Страница 1 из 2 12 Последняя
Показано с 1 по 20 из 26.

Virus W32 Virut CF

  1. #1
    Junior Member Репутация
    Регистрация
    17.09.2009
    Сообщений
    16
    Вес репутации
    54

    Virus W32 Virut CF

    This What I get when i Start up

    globalroot\systemroot\system32\kbiwkmcfneqdri.dll

    For every click on any application It comes on right from Loging in my pc

    And then Norton Says:-
    AUTO-PROTECT detect security risk W32.Virut.CF.

    And does nothing what should I Do?

    Please Help.

  2. #2
    Senior Member Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Аватар для Numb
    Регистрация
    04.10.2005
    Сообщений
    2,118
    Вес репутации
    870
    Hello.
    While executing the script you'd better disconnect your internet connection and disable antivirus protection.
    Execute the script:
    Код:
    begin
    SearchRootkit(true, true);
    SetAVZGuardStatus(True);
     SetServiceStart('WinVd32', 4);
     SetServiceStart('WinFLdrv', 4);
     StopService('WinVd32');
     StopService('WinFLdrv');
     QuarantineFile('C:\Users\AMAN\AppData\Local\Temp\H.exe','');
     QuarantineFile('C:\Windows\system32\WinVd32.sys','');
     QuarantineFile('C:\Windows\system32\WinFLdrv.sys','');
     DeleteFile('C:\Windows\system32\WinFLdrv.sys');
     BC_DeleteFile('C:\Windows\system32\WinFLdrv.sys');
     DeleteFile('C:\Windows\system32\WinVd32.sys');
     BC_DeleteFile('C:\Windows\system32\WinVd32.sys');
     DeleteFile('C:\Users\AMAN\AppData\Local\Temp\H.exe');
     BC_DeleteFile('C:\Users\AMAN\AppData\Local\Temp\H.exe');
     DeleteService('WinVd32');
     DeleteService('WinFLdrv');
     DeleteService('H');
     BC_DeleteSvc('WinVd32');
     BC_DeleteSvc('WinFLdrv');
     BC_DeleteSvc('H');
    BC_ImportquarantineList;
    BC_Activate;
    ExecuteSysClean;
    RebootWindows(true);
    end.
    After restart, upload quarantine via the link http://virusinfo.info/upload_virus_eng.php?tid=54984 and make new logs.
    You'd better make all the 3 logs as it's described in the rules of "Help me!" section

  3. #3
    Junior Member Репутация
    Регистрация
    17.09.2009
    Сообщений
    16
    Вес репутации
    54

    Scans

    I have done as said

    Three Files

    Sorry I am new Learning the rules of the fourm

  4. #4
    Junior Member Репутация
    Регистрация
    17.09.2009
    Сообщений
    16
    Вес репутации
    54
    i have also uploaded the quaritine files

  5. #5
    Senior Member Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Аватар для Numb
    Регистрация
    04.10.2005
    Сообщений
    2,118
    Вес репутации
    870
    The logs you've made are not the quite logs I've expected to see. Anyway, it seems tht at least a part of the malware has been removed.
    Please, make also this log and attach it to your post here.

  6. #6
    Junior Member Репутация
    Регистрация
    17.09.2009
    Сообщений
    16
    Вес репутации
    54

    Scanning

    Ok on my way to scan

  7. #7
    Junior Member Репутация
    Регистрация
    17.09.2009
    Сообщений
    16
    Вес репутации
    54

    BACKDOOR TISDERV

    Thanks for help till Now

    I have attached the log

    Just know I saw my Norton Detected New thing

    Says

    AUTO-PROTECT detect security risk BACKDOOR TISDERV

    And did nothing

    Thanks

    I see the virus in my Registry How do u delete it from there?,

    As you are the expert must me knowing I was just trying.

