Показано с 1 по 13 из 13.

Advance Virus Remover

  1. #1
    Junior Member Репутация
    Регистрация
    19.04.2009
    Сообщений
    26
    Вес репутации
    28

    Advance Virus Remover

    From today morning the moment I've started the computer a desk top was substituted saying that the computer is infected. A programme in c:/program/advancevirusremovar/pavrm.exe is executing in the back ground and is not allowing any dos program to work. It says 'the program is infected.'
    I've run avz4 and ran KVRT 7.0, but can not locate the zip file after wards. I've run hijack this.

    Please help
    Вложения Вложения

  2. #2
    Senior Member Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация
    Регистрация
    03.04.2006
    Сообщений
    21,108
    Вес репутации
    2997
    Switch off/Disable:
    - Antivirus and and, if you have - Firewall.
    - System Restore

    -Fix with Hijackthis
    Код:
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: XML module - {500BCA15-57A7-4eaf-8143-8C619470B13D} - C:\WINDOWS\system32\msxml71.dll
    O4 - HKLM\..\Run: [winupdate.exe] C:\WINDOWS\system32\winupdate.exe
    O4 - HKLM\..\Run: [Advanced Virus Remover] C:\Program Files\AdvancedVirusRemover\PAVRM.exe
    O4 - HKUS\S-1-5-18\..\Run: [Cognac] C:\WINDOWS\TEMP\b.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [Cognac] C:\WINDOWS\TEMP\b.exe (User 'Default user')
    - Execute following script in Manual Cure
    Код:
    begin
    SearchRootkit(true, true);
    SetAVZGuardStatus(True);
     QuarantineFile('C:\Program Files\AdvancedVirusRemover\PAVRM.exe','');
     QuarantineFile('C:\WINDOWS\system32\sdra64.exe','');
     QuarantineFile('C:\WINDOWS\system32\winupdate.exe','');
     QuarantineFile('C:\WINDOWS\system32\msxml71.dll','');
     QuarantineFile('C:\WINDOWS\TEMP\b.exe','');
     DeleteFile('C:\WINDOWS\TEMP\b.exe');
     DeleteFile('C:\WINDOWS\system32\msxml71.dll');
     DeleteFile('C:\WINDOWS\system32\winupdate.exe');
     DeleteFile('C:\WINDOWS\system32\sdra64.exe');
     DeleteFile('C:\Program Files\AdvancedVirusRemover\PAVRM.exe');
     DelBHO('{500BCA15-57A7-4eaf-8143-8C619470B13D}');
    BC_ImportAll;
    ExecuteSysClean;
    BC_Activate;
    SetAVZPMStatus(True);
    RebootWindows(true);
    end.
    After reboot execute following script in Manual Cure
    Код:
    begin
    CreateQurantineArchive('C:\quarantine.zip');
    end.
    - Clean Temp-Maps, Cache of Browsers, Recycler. Use Windows service tool cleanmgr or CCleaner or ClearProg
    - Close all the programs and start only Internet Explorer!!!
    - Repeat a log file.
    - Switch Antivirus and, if you have - Firewall, on.
    - Go On-Line
    - Upload the C:\quarantine.zip over the link Upload quarantined files on the top of this page.
    - Attach a log to your new post..

  3. #3
    Junior Member Репутация
    Регистрация
    19.04.2009
    Сообщений
    26
    Вес репутации
    28
    Ran the scripts. Once without the system restore off. 2nd time with system restore off. Uploaded the quarantine.zip as instructed.

    Presently Adobe CS2 & one DOS program working.

    Did not found any balloons from advance virus remover after reboot. Desktop is not changing to the normal. It is not working.

    Hijackthis log file is not getting attached. Attaching virusinfo_syscheck.zip

    Thank You.

    Debansu

    ps: I wanted to donate but the link under your post is in Russian. I couldn't understand what to do. I've never used paypal.
    Вложения Вложения

  4. #4
    Senior Member Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация
    Регистрация
    03.04.2006
    Сообщений
    21,108
    Вес репутации
    2997
    Switch off/Disable:
    - Antivirus and and, if you have - Firewall.
    - System Restore

    - Execute following script in Manual Cure
    Код:
    begin
    SearchRootkit(true, true);
    SetAVZGuardStatus(True);
     ClearQuarantine;
     QuarantineFile('C:\WINDOWS\SaveStartDate.Exe','');
     DeleteFile('C:\WINDOWS\SaveStartDate.Exe');
    BC_ImportAll;
    ExecuteSysClean;
    BC_Activate;
    ExecuteRepair(1);
    ExecuteRepair(5);
    ExecuteRepair(6);
    ExecuteRepair(8);
    ExecuteRepair(9);
    ExecuteRepair(11);
    ExecuteRepair(16);
    ExecuteRepair(17);
    RebootWindows(true);
    end.
    After reboot execute following script in Manual Cure
    Код:
    begin
    CreateQurantineArchive('C:\quarantine.zip');
    end.
    - Clean Temp-Maps, Cache of Browsers, Recycler. Use Windows service tool cleanmgr or CCleaner or ClearProg
    - Close all the programs and start only Internet Explorer!!!
    - Repeat a log file.
    - Switch Antivirus and, if you have - Firewall, on.
    - Go On-Line
    - Upload the C:\quarantine.zip over the link Upload quarantined files on the top of this page.
    - Attach a log to your new post..

