Просмотр полной версии : VirtuMonde+Win32.Agent.pz

25.01.2008, 02:02
Hi all,

Seems I got a number of problems.
so far,
I've disabled the system restore, set a safe mode and disabled the browser add-ons,
Spybot has identified:

The spybot said that all of them were fixed.
I went to start/run/msconfig and disabled all the suspicios services and processes.

I tried to re-start and after I login I got a black screen which says Safe Mode, Microsoft(R) Windows XP(R) (Build 2600.xpsp_sp2_gdr.050301-1519:ServicePack 2)

I would be very gratefull if you could help me - please use russian - I am a russian speaker, but if you could use English terms for the system stuff:)

Thank you

Добавлено через 16 минут

I've opened Windows Task Manager/File/Run/msconfig
so general: Selective Startup: Process System.INI file, Process WIN.INI file, Use modified boot.ini,

I've enabled the proceses but there is no change - any advice?

25.01.2008, 03:16
Please follow the rules (http://virusinfo.info/showthread.php?t=9184).

25.01.2008, 10:20
I'd love to, but unfortunately the only thing I get when I login my machine is just a black screen with notices Safe mode.

After I enabled all the processes via task manarer, new task, msconfig, nothing has changed.

and it is a bit complicated to do anything, when there is nothing on your desktop.
So, if there is a way to get to see my desktop, please

Thank you

25.01.2008, 10:34
Task Manager/File/Run/avz.exe
Task Manager/File/Run/hijackthis.exe

also try
Task Manager/File/Run/iexplore.exe
maybe helpful to navigate and make file operations.
(enter C:\ into Address line to begin).

25.01.2008, 10:50
Hi thank you,

Tried task manager/file/rub/iexplore.exe - ie cannot open the page, the connection itself is ok on the another machine.

I can download those files on a memory stick and then navigating via c:\, run those files?

25.01.2008, 10:59
You can try :)
Remember to write down on your memory stick the archive avz4.zip, hijacjthis.zip itself ;)
And unzip zip them to the infected computer in new folder.

25.01.2008, 22:37
well, I borrowed a memory stick from work,
when I inserted it into my current machine - McAffee - stopped a file called loader.exe - and deleted it.

Is there a chance that there is a problem with my network because I have been running a some work related applications on my machine?

i've downloaded dr webb and running it now in the safe mode,

26.01.2008, 10:56
good morning,
right - run Dr web in safe mode,
rebooted my machine in normal,
run your steps as recomended in the the help section,

when finished scanning opened ie logged on to the site - the machine has switched off and re-started again by itself.

When I logged on, the task manager is disabled and I cannot do anything,
i've logged on to my machine in safe mode, task manager is disabled.

Restarted - machine started working in the normal mode, blank screen, no desktop - when ctrl+alt+del - task manager is disabled

So, is it? Or there is something I can do?

thank you

26.01.2008, 14:44
Надеюсь, ваш русский лучше, чем мой английский. :)
Перезагрузите компьютер. Нажмите F8 при загрузке. В меню выберите
Safe Mode with Command Prompt
Должно появиться окно с черным фоном. В этом окне введите следующие команды:

cd \windows
copy explorer.exe e.exe

После каждой стоки нажимайте клавишу Enter. Если Windows установлен в другой папке замените windows в первой команде на правильное имя.
Запустится Explorer (надеюсь). Выполните Правила (http://virusinfo.info/showthread.php?t=9184). Без логов помочь вам не получится.

Добавлено через 10 минут

При использовании DrWeb CureIt всегда лучше выбирать вариант Cure, а не Delete.
Если вы не уверены в том, что делаете, то лучше не делать ничего, что бы не сделать хуже.

when I inserted it into my current machine - McAffee - stopped a file called loader.exe - and deleted it.

Ваш компьютер на работе, возможно, также заражен. Сделайте логи и на нём. Для второго компьютера создайте отдельную тему (thread).

27.01.2008, 04:21
Hi Andrey,

Thank you for an advice,

I've done F8, selected safe mode with command prompt and again just got a black screen.

Is there any other option?

Thank you

28.01.2008, 15:05
К сожалению, в такой ситуции можно порекомендовать только переустановку Windows.

28.01.2008, 20:21
all right

thank you, Andrey

01.02.2008, 01:18
hi guys,

I have finally got a windows disk I could se to re-install it.

Is it possible to get any instructions please?

As I am a novice and would struggle without them:>