I had some problems with my Explorer, it opens some windows with unneeded banners (i dont ask that), and i've done yet a Online Kavscan, and with the removal tool i received this report:
I had some problems with my Explorer, it opens some windows with unneeded banners (i dont ask that), and i've done yet a Online Kavscan, and with the removal tool i received this report:
Hi,
Switch off/Disable:
- Antivirus and and, if you have - Firewall.
- System Restore
- Execute following script in Manual disinfection
After reboot execute following script in Manual disinfectionКод:begin SearchRootkit(true, true); SetAVZGuardStatus(True); ClearQuarantine; QuarantineFile('c:\users\bart\appdata\roaming\systemproc\lsass.exe',''); TerminateProcessByName('c:\users\bart\appdata\roaming\systemproc\lsass.exe'); DeleteFile('c:\users\bart\appdata\roaming\systemproc\lsass.exe'); BC_ImportAll; ExecuteSysClean; BC_Activate; SetAVZPMStatus(True); RebootWindows(true); end.
and upload the C:\quarantine.zip over the link Upload quarantined files on the top of this page.Код:begin CreateQurantineArchive('C:\quarantine.zip'); end.
Make a new AVPTool log file and attach a log to your new post..
The last part of your reply i dont understand i i've dont yet execute this part, its about the following part:
and upload the C:\quarantine.zip over the link Upload quarantined files on the top of this page.
Make a new AVPTool log file and attach a log to your new post..
-> I dont find the link "Upload quarantined files" on the top of this page
-> a new AVPtool log file: whats AVP?
Thxs
Dont look at my previous post, i had do some research and i finally found the Upload quarantine link on the top of this page, and this is my new log file in attachement
Последний раз редактировалось Rene-gad; 23.08.2010 в 13:27.
- Execute following script in Manual disinfection
After reboot execute following script in Manual disinfectionКод:begin SearchRootkit(true, true); SetAVZGuardStatus(True); ClearQuarantine; QuarantineFile('C:\windows\system32\Drivers\SafeBoot.sys',''); DelBHO('{1F59E089-2C28-9F31-D0FE-A3D6C595BD2C}'); QuarantineFile('C:\windows\system32\d3dx9_3232.dll',''); DeleteFile('C:\windows\system32\d3dx9_3232.dll'); ExecuteWizard('TSW', 2, 2, true); ExecuteWizard('SCU', 2, 2, true); BC_ImportAll; ExecuteSysClean; BC_Activate; RebootWindows(true); end.
and upload the C:\quarantine2.zip over the link Upload quarantined files on the top of this page.Код:begin CreateQurantineArchive('C:\quarantine2.zip'); end.
Make a new AVPTool log file and attach a log to your new post..
new log in attachement
Pls. make a log of Hijacktis (s. here for more information). Pls. don't forget to start the program AS ADMINISTRATOR.
here the hijackthis log execute as administrator:
Последний раз редактировалось Rene-gad; 23.08.2010 в 15:09. Причина: logs have to ATTACHED, not POSTED
-Fix with Hijackthis
reboot you system and make new log of hijackthis.Код:O20 - AppInit_DLLs: APSHook.dll,C:\windows\system32\d3dx9_3232.dll
here is my new log in attachement
OK, do you have any problem more?
Статистика проведенного лечения:
- Получено карантинов: 2
- Обработано файлов: 10
- В ходе лечения обнаружены вредоносные программы:
- c:\\users\\bart\\appdata\\roaming\\systemproc\\lsa ss.exe - P2P-Worm.Win32.Agent.afo ( DrWEB: Win32.HLLW.Lime.566, BitDefender: Trojan.Generic.4708650, AVAST4: Win32:Dracur-E [Cryp] )
- c:\\windows\\system32\\d3dx9_3232.dll - Packed.Win32.Katusha.n ( DrWEB: Trojan.Bender.28, BitDefender: Gen:Variant.Kazy.29, AVAST4: Win32:Dracur-E [Cryp] )