2/9/2009 10:32:23 AM C:\WINDOWS\system32\uweyiwe1.dll --> Suspicion for Keylogger or Trojan DLL
this thing just would not go away! eventhough I did the scan numerous times and erased it.
Printable View
2/9/2009 10:32:23 AM C:\WINDOWS\system32\uweyiwe1.dll --> Suspicion for Keylogger or Trojan DLL
this thing just would not go away! eventhough I did the scan numerous times and erased it.
Please download in my signature special avz, put it in new folder on desktop.
Please execute this script in avz: ( [url]http://virusinfo.info/showthread.php?t=9207[/url])
(Do remember to disable antivirus and disconnect from internet before that)
[code]
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
QuarantineFile('G:\8bglj.cmd','');
QuarantineFile('G:\autorun.inf','');
QuarantineFile('F:\8bglj.cmd','');
QuarantineFile('F:\autorun.inf','');
QuarantineFile('C:\8bglj.cmd','');
QuarantineFile('C:\autorun.inf','');
QuarantineFile('c:\windows\config\csrss.exe','');
QuarantineFile('C:\WINDOWS\system32\kva8wr.exe','');
DeleteFile('c:\windows\config\csrss.exe');
DeleteFile('C:\WINDOWS\system32\uweyiwe1.dll');
DeleteFile('C:\WINDOWS\system32\kva8wr.exe');
DeleteFile('C:\autorun.inf');
DeleteFile('C:\8bglj.cmd');
DeleteFile('F:\autorun.inf');
DeleteFile('F:\8bglj.cmd');
DeleteFile('G:\autorun.inf');
DeleteFile('G:\8bglj.cmd');
BC_ImportAll;
ExecuteSysClean;
ExecuteRepair(6);
ExecuteRepair(8);
ExecuteRepair(9);
BC_Activate;
RebootWindows(true);
end.[/code]
Read appendix#3 of the rules [url]http://virusinfo.info/showthread.php?t=9184[/url]
upload quarantine by [url]http://virusinfo.info/upload_virus_eng.php?tid=39344[/url]
make a new logs according to rules [url]http://virusinfo.info/showthread.php?t=9184[/url] and attach them to your next post.
it says <AVZ_Scan> failed
????
[quote=niceandbland;346942]it says <AVZ_Scan> failed
????[/quote]
what says ?
Did you download an avz ? Download now and execute script in it,
peace of cake ;)
I modified the script a little and it worked
now I see
2/9/2009 11:35:46 AM Function kernel32.dll:CreateProcessA (99) intercepted, method ProcAddressHijack.GetProcAddress ->7C80236B->61F03F42
is this anything suspicious?
and Im posting the log after script
I don't see your quarantine. Until you will not send a quarantine as i did requested from you, i will not answer any question.
I didn't know what I was doing at first, I erased the quarantine files by mistake.
also, I was using AVP instead of AVZ at first. No wonder.
I'm really sorry but didn't know what I was doing. I have same exact infection on my laptop. Can I post the quarantine file from there instead? Because that one has to be resolved as well.
I'm really really sorry, in my stupid haste I made waste.
No, every system separate theme.