Switch off:
- Antivirus and and, if you have - Firewall.
- System Restore
- Execute following script in Manual Healing
Код:
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
TerminateProcessByName('c:\windows\temp\52aa4690.tmp');
RegKeyParamDel('HKEY_USERS','S-1-5-21-1060284298-1454471165-1004336348-1003\Software\Microsoft\Windows\CurrentVersion\Run','F5JMWNZTHI');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','Captcha7');
QuarantineFile('C:\Program Files\captcha.dll','');
QuarantineFile('O:\recycle.{645FF040-5081-101B-9F08-00AA002F954E}\Setup.exe','');
QuarantineFile('O:\autorun.inf','');
QuarantineFile('H:\autorun.inf','');
QuarantineFile('G:\autorun.inf','');
QuarantineFile('F:\autorun.inf','');
QuarantineFile('Explorer.exe C:\WINDOWS\system32\drivers\Prgds.exe','');
QuarantineFile('Explorer.exe %windir%\system32\drivers\Prgds.exe','');
QuarantineFile('E:\autorun.inf','');
QuarantineFile('D:\autorun.inf','');
QuarantineFile('C:\WINDOWS\tinlater.exe','');
QuarantineFile('c:\windows\temp\52aa4690.tmp','');
QuarantineFile('c:\windows\system32\rthdcpll.exe','');
QuarantineFile('C:\WINDOWS\system32\MSIMG32.dll','');
QuarantineFile('c:\windows\msb.exe','');
QuarantineFile('c:\program files\ela-salaty\salaty.exe','');
QuarantineFile('c:\docume~1\mahmoud\locals~1\temp\rje.exe','');
DeleteFile('O:\recycle.{645FF040-5081-101B-9F08-00AA002F954E}\Setup.exe');
DeleteFile('O:\autorun.inf');
DeleteFile('H:\autorun.inf');
DeleteFile('G:\autorun.inf');
DeleteFile('F:\autorun.inf');
DeleteFile('C:\WINDOWS\system32\drivers\Prgds.exe');
DeleteFile('E:\autorun.inf');
DeleteFile('D:\autorun.inf');
DeleteFile('c:\windows\temp\52aa4690.tmp');
DeleteFile('c:\windows\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job');
DeleteFile('c:\windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job');
DeleteFile('C:\WINDOWS\msb.exe');
DeleteFile('C:\DOCUME~1\mahmoud\LOCALS~1\Temp\Rje.exe');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
SetAVZPMStatus(True);
RebootWindows(true);
end.
After reboot:
- Execute following script in Manual Healing
Код:
begin
CreateQurantineArchive('C:\quarantine.zip');
end.
- Upload the C:\quarantine.zip here: http://virusinfo.info/upload_virus_eng.php?tid=78387
- Repeat a new log file of AVPTool
- Attach a new log to your new post..