Показано с 1 по 7 из 7.

Please help me remove this virus

  1. #1
    Junior Member Репутация
    Регистрация
    02.05.2009
    Сообщений
    6
    Вес репутации
    28

    Please help me remove this virus

    I scan it with AVP and it found some traces i deleted them but the virus came back again.
    Вложения Вложения
    Последний раз редактировалось Rene-gad; 16.11.2009 в 11:26. Причина: non-standard font

  2. #2
    Senior Member Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация
    Регистрация
    03.04.2006
    Сообщений
    21,108
    Вес репутации
    2997
    Hello

    Switch off/Disable:
    - Antivirus and and, if you have - Firewall.
    - System Restore

    - Execute following script in Manual Cure
    Код:
    begin
    SearchRootkit(true, true);
    SetAVZGuardStatus(True);
    ClearQuarantine;
     QuarantineFile('C:\WINDOWS\msa.exe','');
     QuarantineFile('C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\a.exe','');
     DeleteFile('C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\a.exe');
     DeleteFile('C:\WINDOWS\msa.exe');
     DeleteFileMask('C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp','*.*',true);
    BC_ImportAll;
    ExecuteSysClean;
    BC_Activate;
    ExecuteRepair(13);
    SetAVZPMStatus(True);
    RebootWindows(true);
    end.
    After reboot execute following script in Manual Cure
    Код:
    begin
    CreateQurantineArchive('C:\quarantine.zip');
    end.
    - Remove Bonjour
    - Clean Temp-Maps, Cache of Browsers, Recycler. Use Windows service tool cleanmgr or CCleaner or ClearProg
    - Close all the programs and start only Internet Explorer!!!
    - Repeat a log file.
    - Switch Antivirus and, if you have - Firewall, on.
    - Go On-Line
    - Upload the C:\quarantine.zip over the link Upload quarantined files on the top of this page.
    - Attach a log to your new post..

  3. #3
    Junior Member Репутация
    Регистрация
    02.05.2009
    Сообщений
    6
    Вес репутации
    28

    Virus Removal Procedure

    Thank you very much for your help.
    I did everything you said.
    The problem is that AVP didn't create any quarantined files.
    I went to search and found 2 files in C:\Windows\Prefetch starting with same names as you wrote in the script.
    Here is the full story: i went to kaspersky online scanner and scanned an executable file before downloading and executing it, the scanner said that the file is clean.
    After i run the exe file it deleted itself and shut down the windows explorer.
    I turned off the computer and started it in safe mode.
    Again the windows explorer.exe couldn't start, in task manager i opened properties of explorer.exe and noticed that access permissions were changed to Anyone, then i changed the permissions to my user name and put a checkmark on deny writing (modifying the file).
    After that i run explorer.exe without a problem.
    I think that the virus is not allowing my Kaspersky Antivirus Program to enable all of it's components.
    First it was saying that i do not have permissions to install system somponents on my computer, then somehow i managed to install Kaspersky, i tried to repair the istallation so it can start all the protection components but it didn't help (i uploded the log of Kaspersky antivirus error).
    Thank You in advance!
    Вложения Вложения
    Последний раз редактировалось Rene-gad; 17.11.2009 в 01:03. Причина: It's prohibited to write the whole post in non standard font

  4. #4
    Senior Member Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация
    Регистрация
    03.04.2006
    Сообщений
    21,108
    Вес репутации
    2997
    Цитата Сообщение от undergr0und Посмотреть сообщение
    T
    The problem is that AVP didn't create any quarantined files.
    It's not a problem.
    AVZ/Service/Task Schedule Job Manager and remove all the jobs.
    Pls. make a log with Malwarebytes Antimalware (Fullscan, pls. remove nothing!!!)

  5. #5
    Junior Member Репутация
    Регистрация
    02.05.2009
    Сообщений
    6
    Вес репутации
    28

    Malware Bytes

    When i try to install Malware Bytes i get the following Windows error message:

    mbam.exe - Unable To Locate Component

    This application has failed to start because MSVBVM60.DLL was not found. Re-installing the application may fix this problem.
    I tried reinstalling the application and get the same error message when reinstalling and trying to run the app.

    Fixed, it's working now!
    Последний раз редактировалось undergr0und; 17.11.2009 в 02:48.

  6. #6
    Junior Member Репутация
    Регистрация
    02.05.2009
    Сообщений
    6
    Вес репутации
    28

    Malware Bytes

    I did a full scan with malware bytes and it found alot of staff.
    Rene-gad thanks alot for your help!
    God bless you.
    Вложения Вложения

  7. #7
    Senior Member Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация
    Регистрация
    03.04.2006
    Сообщений
    21,108
    Вес репутации
    2997
    Цитата Сообщение от Rene-gad Посмотреть сообщение
    AVZ/Service/Task Schedule Job Manager and remove all the jobs.
    ??? Why did you ignore it?
    Execute a script
    Код:
    begin
    ClearQuarantine;
    QuarantineFile('C:\WINDOWS\ServicePackFiles\i386\user32.dll','');
    QuarantineFile('C:\WINDOWS\$NtServicePackUninstall$\user32.dll','');
    QuarantineFile('C:\WINDOWS\win32k.sys','');
    CreateQurantineArchive('C:\virus.zip');
    end.
    Upload C:\virus.zip as a previous quarantine.

    Run MBAM once more and remove all items.

    Repeat logs of Mbam and AVPTool

Похожие темы

  1. Virus Removal Tool Failed to remove Virus (заявка №38037)
    От CyberHelper в разделе Отчеты сервиса лечения VirusInfo
    Ответов: 1
    Последнее сообщение: 18.11.2010, 18:00
  2. Cant remove this virus...
    От jkqm в разделе Malware Removal Service
    Ответов: 1
    Последнее сообщение: 11.09.2010, 07:49
  3. not able to remove virus
    От jfabu в разделе Malware Removal Service
    Ответов: 1
    Последнее сообщение: 09.09.2010, 18:23
  4. My Kaspersky Anti Virus indicates a detected virus can not remove.
    От coshca в разделе Malware Removal Service
    Ответов: 1
    Последнее сообщение: 14.07.2010, 13:19
  5. Remove virus
    От Celer в разделе Malware Removal Service
    Ответов: 1
    Последнее сообщение: 06.01.2010, 16:00

Метки для этой темы

Свернуть/Развернуть Ваши права в разделе

  • Вы не можете создавать новые темы
  • Вы не можете отвечать в темах
  • Вы не можете прикреплять вложения
  • Вы не можете редактировать свои сообщения
  •  
Page generated in 0.01217 seconds with 20 queries