PDA

Просмотр полной версии : VirtuMonde+Win32.Agent.pz



hyanghe
25.01.2008, 02:02
Hi all,

Seems I got a number of problems.
so far,
I've disabled the system restore, set a safe mode and disabled the browser add-ons,
Spybot has identified:
BraveSentry,
Win32.Tiny.abk,
Microsoft.WindowsSecurityCenter.AntiVirusOverride,
Microsoft.WindowsSecurityCenter.FirewallOverride,
Microsoft.WindowsSecurityCenter.SP2Update,
PWS.LDPinchIE
Smitfraud-C.
SpySheriff,
SurfSideKick,
VirtuMonde,
Win32.Agent.pz
Win32.AutoRun.aiv

The spybot said that all of them were fixed.
I went to start/run/msconfig and disabled all the suspicios services and processes.

I tried to re-start and after I login I got a black screen which says Safe Mode, Microsoft(R) Windows XP(R) (Build 2600.xpsp_sp2_gdr.050301-1519:ServicePack 2)

I would be very gratefull if you could help me - please use russian - I am a russian speaker, but if you could use English terms for the system stuff:)

Thank you

Добавлено через 16 минут

I've opened Windows Task Manager/File/Run/msconfig
so general: Selective Startup: Process System.INI file, Process WIN.INI file, Use modified boot.ini,

I've enabled the proceses but there is no change - any advice?

pig
25.01.2008, 03:16
Please follow the rules (http://virusinfo.info/showthread.php?t=9184).

hyanghe
25.01.2008, 10:20
I'd love to, but unfortunately the only thing I get when I login my machine is just a black screen with notices Safe mode.

After I enabled all the processes via task manarer, new task, msconfig, nothing has changed.

and it is a bit complicated to do anything, when there is nothing on your desktop.
So, if there is a way to get to see my desktop, please

Thank you

Bratez
25.01.2008, 10:34
Task Manager/File/Run/avz.exe
Task Manager/File/Run/hijackthis.exe

also try
Task Manager/File/Run/iexplore.exe
maybe helpful to navigate and make file operations.
(enter C:\ into Address line to begin).

hyanghe
25.01.2008, 10:50
Hi thank you,

Tried task manager/file/rub/iexplore.exe - ie cannot open the page, the connection itself is ok on the another machine.

I can download those files on a memory stick and then navigating via c:\, run those files?

drongo
25.01.2008, 10:59
You can try :)
Remember to write down on your memory stick the archive avz4.zip, hijacjthis.zip itself ;)
And unzip zip them to the infected computer in new folder.

hyanghe
25.01.2008, 22:37
hi,
well, I borrowed a memory stick from work,
when I inserted it into my current machine - McAffee - stopped a file called loader.exe - and deleted it.

Is there a chance that there is a problem with my network because I have been running a some work related applications on my machine?


i've downloaded dr webb and running it now in the safe mode,

hyanghe
26.01.2008, 10:56
good morning,
right - run Dr web in safe mode,
rebooted my machine in normal,
run your steps as recomended in the the help section,

when finished scanning opened ie logged on to the site - the machine has switched off and re-started again by itself.

When I logged on, the task manager is disabled and I cannot do anything,
i've logged on to my machine in safe mode, task manager is disabled.

Restarted - machine started working in the normal mode, blank screen, no desktop - when ctrl+alt+del - task manager is disabled


So, is it? Or there is something I can do?


thank you

AndreyKa
26.01.2008, 14:44
Здравствуйте!
Надеюсь, ваш русский лучше, чем мой английский. :)
Перезагрузите компьютер. Нажмите F8 при загрузке. В меню выберите
Safe Mode with Command Prompt
Должно появиться окно с черным фоном. В этом окне введите следующие команды:

cd \windows
copy explorer.exe e.exe
e.exe

После каждой стоки нажимайте клавишу Enter. Если Windows установлен в другой папке замените windows в первой команде на правильное имя.
Запустится Explorer (надеюсь). Выполните Правила (http://virusinfo.info/showthread.php?t=9184). Без логов помочь вам не получится.

Добавлено через 10 минут

При использовании DrWeb CureIt всегда лучше выбирать вариант Cure, а не Delete.
Если вы не уверены в том, что делаете, то лучше не делать ничего, что бы не сделать хуже.



when I inserted it into my current machine - McAffee - stopped a file called loader.exe - and deleted it.

Ваш компьютер на работе, возможно, также заражен. Сделайте логи и на нём. Для второго компьютера создайте отдельную тему (thread).

hyanghe
27.01.2008, 04:21
Hi Andrey,

Thank you for an advice,

I've done F8, selected safe mode with command prompt and again just got a black screen.

Is there any other option?

Thank you

AndreyKa
28.01.2008, 15:05
Здравствуйте!
К сожалению, в такой ситуции можно порекомендовать только переустановку Windows.
http://support.microsoft.com/kb/315341/en-us

hyanghe
28.01.2008, 20:21
all right

thank you, Andrey

hyanghe
01.02.2008, 01:18
hi guys,

I have finally got a windows disk I could se to re-install it.

Is it possible to get any instructions please?

As I am a novice and would struggle without them:>