Hallo guru,
too much letters ....
thank you
Naughty
Printable View
Hallo guru,
too much letters ....
thank you
Naughty
Read and follow: [url]http://virusinfo.info/showthread.php?t=9184[/url]
Thank you :)
Stop posting log inside your post, you should attach hijack this log and avz logs.
It is you last chance ;)
[url]http://virusinfo.info/faq.php?faq=vb3_reading_posting#faq_vb3_attachments[/url]
special avz you can download from my signature.
Oki :yes:
Please unoad/disable your antivirus/firewall etc and disconnect from internet.
Execute this script in avz:
[code]begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
QuarantineFile('C:\WINDOWS\system32\drivers\CTAUDFX.SYS','');
QuarantineFile('C:\WINDOWS\system32\drivers\COMMONFX.SYS','');
QuarantineFile('C:\WINDOWS\system32\ctagent.dll','');
QuarantineFile('C:\Documents and Settings\bosson\Local Settings\Temp\rotpqhkn.dll','');
QuarantineFile('C:\WINDOWS\system32\IoctlSvc.exe','');
QuarantineFile('C:\WINDOWS\system32\Drivers\fsbts.sys','');
QuarantineFile('C:\Program Files\EmEditor\emedshl.dll','');
DeleteFile('C:\WINDOWS\system32\Drivers\fsbts.sys');
DeleteFile('C:\Documents and Settings\bosson\Local Settings\Temp\rotpqhkn.dll');
BC_DeleteSvc('fsbts');
ExecuteRepair(6);
ExecuteRepair(8);
ExecuteRepair(9);
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.
[/code]
After your system will reboot, upload the quarantine according to App.3 of Rules (use : [url]http://virusinfo.info/upload_virus_eng.php?tid=38231[/url] )
Make a new logs
Oki.
files
[QUOTE]C:\WINDOWS\system32\drivers\CTAUDFX.SYS
C:\WINDOWS\system32\drivers\COMMONFX.SYS
C:\WINDOWS\system32\ctagent.dll[/QUOTE] my soundcard
C:\WINDOWS\system32\IoctlSvc.exe - legitimity
C:\Program Files\EmEditor\emedshl.dll - legitimity
C:\Documents and Settings\bosson\Local Settings\Temp\rotpqhkn.dll - malware
C:\WINDOWS\system32\Drivers\fsbts.sys - suspect
log send after, thank you
Nice day Naughty
Nothing will happen with your soundcard, this script( [url]http://virusinfo.info/showthread.php?t=9207[/url] ) will just make a copy of your legitimate files and will cure from your malware. We did not receive from you a quarantine yet, read again App.3 of Rules. Otherwise this topic will be closed.
P.S. I did not request from you any analysis of my script :) I know what i am doing, believe me.
Hi drongo :smile: ,
thank you
forbearance with me :angel:
logs looks clean.
perfect, thank you very much
p.s. děkuji
welcome :)
you can thanks by clicking on button "Thanks" , also [url]http://virusinfo.info/showthread.php?t=28583[/url] ;)