Trojan-clicker,win32,cycler,ajts

[raidu2004]

pls i need help dont know how to get rid of this kaspersky shows this in smss.exe and service.exe my sound suddenly closes evrey 5 minutes

[raidu2004]

in this file Procese din Memorie Infectate:
C:\System Volume Information\Microsoft\services.exe (Trojan.Agent) -> Failed to unload process.
C:\System Volume Information\Microsoft\smss.exe (Trojan.Agent) -> Failed to unload process.
pls some one heeeeeeeeellllllllllppppppppp meeeee

[Rene-gad]

Close/unload all the programs excepted AVZ and Internet Explorer

Switch off:
- Antivirus and and, if you have - Firewall.
- System Restore


- Execute following script in Manual Healing

Код:

begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
 QuarantineFile('alg.exe','');
 StopService('MEMSWEEP2');
 DeleteService('MEMSWEEP2');
 QuarantineFile('C:\WINDOWS\system32\4D0.tmp','');
 QuarantineFile('c:\system volume information\microsoft\smss.exe','');
 QuarantineFile('c:\system volume information\microsoft\services.exe','');
 TerminateProcessByName('c:\system volume information\microsoft\smss.exe');
 TerminateProcessByName('c:\system volume information\microsoft\services.exe');
 DeleteFile('c:\system volume information\microsoft\services.exe');
 DeleteFile('c:\system volume information\microsoft\smss.exe');
 DeleteFile('C:\WINDOWS\system32\4D0.tmp');
 BC_DeleteSvc('MEMSWEEP2');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.

After reboot:
- Execute following script in Manual Healing

Код:

begin
CreateQurantineArchive('C:\quarantine.zip');    
end.

- Upload the C:\quarantine.zip here: http://virusinfo.info/upload_virus_eng.php?tid=82405
- Repeat a log file.
- Attach a new log to your new post..

[raidu2004]

I dont know if ive done exactli how you said becaus im not very good with computers and it look like viruses are still there

[Aleksandra]

1. Download http://www.esagelab.com/files/bootkit_remover.rar
2. Unzip it.
3. Double click on remover.exe.
4. Attach a screenshot of the Bootkit Remover report.

[raidu2004]

Bootkit Remover version 1.0.0.1
(c) 2009 eSage Lab
www.esagelab.com

\\.\C: -> \\.\PhysicalDrive0
MD5: 305658c5e95259df8541c6683a71d729
\\.\D: -> \\.\PhysicalDrive0

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Unknown boot code

Unknown boot code has been found on some of your physical disks.
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>


Press any key to quit... This is what it shows me after double click

[Aleksandra]

1. Unzip this batch in a folder with remover.exe.
2. Click on run_me.bat and reboot your computer.
3. Run remover.exe again and attach a new screenshot to your new post.
4. Make a new log of AVPTool.

[raidu2004]

thanks i think this is it it looks like is normal again Bootkit Remover version 1.0.0.1
(c) 2009 eSage Lab
www.esagelab.com

\\.\C: -> \\.\PhysicalDrive0
MD5: 6def5ffcbcdbdb4082f1015625e597bd
\\.\D: -> \\.\PhysicalDrive0

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)


Press any key to quit...

[raidu2004]

Pls tell me if is ok after you see this avptool

[Aleksandra]

I could not find any malware in your log.

[raidu2004]

ok thank you are the best

[Aleksandra]

Take advantage of our best service http://virusinfo.info/911test

Kind regards,

Aleksa.

[CyberHelper]

Статистика проведенного лечения:

• Получено карантинов: 1
• Обработано файлов: 11
• В ходе лечения вредоносные программы в карантинах не обнаружены