Please help me in getting out the virus which has infected my system.
I see autorun.inf files in each drive and some .dll files and some system files.
I am attaching the logs for the reference.
Thanks,
Ravi.
Printable View
Please help me in getting out the virus which has infected my system.
I see autorun.inf files in each drive and some .dll files and some system files.
I am attaching the logs for the reference.
Thanks,
Ravi.
Your log is wrong, you can delete it ;) We can't use it in order to help you.
If you have avptool you should attach the real log (it is an zip file ) : [url]http://avptool.virusinfo.info/en/AVPTool_manual.htm[/url]
Otherwise, please follow this rules : [url]http://virusinfo.info/showthread.php?t=9184[/url]
Hi there,
I am attaching the correct zip file.
please check and let me know.
Thanks,
Ravi.
I have a question: when and where did you download the avptool itself ? It seems to be very old.
Please close all your security programes and disconnect from internet.
Execute the following script : ( How-to : [url]http://avptool.virusinfo.info/en/AVPTool_helpdesk_curescript.htm[/url] )
[code]
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
QuarantineFile('c:\windows\system32\inetsrv\inetinfo.exe','');
QuarantineFile('C:\WINDOWS\system32\SSVICHOSST.exe','');
QuarantineFile('C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe','');
QuarantineFile('C:\WINDOWS\system32\amvo0.dll','');
QuarantineFile('C:\autorun.inf','');
QuarantineFile('D:\autorun.inf','');
QuarantineFile('E:\autorun.inf','');
QuarantineFile('F:\autorun.inf','');
QuarantineFile('G:\autorun.inf','');
QuarantineFile('H:\autorun.inf','');
DeleteFile('C:\WINDOWS\system32\amvo0.dll');
DeleteFile('C:\WINDOWS\system32\SSVICHOSST.exe');
DeleteFile('C:\autorun.inf');
DeleteFile('D:\autorun.inf');
DeleteFile('E:\autorun.inf');
DeleteFile('F:\autorun.inf');
DeleteFile('G:\autorun.inf');
DeleteFile('H:\autorun.inf');
BC_ImportAll;
ExecuteSysClean;
ExecuteRepair(6);
ExecuteRepair(8);
ExecuteRepair(9);
BC_Activate;
RebootWindows(true);
end.[/code]
Your computer will reboot automatically.
Upload a quarantine ( it should be in avz sub -folder, remember to zip it with password [b]virus[/b] )
using this page: [url]http://virusinfo.info/upload_virus_eng.php?tid=20286[/url].
Make a new log file from a fresh avptool or avz and attach it to your next post.
If your computer will not be automatically rebooted you should reboot it manually.
Thanks for the script! I have downloaded the file from phazeddl.com; Please suggest me a good tool on which I can trust. I shall execute the script and follow your suggestion. before that, I would like to tell you that, when I log into windows, I see a warning message regarding amvo.exe; I am pasting the sys log for your reference.
----------
"Application popup: amvo.exe - Application Error : The instruction at "0x10011fdd" referenced memory at "0x00ff8738". The memory could not be "read".
----------
AVPTool: [url]http://devbuilds.kaspersky-labs.com/devbuilds/AVPTool/[/url]
[QUOTE=d.ravichandra;205748]Please suggest me a good tool on which I can trust.[/QUOTE]Pls. follow the suggestions of drongo and AndreyKa, after reboot make the new logs. If you cannot do it, you cannot be helped from any tool anymore ;)
We are didn't get a quarantine from you. Why?