pls i need help dont know how to get rid of this kaspersky shows this in smss.exe and service.exe my sound suddenly closes evrey 5 minutes
pls i need help dont know how to get rid of this kaspersky shows this in smss.exe and service.exe my sound suddenly closes evrey 5 minutes
in this file Procese din Memorie Infectate:
C:\System Volume Information\Microsoft\services.exe (Trojan.Agent) -> Failed to unload process.
C:\System Volume Information\Microsoft\smss.exe (Trojan.Agent) -> Failed to unload process.
pls some one heeeeeeeeellllllllllppppppppp meeeee
Close/unload all the programs excepted AVZ and Internet Explorer
Switch off:
- Antivirus and and, if you have - Firewall.
- System Restore
- Execute following script in Manual Healing
After reboot:Код:begin SearchRootkit(true, true); SetAVZGuardStatus(True); QuarantineFile('alg.exe',''); StopService('MEMSWEEP2'); DeleteService('MEMSWEEP2'); QuarantineFile('C:\WINDOWS\system32\4D0.tmp',''); QuarantineFile('c:\system volume information\microsoft\smss.exe',''); QuarantineFile('c:\system volume information\microsoft\services.exe',''); TerminateProcessByName('c:\system volume information\microsoft\smss.exe'); TerminateProcessByName('c:\system volume information\microsoft\services.exe'); DeleteFile('c:\system volume information\microsoft\services.exe'); DeleteFile('c:\system volume information\microsoft\smss.exe'); DeleteFile('C:\WINDOWS\system32\4D0.tmp'); BC_DeleteSvc('MEMSWEEP2'); BC_ImportAll; ExecuteSysClean; BC_Activate; RebootWindows(true); end.
- Execute following script in Manual Healing
- Upload the C:\quarantine.zip here: http://virusinfo.info/upload_virus_eng.php?tid=82405Код:begin CreateQurantineArchive('C:\quarantine.zip'); end.
- Repeat a log file.
- Attach a new log to your new post..
I dont know if ive done exactli how you said becaus im not very good with computers and it look like viruses are still there
1. Download http://www.esagelab.com/files/bootkit_remover.rar
2. Unzip it.
3. Double click on remover.exe.
4. Attach a screenshot of the Bootkit Remover report.
Сердце решает кого любить... Судьба решает с кем быть...
Bootkit Remover version 1.0.0.1
(c) 2009 eSage Lab
www.esagelab.com
\\.\C: -> \\.\PhysicalDrive0
MD5: 305658c5e95259df8541c6683a71d729
\\.\D: -> \\.\PhysicalDrive0
Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Unknown boot code
Unknown boot code has been found on some of your physical disks.
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>
Press any key to quit... This is what it shows me after double click
1. Unzip this batch in a folder with remover.exe.
2. Click on run_me.bat and reboot your computer.
3. Run remover.exe again and attach a new screenshot to your new post.
4. Make a new log of AVPTool.
Сердце решает кого любить... Судьба решает с кем быть...
thanks i think this is it it looks like is normal again Bootkit Remover version 1.0.0.1
(c) 2009 eSage Lab
www.esagelab.com
\\.\C: -> \\.\PhysicalDrive0
MD5: 6def5ffcbcdbdb4082f1015625e597bd
\\.\D: -> \\.\PhysicalDrive0
Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)
Press any key to quit...
Pls tell me if is ok after you see this avptool
I could not find any malware in your log.
Сердце решает кого любить... Судьба решает с кем быть...
ok thank you are the best
Take advantage of our best service http://virusinfo.info/911test
Kind regards,
Aleksa.
Сердце решает кого любить... Судьба решает с кем быть...
Статистика проведенного лечения:
- Получено карантинов: 1
- Обработано файлов: 11
- В ходе лечения вредоносные программы в карантинах не обнаружены