Database was last updated 8/21/2009
??? it is necessary to update the database (via File - Database update)
System booted in
Safe Mode with Networking
Pls. provide all further activities only in NORMAL MODE!
Switch off/Disable:
- Antivirus and and, if you have - Firewall.
- System Restore
- Execute following script in Manual disinfection
Код:
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
ClearQuarantine;
QuarantineFile('C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MKCLDKZOI.exe','');
QuarantineFile('C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MHZ.exe','');
QuarantineFile('C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\JHCNJ.exe','');
StopService('MKCLDKZOI');
DeleteService('MKCLDKZOI');
BC_DeleteSvc('MKCLDKZOI');
StopService('MHZ');
StopService('JHCNJ');
DeleteService('MHZ');
BC_DeleteSvc('MHZ');
DeleteService('JHCNJ');
BC_DeleteSvc('JHCNJ');
QuarantineFile('c:\program files\tall emu\online armor\oahlp.exe','');
DeleteFile('C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MKCLDKZOI.exe');
DeleteFile('C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MHZ.exe');
DeleteFile('C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\JHCNJ.exe');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
SetAVZPMStatus(True);
RebootWindows(true);
end.
After reboot execute following script in Manual disinfection
Код:
begin
CreateQurantineArchive('C:\quarantine.zip');
end.
and upload the C:\quarantine.zip over the link Upload quarantined files on the top of this page.
- Your System is extremely vulnerable!!! Install Service Pack 3 +all subsequent updates + Internet Explorer 8
- Make and attach 3 new logs as in the message 1.