Показано с 1 по 8 из 8.

virus removed and returns at reboot

  1. #1
    Junior Member Репутация
    Регистрация
    20.10.2009
    Сообщений
    4
    Вес репутации
    27

    virus removed and returns at reboot

    Removed: Trojan-Dropper.Win32.Agent.atml
    I:Windows/System32/flcss.exe
    I:Windows/System32/epitype.exe/epitype.exe
    Each time I remove the above files with Kas virus removal tool it seems to stop the symptoms of the virus but one or two of them return when I reboot.
    A red dot with a white center in the toolbar is present when the virus is active.
    I have spent a lot of time during the last week running various anti virus scans and they found some problems but Kas virus removal tool found it yesterday after missing it on a few scans. I had Norton 360 (about to expire) and trid various other tools for the last week.
    It used to disable Win media player but that is working now. It has disabled Task Manager and takes over the display and changes settings.
    The files foune by Kas virus tool could not be neutralized and were removed. I guess that's why there is no log.
    Thank you for your help.
    Вложения Вложения

  2. #2
    Senior Member Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация
    Регистрация
    03.04.2006
    Сообщений
    21,108
    Вес репутации
    2996
    Hi

    Switch off/Disable:
    - Antivirus and and, if you have - Firewall.
    - System Restore

    - Execute following script
    Код:
    begin
    SearchRootkit(true, true);
    SetAVZGuardStatus(True);
     QuarantineFile('I:\WINDOWS\system32\flcss.exe','');
     QuarantineFile('I:\WINDOWS\itogecavale.dll','');
     QuarantineFile('C:\WINDOWS\system32\wuauserv.dll','');
     DeleteFile('I:\WINDOWS\itogecavale.dll');
     RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run-','Hnuwice');
     DeleteFile('I:\WINDOWS\system32\flcss.exe');
     RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','KL AntiFunLove');
    BC_ImportAll;
    ExecuteSysClean;
    BC_Activate;
    RebootWindows(true);
    end.
    After reboot execute following script
    Код:
    begin
    CreateQurantineArchive('C:\quarantine.zip');
    end.
    - Clean Temp-Maps, Cache of Browsers, Recycler. Use Windows service tool cleanmgr or CCleaner or ClearProg
    - Close all the programs and start only Internet Explorer!!!
    - Repeat a log file.
    - Switch Antivirus and, if you have - Firewall, on.
    - Go On-Line
    - Upload the C:\quarantine.zip over the link Upload quarantined files on the top of this page.
    - Attach a log to your new post..

  3. #3
    Junior Member Репутация
    Регистрация
    20.10.2009
    Сообщений
    4
    Вес репутации
    27
    I have tried to follow directions but I think I am doing something wrong. Did I send the right files, I can't find quarantine,zip. When I try to delete virus:
    < Trojan-dropper.Win32.Agent.atml > I now get message that it can not be deleted.
    I can disable {userinit.exe > EXPLORER.EXE > epitype.exe } but it returns after reboot.
    Thank you for your help. My computer is dual booted ( XP / Vista ) and I can't even reformat the XP side (although I'd prefer not to.

  4. #4
    Junior Member Репутация
    Регистрация
    20.10.2009
    Сообщений
    4
    Вес репутации
    27

    http://virusinfo.info/showthread.php?p=490710#post490710

    I just found the quarentine zip that you requested. My computer is dual booted and "C" is my Vista program. I have attached to this note.
    Последний раз редактировалось Numb; 22.10.2009 в 00:00. Причина: quarantine removed

  5. #5
    Senior Member Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Аватар для Numb
    Регистрация
    04.10.2005
    Сообщений
    2,118
    Вес репутации
    843
    Please, do not attach quarantine to your posts here. Requested quarantine should be uploaded via the link "upload quarantined files" on the top of the topic. And please, could you make new logs as it's described in the rules?

  6. #6
    Junior Member Репутация
    Регистрация
    20.10.2009
    Сообщений
    4
    Вес репутации
    27

    http://virusinfo.info/showthread.php?p=490769#post490769

    I'm sorry but I didn't understand rules at first. I think I've learned a lot but I hope I don't have to use it again. I believe these are the correct logs.
    Вложения Вложения

  7. #7
    Senior Member Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Аватар для Numb
    Регистрация
    04.10.2005
    Сообщений
    2,118
    Вес репутации
    843
    Hello.
    Yes the logs you've made this time are quite the same logs we've expected to see. Please, execute the script:
    Код:
    begin
    SearchRootkit(true, true);
    SetAVZGuardStatus(True);
    QuarantineFile('I:\WINDOWS\system32\A306*.*','');
    QuarantineFile('I:\WINDOWS\system32\A306','');
    QuarantineFile('I:\WINDOWS\A306*.*','');
    QuarantineFile('I:\WINDOWS\A306','');
    QuarantineFile('I:\WINDOWS\system32\ntoskrnl.exe','');
    BC_Importall;
    BC_Activate;
    RebootWindows(true);
    end.
    After restart, upload quarantine using the link http://virusinfo.info/upload_virus_eng.php?tid=57804 as it's described in the app. 3 of the rules

  8. #8
    Senior Member Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Аватар для Numb
    Регистрация
    04.10.2005
    Сообщений
    2,118
    Вес репутации
    843
    I'm sorry, but the quarantine you've uploaded is empty. I suggest you to check your Windows XP system disk (disk I: ) with a live CD ( you can use either DrWeb LiveCD or any other live CD at your choice) After the full check run Windows XP and make new logs.

Похожие темы

  1. virus can\'t be removed (заявка №78365)
    От CyberHelper в разделе Отчеты сервиса лечения VirusInfo
    Ответов: 2
    Последнее сообщение: 09.06.2011, 15:00
  2. Virus can't be removed by Kaspersky
    От sash001 в разделе Malware Removal Service
    Ответов: 3
    Последнее сообщение: 11.09.2010, 17:40
  3. Virus will not be removed
    От pigpen1224 в разделе Malware Removal Service
    Ответов: 1
    Последнее сообщение: 10.08.2009, 10:29
  4. HELPPP!!reboot virus
    От anemoz в разделе Malware Removal Service
    Ответов: 1
    Последнее сообщение: 20.09.2008, 15:42
  5. KAV removed virus, changes that virus made need to be reversed
    От tester25 в разделе Malware Removal Service
    Ответов: 1
    Последнее сообщение: 24.08.2008, 14:15

Свернуть/Развернуть Ваши права в разделе

  • Вы не можете создавать новые темы
  • Вы не можете отвечать в темах
  • Вы не можете прикреплять вложения
  • Вы не можете редактировать свои сообщения
  •  
Page generated in 0.01032 seconds with 21 queries