    Will be waiting for the reply

    Thanks once again

    It been 12 days Still stuggling to Remove it

  8. #8
    Junior Member Репутация
    Регистрация
    17.09.2009
    Сообщений
    16
    Вес репутации
    54
    Цитата Сообщение от Numb Посмотреть сообщение
    The logs you've made are not the quite logs I've expected to see. Anyway, it seems tht at least a part of the malware has been removed.
    Please, make also this log and attach it to your post here.
    Numb, BACKDOOR TISDERV

    --------------------------------------------------------------------------------

    Thanks for help till Now

    I have attached the log

    Just know I saw my Norton Detected New thing

    Says

    AUTO-PROTECT detect security risk BACKDOOR TISDERV

    And did nothing

    Thanks

    I see the virus in my Registry How do u delete it from there?,

    As you are the expert must me knowing I was just trying.

    Will be waiting for the reply

    Thanks once again

    It been 12 days Still stuggling to Remove it

  9. #9
    Senior Member Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Аватар для Numb
    Регистрация
    04.10.2005
    Сообщений
    2,118
    Вес репутации
    870
    Hello and sorry for delay.
    First of all, you should copy text in the frame below and save it as the gmer.bat file in the folder where gmer anti-rootkit (file ddsk3ngu.exe) has been saved.
    Код:
    ddsk3ngu.exe -del service kbiwkmispmtixr
    ddsk3ngu.exe -del file "C:\Windows\System32\drivers\kbiwkmqvjasdld.sys"
    ddsk3ngu.exe -del file "C:\Windows\System32\kbiwkmxqrbylxk.dll"
    ddsk3ngu.exe -del file "C:\Windows\System32\kbiwkmyqsxlupx.dat"
    ddsk3ngu.exe -del file "C:\Windows\System32\kbiwkmvpbcxlev.dll"
    ddsk3ngu.exe -del file "C:\Windows\System32\kbiwkmqedetqqn.dat"
    ddsk3ngu.exe -del file "C:\Windows\System32\kbiwkmcfneqdri.dll"
    ddsk3ngu.exe -del file "C:\$RECYCLE.BIN\S-1-5-21-3282653522-102330977-1078409290-1003\$R56MDBY\kbiwkmivpiiphaue.tmp"
    ddsk3ngu.exe -del file "C:\$RECYCLE.BIN\S-1-5-21-3282653522-102330977-1078409290-1003\$R56MDBY\kbiwkmiwwkoscbxv.tmp"
    ddsk3ngu.exe -del file "C:\$RECYCLE.BIN\S-1-5-21-3282653522-102330977-1078409290-1003\$R56MDBY\kbiwkmixtreoluxm.tmp"
    ddsk3ngu.exe -del file "C:\$RECYCLE.BIN\S-1-5-21-3282653522-102330977-1078409290-1003\$R56MDBY\kbiwkmjwcaufdoyd.tmp"
    ddsk3ngu.exe -del file "C:\$RECYCLE.BIN\S-1-5-21-3282653522-102330977-1078409290-1003\$R56MDBY\kbiwkmkfqfrbaqsp.tmp"
    ddsk3ngu.exe -del file "C:\$RECYCLE.BIN\S-1-5-21-3282653522-102330977-1078409290-1003\$R56MDBY\kbiwkmknbtohjqxh.tmp"
