Hi,
Kapersjy PURE detects but can not delete the rootkit virus. I attached the avptool_sysinfo.zip.
I hope anybody can help me.
Greetings from the sunny Netherlands!
Jacco.
Hi,
Kapersjy PURE detects but can not delete the rootkit virus. I attached the avptool_sysinfo.zip.
I hope anybody can help me.
Greetings from the sunny Netherlands!
Jacco.
Hello,
first of all pls. run this tool: http://support.kaspersky.com/faq/?qid=208280684
Switch off/Disable:
- Antivirus and and, if you have - Firewall.
- System Restore
- Execute following script in Manual disinfection
After reboot execute following script in Manual disinfectionКод:begin SearchRootkit(true, true); SetAVZGuardStatus(True); ClearQuarantine; QuarantineFile('C:\Windows\Fonts\mCoCtvBF4.com',''); QuarantineFile('C:\ProgramData\c054SAuV.exe',''); DeleteFileMask('C:\Windows\Tasks\','At*.job',false); BC_ImportAll; ExecuteSysClean; BC_Activate; SetAVZPMStatus(True); RebootWindows(true); end.
and upload the C:\quarantine.zip over the link Upload quarantined files on the top of this page.Код:begin CreateQurantineArchive('C:\quarantine.zip'); end.
- Remove Bonjour if you don't use it.
- Repeat a log file of AVPTool.
- Attach a log to your new post..
all cleaned and ready!
Thank you very much!
Hi again,
Last week I thought the rootkit thingie was gone but it is back now, even my PC was said to be clean (Kapersky pure).
I made a new scan and attached the zip file. I hope you can help me out.
As for the 'not posting a log-file' to my last message; Where can I create and find a log-file?
Thanks!
Jacco
Execute a script:
and upload the C:\quarantine1.zip over the link Upload quarantined files on the top of this page.Код:begin QuarantineFile('C:\Windows\system32\Drivers\UsbModul.sys',''); CreateQurantineArchive('C:\quarantine1.zip'); end.
Even such/there, how/where you did the first log
Hi Rene-gad,
I tried to upload the new quarantine file but I got a message saying that the file has alreadby been uploaded. is that correct?
as for the log-misunderstandings; I use the Kapersky Virus Removal Tool, which uses other names for the files, which is confusing sometimes "Step 1: Gather system information" didn't look like "Create a log file" to me
Hi Rene-gad,
There are several hints to the rootkit virus:
1) Kapersky pure (firewall) prompts me for authentication for an unknowm EXE file. It is located in the temp file (names vary but look like "HKI640.EXE for example)
2) When I start a manaul full scan, Kapersky prompt me that the rootkit virus is found
3) When I start TDSSKiller.exe, it reports that the rootkit has been found in memory and it will be cleaned after next reboot. Afterwards it seems that the rootkit is still there though.
I'm kinda clueless, I hope you can help me out.
Greetings from Holland!
Jacco
Pls. do the step 5 from here, but pls. DON'T POST but ATTACH the logs.
Hi Rene-gad,
See the two log files in the attachments.
By the way, maybe this has something to do with it as well; Kapersky is unable to perform any database upgrades. It says "Object not found".
Thanks again!
Try this way: http://www.getsysteminfo.com/ Post the link or attach the protocol.
Hi,
Is this what you mean?
http://www.getsysteminfo.com/read.ph...1cc915a81790f0
Ciao,
Jacco
It's absolutely nothing suspicious. Try to reinstall Kaspersky. If it wouldn't be successful - contact technical support of KL.
Статистика проведенного лечения:
- Получено карантинов: 1
- Обработано файлов: 4
- В ходе лечения вредоносные программы в карантинах не обнаружены