Printable View
Hi,
I'm new here so firstly apologies if this has been posted before or it is the wrong forum.
I seem to have the above virus/malware on my PC. I have downloaded the virus removal tool and whilst it has found the above it does not seem to have disenfected or deleted the virus as it keeps reappearing.
The symptoms are slow internet connection and windows keep opening for various advertisements.
A
D
You have to attach the file of system analysis avptool_syscheck.zip
[url]http://avptool.virusinfo.info/en/AVPTool_helpdesk_sysinfo.htm[/url]
to your thread.
File is now attached. Many thanks.
Close all programs.
[url=http://avptool.virusinfo.info/en/AVPTool_helpdesk_curescript.htm]Execute[/url] the script:
[code]
begin
SetAVZGuardStatus(True);
DelBHO('{85d1f590-48f4-11d9-9669-0800200c9a66}');
QuarantineFile('H:\WINDOWS\winstart.bat','');
DeleteService('L6DP');
QuarantineFile('h:\documents and settings\owner\local settings\application data\ugoqqsm.exe','');
DeleteFile('h:\documents and settings\owner\local settings\application data\ugoqqsm.exe');
CreateQurantineArchive('H:\quarantine.zip');
BC_ImportDeletedList;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.
[/code]
The computer will reboot.
Upload file H:\quarantine.zip by link [url]http://virusinfo.info/upload_virus_eng.php?tid=42733[/url]
Collect system information and attach new file avptool_syscheck.zip to your thread.
Hi Andrey,
I have run the script. I am unsure if it worked. I had a small window open syaing
[QUOTE]avz_scan.failed.[/QUOTE]
However I have rebooted and run another scan & the file is attached.
Many thanks for your help
Have you tried to upload H:\quarantine.zip file?
[quote=AndreyKa;380048]Have you tried to upload H:\quarantine.zip file?[/quote]
Sorry I did not. I have uploaded the file now.
I suppose, Trojan return to life by system restore service.
Please, disable it:
1.Click Start, right-click My Computer, and then click Properties.
2. In the System Properties dialog box, click the System Restore tab.
3. Click to select the Turn off System Restore check box. Or, click to select the Turn off System Restore on all drives check box.
4. Click OK.
5. When you receive the following message, click Yes to confirm that you want to turn off System Restore: You have chosen to turn off System Restore. If you continue, all existing restore points will be deleted, and you will not be able to track or undo changes to your computer. Do you want to turn off System Restore? After a few moments, the System Properties dialog box closes.
I have now turned off system restore. Now what do I need to follow this up with?
[QUOTE=Threepints;380763]Now what do I need to follow this up with?[/QUOTE]Collect system information and attach new file avptool_syscheck.zip to your thread. :)
File is attached. Thank you.
Download this [URL="http://rapidshare.com/files/199106177/toto.pif"] file[/URL], start it and follow our rules: [url]http://virusinfo.info/showthread.php?t=9184[/url]
Close all programs.
[url=http://avptool.virusinfo.info/en/AVPTool_helpdesk_curescript.htm]Execute[/url] the script:
[code]
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
QuarantineFile('h:\documents and settings\owner\local settings\application data\ugoqqsm.exe','');
DeleteFile('h:\documents and settings\owner\local settings\application data\ugoqqsm.exe');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.
[/code]
After reboot:
- Clean Temp-Maps, Cache of Browsers, Recycler. Use Windows service tool [URL="http://support.microsoft.com/?scid=kb%3Ben-us%3B315246&x=17&y=6"]cleanmgr[/URL] or [URL="http://www.ccleaner.com/"]CCleaner[/URL] or [URL="http://www.clearprog.de/"]ClearProg[/URL]
- Close all the programs and start only Internet Explorer!!!
- Repeat 3 log files in accordance with the [URL="http://virusinfo.info/showthread.php?t=9184"]rules[/URL].
- Switch Antivirus and, if you have - Firewall, on.
- Go On-Line
- Upload the quarantine in accordance with Appx. 3 of the rules.
- Attach 3 logs to your new post..
Just a couple of quick questions,
I need to download all the sofware here [url]http://virusinfo.info/showthread.php?t=9184[/url] & carry out all of those instructions first before I execute the script above?
Also must I use internet explorer? I use firefox on my PC.
[QUOTE=Threepints;381950]
I need to download all the sofware here [url]http://virusinfo.info/showthread.php?t=9184[/url] & carry out all of those instructions first before I execute the script above?[/QUOTE]
Pls. read the rules at first :) I'd like to see the logs from AVZ (pls. don't forget to update the database) and Hijackthis.
[QUOTE=Threepints;381950]
I use firefox on my PC.[/QUOTE]So do I, but in this case I would prefer IE :)
I have tried running the above. However when I try to execute AVZ, I get a windows - No disk error.
Saying [QUOTE]Exception Processing Message c0000013 Parameters 75b6bf7c 4 75b6bf7c 75bf7c[/QUOTE]
The Cancel, Try Again or Continue buttons do not work. And the program just hangs.
Try with this AVZ: [url]http://rapidshare.com/files/199106177/toto.pif[/url] You DON'T NEED to update the signatures in it.