Security Tool and possible other viruses, please help disinfect, i append log:
Security Tool and possible other viruses, please help disinfect, i append log:
Close/unload all the programs excepted Internet Explorer
Switch off:
- Antivirus and and, if you have - Firewall.
- System Restore
Start KVRT "AS ADMINITRATOR"
- Execute following script in Manual Healing
After reboot:Код:begin SearchRootkit(true, true); SetAVZGuardStatus(True); QuarantineFile('C:\Users\xxx\AppData\LocalLow\BestEstimation\bestestimatiie.dll',''); QuarantineFile('C:\PROGRA~1\COMMON~1\owysu.ovu',''); QuarantineFile('c:\users\xxx\appdata\local\temp\pmkifd.dll',''); QuarantineFile('c:\users\xxx\appdata\local\933249.exe',''); TerminateProcessByName('c:\users\xxx\appdata\local\933249.exe'); DeleteFile('c:\users\xxx\appdata\local\933249.exe'); BC_ImportAll; ExecuteSysClean; BC_Activate; RebootWindows(true); end.
- Execute following script in Manual Healing
- Upload the C:\quarantine.zip here: http://virusinfo.info/upload_virus_eng.php?tid=84294Код:begin CreateQurantineArchive('C:\quarantine.zip'); end.
- Make a new log file of KVRT.
- Attach a new log to your new post..
Quarantine uploaded.
New log attach:
Close/unload all the programs excepted Internet Explorer
Switch off:
- Antivirus and and, if you have - Firewall.
- System Restore
Start KVRT "AS ADMINITRATOR"
- Execute following script in Manual Healing
After reboot:Код:begin SearchRootkit(true, true); SetAVZGuardStatus(True); DeleteFile('c:\users\xxx\appdata\local\temp\pmkifd.dll'); DeleteFile('C:\Users\xxx\AppData\LocalLow\BestEstimation\bestestimatiie.dll'); DeleteFileMask('C:\Users\xxx\AppData\LocalLow\BestEstimation\','*.*',true); DeleteDirectory('C:\Users\xxx\AppData\LocalLow\BestEstimation\'); DeleteFile('C:\Users\xxx\AppData\Roaming\a7dc7394.exe'); DeleteFile('C:\windows\tasks\a7dc7394.job'); ExecuteWizard('TSW', 2, 2, true); ExecuteWizard('SCU', 3, 3, true); BC_ImportAll; ExecuteSysClean; BC_Activate; RebootWindows(true); end.
Start KVRT "AS ADMINITRATOR"
- Make a new log file of KVRT.
- Attach a new log to your new post..
Статистика проведенного лечения:
- Получено карантинов: 1
- Обработано файлов: 11
- В ходе лечения обнаружены вредоносные программы:
- c:\users\xxx\appdata\local\933249.exe - Trojan.Win32.FakeAV.arj ( DrWEB: Trojan.Fakealert.18495, BitDefender: Trojan.Generic.KD.23557, AVAST4: Win32:FakeAlert-NQ [Trj] )