Hi there, i have a system information file generated by kaspersky. Can anyone help me with it? thank you!
Hi there, i have a system information file generated by kaspersky. Can anyone help me with it? thank you!
Disable system restore.
Replace the hosts - file: http://virusinfo.info/showthread.php?t=61042
Switch off/Disable:
- Antivirus and and, if you have - Firewall.
- Execute following script in Manual disinfection
After reboot:Код:begin SearchRootkit(true, true); SetAVZGuardStatus(True); DelBHO('{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}'); DelBHO('{92780B25-18CC-41C8-B9BE-3C9C571A8263}'); DelBHO('{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}'); DelBHO('{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}'); DelBHO('{2670000A-7350-4f3c-8081-5663EE0C6C49}'); DelBHO('{5C255C8A-E604-49b4-9D64-90988571CECB}'); BC_ImportAll; ExecuteSysClean; BC_Activate; ExecuteRepair(13); SetAVZPMStatus(True); RebootWindows(true); end.
- Remove Bonjour
- Clean Temp-Maps, Cache of Browsers, Recycler. Use Windows service tool cleanmgr or CCleaner or ClearProg
- Close all the programs and start only Internet Explorer!!!
- Repeat a log file of AVPTool.
- Make a log file with Hijackthis ( Analysis, p.3 for further informations).
- Switch Antivirus and, if you have - Firewall, on.
- Go On-Line
- Attach both logs to your new post..
Hi there i have executed the script disabled restore and run cclean. this is the script. Note that under startup in ccleaner i saw that i have wwwpos32.exe as one of the startup apps. should i delete this?
Thanks!
And I said: REPLACE IT and don't immunize per Spybot - it's absolutely senseless.
BTW: Spybot Search and Destroy is not really helpful in case of emergency, it' only a colorful toy. I suggest you to remove it.
-Fix with Hijackthis
Repeat both logs.Код:O4 - Startup: wwwpos32.exe
Последний раз редактировалось Rene-gad; 10.02.2010 в 10:38. Причина: Добавлено
Nothing suspicious. Any problem more?