this virus comes repeatedly after scanning. it is removed and comes back again.
this virus comes repeatedly after scanning. it is removed and comes back again.
Hello
Switch off/Disable:
- Antivirus and and, if you have - Firewall.
- System Restore
- Execute following script in Manual Cure
After reboot execute following script in Manual CureКод:begin SearchRootkit(true, true); SetAVZGuardStatus(True); ClearQuarantine; StopService('44c1239c'); QuarantineFile('C:\WINDOWS\System32\drivers\44c1239c.sys',''); DeleteFile('C:\WINDOWS\System32\drivers\44c1239c.sys'); DeleteFileMask('C:\WINDOWS\system32\NZZZP2INPB','*.*',true); DeleteFileMask('C:\WINDOWS\system32\WKAYJFAF1E','*.*',true); DeleteDirectory('C:\WINDOWS\system32\NZZZP2INPB'); DeleteDirectory('C:\WINDOWS\system32\WKAYJFAF1E'); DeleteService('44c1239c'); BC_ImportAll; ExecuteSysClean; BC_Activate; SetAVZPMStatus(True); RebootWindows(true); end.
- Clean Temp-Maps, Cache of Browsers, Recycler. Use Windows service tool cleanmgr or CCleaner or ClearProgКод:begin CreateQurantineArchive('C:\quarantine.zip'); end.
- Upload the C:\quarantine.zip over the link Upload quarantined files on the top of this page.
- Repeat a log file.
- Attach a log to your new post..
when i connect to internet via my USB internet wireless device , i find alerts from kaspersky. finding many trojans on my pc.
refer to kaspersky report as well.
thanks
Последний раз редактировалось Rene-gad; 06.12.2009 в 18:47. Причина: non-reqiured log removed
1. Please, disable System Restore and antivirus (if you have).
2. Execute this script in AVZ:
Upload file C:\quarantine.zip, by link http://virusinfo.info/upload_virus.php?tid=62611Код:begin DeleteFileMask(GetAVZDirectory+'Quarantine', '*.*', true); ExecuteAutoQuarantine; CreateQurantineArchive('C:\quarantine.zip'); end.
3. Execute this script in AVZ:
4. Make new logs.Код:var j:integer; NumStr:string; begin for j:=0 to 999 do begin if j=0 then NumStr:='CurrentControlSet' else if j<10 then NumStr:='ControlSet00'+IntToStr(j) else if j<100 then NumStr:='ControlSet0'+IntToStr(j) else NumStr:='ControlSet'+IntToStr(j); if RegKeyExistsEx('HKLM', 'SYSTEM\'+NumStr+'\Services\BITS') then begin RegKeyResetSecurity('HKLM', 'SYSTEM\'+NumStr+'\Services\BITS'); RegKeyStrParamWrite('HKLM', 'SYSTEM\'+NumStr+'\Services\BITS', 'ImagePath', '%SystemRoot%\System32\svchost.exe -k netsvcs'); AddToLog('Значение параметра ImagePath в разделе реестра HKLM\SYSTEM\'+NumStr+'\Services\BITS исправлено на оригинальное.'); end; if RegKeyExistsEx('HKLM', 'SYSTEM\'+NumStr+'\Services\wuauserv') then begin RegKeyResetSecurity('HKLM', 'SYSTEM\'+NumStr+'\Services\wuauserv'); RegKeyStrParamWrite('HKLM', 'SYSTEM\'+NumStr+'\Services\wuauserv', 'ImagePath', '%SystemRoot%\System32\svchost.exe -k netsvcs'); AddToLog('Значение параметра ImagePath в разделе реестра HKLM\SYSTEM\'+NumStr+'\Services\wuauserv исправлено на оригинальное.'); end; end; SaveLog(GetAVZDirectory + 'fystemRoot.log'); end.
Последний раз редактировалось Rene-gad; 06.12.2009 в 18:49. Причина: grammar ;)
Сердце решает кого любить... Судьба решает с кем быть...
the script went well without any error. But still many trojan / virus. refer to attached log file from kaspersky.
Последний раз редактировалось Rene-gad; 06.12.2009 в 18:47. Причина: non-reqiured log removed
- Execute following script
If the system after reboot would try to install any unknown hardware, abort the installtion and remove unknown hardware over hardware managerКод:begin SearchRootkit(true, true); SetAVZGuardStatus(True); ClearQuarantine; QuarantineFile('C:\WINDOWS\system32\msinclude.dll','') QuarantineFile('C:\WINDOWS\system32\iSql\M001.exe','') QuarantineFile('C:\WINDOWS\system32\iSql\H001.exe','') QuarantineFile('C:\WINDOWS\system32\iSql\G001.exe','') QuarantineFile('C:\WINDOWS\system32\iSql\E001.EXE','') QuarantineFile('C:\WINDOWS\system32\iSql\A027.EXE','') QuarantineFile('C:\WINDOWS\system32\iSql\111.exe','') DeleteFile('C:\WINDOWS\system32\msinclude.dll'); DeleteFileMask('C:\WINDOWS\system32\iSql','*.*',true); DeleteDirectory('C:\WINDOWS\system32\iSql'); BC_ImportAll; ExecuteSysClean; BC_Activate; CreateQurantineArchive('C:\quarantine.zip'); SetAVZPMStatus(True); RebootWindows(true); end.
After reboot:
execute following script
- Clean Temp-Maps, Cache of Browsers, Recycler. Use Windows service tool cleanmgr or CCleaner or ClearProgКод:begin CreateQurantineArchive('C:\quarantine.zip'); end.
- Upload the C:\quarantine.zip over the link Upload quarantined files on the top of this page.
- Make new logs 'as done' + log of Malwarebytes Antimalware and attach them to the new posting.