all system diabled

Printable View

28.01.2009, 00:17
alishazmemon

Вложений: 2

all system diabled

Some virus has attacked my laptop. I can not disable my system restore. scan disk, disk fragmentation and windows update is also diabled. Administrator tool is also disabled. Scane for virus by kaspersky and other tools like hijack etc but due to the fact that i cantdisable system restore option, the virus is again in the system, when re booted. Win xp professional with sp3 installed.
28.01.2009, 21:28
drongo

Please execute this script: ([url]http://avptool.virusinfo.info/en/AVPTool_helpdesk_curescript.htm[/url])
[code]begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
QuarantineFile('C:\autorun.inf','');
QuarantineFile('C:\WINDOWS\system32\urqOFyVN.dll','');
QuarantineFile('C:\WINDOWS\system32\Drivers\pssdk41.sys','');
QuarantineFile('C:\WINDOWS\system32\vtUkhfgG.dll','');
QuarantineFile('c:\progra~1\vitals~1\net.medic\program\syshook.exe','');
BC_ImportAll;
BC_Activate;
RebootWindows(true);
end.[/code]

It will just copy some files, please find the quarantine folder in sub folder of avptool,
Zip it (remember to protect it with password [B]virus [/B]and send by [url]http://virusinfo.info/upload_virus_eng.php?tid=38384[/url]
Let us know, when you done.
29.01.2009, 22:54
alishazmemon

Done. File uploaded sucessfully.
30.01.2009, 00:09
drongo

urqOFyVN.dll - a new one, kaspersky will call it Trojan.Win32.Monder.atga

Lets start cleaning, please execute this script:
[code]begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
DeleteFile('C:\autorun.inf');
DelBHO('{C3286198-0FF6-4555-86FF-340C8FBF7C69}');
DelBHO('{9449BBA0-5EA5-4B6B-BA8D-48EB1F98A408}');
DeleteFile('C:\WINDOWS\system32\vtUkhfgG.dll');
DeleteFile('C:\WINDOWS\system32\urqOFyVN.dll');
DeleteFile('C:\resycled\boot.com');
BC_ImportDeletedList;
ExecuteSysClean;
BC_Activate;
ExecuteRepair(6);
ExecuteRepair(8);
ExecuteRepair(9);
RebootWindows(true);
end.
[/code]

Computer will reboot, after that you will be able (i hope) to disable system restore. Try to disable system restore.
Then close all your programs except your internet browser, only then make a new avptool_syscheck.zip , like you did in your first post.

P.S.
[B]C:\Documents and Settings\All Users.WINDOWS\Application Data\Loud spam else tool\find wait.exe[/B]- Do you know what is this ?
It looks like a spyware. if you don't know what is this, first of all you should send us a copy, and then delete it. In this way, many other users will benefit from protection.
( You are welcome to read App#2 of our rules in order to do it.)
17.02.2009, 00:10
alishazmemon

[QUOTE][/QUOTE]Thank you for the advise. It worked and I removed the virus successfully. But the scan disk and disk defragmentation is still disabled. What should I do
17.02.2009, 00:37
drongo

we didn't finished yet :) You didn't answered me, do you know what is this: C:\Documents and Settings\All Users.WINDOWS\Application Data\Loud spam else tool\find wait.exe

Try to disable system restore.
Then close all your programs except your internet browser, only then make a new logs according to rules [url]http://virusinfo.info/showthread.php?t=9184[/url]