I have problem with IE and update for DrWeb. Every time i want to start IE i have mistake. The same with Drweb Update
DrWeb has found files in c:\windows\system32 infected Trojan. When i remove this file to another directory, everythink work. Every time i restart computer 1 files add to the system32 directory with name ie?????.dll . The 3rd,4th letter is the same with 6th and 7th letter.

In 2 weeks my comp stop to connect to the internet and write mistake 800.

Please help me. I speak russian, but can not create new thread in russian language.

Pavel

Please, execute the following script in AVZ:


begin
SetAVZGuardStatus(True);
QuarantineFile('rsvp32_2.dll','');
ExecuteRepair(14);
BC_QrFile('C:\Documents and Settings\Mama.MAMANOTEBOOK\Главное меню\Программы\Автозагрузка\MSWin--2055792087.exe');
BC_QrFile('C:\WINDOWS\System32\ieubcub.dll');
BC_QrFile('C:\WINDOWS\System32\iekjvkj.dll');
BC_DeleteFile('C:\WINDOWS\System32\iekjvkj.dll');
BC_DeleteFile('C:\WINDOWS\System32\ieubcub.dll');
BC_DeleteFile('C:\Documents and Settings\Mama.MAMANOTEBOOK\Главное меню\Программы\Автозагрузка\MSWin--2055792087.exe');
BC_Activate;
RebootWindows(true);
end.

After system reboots, upload all quarantined files according to appendix #3 of Rules.
Use this page to upload:
http://virusinfo.info/upload_virus.php?tid=9611

zakachal - закачал

done

done
Files contain:

Trojan-Spy.Win32.Goldun.pf
Trojan-Spy.Win32.Banker.ckj
Pls. repeat the logs.

Pls. repeat the logs.

Don't hurry, please :)
First, execute the following script in AVZ:


begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
DeleteFile('C:\WINDOWS\system32\iewilwi.dll');
DeleteFile('C:\WINDOWS\system32\iepyvpy.dll');
DeleteFile('C:\WINDOWS\system32\ierglrg.dll');
DeleteFile('C:\WINDOWS\system32\ienbrnb.dll');
DeleteFile('C:\vir\iephhph.dll');
DeleteFile('C:\vir\iehoiho.dll');
DeleteFile('C:\vir\ieecwec.dll');
DeleteFile('C:\WINDOWS\System32\ieggogg.dll');
DeleteFile('C:\WINDOWS\System32\iekjvkj.dll');
BC_ImportDeletedList;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.
After system reboots, make new logs.

Hello.

New malicious software was found in the attached file.
Trojan-Spy.Win32.Goldun.pf
It's detection will be included in the next update. Thank you for your help.
-----------------
Regards, Roman Gavrilchenko
Virus Analyst, Kaspersky Lab.

Hi, Thanks for your help again.
I have execute this log

So, after executing the script, you have to make new logfiles - see the Rules starting at step #8. Then attach these logs to your next message.

I'm ready for your command

1.)Please Fix in Hijack this (http://virusinfo.info/showthread.php?t=9206):


O20 - AppInit_DLLs: C:\WINDOWS\System32\ieikaik.dll

2)Please execute the following script in AVZ :


begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
DeleteFile('C:\WINDOWS\System32\ieikaik.dll');
BC_ImportDeletedList;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.


***after executing the script, you have to make a new logfiles - see the Rules starting at step #8. Then attach these logs to your next message.
3) You need to update your system to sp2 and install about 200 security updates after that . Oterwise your system is like a honey to a bear ;) P.S. Remember: after sp2 you will need an activation for windows ;) Resset.dll will not work ;)

Yet another ie?????.dll appeared... But I can't see their "mother"!
Did you try to launch Internet Explorer?
IMHO, we need to inspect your iexplore.exe.
So, execute this script in AVZ:


begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
ClearQuarantine;
QuarantineFile('C:\Program Files\Internet Explorer\iexplore.exe','');
DeleteFile('C:\WINDOWS\System32\ieikaik.dll');
BC_DeleteFile('C:\WINDOWS\System32\ieikaik.dll');
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.
and upload new quarantine as you did before.

Bratan what to do????
Listen to you or listen to Drongo

I can not launch IE.

both , it is almost the same ;)

At first i did it for Bratez, because second way for 2,5 hours

There is no new filies ie?????.dll after we check iexplore.exe in system32 directory

I don't see your new quarantine with iexplore.exe.
You have uploaded the old one, with ie?????.dll collection.

There was the big weekend. Attached you can find fresh logs

As far as I can see, everything is OK now.
Is there still any problem in computer's behaviour?