Printable View
Hi there,
Attached is the report that the Kaspersky Virus Removal tool has generated.
My laptop has not been able to run any form of anti virus scan for the past 48 hours.... I am able to boot Windows Vista however the laptop freezes after around 15 minutes of use.
Any help on how to remove the infection most appreciated.
Chris :>
Please execute this script in Kaspersky Virus Removal tool
[CODE]begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
QuarantineFile('C:\Program Files\HP Games\Shooting Stars Pool\WebDriver\webdriver.dll','');
QuarantineFile('C:\Windows\system32\drivers\sdpiosys.sys','');
BC_ImportAll;
BC_Activate;
RebootWindows(true);
end.
[/CODE]
Quarantine_avz should be created inside the Kaspersky Virus Removal folder.
Do zip Quarantine_avz and be sure to protect it with password [B]virus[/B]
send by [url]http://virusinfo.info/upload_virus_eng.php?tid=41036[/url]
If it will not work (for any reason), you welcome to
download in my signature special avz, put it in new folder on desktop.
Please execute this script in avz ([url]http://virusinfo.info/showthread.php?t=9207[/url])
(Do remember before lunching avz-> to exit your antivirus and disconnect from internet)
Please upload the quarantine according to appendix 3 of rules([url]http://virusinfo.info/showthread.php?t=9184[/url]) , by link [url]http://virusinfo.info/upload_virus_eng.php?tid=41036[/url]
avz will zip it itself.
It will just make a copy, in order to investigate some of your files.
Let us know, when you will done.
Drongo,
I have run the command and the AVZ_quarantine file has been created however it is not allowing me to zip the folder (I am receiving a message that the operation access is denied)
How do I proceed?
Chris
Nice :)
Download in my signature special avz, put it in new folder on desktop.
Please execute this script in avz ([url]http://virusinfo.info/showthread.php?t=9207[/url])
(Do remember before lunching avz-> to exit your antivirus and disconnect from internet)
Please upload the quarantine according to appendix 3 of rules([url]http://virusinfo.info/showthread.php?t=9184[/url]) , by link [url]http://virusinfo.info/upload_virus_eng.php?tid=40774[/url]
don't need to zip, it will do it itself.
I have managed to get the quarantine file into a zip and have uploaded to the link as instructed.
Chris
sdpiosys.sys- looks like a rootkit, lets delete it.
Execute this script in avz.
[code]
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
DeleteFile('C:\Windows\system32\drivers\sdpiosys.sys');
BC_ImportAll;
ExecuteSysClean;
BC_DeleteSvc('sdpiosys');
BC_Activate;
ExecuteRepair(6);
ExecuteRepair(8);
ExecuteRepair(9);
SetAVZPMStatus(true);
RebootWindows(true);
end.[/code]
System will reboot, please make all 3 logs according to rules: [url]http://virusinfo.info/showthread.php?t=9184[/url] and attach it to this topic to next post.
Perhaps we will find more...
I have run the script in AVZ on several occasions however the virus refuses to be removed. HELP!
It appears that the virus located at 'C:\Windows\system32\drivers\sdpiosys.sys' has been removed while the one located at 'C:\Program Files\HP Games\Shooting Stars Pool\WebDriver\webdriver.dll' remains.
I have run another analysis log which I have uploaded to the link you provided previously as well as a scan from Hijack This
[size="1"][color="#666686"][B][I]Добавлено через 33 минуты[/I][/B][/color][/size]
I have run the script in AVZ on several occasions however the virus refuses to be removed. HELP!
It appears that the virus located at 'C:\Windows\system32\drivers\sdpiosys.sys' has been removed while the one located at 'C:\Program Files\HP Games\Shooting Stars Pool\WebDriver\webdriver.dll' remains.
I have run another analysis log which is attached
I didn't wrote in the script removing instruction for webdriver.dll, because i don't thing it is too dangerous and you will unable to play with your Shooting Stars Pool. I think, you can remove by yourself from add/remove programs these hpgames ;)
Please make 3 logs in accordance to [url]http://virusinfo.info/showthread.php?t=9184[/url]