    ddsk3ngu.exe -del file "C:\$RECYCLE.BIN\S-1-5-21-3282653522-102330977-1078409290-1003\$R56MDBY\kbiwkmkroegcvgif.tmp"
    ddsk3ngu.exe -del file "C:\$RECYCLE.BIN\S-1-5-21-3282653522-102330977-1078409290-1003\$R56MDBY\kbiwkmliftdjirpv.tmp"
    ddsk3ngu.exe -del file "C:\$RECYCLE.BIN\S-1-5-21-3282653522-102330977-1078409290-1003\$R56MDBY\kbiwkmmtfhcnbpko.tmp"
    ddsk3ngu.exe -del file "C:\$RECYCLE.BIN\S-1-5-21-3282653522-102330977-1078409290-1003\$R56MDBY\kbiwkmnbpxuvmtug.tmp"
    ddsk3ngu.exe -del file "C:\$RECYCLE.BIN\S-1-5-21-3282653522-102330977-1078409290-1003\$R56MDBY\kbiwkmnlixkqdwxi.tmp"
    ddsk3ngu.exe -del file "C:\$RECYCLE.BIN\S-1-5-21-3282653522-102330977-1078409290-1003\$R56MDBY\kbiwkmnspqytapke.tmp"
    ddsk3ngu.exe -del file "C:\$RECYCLE.BIN\S-1-5-21-3282653522-102330977-1078409290-1003\$R56MDBY\kbiwkmohtofawqlo.tmp"
    ddsk3ngu.exe -del file "C:\$RECYCLE.BIN\S-1-5-21-3282653522-102330977-1078409290-1003\$R56MDBY\kbiwkmpbbyiicpnv.tmp"
    ddsk3ngu.exe -del file "C:\$RECYCLE.BIN\S-1-5-21-3282653522-102330977-1078409290-1003\$R56MDBY\kbiwkmpbfvystmqm.tmp"
    ddsk3ngu.exe -del file "C:\$RECYCLE.BIN\S-1-5-21-3282653522-102330977-1078409290-1003\$R56MDBY\kbiwkmpeqkmpxscp.tmp"
    ddsk3ngu.exe -del file "C:\$RECYCLE.BIN\S-1-5-21-3282653522-102330977-1078409290-1003\$R56MDBY\kbiwkmphiirwifrt.tmp"
    ddsk3ngu.exe -del file "C:\$RECYCLE.BIN\S-1-5-21-3282653522-102330977-1078409290-1003\$R56MDBY\kbiwkmpiplweqcpc.tmp"
    ddsk3ngu.exe -del file "C:\$RECYCLE.BIN\S-1-5-21-3282653522-102330977-1078409290-1003\$R56MDBY\kbiwkmptjnkrphqo.tmp"
    ddsk3ngu.exe -del file "C:\$RECYCLE.BIN\S-1-5-21-3282653522-102330977-1078409290-1003\$R56MDBY\kbiwkmqefyudqqhw.tmp"
    ddsk3ngu.exe -del file "C:\$RECYCLE.BIN\S-1-5-21-3282653522-102330977-1078409290-1003\$R56MDBY\kbiwkmqixttnsbym.tmp"
    ddsk3ngu.exe -del file "C:\$RECYCLE.BIN\S-1-5-21-3282653522-102330977-1078409290-1003\$R56MDBY\kbiwkmqjjkfnoykm.tmp"
    ddsk3ngu.exe -del file "C:\$RECYCLE.BIN\S-1-5-21-3282653522-102330977-1078409290-1003\$R56MDBY\kbiwkmqlmqxtwssw.tmp"
    ddsk3ngu.exe -del file "C:\$RECYCLE.BIN\S-1-5-21-3282653522-102330977-1078409290-1003\$R56MDBY\kbiwkmqvqmctixny.tmp"
    ddsk3ngu.exe -del file "C:\$RECYCLE.BIN\S-1-5-21-3282653522-102330977-1078409290-1003\$R56MDBY\kbiwkmrljvmeoawu.tmp"
    ddsk3ngu.exe -del file "C:\$RECYCLE.BIN\S-1-5-21-3282653522-102330977-1078409290-1003\$R56MDBY\kbiwkmrntuuhqail.tmp"
    ddsk3ngu.exe -del file "C:\$RECYCLE.BIN\S-1-5-21-3282653522-102330977-1078409290-1003\$R56MDBY\kbiwkmawtmvdnvcn.tmp"
