Switch off/Disable:
- Antivirus and and, if you have - Firewall.
- System Restore
- Execute following script in Manual disinfection
Код:
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
ClearQuarantine;
StopService('zzfspdsw');
StopService('zwzgxevt');
StopService('zwqkyiwx');
StopService('xpneacfq');
StopService('wbdpbtsi');
StopService('vzwrkdhf');
StopService('ujctpkyg');
StopService('tntzldpg');
StopService('lcuayegy');
StopService('kamzxdpw');
StopService('ijxnnvqj');
StopService('ibcrwdkj');
StopService('hvaxrwkv');
StopService('gkgaorko');
StopService('gjzbrugq');
StopService('fzuparzk');
StopService('fgmgfuep');
StopService('etaiuuu0bkphyruv');
StopService('eouoidfu11');
StopService('dozrasjq');
StopService('cxtjfbps');
StopService('ccwdkpsi');
QuarantineFile('C:\WINDOWS\system32\mujy.exe','');
QuarantineFile('C:\WINDOWS\System32\Drivers\zzfspdsw.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\zwzgxevt.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\zwqkyiwx.sys','');
QuarantineFile('C:\WINDOWS\system32\drivers\zvwbatoeq5.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\xpneacfq.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\wbdpbtsi.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\vzwrkdhf.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\ujctpkyg.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\tntzldpg.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\lcuayegy.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\kggnxrjh.sys','');
QuarantineFile('C:\WINDOWS\system32\drivers\KeyAgent.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\kamzxdpw.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\ijxnnvqj.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\ibcrwdkj.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\hvaxrwkv.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\gkgaorko.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\gjzbrugq.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\fzuparzk.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\fgmgfuep.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\dozrasjq.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\cxtjfbps.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\ccwdkpsi.sys','');
QuarantineFile('C:\WINDOWS\system32\dacisy.exe','');
QuarantineFile('C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe','');
QuarantineFile('\SystemRoot\system32\drivers\zvwbatoeq5.sys','');
DeleteService('zzfspdsw');
DeleteService('zwzgxevt');
DeleteService('zwqkyiwx');
DeleteService('xpneacfq');
DeleteService('wbdpbtsi');
DeleteService('vzwrkdhf');
DeleteService('ujctpkyg');
DeleteService('tntzldpg');
DeleteService('lcuayegy');
DeleteService('kamzxdpw');
DeleteService('ijxnnvqj');
DeleteService('ibcrwdkj');
DeleteService('hvaxrwkv');
DeleteService('gkgaorko');
DeleteService('gjzbrugq');
DeleteService('fzuparzk');
DeleteService('fgmgfuep');
DeleteService('etaiuuu0bkphyruv');
DeleteService('eouoidfu11');
DeleteService('dozrasjq');
DeleteService('cxtjfbps');
DeleteService('ccwdkpsi');
DeleteFile('C:\WINDOWS\system32\mujy.exe');
DeleteFile('C:\WINDOWS\System32\Drivers\zzfspdsw.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\zwzgxevt.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\zwqkyiwx.sys');
DeleteFile('C:\WINDOWS\system32\drivers\zvwbatoeq5.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\xpneacfq.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\wbdpbtsi.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\vzwrkdhf.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\ujctpkyg.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\tntzldpg.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\lcuayegy.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\kggnxrjh.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\kamzxdpw.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\ijxnnvqj.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\ibcrwdkj.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\hvaxrwkv.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\gkgaorko.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\gjzbrugq.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\fzuparzk.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\fgmgfuep.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\dozrasjq.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\ccwdkpsi.sys');
DeleteFile('C:\WINDOWS\system32\dacisy.exe');
DeleteFile('\SystemRoot\system32\drivers\zvwbatoeq5.sys');
ExecuteWizard('TSW', 2, 2, true);
ExecuteWizard('SCU', 2, 2, true);
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
BC_DeleteSvc('zzfspdsw');
BC_DeleteSvc('zwzgxevt');
BC_DeleteSvc('zwqkyiwx');
BC_DeleteSvc('xpneacfq');
BC_DeleteSvc('wbdpbtsi');
BC_DeleteSvc('vzwrkdhf');
BC_DeleteSvc('ujctpkyg');
BC_DeleteSvc('tntzldpg');
BC_DeleteSvc('lcuayegy');
BC_DeleteSvc('kamzxdpw');
BC_DeleteSvc('ijxnnvqj');
BC_DeleteSvc('ibcrwdkj');
BC_DeleteSvc('hvaxrwkv');
BC_DeleteSvc('gkgaorko');
BC_DeleteSvc('gjzbrugq');
BC_DeleteSvc('fzuparzk');
BC_DeleteSvc('fgmgfuep');
BC_DeleteSvc('etaiuuu0bkphyruv');
BC_DeleteSvc('eouoidfu11');
BC_DeleteSvc('dozrasjq');
BC_DeleteSvc('cxtjfbps');
BC_DeleteSvc('ccwdkpsi');
SetAVZPMStatus(True);
RebootWindows(true);
end.
After reboot execute following script in Manual disinfection
Код:
begin
CreateQurantineArchive('C:\quarantine.zip');
end.
and upload the C:\quarantine.zip over the link Upload quarantined files on the top of this page.
- Clean Temp-Maps, Cache of Browsers, Recycler. Use Windows service tool cleanmgr or CCleaner or ClearProg
- Close all the programs and start only Internet Explorer!!!
- Repeat a log file of AVPTool.
- Make a log file with Hijackthis ( Analysis, p.3 for further informations).
- Switch Antivirus and, if you have - Firewall, on.
- Go On-Line
- Attach both logs to your new post..