Просмотр полной версии : Help me - PCsod virus
i got PCsod virus, everytime i opne internet explorer there are pop-ups of PCsod.
i prepared all of 3 logs and attached.
thank you!
Execute the following script in AVZ:
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
QuarantineFile('C:\WINDOWS\system32\khfeCVLD.dll', '');
QuarantineFile('C:\WINDOWS\system32\nnnNGYPg.dll', '');
QuarantineFile('C:\WINDOWS\system32\tppaiexq.dll', '');
QuarantineFile('C:\WINDOWS\system32\rqRIyXOh.dll', '');
DeleteFile('C:\WINDOWS\system32\rqRIyXOh.dll');
DeleteFile('C:\WINDOWS\system32\tppaiexq.dll');
DeleteFile('C:\WINDOWS\system32\nnnNGYPg.dll');
DeleteFile('C:\WINDOWS\system32\khfeCVLD.dll');
BC_ImportALL;
DelBHO('{CEA9FFDA-A195-472A-9FB1-62371382A07F}');
DelBHO('{CBC5C692-5316-431A-BA67-920F118AA335}');
DelBHO('{B3102264-D09D-4322-B625-503FBF18DD7E}');
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.
The system will reboot.
Upload all quarantined files according to Appendix #3 of the Rules (use red link above).
Make new logfiles.
! While using AVZ, internet connection and antivirus program should be off.
thank you..
but, how do i execute the script in AVZ?
Rene-gad
14.05.2008, 09:27
but, how do i execute the script in AVZ?http://virusinfo.info/showthread.php?t=9207
Rene-gad thanks.
i uploded the quarantined files..should i gave you some link or something? cuz i dont find one.
and this is the new logfiles:
moderated:::You should repead all 3 log files and attach them to your post.
Rene-gad
14.05.2008, 18:00
.should i gave you some link or something?No, Thanks ;)
here is the all 3 log files
Now everything seems to be OK. Just fix the following lined in HijackThis:
O2 - BHO: (no name) - {0C8BD81F-DAA2-4E46-B910-440FE28D7987} - (no file)
O2 - BHO: (no name) - {61A673EA-D1C3-45B4-94A6-CDECB532CA19} - C:\WINDOWS\system32\rqRIyXOh.dll (file missing)
O2 - BHO: (no name) - {EDCD05B8-F2BD-4286-9C3B-69F893CE2598} - (no file)
O2 - BHO: (no name) - {F90E7ABD-6413-4020-8883-98192764E5D4} - (no file)
Добавлено через 1 минуту
Repeat HijackThis log once more.
Do you still have any problems?
Rene-gad
15.05.2008, 10:05
here is the all 3 log filesIt wasn't too complicated, was it? ;)
Fix with HJT
O2 - BHO: (no name) - {61A673EA-D1C3-45B4-94A6-CDECB532CA19} - C:\WINDOWS\system32\rqRIyXOh.dll (file missing)
Run the script
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
DelBHO('{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}');
DelBHO('{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E}');
DelBHO('{F90E7ABD-6413-4020-8883-98192764E5D4}');
DelBHO('{EDCD05B8-F2BD-4286-9C3B-69F893CE2598}');
DelBHO('{61A673EA-D1C3-45B4-94A6-CDECB532CA19}');
DelBHO('{0C8BD81F-DAA2-4E46-B910-440FE28D7987}');
StopService('SetupNTGLM7X');
DeleteService('SetupNTGLM7X');
StopService('GMSIPCI');
DeleteService('GMSIPCI');
QuarantineFile('E:\NTGLM7X.sys','');
QuarantineFile('E:\INSTALL\GMSIPCI.SYS','');
DeleteFile('E:\INSTALL\GMSIPCI.SYS');
DeleteFile('E:\NTGLM7X.sys');
BC_ImportDeletedList;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.
The PC will be rebooted. Upload all quarantined files according to Appendix #3 of the Rules (use red link above). Make new logfiles.While using AVZ, internet connection and antivirus program should be off.
Bratez :
after i fixed what Rene-gad told me to fix,i didn't saw the files you tell me to fix.
Rene-gad :
i tried to upload the quarantined files , but AVZ didn't find any quarantined files .
(after i did "automatic quarantining" AVZ did found quarantined files
and i uploded them)
i attached the 3 logfiles.
there no more pop-ups, but theKaspersky Anti-Virus found :
"trojan.win32.Monder"
"trojan.win32.KillAv"
Fix this in hijack this:
O20 - Winlogon Notify: nnnNGYPg - C:\WINDOWS\Execute this script in avz:
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
DeleteFile('E:\NTACCESS.sys');
BC_DeleteSvc('NTACCESS');
BC_ImportDeletedList;
ExecuteSysClean;
BC_Activate;
ExecuteRepair(6);
ExecuteRepair(8);
RebootWindows(true);
end. P.S. spydoctor and spybot in your case are superfluous. Uninstall them.Recheck settings in kaspersky accourding to the link in the rules. Rescan all computer, better one time in safe mode and one in normal. In order to prevent infection-> More effective idea is to use ( especially, in the internet) an limited user account instead of an administrator account. P.s. If you can't understand something in my english, i can explain you in PM in Hebrew ;)
hey man..i done what you said,hope for the best (:
i sent to you PM(:
thanks!
what should i do next?
moderated:::full quote removed
Please update kaspersky, rescan all your computer. Cure/delete- if it will find something. Then disable your antivirus and make a fresh logs.
i did what you said
here is a fresh new logs
Rene-gad
17.05.2008, 15:02
They seems to be clean. But what is the Drive E:\ ?
I mean this file: E:\INSTALL\GMSIPCI.SYS
They seems to be clean. But what is the Drive E:\ ?
I mean this file: E:\INSTALL\GMSIPCI.SYS
i dont know..E is the cdrom.
but i got 2 local disk(C,D)
i search for this file GMSIPCI.SYS (at D drive) and i dont find one. also as hidden files.
vBulletin® v4.2.5, Copyright ©2000-2024, Jelsoft Enterprises Ltd. Перевод: zCarot