Hi my computer hasthe task manaer blocked and my backround is your sysyem is infected that i cant take off. I cant open more than 1 internet explorer window. I have attached the three logs.
Hi my computer hasthe task manaer blocked and my backround is your sysyem is infected that i cant take off. I cant open more than 1 internet explorer window. I have attached the three logs.
1. Please, disable System Restore and antivirus (if you have).
2. Execute this script in AVZ:
3. After reboot execute this script in AVZ:Код:begin SetAVZGuardStatus(True); DeleteFileMask(GetAVZDirectory+'Quarantine', '*.*', true); DelBHO('{971F630E-AD68-4d6e-B0C3-1C627AAC80F1}'); DelBHO('{023A0DEE-5013-4210-90DB-B52A60225937}'); DelBHO('{014CB555-9401-4E2A-A0F8-C3BD404A0C52}'); DelBHO('{011D06F7-5013-4210-90DB-B52A60225937}'); QuarantineFile('C:\WINDOWS\system32\winhelper86.dll',''); QuarantineFile('C:\WINDOWS\System32\d3dx10_3432.dll',''); QuarantineFile('C:\WINDOWS\System32\d3dim32.dll',''); QuarantineFile('C:\WINDOWS\system32\AD.tmp',''); QuarantineFile('c:\windows\system32\winupdate86.exe',''); TerminateProcessByName('c:\windows\system32\winupdate86.exe'); QuarantineFile('c:\program files\internetsecurity2010\is2010.exe',''); DeleteFile('c:\windows\system32\winupdate86.exe'); DeleteFile('C:\WINDOWS\system32\AD.tmp'); DeleteFile('C:\WINDOWS\System32\d3dim32.dll'); DeleteFile('C:\WINDOWS\System32\d3dx10_3432.dll'); DeleteFile('C:\WINDOWS\system32\winhelper86.dll'); RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\14e985e5716','DLLName'); RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','winupdate86.exe'); DeleteFileMask('%tmp% ','*.* ',true ); BC_ImportDeletedList; ExecuteSysClean; ExecuteRepair(11); ExecuteRepair(14); BC_Activate; RebootWindows(true); end.
Upload file quarantine.zip, by link http://virusinfo.info/upload_virus.php?tid=65014Код:begin CreateQurantineArchive(GetAVZDirectory+'quarantine.zip'); end.
4. Make new logs.
Сердце решает кого любить... Судьба решает с кем быть...
I have uploaed the quarantine file and have attached the new three logs.
1. Please, disable System Restore and antivirus (if you have).
2. Execute this script in AVZ:
3. After reboot execute this script in AVZ:Код:begin SetAVZGuardStatus(True); DeleteFileMask(GetAVZDirectory+'Quarantine', '*.*', true); RegKeyIntParamWrite('HKLM','SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer','NoDriveTypeAutoRun', 221); DeleteService('Zumie Search Service'); QuarantineFile('C:\WINDOWS\system32\winlogon86.exe',''); QuarantineFile('C:\WINDOWS\system32\5705.exe',''); QuarantineFile('C:\WINDOWS\system32\28145.exe',''); QuarantineFile('C:\WINDOWS\system32\26962.exe',''); QuarantineFile('C:\WINDOWS\system32\24464.exe',''); QuarantineFile('C:\WINDOWS\system32\23281.exe',''); QuarantineFile('C:\WINDOWS\system32\1869.exe',''); QuarantineFile('C:\Documents and Settings\HelpAssistant\Local Settings\Temp\wYxg.exe',''); DelBHO('{92780B25-18CC-41C8-B9BE-3C9C571A8263}'); DelBHO('{2670000A-7350-4f3c-8081-5663EE0C6C49}'); DelBHO('{011A3484-FD93-4FEB-9438-95898E8EA38a}'); QuarantineFile('C:\WINDOWS\System32\d3dx10_3432.dll',''); QuarantineFile('C:\WINDOWS\system32\Drivers\atapi.sys',''); QuarantineFile('C:\WINDOWS\system32\ts.dll',''); QuarantineFile('c:\program files\internetsecurity2010\is2010.exe',''); TerminateProcessByName('c:\program files\internetsecurity2010\is2010.exe'); DeleteFile('c:\program files\internetsecurity2010\is2010.exe'); RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','Internet Security 2010'); DeleteFile('C:\WINDOWS\System32\d3dx10_3432.dll'); DeleteFile('C:\Documents and Settings\HelpAssistant\Local Settings\Temp\*.*'); DeleteFile('C:\WINDOWS\system32\1869.exe'); DeleteFile('C:\WINDOWS\system32\23281.exe'); DeleteFile('C:\WINDOWS\system32\24464.exe'); DeleteFile('C:\WINDOWS\system32\26962.exe'); DeleteFile('C:\WINDOWS\system32\28145.exe'); DeleteFile('C:\WINDOWS\system32\5705.exe'); DeleteFile('C:\WINDOWS\system32\winlogon86.exe'); DeleteFileMask('%tmp% ','*.* ',true ); BC_ImportDeletedList; ExecuteSysClean; ExecuteWizard('TSW', 3, 3, true); ExecuteWizard('SCU', 3, 3, true); BC_Activate; RebootWindows(true); end.
Upload file quarantine.zip, by link http://virusinfo.info/upload_virus.php?tid=65014Код:begin CreateQurantineArchive(GetAVZDirectory+'quarantine.zip'); end.
4. Fix in HijackThis:
5. Make new logs.O2 - BHO: (no name) - {011A3484-FD93-4FEB-9438-95898E8EA38a} - C:\WINDOWS\System32\d3dx10_3432.dll (file missing)
O4 - S-1-5-18 Startup: PowerReg Scheduler V3.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: PowerReg Scheduler V3.exe (User 'Default user')
O4 - Startup: PowerReg Scheduler V3.exe
O20 - Winlogon Notify: 14e985e5716 - C:\WINDOWS\
Сердце решает кого любить... Судьба решает с кем быть...
I have uploaded the quarantine.zip and attached the three new logs. I have fixed the files using hijack this.
Use Vba32 Rescue. Links to download:
ftp://anti-virus.by/pub/vbarescue-beta.iso
ftp://vba.ok.by/vba/vbarescue-beta.iso
After attach a log C:\VbaRescue\vba32.rpt
Сердце решает кого любить... Судьба решает с кем быть...
http://esagelab.com/resources.php?s=tdss_remover please use it to remove tdss.
the links ftp://anti-virus.by/pub/vbarescue-beta.iso
ftp://vba.ok.by/vba/vbarescue-beta.iso didnt work and my cant get rid of active desktop recovery backround. what can i do to get rid of it?
Excuse, new links:
ftp://anti-virus.by/pub/vbarescue.iso
ftp://vba.ok.by/vba/vbarescue.iso
Make 3 logfiles (syscure, syscheck, hijackthis) and attach vba32.rpt.
Сердце решает кого любить... Судьба решает с кем быть...