Показано с 1 по 7 из 7.

A virus that blocks all antivirus program

  1. #1
    Junior Member Репутация
    Регистрация
    21.09.2009
    Сообщений
    4
    Вес репутации
    27

    A virus that blocks all antivirus program

    Hello,

    I have downloaded crack files from this site

    hттp://please_do_not_post_direct_links_on_cracks_or_malwa re.html

    then I began to notice unusual behaviours in my computer.

    The most important was that the antivirus program in my computer is out of function. I was using NIS 2006. Also it happened may times that the internet connection is disabled also. But I could retrieve it.

    I have tried to install other types of antivirus program like kaspersky and AVG, but I got the same problem. The antivirus program is disabled and not functioning.

    I have followed the steps that are listed here in this forum and I have generated the 3 log files... but I couldn't up load them!!!


    I am waiting for your help..
    Последний раз редактировалось Numb; 21.09.2009 в 18:25. Причина: Direct link on potential malware source

  2. #2
    Junior Member Репутация
    Регистрация
    21.09.2009
    Сообщений
    4
    Вес репутации
    27
    I have uploaded the log files from another computer.
    I have a little problem now, the file size exceeded the allowed size
    I have got this msg:
    virusinfo_cure.zip:
    Exceeds your quota by 2.09 MB
    Вложения Вложения

  3. #3
    Senior Member Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Аватар для Numb
    Регистрация
    04.10.2005
    Сообщений
    2,118
    Вес репутации
    843
    First of all, please, look for the virusinfo_syscure.zip file in AVZ's "log" subfolder. If it exists, attach it to your post here. And you shouldn't try to attach virusinfo_cure.zip file here - it's a quarantine, it should be uploaded via the link http://virusinfo.info/upload_virus_eng.php?tid=55258 only after helper's request.

    While executing script, disable your internet connection and turn off any antiviruses and anti-spyware programs. Execute the script:
    Код:
    begin
    SearchRootkit(true, true);
    SetAVZGuardStatus(True);
     QuarantineFile('C:\DOCUME~1\AF269F~1.F\LOKALA~1\Temp\bfastfao.sys','');
     QuarantineFile('C:\WINDOWS\system32\tdisp.sys','');
     QuarantineFile('C:\Documents and Settings\A.F.F\Application Data\rhawleuqwnbd.dll','');
     SetServiceStart('bfastfao', 4);
     DeleteFile('C:\Documents and Settings\A.F.F\Application Data\rhawleuqwnbd.dll');
     BC_DeleteFile('C:\Documents and Settings\A.F.F\Application Data\rhawleuqwnbd.dll');
     DeleteFile('C:\WINDOWS\system32\tdisp.sys');
     BC_DeleteFile('C:\WINDOWS\system32\tdisp.sys');
     DeleteFile('C:\DOCUME~1\AF269F~1.F\LOKALA~1\Temp\bfastfao.sys');
     BC_DeleteFile('C:\DOCUME~1\AF269F~1.F\LOKALA~1\Temp\bfastfao.sys');
     DeleteService('bfastfao');
     BC_DeleteSvc('bfastfao');
    BC_ImportquarantineList;
    BC_Activate;
    ExecuteSysClean;
    executerepair(1);
    executerepair(9);
    autofixspi;
    RebootWindows(true);
    end.
    After restart, upload quarantine using the link above, as it's described in the app.3 of the rules, and make new logs.

  4. #4
    Junior Member Репутация
    Регистрация
    21.09.2009
    Сообщений
    4
    Вес репутации
    27
    Thank you very much for help.
    The computer is working good now. The antivirus program is working also and I can upload files now directly from my machine.

    I have attached the log files with this reply.

    Are there any other measures that I should do?
    Вложения Вложения

  5. #5
    Senior Member Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Аватар для Numb
    Регистрация
    04.10.2005
    Сообщений
    2,118
    Вес репутации
    843
    There are several suspicious files in your log.
    Please, execute the script:
    Код:
    begin
    SearchRootkit(true, true);
    SetAVZGuardStatus(True);
    BC_QrFile('C:\WINDOWS\system32\lpxod.exe');
    QuarantineFile('C:\WINDOWS\system32\lpxod.exe','');
    BC_Activate;
    RegKeyIntParamWrite('HKEY_LOCAL_MACHINE', 'SYSTEM\CurrentControlSet\Control\Terminal Server','fAllowToGetHelp', 0);
    RegKeyIntParamWrite('HKCU', 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\', '1004', 3);
    SetServiceStart('SSDPSRV', 4);
    SetServiceStart('TlntSvr', 4);
    RebootWindows(true);
    end.
    After restart, upload the quarantine via the link http://virusinfo.info/upload_virus_eng.php?tid=55258 . Your main antivirus is AVG, isn't it? If so and if it's updated, make the full scan of your system.

  6. #6
    Junior Member Репутация
    Регистрация
    21.09.2009
    Сообщений
    4
    Вес репутации
    27
    Hello again,

    I have executed the script and scanned the system with AVG which found few threats and removed them.

    The quarantine is empty now.

    What I want to know now is should I keep "Kasper virus removal tool" or unintall it?

    At the end I would like to appreciate all your efforts.. you are really helpfull.

  7. #7
    Senior Member Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Аватар для Numb
    Регистрация
    04.10.2005
    Сообщений
    2,118
    Вес репутации
    843
    Hello.
    I'm glad that our advices are helpful. Yes, if your AVG antivirus is alive and up to date, you'd better uninstall AVP tool. As for AVZ tool, it doesnt require any uninstallation, you may just remove it or leave it - at your choice. But if you have enough time, I suggest you to make new logs by AVZ and Hijackthis - just to be sure that everything is clean.

Похожие темы

  1. Virus Acting Like an Anti-Virus Program (заявка №47308)
    От CyberHelper в разделе Отчеты сервиса лечения VirusInfo
    Ответов: 2
    Последнее сообщение: 18.01.2011, 21:01
  2. IE not working, and nasty 'pretend' antivirus program
    От halim.matin в разделе Malware Removal Service
    Ответов: 5
    Последнее сообщение: 12.12.2009, 23:11
  3. Fake super antivirus Pro program trojan found
    От Melouise в разделе Malware Removal Service
    Ответов: 3
    Последнее сообщение: 30.11.2009, 00:45
  4. fake antivirus program super pro
    От Melouise в разделе Malware Removal Service
    Ответов: 1
    Последнее сообщение: 30.11.2009, 00:45
  5. BAGLE.32 ?? MY VIRUS IS STILL ALIVE... AND BLOCKS VARIOUS ANTIVIRUS SOFT..
    От ciausazumab в разделе Malware Removal Service
    Ответов: 1
    Последнее сообщение: 22.01.2008, 22:36

Свернуть/Развернуть Ваши права в разделе

  • Вы не можете создавать новые темы
  • Вы не можете отвечать в темах
  • Вы не можете прикреплять вложения
  • Вы не можете редактировать свои сообщения
  •  
Page generated in 0.00886 seconds with 20 queries