Просмотр полной версии : Problem with IE
I have problem with IE and update for DrWeb. Every time i want to start IE i have mistake. The same with Drweb Update
DrWeb has found files in c:\windows\system32 infected Trojan. When i remove this file to another directory, everythink work. Every time i restart computer 1 files add to the system32 directory with name ie?????.dll . The 3rd,4th letter is the same with 6th and 7th letter.
In 2 weeks my comp stop to connect to the internet and write mistake 800.
Please help me. I speak russian, but can not create new thread in russian language.
Pavel
Please, execute the following script in AVZ:
begin
SetAVZGuardStatus(True);
QuarantineFile('rsvp32_2.dll','');
ExecuteRepair(14);
BC_QrFile('C:\Documents and Settings\Mama.MAMANOTEBOOK\Главное меню\Программы\Автозагрузка\MSWin--2055792087.exe');
BC_QrFile('C:\WINDOWS\System32\ieubcub.dll');
BC_QrFile('C:\WINDOWS\System32\iekjvkj.dll');
BC_DeleteFile('C:\WINDOWS\System32\iekjvkj.dll');
BC_DeleteFile('C:\WINDOWS\System32\ieubcub.dll');
BC_DeleteFile('C:\Documents and Settings\Mama.MAMANOTEBOOK\Главное меню\Программы\Автозагрузка\MSWin--2055792087.exe');
BC_Activate;
RebootWindows(true);
end.
After system reboots, upload all quarantined files according to appendix #3 of Rules.
Use this page to upload:
http://virusinfo.info/upload_virus.php?tid=9611
Rene-gad
10.05.2007, 21:44
done
Files contain:
Trojan-Spy.Win32.Goldun.pf
Trojan-Spy.Win32.Banker.ckj
Pls. repeat the logs.
Pls. repeat the logs.
Don't hurry, please :)
First, execute the following script in AVZ:
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
DeleteFile('C:\WINDOWS\system32\iewilwi.dll');
DeleteFile('C:\WINDOWS\system32\iepyvpy.dll');
DeleteFile('C:\WINDOWS\system32\ierglrg.dll');
DeleteFile('C:\WINDOWS\system32\ienbrnb.dll');
DeleteFile('C:\vir\iephhph.dll');
DeleteFile('C:\vir\iehoiho.dll');
DeleteFile('C:\vir\ieecwec.dll');
DeleteFile('C:\WINDOWS\System32\ieggogg.dll');
DeleteFile('C:\WINDOWS\System32\iekjvkj.dll');
BC_ImportDeletedList;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.
After system reboots, make new logs.
anton_dr
11.05.2007, 06:22
Hello.
New malicious software was found in the attached file.
Trojan-Spy.Win32.Goldun.pf
It's detection will be included in the next update. Thank you for your help.
-----------------
Regards, Roman Gavrilchenko
Virus Analyst, Kaspersky Lab.
Hi, Thanks for your help again.
I have execute this log
So, after executing the script, you have to make new logfiles - see the Rules starting at step #8. Then attach these logs to your next message.
I'm ready for your command
1.)Please Fix in Hijack this (http://virusinfo.info/showthread.php?t=9206):
O20 - AppInit_DLLs: C:\WINDOWS\System32\ieikaik.dll
2)Please execute the following script in AVZ :
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
DeleteFile('C:\WINDOWS\System32\ieikaik.dll');
BC_ImportDeletedList;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.
***after executing the script, you have to make a new logfiles - see the Rules starting at step #8. Then attach these logs to your next message.
3) You need to update your system to sp2 and install about 200 security updates after that . Oterwise your system is like a honey to a bear ;) P.S. Remember: after sp2 you will need an activation for windows ;) Resset.dll will not work ;)
Yet another ie?????.dll appeared... But I can't see their "mother"!
Did you try to launch Internet Explorer?
IMHO, we need to inspect your iexplore.exe.
So, execute this script in AVZ:
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
ClearQuarantine;
QuarantineFile('C:\Program Files\Internet Explorer\iexplore.exe','');
DeleteFile('C:\WINDOWS\System32\ieikaik.dll');
BC_DeleteFile('C:\WINDOWS\System32\ieikaik.dll');
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.
and upload new quarantine as you did before.
Bratan what to do????
Listen to you or listen to Drongo
I can not launch IE.
both , it is almost the same ;)
At first i did it for Bratez, because second way for 2,5 hours
There is no new filies ie?????.dll after we check iexplore.exe in system32 directory
I don't see your new quarantine with iexplore.exe.
You have uploaded the old one, with ie?????.dll collection.
There was the big weekend. Attached you can find fresh logs
As far as I can see, everything is OK now.
Is there still any problem in computer's behaviour?
vBulletin® v4.2.5, Copyright ©2000-2024, Jelsoft Enterprises Ltd. Перевод: zCarot