i got PCsod virus, everytime i opne internet explorer there are pop-ups of PCsod.

i prepared all of 3 logs and attached.
thank you!

Execute the following script in AVZ:

begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
QuarantineFile('C:\WINDOWS\system32\khfeCVLD.dll', '');
QuarantineFile('C:\WINDOWS\system32\nnnNGYPg.dll', '');
QuarantineFile('C:\WINDOWS\system32\tppaiexq.dll', '');
QuarantineFile('C:\WINDOWS\system32\rqRIyXOh.dll', '');
DeleteFile('C:\WINDOWS\system32\rqRIyXOh.dll');
DeleteFile('C:\WINDOWS\system32\tppaiexq.dll');
DeleteFile('C:\WINDOWS\system32\nnnNGYPg.dll');
DeleteFile('C:\WINDOWS\system32\khfeCVLD.dll');
BC_ImportALL;
DelBHO('{CEA9FFDA-A195-472A-9FB1-62371382A07F}');
DelBHO('{CBC5C692-5316-431A-BA67-920F118AA335}');
DelBHO('{B3102264-D09D-4322-B625-503FBF18DD7E}');
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.
The system will reboot.

Upload all quarantined files according to Appendix #3 of the Rules (use red link above).

Make new logfiles.

! While using AVZ, internet connection and antivirus program should be off.

thank you..
but, how do i execute the script in AVZ?

but, how do i execute the script in AVZ?http://virusinfo.info/showthread.php?t=9207

Rene-gad thanks.

i uploded the quarantined files..should i gave you some link or something? cuz i dont find one.

and this is the new logfiles:
moderated:::You should repead all 3 log files and attach them to your post.

.should i gave you some link or something?No, Thanks ;)

here is the all 3 log files

Now everything seems to be OK. Just fix the following lined in HijackThis:


O2 - BHO: (no name) - {0C8BD81F-DAA2-4E46-B910-440FE28D7987} - (no file)
O2 - BHO: (no name) - {61A673EA-D1C3-45B4-94A6-CDECB532CA19} - C:\WINDOWS\system32\rqRIyXOh.dll (file missing)
O2 - BHO: (no name) - {EDCD05B8-F2BD-4286-9C3B-69F893CE2598} - (no file)
O2 - BHO: (no name) - {F90E7ABD-6413-4020-8883-98192764E5D4} - (no file)


Добавлено через 1 минуту

Repeat HijackThis log once more.

Do you still have any problems?

here is the all 3 log filesIt wasn't too complicated, was it? ;)
Fix with HJT

O2 - BHO: (no name) - {61A673EA-D1C3-45B4-94A6-CDECB532CA19} - C:\WINDOWS\system32\rqRIyXOh.dll (file missing)
Run the script

begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
DelBHO('{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}');
DelBHO('{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E}');
DelBHO('{F90E7ABD-6413-4020-8883-98192764E5D4}');
DelBHO('{EDCD05B8-F2BD-4286-9C3B-69F893CE2598}');
DelBHO('{61A673EA-D1C3-45B4-94A6-CDECB532CA19}');
DelBHO('{0C8BD81F-DAA2-4E46-B910-440FE28D7987}');
StopService('SetupNTGLM7X');
DeleteService('SetupNTGLM7X');
StopService('GMSIPCI');
DeleteService('GMSIPCI');
QuarantineFile('E:\NTGLM7X.sys','');
QuarantineFile('E:\INSTALL\GMSIPCI.SYS','');
DeleteFile('E:\INSTALL\GMSIPCI.SYS');
DeleteFile('E:\NTGLM7X.sys');
BC_ImportDeletedList;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.
The PC will be rebooted. Upload all quarantined files according to Appendix #3 of the Rules (use red link above). Make new logfiles.While using AVZ, internet connection and antivirus program should be off.

Bratez :
after i fixed what Rene-gad told me to fix,i didn't saw the files you tell me to fix.

Rene-gad :
i tried to upload the quarantined files , but AVZ didn't find any quarantined files .
(after i did "automatic quarantining" AVZ did found quarantined files
and i uploded them)
i attached the 3 logfiles.

there no more pop-ups, but theKaspersky Anti-Virus found :
"trojan.win32.Monder"
"trojan.win32.KillAv"

Fix this in hijack this:

O20 - Winlogon Notify: nnnNGYPg - C:\WINDOWS\Execute this script in avz:

begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
DeleteFile('E:\NTACCESS.sys');
BC_DeleteSvc('NTACCESS');
BC_ImportDeletedList;
ExecuteSysClean;
BC_Activate;
ExecuteRepair(6);
ExecuteRepair(8);
RebootWindows(true);
end. P.S. spydoctor and spybot in your case are superfluous. Uninstall them.Recheck settings in kaspersky accourding to the link in the rules. Rescan all computer, better one time in safe mode and one in normal. In order to prevent infection-> More effective idea is to use ( especially, in the internet) an limited user account instead of an administrator account. P.s. If you can't understand something in my english, i can explain you in PM in Hebrew ;)

hey man..i done what you said,hope for the best (:
i sent to you PM(:
thanks!

what should i do next?
moderated:::full quote removed

Please update kaspersky, rescan all your computer. Cure/delete- if it will find something. Then disable your antivirus and make a fresh logs.

i did what you said
here is a fresh new logs

They seems to be clean. But what is the Drive E:\ ?
I mean this file: E:\INSTALL\GMSIPCI.SYS

They seems to be clean. But what is the Drive E:\ ?
I mean this file: E:\INSTALL\GMSIPCI.SYS


i dont know..E is the cdrom.
but i got 2 local disk(C,D)
i search for this file GMSIPCI.SYS (at D drive) and i dont find one. also as hidden files.