- Remove ALL antimalware tools you've installed excepted ONLY McAfee Antivirus and Malwarebytes Antimalware!!!
Switch off:
- Antivirus and and, if you have - Firewall.
- System Restore
- Execute following script in Manual Healing
Код:
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
StopService('f9fA5');
StopService('e9e5');
StopService('e16D');
StopService('d926');
StopService('bf1A');
StopService('be0AD');
StopService('ba1A7');
StopService('afbAB');
StopService('ae8E');
StopService('9ccA9');
StopService('8b4A3');
StopService('7d216');
StopService('761C');
StopService('68d8');
StopService('6539');
StopService('62f15');
StopService('51c14');
StopService('4f811');
StopService('3ed12');
StopService('0fa4');
StopService('0f8A8');
StopService('0f110');
StopService('0e8A4');
StopService('019AC');
QuarantineFile('C:\WINDOWS.0\Temp\JET3705.tmp','');
QuarantineFile('C:\WINDOWS.0\system32\f9fA5.sys','');
QuarantineFile('C:\WINDOWS.0\system32\Event Agent\PopMenu.exe','');
QuarantineFile('C:\WINDOWS.0\system32\Event Agent\bin\smss .exe','');
QuarantineFile('C:\WINDOWS.0\system32\eaLsp.dll','');
QuarantineFile('C:\WINDOWS.0\system32\e9e5.sys','');
QuarantineFile('C:\WINDOWS.0\system32\e16D.sys','');
QuarantineFile('C:\WINDOWS.0\system32\d926.sys','');
QuarantineFile('C:\WINDOWS.0\system32\bf1A.sys','');
QuarantineFile('C:\WINDOWS.0\system32\be0AD.sys','');
QuarantineFile('C:\WINDOWS.0\system32\ba1A7.sys','');
QuarantineFile('C:\WINDOWS.0\system32\afbAB.sys','');
QuarantineFile('C:\WINDOWS.0\system32\ae8E.sys','');
QuarantineFile('C:\WINDOWS.0\system32\9ccA9.sys','');
QuarantineFile('C:\WINDOWS.0\system32\8b4A3.sys','');
QuarantineFile('C:\WINDOWS.0\system32\7d216.sys','');
QuarantineFile('C:\WINDOWS.0\system32\761C.sys','');
QuarantineFile('C:\WINDOWS.0\system32\68d8.sys','');
QuarantineFile('C:\WINDOWS.0\system32\6539.sys','');
QuarantineFile('C:\WINDOWS.0\system32\62f15.sys','');
QuarantineFile('C:\WINDOWS.0\system32\51c14.sys','');
QuarantineFile('C:\WINDOWS.0\system32\4f811.sys','');
QuarantineFile('C:\WINDOWS.0\system32\3ed12.sys','');
QuarantineFile('C:\WINDOWS.0\system32\0fa4.sys','');
QuarantineFile('C:\WINDOWS.0\system32\0f8A8.sys','');
QuarantineFile('C:\WINDOWS.0\system32\0f110.sys','');
QuarantineFile('C:\WINDOWS.0\system32\0e8A4.sys','');
QuarantineFile('C:\WINDOWS.0\system32\019AC.sys','');
QuarantineFile('C:\Program Files\Internet Explorer\SABProcEnum.sys','');
DeleteService('f9fA5');
DeleteService('e9e5');
DeleteService('e16D');
DeleteService('d926');
DeleteService('bf1A');
DeleteService('be0AD');
DeleteService('ba1A7');
DeleteService('afbAB');
DeleteService('ae8E');
DeleteService('9ccA9');
DeleteService('8b4A3');
DeleteService('7d216');
DeleteService('761C');
DeleteService('68d8');
DeleteService('6539');
DeleteService('62f15');
DeleteService('51c14');
DeleteService('4f811');
DeleteService('3ed12');
DeleteService('0fa4');
DeleteService('0f8A8');
DeleteService('0f110');
DeleteService('0e8A4');
DeleteService('019AC');
DeleteFile('C:\WINDOWS.0\Temp\JET3705.tmp');
DeleteFile('C:\WINDOWS.0\system32\f9fA5.sys');
DeleteFile('C:\WINDOWS.0\system32\e9e5.sys');
DeleteFile('C:\WINDOWS.0\system32\e16D.sys');
DeleteFile('C:\WINDOWS.0\system32\d926.sys');
DeleteFile('C:\WINDOWS.0\system32\bf1A.sys');
DeleteFile('C:\WINDOWS.0\system32\be0AD.sys');
DeleteFile('C:\WINDOWS.0\system32\ba1A7.sys');
DeleteFile('C:\WINDOWS.0\system32\afbAB.sys');
DeleteFile('C:\WINDOWS.0\system32\ae8E.sys');
DeleteFile('C:\WINDOWS.0\system32\9ccA9.sys');
DeleteFile('C:\WINDOWS.0\system32\8b4A3.sys');
DeleteFile('C:\WINDOWS.0\system32\7d216.sys');
DeleteFile('C:\WINDOWS.0\system32\761C.sys');
DeleteFile('C:\WINDOWS.0\system32\68d8.sys');
DeleteFile('C:\WINDOWS.0\system32\6539.sys');
DeleteFile('C:\WINDOWS.0\system32\62f15.sys');
DeleteFile('C:\WINDOWS.0\system32\51c14.sys');
DeleteFile('C:\WINDOWS.0\system32\4f811.sys');
DeleteFile('C:\WINDOWS.0\system32\3ed12.sys');
DeleteFile('C:\WINDOWS.0\system32\0fa4.sys');
DeleteFile('C:\WINDOWS.0\system32\0f8A8.sys');
DeleteFile('C:\WINDOWS.0\system32\0f110.sys');
DeleteFile('C:\WINDOWS.0\system32\0e8A4.sys');
DeleteFile('C:\WINDOWS.0\system32\019AC.sys');
BC_DeleteSvc('f9fA5');
BC_DeleteSvc('e9e5');
BC_DeleteSvc('e16D');
BC_DeleteSvc('d926');
BC_DeleteSvc('bf1A');
BC_DeleteSvc('be0AD');
BC_DeleteSvc('ba1A7');
BC_DeleteSvc('afbAB');
BC_DeleteSvc('ae8E');
BC_DeleteSvc('9ccA9');
BC_DeleteSvc('8b4A3');
BC_DeleteSvc('7d216');
BC_DeleteSvc('761C');
BC_DeleteSvc('68d8');
BC_DeleteSvc('6539');
BC_DeleteSvc('62f15');
BC_DeleteSvc('51c14');
BC_DeleteSvc('4f811');
BC_DeleteSvc('3ed12');
BC_DeleteSvc('0fa4');
BC_DeleteSvc('0f8A8');
BC_DeleteSvc('0f110');
BC_DeleteSvc('0e8A4');
BC_DeleteSvc('019AC');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.
After reboot:
- Execute following script in Manual Healing
Код:
begin
CreateQurantineArchive('C:\quarantine.zip');
end.
- Upload the C:\quarantine.zip here: http://virusinfo.info/upload_virus_eng.php?tid=78390
- Make a new AVPTool log file.
- Make a new log of Malwarebytes Antimalware
- Attach both logs to your new post..