Help, pc blocked by "antivirus soft"

[Katharsis]

Hello
I was on a random site when my pc got infected by this so-called "antivirus soft", saying my pc is infected and that I need to purchase the whole product to heal the problem. It's obviously bullshit.

The big problem is that I can't do anything right now except using mozilla and run a very few programs.
I can't open the task window, I have an error message saying the file is corrupted. I can't open a zip, a rar, or nearly every .exe file, I get an error message aswell.
I could install the kaspersky removal tool though, it tried to delete the bad files but it couldn't, my pc did a strange noise, and it did nothing. The problem is still here. Tou know, sometimes the virus opens an internet explorer page and goes to a porn site : WTF is that virus ?

[Rene-gad]

Switch off/Disable:
- Antivirus and and, if you have - Firewall.
- System Restore

- Execute following script in Manual disinfection

Код:

begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
ClearQuarantine;
 TerminateProcessByName('c:\documents and settings\tim\local settings\application data\snnruj\uawxsftav.exe');
 QuarantineFile('C:\WINDOWS\System32\EGCOMSERVICE2.dll','');
 QuarantineFile('C:\WINDOWS\2_0_1browserhelper2.dll','');
 QuarantineFile('C:\Documents and Settings\Tim\Local Settings\Application Data\snnruj\uawxsftav.exe','');
 DeleteFile('C:\Documents and Settings\Tim\Local Settings\Application Data\snnruj\uawxsftav.exe');
 DeleteFile('C:\WINDOWS\2_0_1browserhelper2.dll');
 DeleteFile('C:\WINDOWS\System32\EGCOMSERVICE2.dll');
 DelBHO('{32683183-48a0-441b-a342-7c2a440a9478}');
 DelBHO('{9C691A33-7DDA-4C2F-BE4C-C176083F35CF}');
 DelBHO('{83DE62E0-5805-11D8-9B25-00E04C60FAF2}');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
SetAVZPMStatus(True);
RebootWindows(true);
end.

After reboot execute following script in Manual disinfection

Код:

begin
CreateQurantineArchive('C:\quarantine.zip');
end.

and upload the C:\quarantine.zip over the link Upload quarantined files on the top of this page.

- Install Service Pack 3 and all updates
- Install the last version of your antivirus: http://free.avg.com/us-en/download-avg-anti-virus-free
- Repeat a log file of AVPTool.
- Make a log file with Hijackthis ( Analysis, p.3 for further informations).
- Attach both logs to your new post..

[Katharsis]

thanks a lot for your help, mate.

So far I did the reboot, then the second script, but I don't know how to upload the C:\quarantine.zip over the link Upload quarantined files (on the top of this page ?) . I see the zip file in C:, but where do i upload it ? (sorry I'm pretty much a noob)

[Rene-gad]

thanks a lot for your help, mate.

So far I did the reboot, then the second script, but I don't know how to upload the C:\quarantine.zip over the link Upload quarantined files (on the top of this page ?) . I see the zip file in C:, but where do i upload it ? (sorry I'm pretty much a noob)

http://virusinfo.info/upload_virus_eng.php?tid=72160

[CyberHelper]

Статистика проведенного лечения:

• Получено карантинов: 1
• Обработано файлов: 8
• В ходе лечения обнаружены вредоносные программы:
  
  1. c:\documents and settings\tim\local settings\application data\snnruj\uawxsftav.exe - Trojan.Win32.FraudPack.amgv ( BitDefender: Application.Generic.285761, NOD32: Win32/Adware.SpywareProtect2009 application, AVAST4: Win32:Rootkit-gen [Rtk] )
  2. c:\windows\system32\egcomservice2.dll - not-a-virus:Dialer.Win32.E-Group.b ( DrWEB: Dialer.Egroup, BitDefender: Application.Dialer.FI, NOD32: Win32/Dialer.Egroup.B application, AVAST4: Win32:Trojan-gen )