    ddsk3ngu.exe -del file "C:\$RECYCLE.BIN\S-1-5-21-3282653522-102330977-1078409290-1003\$R56MDBY\kbiwkmbjftwdtmxn.tmp"
    ddsk3ngu.exe -del file "C:\$RECYCLE.BIN\S-1-5-21-3282653522-102330977-1078409290-1003\$R56MDBY\kbiwkmbofyrxnpkw.tmp"
    ddsk3ngu.exe -del file "C:\$RECYCLE.BIN\S-1-5-21-3282653522-102330977-1078409290-1003\$R56MDBY\kbiwkmbrgefcivpp.tmp"
    ddsk3ngu.exe -del file "C:\$RECYCLE.BIN\S-1-5-21-3282653522-102330977-1078409290-1003\$R56MDBY\kbiwkmbrihdtpvvp.tmp"
    ddsk3ngu.exe -del file "C:\$RECYCLE.BIN\S-1-5-21-3282653522-102330977-1078409290-1003\$R56MDBY\kbiwkmscelwscikw.tmp"
    ddsk3ngu.exe -del file "C:\$RECYCLE.BIN\S-1-5-21-3282653522-102330977-1078409290-1003\$R56MDBY\kbiwkmsetyjeeiee.tmp"
    ddsk3ngu.exe -del file "C:\$RECYCLE.BIN\S-1-5-21-3282653522-102330977-1078409290-1003\$R56MDBY\kbiwkmsewkpvddpb.tmp"
    ddsk3ngu.exe -del file "C:\$RECYCLE.BIN\S-1-5-21-3282653522-102330977-1078409290-1003\$R56MDBY\kbiwkmtcysirrdic.tmp"
    ddsk3ngu.exe -del file "C:\$RECYCLE.BIN\S-1-5-21-3282653522-102330977-1078409290-1003\$R56MDBY\kbiwkmtdmaplvrfb.tmp"
    ddsk3ngu.exe -del file "C:\$RECYCLE.BIN\S-1-5-21-3282653522-102330977-1078409290-1003\$R56MDBY\kbiwkmthmmkqyfgy.tmp"
    ddsk3ngu.exe -del file "C:\$RECYCLE.BIN\S-1-5-21-3282653522-102330977-1078409290-1003\$R56MDBY\kbiwkmtocmghtwsl.tmp"
    ddsk3ngu.exe -del file "C:\$RECYCLE.BIN\S-1-5-21-3282653522-102330977-1078409290-1003\$R56MDBY\kbiwkmufpvbtqnpb.tmp"
    ddsk3ngu.exe -del file "C:\$RECYCLE.BIN\S-1-5-21-3282653522-102330977-1078409290-1003\$R56MDBY\kbiwkmulevjxtpox.tmp"
    ddsk3ngu.exe -del file "C:\$RECYCLE.BIN\S-1-5-21-3282653522-102330977-1078409290-1003\$R56MDBY\kbiwkmvufyekxwme.tmp"
    ddsk3ngu.exe -del file "C:\$RECYCLE.BIN\S-1-5-21-3282653522-102330977-1078409290-1003\$R56MDBY\kbiwkmwlcysmaisa.tmp"
    ddsk3ngu.exe -del file "C:\$RECYCLE.BIN\S-1-5-21-3282653522-102330977-1078409290-1003\$R56MDBY\kbiwkmwsghprveic.tmp"
    ddsk3ngu.exe -del file "C:\$RECYCLE.BIN\S-1-5-21-3282653522-102330977-1078409290-1003\$R56MDBY\kbiwkmwxcihvnlcv.tmp"
    ddsk3ngu.exe -del file "C:\$RECYCLE.BIN\S-1-5-21-3282653522-102330977-1078409290-1003\$R56MDBY\kbiwkmxgbnipiuxu.tmp"
    ddsk3ngu.exe -del file "C:\$RECYCLE.BIN\S-1-5-21-3282653522-102330977-1078409290-1003\$R56MDBY\kbiwkmxgipkearrr.tmp"
    ddsk3ngu.exe -del file "C:\$RECYCLE.BIN\S-1-5-21-3282653522-102330977-1078409290-1003\$R56MDBY\kbiwkmdveirwyqpq.tmp"
    ddsk3ngu.exe -del file "C:\$RECYCLE.BIN\S-1-5-21-3282653522-102330977-1078409290-1003\$R56MDBY\kbiwkmeafjbnphir.tmp"
