need the script to fix it. see attached file.
Printable View
need the script to fix it. see attached file.
Please, disable your "anti" and disconnect from the internet !
Execute in AVPTools a script from the box below
[code]begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
QuarantineFile('C:\WINDOWS\system32\drivers\clbdriver.sys','');
DelBHO('{92780B25-18CC-41C8-B9BE-3C9C571A8263}');
DelBHO('{780E1270-5AB1-43B6-B0DD-2BBD3AE88D53}');
QuarantineFile('C:\WINDOWS\system32\yayxvWpo.dll','');
QuarantineFile('C:\WINDOWS\system32\Drivers\cercsr6.sys','');
QuarantineFile('C:\WINDOWS\system32\mlJBTMCT.dll','');
QuarantineFile('C:\WINDOWS\fsrpknov.dll','');
DeleteFile('C:\WINDOWS\fsrpknov.dll');
DeleteFile('C:\WINDOWS\system32\mlJBTMCT.dll');
DeleteFile('C:\WINDOWS\system32\yayxvWpo.dll');
DeleteFile('C:\WINDOWS\system32\drivers\clbdriver.sys');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
ExecuteRepair(6);
ExecuteRepair(8);
ExecuteRepair(9);
ExecuteRepair(11);
RebootWindows(true);
end.[/code]
You computer will reboot( if it is not, do it yourself)
Pack ( zip) (with pass 'virus') "Qurantine_AVZ" ( it is subfolder where your avptool exist)
Please upload it by link [url]http://virusinfo.info/upload_virus_eng.php?tid=26400[/url]
Then make a new log in avp tool and attach it to your next post.
the scrit was executed without any errors, thank you. here is the resulting LOG file you asked for.
Almost :)
execute this one :
[code]
begin
DelBHO('{92780B25-18CC-41C8-B9BE-3C9C571A8263}');
RebootWindows(true);
end.[/code]
If it dosen't go away, please download hijackthis and make its log ( read our rules) We will help.
You can unistall avptool after execution my script.
And think more about prevention ;) It is always better to prevent infection, then cure it;)
You can start in creating a limited user account in windows and use it in internet instead your admin account- about 90 percent of malware willn't even installed in your system ;)
Then you can disable services that you don't need. In Avptool log you can find a links to creating a script for it.( personally, from your list only SSDP Discovery Service i didn't close, cause closing it cause my system instability.)
P.S. By the way, the quarantine you can also send to your antivirus company. In this simple action you will be able to check a time response of the trendmicro lab ;)
Sorry for the long delay.
[quote=drongo;259242]Almost :)
execute this one :
[code]
begin
DelBHO('{92780B25-18CC-41C8-B9BE-3C9C571A8263}');
RebootWindows(true);
end.[/code]If it dosen't go away, please download hijackthis and make its log ( read our rules) We will help.
[/quote]
This BHO was removed, all seems good now...
[quote=drongo;259242]
Then you can disable services that you don't need. In Avptool log you can find a links to creating a script for it.( personally, from your list only SSDP Discovery Service i didn't close, cause closing it cause my system instability.)
[/quote]
Thanks for the hint, I do appreciate your time helping me with this.