Hello
avptool_syscheck is attached
Thank you
The task manager, regedit and safe mode is disabled
How can i make it to active?
Thank you
Printable View
Hello
avptool_syscheck is attached
Thank you
The task manager, regedit and safe mode is disabled
How can i make it to active?
Thank you
Hello.
Before follow my advices you should read [url=http://virusinfo.info/showthread.php?t=9184]the rules of "Help me!" section[/url] and download AVZ and Hijackthis tools (the links are in the rules too). You should also check your PC using [url=ftp://ftp.drweb.com/pub/drweb/cureit/launch.exe]CureIt! tool[/url], because sality is supposed to be a file virus. Attention! At the launch Cureit! tool performs quick scan only, after that you should start full scan manually.
[url=http://virusinfo.info/showthread.php?t=9207]Execute script in AVZ[/url]: [code]begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
QuarantineFile('C:\Documents and Settings\Free User\Start Menu\Programs\Startup\is-BRJ6V.lnk','');
QuarantineFile('C:\Documents and Settings\Free User\Start Menu\Programs\Startup\is-68MO2.lnk','');
QuarantineFile('C:\WINDOWS\system32\drivers\ohksn.sys','');
QuarantineFile('C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys','');
QuarantineFile('C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys','');
QuarantineFile('C:\WINDOWS\system32\DRIVERS\HssDrv.sys','');
QuarantineFile('C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys','');
QuarantineFile('C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_F423308312A7B033.dll','');
QuarantineFile('C:\Documents and Settings\Free User\Local Settings\Temp\jkos-Free User\binaries\kave.dll','');
QuarantineFile('c:\program files\windows live\toolbar\wltuser.exe','');
QuarantineFile('c:\program files\microsoft\search enhancement pack\seaport\seaport.exe','');
QuarantineFile('c:\program files\hotspot shield\hsswpr\hsssrv.exe','');
QuarantineFile('C:\Documents and Settings\Free User\Start Menu\Programs\Startup\is-HG3G4.lnk','');
QuarantineFile('c:\docume~1\freeus~1\applic~1\progra~1\online warn logo.exe','');
DeleteFile('c:\docume~1\freeus~1\applic~1\progra~1\online warn logo.exe');
BC_DeleteFile('c:\docume~1\freeus~1\applic~1\progra~1\online warn logo.exe');
DeleteFile('C:\Documents and Settings\Free User\Start Menu\Programs\Startup\is-HG3G4.lnk');
BC_DeleteFile('C:\Documents and Settings\Free User\Start Menu\Programs\Startup\is-HG3G4.lnk');
DeleteFile('C:\Documents and Settings\Free User\Start Menu\Programs\Startup\is-68MO2.lnk');
BC_DeleteFile('C:\Documents and Settings\Free User\Start Menu\Programs\Startup\is-68MO2.lnk');
DeleteFile('C:\Documents and Settings\Free User\Start Menu\Programs\Startup\is-BRJ6V.lnk');
BC_DeleteFile('C:\Documents and Settings\Free User\Start Menu\Programs\Startup\is-BRJ6V.lnk');
BC_ImportquarantineList;
BC_Activate;
ExecuteSysClean;
executerepair(6);
executerepair(10);
executerepair(11);
executerepair(17);
RebootWindows(true);
end.[/code] After restart, upload quarantine using the link [url]http://virusinfo.info/upload_virus_eng.php?tid=42017[/url] as it's described in the rules and make new logs.