Where is the quarantine?
Добавлено через 10 минут
You must clean your system from file virus Sality before. Use CureIt from Dr.Web or AVPTool from Kaspersky (s. links by the rules) You have to download them using any clean system or Live CD and start them from any external drive (CD or Only-Read-SD-Card).
After healing:
Switch off:
- Antivirus and and, if you have - Firewall.
- System Restore- I hope, you can see this sentence now
- Execute following script
Код:
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
StopService('abp470n5');
StopService('EGPZGJYNVTH');
TerminateProcessByName('c:\docume~1\maather\locals~1\temp\lclscp.exe');
TerminateProcessByName('c:\docume~1\maather\locals~1\temp\winfxftf.exe');
TerminateProcessByName('c:\docume~1\maather\locals~1\temp\winexxoax.exe');
TerminateProcessByName('c:\docume~1\maather\locals~1\temp\abwbdt.exe');
QuarantineFile('C:\Program Files\MSN Messenger\usnsvc.exe','');
QuarantineFile('C:\DOCUME~1\MAATHER\LOCALS~1\Temp\EGPZGJYNVTH.exe','');
QuarantineFile('C:\WINDOWS\system32\drivers\rgstn.sys','');
QuarantineFile('c:\docume~1\maather\locals~1\temp\winexxoax.exe','');
QuarantineFile('c:\docume~1\maather\locals~1\temp\winfxftf.exe','');
QuarantineFile('c:\docume~1\maather\locals~1\temp\lclscp.exe','');
QuarantineFile('c:\docume~1\maather\locals~1\temp\abwbdt.exe','');
DeleteFile('c:\docume~1\maather\locals~1\temp\abwbdt.exe');
DeleteFile('c:\docume~1\maather\locals~1\temp\lclscp.exe');
DeleteFile('c:\docume~1\maather\locals~1\temp\winfxftf.exe');
DeleteFile('c:\docume~1\maather\locals~1\temp\winexxoax.exe');
DeleteFile('C:\DOCUME~1\MAATHER\LOCALS~1\Temp\EGPZGJYNVTH.exe');
DeleteFile('C:\WINDOWS\system32\drivers\rgstn.sys');
DeleteService('EGPZGJYNVTH');
DeleteService('abp470n5');
BC_ImportAll;
ExecuteSysClean;
BC_DeleteSvc('EGPZGJYNVTH');
BC_DeleteSvc('abp470n5');
BC_Activate;
RebootWindows(true);
end.
After reboot:
- Execute following script
Код:
begin
CreateQurantineArchive(GetAVZDirectory+'quarantine.zip');
end.
After reboot:
- Clean Temp-Maps, Cache of Browsers, Recycler. Use Windows service tool cleanmgr or CCleaner or ClearProg
- Close all the programs and start only Internet Explorer!!!
- Repeat the log file
- Switch Antivirus and, if you have - Firewall, on.
- Go On-Line
- Upload the quarantine.zip over the link Upload quarantined files on the top of this page.
- Attach new log to your post..