Hello.
Execute the script:
Код:
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
QuarantineFile('K:\ADMiNIstrATOr.eXE','');
QuarantineFile('K:\autorun.inf','');
QuarantineFile('J:\lUke.eXe','');
QuarantineFile('J:\autorun.inf','');
QuarantineFile('I:\aDmiNIStRator.Exe','');
QuarantineFile('I:\autorun.inf','');
QuarantineFile('G:\autorun.inf','');
QuarantineFile('c:\windows\system32\tcpsvcs.exe','');
QuarantineFile('C:\Documents and Settings\Administrator\Administrator.exe','');
QuarantineFile('C:\WINDOWS\system32\drivers\mbamswissarmy.sys','');
QuarantineFile('C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\AdskCleanup.0001.dir.0000\~df394b.tmp','');
DelWinlogonNotifyByKeyName('khfEWMdb');
DeleteFile('C:\Documents and Settings\Administrator\Administrator.exe');
BC_DeleteFile('C:\Documents and Settings\Administrator\Administrator.exe');
DeleteFile('G:\autorun.inf');
BC_DeleteFile('G:\autorun.inf');
DeleteFile('I:\autorun.inf');
BC_DeleteFile('I:\autorun.inf');
DeleteFile('I:\aDmiNIStRator.Exe');
BC_DeleteFile('I:\aDmiNIStRator.Exe');
DeleteFile('J:\autorun.inf');
BC_DeleteFile('J:\autorun.inf');
DeleteFile('J:\lUke.eXe');
BC_DeleteFile('J:\lUke.eXe');
DeleteFile('K:\autorun.inf');
BC_DeleteFile('K:\autorun.inf');
DeleteFile('K:\ADMiNIstrATOr.eXE');
BC_DeleteFile('K:\ADMiNIstrATOr.eXE');
BC_ImportquarantineList;
BC_Activate;
ExecuteSysClean;
RebootWindows(true);
end.
After restart, execute the second script:
Код:
begin
CreateQurantineArchive('c:\quarantine.zip');
end.
. Upload file c:\quarantine.zip via the link http://virusinfo.info/upload_virus_eng.php?tid=55574 , as it's described in the app.3 of the rules, and make new logs. You'd better make all the 3 logs as it's described in the rules.
I suggest you also to take a look at this article by Microsoft