symbooter

I can't to remover this virus

c:\windows\system32\symbooter.exe
[SIZE=-2]Script: [URL="javascript:add_scr_k("][COLOR=#0000ff]Quarantine[/COLOR][/URL], [URL="javascript:add_scr_d("][COLOR=#0000ff]Delete[/COLOR][/URL], [URL="javascript:add_scr_db("][COLOR=#0000ff]BC delete[/COLOR][/URL], [URL="javascript:add_scr_t("][COLOR=#0000ff]Terminate[/COLOR][/URL][/SIZE]

Welcome!
Please attach full log (avptool_syscheck.zip or virusinfo_syscheck.zip) to message.

I can't to remover this virus

c:\windows\system32\symbooter.exe
_______
thanks, by their answer and help


Jduquezu

You PC virtual (SUN Vbox) - we test AVPTool ?

Script for remove symbooter.exe -

[code]
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
QuarantineFile('C:\WINDOWS\system32\Drivers\cercsr6.sys','');
QuarantineFile('c:\windows\system32\symbooter.exe','');
DeleteFile('c:\windows\system32\symbooter.exe');
BC_ImportAll;
ExecuteSysClean;
CreateQurantineArchive(GetAVZDirectory+'quarantine.zip');
BC_Activate;
RebootWindows(true);
end.
[/code]

Script for clear system, after remove symbooter -
[code]
begin
ExecuteRepair(6);
ExecuteRepair(10);
ExecuteRepair(11);
ExecuteRepair(13);
ExecuteRepair(17);
RebootWindows(false);
end.
[/code]

Please upload qurantine.zip [url=http://virusinfo.info/upload_virus_eng.php?tid=29554]here[/url] for virus analysts.

Repeat log for check if you want.

thank you very much,