWS\system32\UACsyxarhca.dll','');
QuarantineFile('C:\WINDOWS\system32\UACtuaiisko.dll','');
QuarantineFile('C:\WINDOWS\system32\drivers\UACagvatkkj.sys','');
DeleteService('MyWebSearchService');
QuarantineFile('\\?\globalroot\systemroot\system32\UACqeystrqv.dll','');
DeleteFile('\\?\globalroot\systemroot\system32\UACqeystrqv.dll');
DeleteFile('C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwssvc.exe');
DeleteFile('C:\WINDOWS\system32\ps2.exe');
DeleteFile('C:\WINDOWS\system32\UACphwtkuin.dll');
DeleteFile('C:\WINDOWS\system32\UACqeystrqv.dll');
DeleteFile('C:\WINDOWS\system32\UACsyxarhca.dll');
DeleteFile('C:\WINDOWS\system32\UACtuaiisko.dll');
DeleteFile('C:\WINDOWS\system32\drivers\UACagvatkkj.sys');
DeleteFile('C:\WINDOWS\COUPON~1.OCX');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
ExecuteRepair(6);
ExecuteRepair(8);
ExecuteRepair(9);
SetAVZPMStatus(true);
RebootWindows(true);
end.
System will reboot.
Please upload a quarantine by http://virusinfo.info/upload_virus_eng.php?tid=41846
The avz's database was last updated 2/8/2009 it is necessary to update the bases using automatic updates (File/Database update). Please do update, then make a set of new logs and attach them to next post in this topic.