PDA

Просмотр полной версии : Virus or Trojan ? Google Error



LuckyPaul
13.06.2007, 23:23
Hello,
last time i have some problems with my computer. every time i search something in google and than click on a link, i get to different mysterious websites. i have done a virus check with AVZ4 an have attached the logfiles.
i hope that anyone can find the error in the logfiles. i would be very greatefull for any help!

LP

Bratez
14.06.2007, 02:06
Execute the following script in AVZ:


begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
QuarantineFile('C:\WINDOWS\system32\kdlrc.exe','') ;
QuarantineFile('C:\WINDOWS\system32\DRIVERS\secdrv .sys','');
QuarantineFile('C:\WINDOWS\system32\midas.dll','') ;
QuarantineFile('C:\WINDOWS\system32\Hook.dll','');
BC_ImportQuarantineList;
BC_Activate;
RebootWindows(true);
end.
Your system will reboot.
Then upload all quarantined files according to appendix #3 of Rules.

LuckyPaul
14.06.2007, 22:21
hello Bratez,

i executed the script. The system rebooted and AVZ created a new quarantine folder. Which files do you want me to upload? The complete folder or only the .DTA files? :?

thx for your help,
LP

drongo
14.06.2007, 22:32
You should do it exactly like this :
1. Start AVZ, choose from the menu "File"-> "Quarantine folder viewer ".
2. Mark files in the list which should be sent.
3. Click on the button "Archive” and specify a place on the disk where the archive should be kept.

4. Upload the archive using the upload link http://virusinfo.info/upload_virus_eng.php?tid=10362

LuckyPaul
14.06.2007, 22:44
file uploaded ...
thank you for your time!

Bratez
15.06.2007, 02:34
C:\WINDOWS\system32\kdlrc.exe - Trojan.Win32.DNSChanger.iu
So, please execute this script:


begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
DeleteFile('C:\WINDOWS\system32\kdlrc.exe');
BC_ImportDeletedList;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.
After your system reboots, make new logfiles starting from step #10 of Rules.
I believe now the problem should disappear.

LuckyPaul
15.06.2007, 13:13
Hey Bratez,
the problem is gone! here are the new log files. i hope that there is no second problem ...
I think i will nominate you for the computer healing nobel price ;)

Thank you for your help !

-LP

drongo
15.06.2007, 13:27
Your computer is ok now ;)

To reduce the chance of reinfection in the future i will recomend you :
1) working on a computer under limited user.
2) Use an alternative internet browser when execution of the scripts by default is disabled with "white list" of your favorite sites (in Firefox and Opera you can do it, unlike in IE 7, 6 ... )