Sality.aa -I need help PLEASE

[p7r]

Hello

avptool_syscheck is attached

Thank you

The task manager, regedit and safe mode is disabled

How can i make it to active?

Thank you

[Numb]

Hello.
Before follow my advices you should read the rules of "Help me!" section and download AVZ and Hijackthis tools (the links are in the rules too). You should also check your PC using CureIt! tool, because sality is supposed to be a file virus. Attention! At the launch Cureit! tool performs quick scan only, after that you should start full scan manually.
Execute script in AVZ:

Код:

begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
 QuarantineFile('C:\Documents and Settings\Free User\Start Menu\Programs\Startup\is-BRJ6V.lnk','');
 QuarantineFile('C:\Documents and Settings\Free User\Start Menu\Programs\Startup\is-68MO2.lnk','');
 QuarantineFile('C:\WINDOWS\system32\drivers\ohksn.sys','');
 QuarantineFile('C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys','');
 QuarantineFile('C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys','');
 QuarantineFile('C:\WINDOWS\system32\DRIVERS\HssDrv.sys','');
 QuarantineFile('C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys','');
 QuarantineFile('C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_F423308312A7B033.dll','');
 QuarantineFile('C:\Documents and Settings\Free User\Local Settings\Temp\jkos-Free User\binaries\kave.dll','');
 QuarantineFile('c:\program files\windows live\toolbar\wltuser.exe','');
 QuarantineFile('c:\program files\microsoft\search enhancement pack\seaport\seaport.exe','');
 QuarantineFile('c:\program files\hotspot shield\hsswpr\hsssrv.exe','');
 QuarantineFile('C:\Documents and Settings\Free User\Start Menu\Programs\Startup\is-HG3G4.lnk','');
 QuarantineFile('c:\docume~1\freeus~1\applic~1\progra~1\online warn logo.exe','');
 DeleteFile('c:\docume~1\freeus~1\applic~1\progra~1\online warn logo.exe');
 BC_DeleteFile('c:\docume~1\freeus~1\applic~1\progra~1\online warn logo.exe');
 DeleteFile('C:\Documents and Settings\Free User\Start Menu\Programs\Startup\is-HG3G4.lnk');
 BC_DeleteFile('C:\Documents and Settings\Free User\Start Menu\Programs\Startup\is-HG3G4.lnk');
 DeleteFile('C:\Documents and Settings\Free User\Start Menu\Programs\Startup\is-68MO2.lnk');
 BC_DeleteFile('C:\Documents and Settings\Free User\Start Menu\Programs\Startup\is-68MO2.lnk');
 DeleteFile('C:\Documents and Settings\Free User\Start Menu\Programs\Startup\is-BRJ6V.lnk');
 BC_DeleteFile('C:\Documents and Settings\Free User\Start Menu\Programs\Startup\is-BRJ6V.lnk');
BC_ImportquarantineList;
BC_Activate;
ExecuteSysClean;
executerepair(6);
executerepair(10);
executerepair(11);
executerepair(17);
RebootWindows(true);
end.

After restart, upload quarantine using the link http://virusinfo.info/upload_virus_eng.php?tid=42017 as it's described in the rules and make new logs.