    __________________________________________________ ________________________
    Цитата Сообщение от debansu1952 Посмотреть сообщение
    I wanted to donate but the link under your post is in Russian. I couldn't understand what to do.
    Thank you very much
    For using of PayPal or moneybookers.com you should have a reference bank account, be authorized there and become a personal account. For payers is the using of PayPal for free, at moneybookers.com all payments are charged with a small fee.
    Alternative you can use WesternUnion. This system works especially with cash payments and fee is relative high. Pls. search in internet about the conditions legal for your country and contact our administrator anton_dr per PM.
    Последний раз редактировалось Rene-gad; 24.06.2009 в 15:08. Причина: Добавлено

  5. #5
    Junior Member Репутация
    Регистрация
    19.04.2009
    Сообщений
    26
    Вес репутации
    28
    Ran the script as instructed.

    Desktop once again in working condition.

    Quarantine file uploaded.

    virusinfo_syscheck.zip attached.

    Thanks

    Debansu

    Цитата Сообщение от Rene-gad Посмотреть сообщение
    __________________________________________________ ________________________
    contact our administrator anton_dr per PM.

    Pmed anton_dr.

    Thanks once again.

    Debansu
    Вложения Вложения
    Последний раз редактировалось Rene-gad; 24.06.2009 в 19:48.

  6. #6
    Senior Member Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация
    Регистрация
    03.04.2006
    Сообщений
    21,108
    Вес репутации
    2997
    Цитата Сообщение от debansu1952 Посмотреть сообщение
    virusinfo_syscheck.zip attached.
    Pls. make all 3 logs (as written in the rules)

  7. #7
    Junior Member Репутация
    Регистрация
    19.04.2009
    Сообщений
    26
    Вес репутации
    28
    Once again ran AVZ and hijackthis. Logs attached.

    The uploader is not accepting hijackthis log file. Says "You have already attached this file" even after I renamed it "hijackthis_redone".
    Вложения Вложения

  8. #8
    Senior Member Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация
    Регистрация
    03.04.2006
    Сообщений
    21,108
    Вес репутации
    2997
    Цитата Сообщение от debansu1952 Посмотреть сообщение
    Says "You have already attached this file" even after I renamed it "hijackthis_redone".
    Upload engine checks the md5-sum of file. In your case: you try to upload the old file for the 2.nd time. Delete old hjt-log from your PC or rename it to prevent the mixing-up with a new one , make a new log and attach it. To find two files with the same MD5-sum is alike to find 2 people with the same finger prints.
    The logs are looking OK. Any problem more?
    Последний раз редактировалось Rene-gad; 24.06.2009 в 20:53.

  9. #9
    Junior Member Репутация
    Регистрация
    19.04.2009
    Сообщений
    26
    Вес репутации
    28
    No, not any more. It's almost midnight over here. May I upload the hjt tomorrow?

    Thank you a lot.

    Debansu

    Attaching. Attached.
    Thanks
    Вложения Вложения
    Последний раз редактировалось Rene-gad; 25.06.2009 в 09:42.

  10. #10
    Senior Member Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация
    Регистрация
    03.04.2006
    Сообщений
    21,108
    Вес репутации
    2997
    Remove all the jobs from Task Scheduler and stop the Task Scheduler service.
    Install IE8
    Hold your system uptodate, check the settings for Autoupdates in Windows Security Center.

  11. #11
    Junior Member Репутация
    Регистрация
    19.04.2009
    Сообщений
    26
    Вес репутации
    28
    I don't have any scheduled task as of now.

    Using cccleaner every alternate day. Virus check once a week.

    Is there any problem with Mozila Firefox? I use the latest version of the same. Not IE.

    My windows and KIS 2009 is uptodate as of now. Both are on Auto Update.
    Thanks
    Последний раз редактировалось debansu1952; 25.06.2009 в 21:12.

  12. #12
    Senior Member Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация
    Регистрация
    03.04.2006
    Сообщений
    21,108
    Вес репутации
    2997
    Цитата Сообщение от debansu1952 Посмотреть сообщение
    I use the latest version of the same. Not IE.
    It's not relevant: IE is a part of the OS, all it's vulnerabilities are automatically the system's one.

  13. #13
    Junior Member Репутация
    Регистрация
    19.04.2009
    Сообщений
    26
    Вес репутации
    28
    Updating to IE8.
    Thanks

Похожие темы

  1. tnx in advance
    От cetus в разделе Malware Removal Service
    Ответов: 1
    Последнее сообщение: 04.07.2010, 23:32
  2. Virtumonde,Remover.64
    От Kostrulia в разделе Помогите!
    Ответов: 2
    Последнее сообщение: 22.02.2009, 08:32
  3. Spyware Remover
    От Rubzel в разделе Помогите!
    Ответов: 10
    Последнее сообщение: 22.02.2009, 03:24
  4. virtumonde&Remover.M64
    От Mitek в разделе Помогите!
    Ответов: 5
    Последнее сообщение: 19.10.2008, 12:39

Свернуть/Развернуть Ваши права в разделе

  • Вы не можете создавать новые темы
  • Вы не можете отвечать в темах
  • Вы не можете прикреплять вложения
  • Вы не можете редактировать свои сообщения
  •  
Page generated in 0.01576 seconds with 20 queries