Report for Analasys

[Illiad]

Here is my Report

Also, is there a language option for this forum?

[Rene-gad]

Switch off/Disable:
- Antivirus and and, if you have - Firewall.
- System Restore

- Start AVPTool AS ADMINISTRATOR.
- Execute following script in Manual Cure

Код:

begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
 TerminateProcessByName('c:\users\valued~1\appdata\local\temp\rarsfx4\wxu47.exe');
 QuarantineFile('c:\users\valued~1\appdata\local\temp\rarsfx4\wxu47.exe','');
 QuarantineFile('C:\Windows\system32\drivers\dpox.sys','');
 QuarantineFile('C:\Windows\System32\Drivers\amntbq1w.SYS','');
 QuarantineFile('C:\Windows\system32\drivers\tnjxlys.sys','');
 DeleteFile('C:\Windows\system32\drivers\tnjxlys.sys');
 DeleteFile('C:\Windows\System32\Drivers\amntbq1w.SYS');
 DeleteFile('C:\Windows\system32\drivers\dpox.sys');
 DeleteFile('c:\users\valued~1\appdata\local\temp\rarsfx4\wxu47.exe');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
SetAVZPMStatus(True);
RebootWindows(true);
end.

After reboot execute following script in Manual Cure

Код:

begin
CreateQurantineArchive('C:\quarantine.zip');
end.

- Clean Temp-Maps, Cache of Browsers, Recycler. Use Windows service tool cleanmgr or CCleaner or ClearProg
- Close all the programs and start only Internet Explorer!!!
- Repeat a log file.
- Switch Antivirus and, if you have - Firewall, on.
- Go On-Line
- Upload the C:\quarantine.zip over the link Upload quarantined files on the top of this page.
- Attach a log to your new post..

Добавлено через 1 минуту

Also, is there a language option for this forum?

What do you mean? We have EN/RU - languages, switch with the flags right above.

[Illiad]

Please ignore my double post, it's been a long night.... Commencing work

I uploaded the quarantine.zip file and here are the logs.

All this was done in safe mode + networking. I attempted to do it in regular, but when the system booted, windows said I wasn't genuine and all I could do was access FireFox

[Rene-gad]

All this was done in safe mode

It hadn't any sense : any antirootkit has to be run in normal mode.