Close/disable all the applications excluded AVZ and Internet Explorer.
- Disconnect your PC from network (internet/intranet)
- Disable antivirus, firewall and other memory resident security tools
- Disable System Restore
- Execute following script
Код:
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
ClearQuarantine;
QuarantineFile('C:\WINDOWS\System32\drivers\mstsc.exe','');
QuarantineFile('C:\DOCUME~1\Stanko\LOCALS~1\APPLIC~1\MICROS~1\logman.exe','');
QuarantineFile('C:\DOCUME~1\Stanko\APPLIC~1\MICROS~1\spoolsv.exe','');
DeleteFile('C:\DOCUME~1\Stanko\APPLIC~1\MICROS~1\spoolsv.exe');
DeleteFile('C:\DOCUME~1\Stanko\LOCALS~1\APPLIC~1\MICROS~1\logman.exe');
DeleteFile('C:\WINDOWS\System32\drivers\mstsc.exe');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run','Mstsc');
RegKeyParamDel('HKEY_USERS','S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run','Logman');
RegKeyParamDel('HKEY_USERS','.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run','Logman');
RegKeyParamDel('HKEY_USERS','S-1-5-21-731489209-1318010034-2320572426-1006\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run','Spool');
BC_ImportDeletedList;
ExecuteSysClean;
BC_Activate;
executerepair(16);
RebootWindows(true);
end.
After reboot:
execute following script
Код:
begin
CreateQurantineArchive('C:\quarantine.zip');
end.
- Upload the C:\quarantine.zip over the link Upload quarantined files on the top of this page.
- Make new logs and attach them to the new posting.