Printable View
Hi!
My computer is better after Norman VC discovered "Pobernah.DAM" in my Sys32 folder.Still,the Microsoft update page doesn't work(although automatic update does),I have to update pages to make them work properly,on loading pages Google loads in a separate window and I can't install SuperAntiSpyware or AntiMalware.For some reason I'm not allowed to send attachments.My account is activated.
Sincerely
And it did!
Did you make scan with cureit or avptool ? They should both know your trojans already.
I think your case is cureable, you have a rootkit&trojan that block a lot of "anti" programs, because of this you are unable install programs, that you had mentioned in your post :)
Ok, [U]from theory to practice:[/U]
First of all, please disable Norman and uninstall it completely trough add/remove programs and restart computer. ( Norman will not allow to us curing your system.)
Then, be sure that you are disconnected from internet and execute this script:
[code]
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
QuarantineFile('D:\71b89ba60f582ce4f9af\update\update.exe','');
QuarantineFile('C:\WINDOWS\system32\UACbmnudovn.dll','');
QuarantineFile('C:\WINDOWS\system32\UACbnwxympp.dll','');
QuarantineFile('C:\WINDOWS\system32\UACejwmtklo.dll','');
QuarantineFile('C:\WINDOWS\system32\UACybwrrvkp.dll','');
QuarantineFile('\\?\globalroot\systemroot\system32\UACejwmtklo.dll','');
QuarantineFile('C:\WINDOWS\system32\drivers\UACiwqvdlqm.sys','');
QuarantineFile('C:\WINDOWS\system32\drivers\cis1284.sys','');
DeleteFile('\\?\globalroot\systemroot\system32\UACejwmtklo.dll');
DeleteFile('C:\WINDOWS\system32\drivers\UACiwqvdlqm.sys');
DeleteFile('C:\WINDOWS\system32\UACbmnudovn.dll');
DeleteFile('C:\WINDOWS\system32\UACbnwxympp.dll');
DeleteFile('C:\WINDOWS\system32\UACejwmtklo.dll');
DeleteFile('C:\WINDOWS\system32\UACybwrrvkp.dll');
BC_ImportAll;
ExecuteSysClean;
BC_DeleteSvc('UACiwqvdlqm');
BC_Activate;
ExecuteRepair(6);
ExecuteRepair(8);
ExecuteRepair(9);
SetAVZPMStatus(true);
RebootWindows(true);
end.
[/code]
System will reboot.
Please upload to us a quarantine(read Appendix#3 of the rules) by link [url]http://virusinfo.info/upload_virus_eng.php?tid=40454[/url]
Then download avptool( [url]http://devbuilds.kaspersky-labs.com/devbuilds/AVPTool/[/url] ) , cureit( [url]ftp://ftp.drweb.com/pub/drweb/cureit/launch.exe[/url] ) and scan all your system (not with both at same time ;)
After all, please make a fresh set of the logs in next post of this topic (like in your second post), we shall continue.
Thank you so very,very much!Computer is working normally.
I have sent virusfile and here is the rest.
I am glad to hear. File that you did upload to us is clean, it is from norman antivirus ;)
By the way, your antivirus- you should better install something more powerful :) I prefer kaspersky, but it is up to you.(in that case you can uninstall superuntispyware at all ;) )
Your hosts file is too big- it can cause downgrade of your internet connection speed.
Logs don't show sign of virus infection, but they are showing tracks from norman antivirus and a lot of different on -line antivirus scanners ;) (it could downgrade of your internet connection speed too)
Try ccleaner- it is freeware cleaning good utility ;)
About system restore- you can enable it, but it doesn't help much, so consider use another program that will create image of system disk. For example: acronis.
P.S. About thanks, you can click on "thanks " button in my posts :beer: and also [URL]http://virusinfo.info/showthread.php?t=28583[/URL] is very welcome :clapping:
Almost have forgotten, please execute this script in avz for removing avz driver and registry traces:
[code]begin
SetAVZPMStatus(false);
ExecuteStdScr(6);
RebootWindows(true);
end.[/code]