Virus Help required Thanks

[ps1]

Hi,

I have a problem with XP sp3. When I reboot, XP starts up in some sort of safe mode. The task bar is grey and half of my processeses that should load on start up don't load. When I restart and load recent settings, XP firewall is switched off and I cannot configure/turn back on, my antivirus is disabled and not allowed to update. Internet explorer does not load although you can see it in Task Manager running as a process. Firefox works ok but I cannot download anything (I have got round this though).

Any help on this much appreciated.

[Rene-gad]

First of all:
- remove Spybot Search & Destroy - it's not necessary
- try to re-install your antivirus program. Clean registry after uninstalling.

If it doesn't help:

Hijackthis.exe has to be started from any NOT-TEMPORARY map.

-Fix with Hijackthis

Код:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://crm/
O2 - BHO: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)

- Update the AVZ Database (File /Database Update)
- Execute following script

Код:

begin
ExecuteRepair(6);
ExecuteRepair(8);
ExecuteRepair(9);
ExecuteRepair(11);
ExecuteRepair(16);
ExecuteRepair(17);
SetAVZPMSTATUS(true);
RebootWindows(true);
end.

After reboot:

- Clean Temp-Maps, Cache of Browsers, Recycler. Use Windows service tool cleanmgr or CCleaner or ClearProg
- Close all the programs and start only Internet Explorer!!!
- Repeat 3 first points from Analysis and attach the logs to your new message.

[ps1]

I have attached the log files again after carrying out the above.

[Rene-gad]

Just now you have Panda AND AVG8??? It's not clever and can have very unpleasant consequences for you system. You must have ONLY ONE Antivirus and if you want - ONLY ONE firewall

Remove Ad-Aware. One security program more brings you into one security level lower - it's paradoxical, but true

Switch off/Disable:
- Antivirus and and, if you have - Firewall.
- System Restore

- Execute following script

Код:

begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
ClearQuarantine;
 QuarantineFile('C:\DOCUME~1\psmith\LOCALS~1\Temp\RarSFX0\r9a5v.exe','');
 DeleteFile('C:\DOCUME~1\psmith\LOCALS~1\Temp\RarSFX0\r9a5v.exe');
 DeleteFileMask('%temp%','*.*',true);
 DeleteFileMask('%windir%\temp','*.*',true);
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.

After reboot:
- Make a quarantine file and upload it as described in appx. 2 and 3 of the rules.
- Make a log of GMER
- Repeat 3 first points from Analysis and attach the logs to your new message.
All the logs should be done in NORMAL MODE.

[ps1]

Something is amiss here. I do not have avg 8 as this should have been uninstalled when I installed panda. However I will try your script. Thanks

Добавлено через 24 минуты

I have tried running the script but get the following error.
Script error: ')' expected, position [7:26]

[Numb]

There are traces of AVG in your logs that's why such suggestion appeared. Script was checked so you should try to execute it again.

[Rene-gad]

Sry, script is edited by Numb Let it run.

[ps1]

New logs attached, unable to upload the log file for gmer.

[drongo]

1.

New logs attached, unable to upload the log file for gmer.

Why is that? You can zip it, if it too big.
2.You have some traces from AVG in the last logs too...
3.I am wondering what is this : C:\DOCUME~1\psmith\LOCALS~1\Temp\aujasnkj.sys

It is from your panda antivirus? Please try to send us a copy of it.Read Appendix 2. of the rules. Remember to disable your Panda before that.