Switch off/Disable:
- Antivirus and and, if you have - Firewall.
- System Restore
- Execute following script in Manual disinfection
Код:
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
ClearQuarantine;
QuarantineFile('wscsvc.sys','');
StopService('PEVSystemStart');
DeleteService('PEVSystemStart');
QuarantineFile('C:\zz\PEV.cfxxe','');
QuarantineFile('C:\Windows\System32\Drivers\zoxausba.sys','');
QuarantineFile('C:\Windows\system32\drivers\bvdy.sys','');
DeleteFile('C:\Windows\system32\drivers\bvdy.sys');
DeleteFile('C:\Windows\System32\Drivers\zoxausba.sys');
DeleteFileMask('C:\zz\','*.*',true);
DeleteDirectory('C:\zz\');
DeleteService('Bonjour Service');
BC_DeleteSvc('Bonjour Service');
DeleteFileMask('%programfiles%\Bonjour\','*.*',true);
DeleteDirectory('%programfiles%\Bonjour\');
DelCLSID('{9999A076-A9E2-4C99-8A2B-632FC9429223}');
RegKeyDel('HKEY_LOCAL_MACHINE','SYSTEM\CurrentControlSet\Services\Eventlog\Application\Bonjour Service');
ExecuteRepair(14);
ExecuteWizard('TSW', 2, 2, true);
ExecuteWizard('SCU', 2, 2, true);
BC_ImportAll;
ExecuteSysClean;
BC_DeleteSvc('PEVSystemStart');
BC_Activate;
ExecuteRepair(1);
ExecuteRepair(6);
ExecuteRepair(8);
ExecuteRepair(9);
ExecuteRepair(11);
ExecuteRepair(16);
ExecuteRepair(17);
SetAVZPMStatus(True);
RebootWindows(true);
end.
After reboot execute following script in Manual disinfection
Код:
begin
CreateQurantineArchive('C:\quarantine.zip');
end.
and upload the C:\quarantine.zip over the link Upload quarantined files on the top of this page.
- Repeat a log file of AVPTool.
- Make a log file with Hijackthis ( Analysis, p.3 for further informations).
- Attach a log to your new post..