    ddsk3ngu.exe -del file "C:\$RECYCLE.BIN\S-1-5-21-3282653522-102330977-1078409290-1003\$R56MDBY\kbiwkmegnrktexsy.tmp"
    ddsk3ngu.exe -del file "C:\$RECYCLE.BIN\S-1-5-21-3282653522-102330977-1078409290-1003\$R56MDBY\kbiwkmeruhduifdx.tmp"
    ddsk3ngu.exe -del file "C:\$RECYCLE.BIN\S-1-5-21-3282653522-102330977-1078409290-1003\$R56MDBY\kbiwkmerxmowbpxb.tmp"
    ddsk3ngu.exe -del file "C:\$RECYCLE.BIN\S-1-5-21-3282653522-102330977-1078409290-1003\$R56MDBY\kbiwkmesanmhqvio.tmp"
    ddsk3ngu.exe -del file "C:\$RECYCLE.BIN\S-1-5-21-3282653522-102330977-1078409290-1003\$R56MDBY\kbiwkmexmufliifu.tmp"
    ddsk3ngu.exe -del file "C:\$RECYCLE.BIN\S-1-5-21-3282653522-102330977-1078409290-1003\$R56MDBY\kbiwkmfciqtfcxsk.tmp"
    ddsk3ngu.exe -del file "C:\$RECYCLE.BIN\S-1-5-21-3282653522-102330977-1078409290-1003\$R56MDBY\kbiwkmffjapagfti.tmp"
    ddsk3ngu.exe -del file "C:\$RECYCLE.BIN\S-1-5-21-3282653522-102330977-1078409290-1003\$R56MDBY\kbiwkmfkphnveujn.tmp"
    ddsk3ngu.exe -del file "C:\$RECYCLE.BIN\S-1-5-21-3282653522-102330977-1078409290-1003\$R56MDBY\kbiwkmfotxpplljp.tmp"
    ddsk3ngu.exe -del file "C:\$RECYCLE.BIN\S-1-5-21-3282653522-102330977-1078409290-1003\$R56MDBY\kbiwkmfpoichqjgj.tmp"
    ddsk3ngu.exe -del file "C:\$RECYCLE.BIN\S-1-5-21-3282653522-102330977-1078409290-1003\$R56MDBY\kbiwkmfsjeiuqbrs.tmp"
    ddsk3ngu.exe -del file "C:\$RECYCLE.BIN\S-1-5-21-3282653522-102330977-1078409290-1003\$R56MDBY\kbiwkmfyigrwuvtn.tmp"
    ddsk3ngu.exe -del file "C:\$RECYCLE.BIN\S-1-5-21-3282653522-102330977-1078409290-1003\$R56MDBY\kbiwkmgjfgophtoa.tmp"
    ddsk3ngu.exe -del file "C:\$RECYCLE.BIN\S-1-5-21-3282653522-102330977-1078409290-1003\$R56MDBY\kbiwkmgwryufbdib.tmp"
    ddsk3ngu.exe -del file "C:\$RECYCLE.BIN\S-1-5-21-3282653522-102330977-1078409290-1003\$R56MDBY\kbiwkmhcdtccbees.tmp"
    ddsk3ngu.exe -del file "C:\$RECYCLE.BIN\S-1-5-21-3282653522-102330977-1078409290-1003\$R56MDBY\kbiwkmicfoigftjf.tmp"
    ddsk3ngu.exe -del file "C:\$RECYCLE.BIN\S-1-5-21-3282653522-102330977-1078409290-1003\$R56MDBY\kbiwkmidqudrddxp.tmp"
    ddsk3ngu.exe -del file "C:\$RECYCLE.BIN\S-1-5-21-3282653522-102330977-1078409290-1003\$R56MDBY\kbiwkmiexmsbwqpn.tmp"
    ddsk3ngu.exe -del file "C:\$RECYCLE.BIN\S-1-5-21-3282653522-102330977-1078409290-1003\$R56MDBY\kbiwkmifuwdeeous.tmp"
    ddsk3ngu.exe -del file "C:\$RECYCLE.BIN\S-1-5-21-3282653522-102330977-1078409290-1003\$R56MDBY\kbiwkmiuiumupgyn.tmp"
    ddsk3ngu.exe -del file "C:\$RECYCLE.BIN\S-1-5-21-3282653522-102330977-1078409290-1003\$R56MDBY\kbiwkmbtttnorpxq.tmp"
    ddsk3ngu.exe -del file "C:\$RECYCLE.BIN\S-1-5-21-3282653522-102330977-1078409290-1003\$R56MDBY\kbiwkmivittyayro.tmp"
    ddsk3ngu.exe -del file "C:\$RECYCLE.BIN\S-1-5-21-3282653522-102330977-1078409290-1003\$R56MDBY\kbiwkmrspwivsxis.tmp"
    ddsk3ngu.exe -del file "C:\$RECYCLE.BIN\S-1-5-21-3282653522-102330977-1078409290-1003\$R56MDBY\kbiwkmxilpktdrfb.tmp"
    ddsk3ngu.exe -del file "C:\$RECYCLE.BIN\S-1-5-21-3282653522-102330977-1078409290-1003\$R56MDBY\kbiwkmxoaevrmcwn.tmp"
    ddsk3ngu.exe -del file "C:\$RECYCLE.BIN\S-1-5-21-3282653522-102330977-1078409290-1003\$R56MDBY\kbiwkmxxakqymbfv.tmp"
    ddsk3ngu.exe -del file "C:\$RECYCLE.BIN\S-1-5-21-3282653522-102330977-1078409290-1003\$R56MDBY\kbiwkmyijbviinpl.tmp"
    ddsk3ngu.exe -del file "C:\$RECYCLE.BIN\S-1-5-21-3282653522-102330977-1078409290-1003\$R56MDBY\kbiwkmyngijposkc.tmp"
    ddsk3ngu.exe -del file "C:\$RECYCLE.BIN\S-1-5-21-3282653522-102330977-1078409290-1003\$R56MDBY\kbiwkmyuvpcmuedx.tmp"
    ddsk3ngu.exe -del file "C:\$RECYCLE.BIN\S-1-5-21-3282653522-102330977-1078409290-1003\$R56MDBY\kbiwkmyvlsqotryc.tmp"
    ddsk3ngu.exe -del file "C:\$RECYCLE.BIN\S-1-5-21-3282653522-102330977-1078409290-1003\$R56MDBY\kbiwkmywcpntxpco.tmp"
    ddsk3ngu.exe -del reg "HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmispmtixr"
    ddsk3ngu.exe -del reg "HKLM\SYSTEM\ControlSet002\Services\kbiwkmispmtixr"
    ddsk3ngu.exe -del reg "HKLM\SYSTEM\ControlSet003\Services\kbiwkmispmtixr"
    ddsk3ngu.exe -del reg "HKLM\SYSTEM\ControlSet004\Services\kbiwkmispmtixr"
    ddsk3ngu.exe -del reg "HKLM\SYSTEM\ControlSet005\Services\kbiwkmispmtixr"
    ddsk3ngu.exe -del reg "HKLM\SYSTEM\ControlSet006\Services\kbiwkmispmtixr"
    ddsk3ngu.exe -reboot
    After that, run gmer.bat and, after reboot, make new logs.
    Attention: you should make 2 logs of AVZ tool, as it's described in the rules.
    The first log: run avz - upper menu "file" - "standart scripts" - mark position 3 - press "execute selected scripts" button. Do not try to close window and/or interrupt AVZ's work until you see "Scripts executed" message. When message appears, press "OK", press "Exit", close AVZ and restart your system. After restart, do all the same, but mark position 2 in "standart scripts" window. Results will be saved in "Log" folder as .zip archives: virusinfo_syscure.zip and virusinfo_syscheck.zip. You should attach them to your post here, as well as new logs of GMER and Hijackthis.
    Последний раз редактировалось Numb; 18.09.2009 в 17:34.

  10. #10
    Junior Member Репутация
    Регистрация
    17.09.2009
    Сообщений
    16
    Вес репутации
    54

    Scanned Files

    Done as said

    Thanks For helping till now :--

    Feeling good to see my laptop reviving

    But norton is still detecting viruses

    Like

    Backdoor Tidserv

    Trojan Horse

    Last one log remaining underprocess will post shortly
    Вложения Вложения

  11. #11
    Senior Member Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Аватар для Numb
    Регистрация
    04.10.2005
    Сообщений
    2,118
    Вес репутации
    870
    Everytime there is something new in your logs.
    Ok. run AVZ - you'd better right click on AVZ.exe and chose "Run as" option in the context menu - and Execute the script:
    Код:
    begin
    SearchRootkit(true, true);
    SetAVZGuardStatus(True);
     SetServiceStart('SysProtDrv.sys', 4);
     QuarantineFile('C:\Windows\System32\kbiwkmxgvovppt.dll','');
     QuarantineFile('C:\Windows\System32\kbiwkmvdwpopfq.dll','');
     QuarantineFile('C:\Windows\DOWNLO~1\SysInfo.dll','');
     QuarantineFile('C:\Users\AMAN\Desktop\SysProtDrv.sys','');
     QuarantineFile('\\?\globalroot\systemroot\system32\kbiwkmvdwpopfq.dll','');
     DeleteFile('C:\Users\AMAN\Desktop\SysProtDrv.sys');
     BC_DeleteFile('C:\Users\AMAN\Desktop\SysProtDrv.sys');
     DeleteFile('C:\Windows\System32\kbiwkmxgvovppt.dll');
     DeleteFile('C:\Windows\System32\kbiwkmvdwpopfq.dll');
     BC_DeleteFile('C:\Windows\System32\kbiwkmxgvovppt.dll');
     BC_DeleteFile('C:\Windows\System32\kbiwkmvdwpopfq.dll');
    Deletefile('C:\Windows\System32\drivers\kbiwkmqvjasdld.sys');
    Deletefile('C:\Windows\System32\kbiwkmxqrbylxk.dll');
    Deletefile('C:\Windows\System32\kbiwkmyqsxlupx.dat');
    Deletefile('C:\Windows\System32\kbiwkmvpbcxlev.dll');
    Deletefile('C:\Windows\System32\kbiwkmqedetqqn.dat');
    Deletefile('C:\Windows\System32\kbiwkmcfneqdri.dll');
    BC_Deletefile('C:\Windows\System32\drivers\kbiwkmqvjasdld.sys');
    BC_Deletefile('C:\Windows\System32\kbiwkmxqrbylxk.dll');
    BC_Deletefile('C:\Windows\System32\kbiwkmyqsxlupx.dat');
    BC_Deletefile('C:\Windows\System32\kbiwkmvpbcxlev.dll');
    BC_Deletefile('C:\Windows\System32\kbiwkmqedetqqn.dat');
    BC_Deletefile('C:\Windows\System32\kbiwkmcfneqdri.dll');
     DeleteService('SysProtDrv.sys');
     DeleteService('kbiwkmispmtixr');
     BC_DeleteSvc('SysProtDrv.sys');
     BC_DeleteSvc('kbiwkmispmtixr');
    BC_Activate;
    ExecuteSysClean;
    RebootWindows(true);
    end.
    After restart, upload quarantine and make new logs. You should also make a new log with GMER
    Последний раз редактировалось Numb; 18.09.2009 в 22:34. Причина: Добавлено

  12. #12
    Junior Member Репутация
    Регистрация
    17.09.2009
    Сообщений
    16
    Вес репутации
    54

    GMER

    Thanks:-


    I will do that and run the scan.

    What could be the reason for new things in the logs.?

    For GMER I was scanning

    It takes long times to scan so I was waiting for it to complete.

    Now I am stopping it in between and Gonna Run the script and start THe GMER and other scans again
    Последний раз редактировалось coldfire; 18.09.2009 в 23:01. Причина: Добавлено

  13. #13
    Junior Member Репутация
    Регистрация
    17.09.2009
    Сообщений
    16
    Вес репутации
    54

    aLL Log s

    Whats the Status?

    Is the infection still in there?

    How Will I know that My laptop Is healthy again.

    And why is there new things coming in my logs as said by you.

    These are all jjust for my knowledge as I am learning,.

    Thanks

  14. #14
    Senior Member Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Аватар для Numb
    Регистрация
    04.10.2005
    Сообщений
    2,118
    Вес репутации
    870
    There are still traces in the log, though I hope that the malware itself has been removed. Please, execute the script:
    Код:
    begin
    SearchRootkit(true, true);
    SetAVZGuardStatus(True);
     SysCleanAddFile('C:\Users\AMAN\AppData\Local\Temp\kxldrpog.sys');
    ExecuteSysClean;
    RebootWindows(true);
    end.
    After restart, please, make again this log:
    start AVZ*. Choose from the menu "File" => "Standard scripts" and mark the "Advanced System Analysis" check box. Click on the "Execute selected scripts" button.
    A system check will be executed. A logfile (avz_sysinfo.htm) will be created and saved in the LOG folder in the AVZ directory as virusinfo_syscheck.zip.
    and GMER antirootkit's log. Attach virusinfo_syscheck.zip and gmer.log to your post here. Making these two logs will not take a lot of your time, but we will be able to see if this malware has definitely been removed.
    Your antivirus, does it still detect anything, or detect has been stopped?

  15. #15
    Junior Member Репутация
    Регистрация
    17.09.2009
    Сообщений
    16
    Вес репутации
    54

    Last Few Scans I Belive

    Thanks

    I have executed the script.

    Running the scans now.

    Last 2 days Norton 360 v3 has not detecgted any viruses or risks.

    Thanks NIce.

    Will get back ASAP

  16. #16
    Junior Member Репутация
    Регистрация
    17.09.2009
    Сообщений
    16
    Вес репутации
    54

    Logs

    GMER log in under way thanks

  17. #17
    Junior Member Репутация
    Регистрация
    17.09.2009
    Сообщений
    16
    Вес репутации
    54

    GMER LOG

    HERES is the last one

    Two with you.

    I hope these are the final report

    And waiting for a healthy pc back

  18. #18
    Senior Member Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Аватар для Numb
    Регистрация
    04.10.2005
    Сообщений
    2,118
    Вес репутации
    870
    I can see nothing harmful in your logs. Think that malware has been removed.

  19. #19
    Junior Member Репутация
    Регистрация
    17.09.2009
    Сообщений
    16
    Вес репутации
    54

    THANKS

    Thanks

    Now can i resume my normal work.

    As in Bank Accounts logging etc personal important sensitive.

    Should I uninstall all software I installed for Virus removal

    And maintian with my Norton 360 V3

    One more suggestion

    Whats the best Antivirus removal Software in the market to buy

  20. #20
    Senior Member Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Аватар для Numb
    Регистрация
    04.10.2005
    Сообщений
    2,118
    Вес репутации
    870
    Цитата Сообщение от coldfire Посмотреть сообщение
    Should I uninstall all software I installed for Virus removal
    And maintian with my Norton 360 V3
    Yes, you should do so. Several antiviruses in the same system could be a problem by itself. As for utilites such as AVZ tool and GMER - they weren't installed, so they don't require uninstall. You may delete them or keep them - at your choice.

    Цитата Сообщение от coldfire Посмотреть сообщение
    Whats the best Antivirus removal Software in the market to buy
    You mean "What is the best antivirus software"? We try not to give any advises about antivirus software to buy. I should say that your Norton is not the worst choice, and any antivirus could miss something. The perfect antivirus solution hasn't been invented yet. Besides your system protection depends more of your actions, of the security settings that are made by user. I suggest you to take a look at this how-to by Microsoft - http://windowshelp.microsoft.com/Win.../security.mspx - there are only basics there, but they are enough to make your system safer.

Страница 1 из 2 12 Последняя

Похожие темы

  1. Virus.Win32.Virut.ce / Win32.Virut.56 + трояны
    От Mr_Boo в разделе Помогите!
    Ответов: 15
    Последнее сообщение: 28.09.2011, 08:47
  2. Вирус поразил все .exe файлы. Virus.Win32.Virut.ce, Win32.Virut.56 + трояны (заявка №111299)
    От CyberHelper в разделе Отчеты сервиса лечения VirusInfo
    Ответов: 2
    Последнее сообщение: 22.09.2011, 12:00
  3. Virus.Win 32.Virut 56
    От zzxxzz в разделе Помогите!
    Ответов: 5
    Последнее сообщение: 29.01.2011, 21:14
  4. Virus Virut.NBP (Virut.56)
    От BaN в разделе Помогите!
    Ответов: 6
    Последнее сообщение: 23.07.2009, 20:44
  5. Virus.Win32.Virut.ce
    От wendersnaven в разделе Помогите!
    Ответов: 4
    Последнее сообщение: 22.03.2009, 19:29

Свернуть/Развернуть Ваши права в разделе

  • Вы не можете создавать новые темы
  • Вы не можете отвечать в темах
  • Вы не можете прикреплять вложения
  • Вы не можете редактировать свои сообщения
  •  
Page generated in 0.00368 seconds with 20 queries