Looking for some help/script
Thanks 8)
Printable View
Looking for some help/script
Thanks 8)
Switch off:
- Antivirus and and, if you have - Firewall.
- System Restore
- [URL="http://virusinfo.info/showthread.php?t=9207"]Execute following script[/URL]
[CODE]begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
QuarantineFile('C:\WINDOWS\system32\viahdcpl.cpl','');
QuarantineFile('LogonDll.dll','');
QuarantineFile('C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Google Toolbar\gtbD8.tmp.exe','');
QuarantineFile('c:\progra~1\tinasoft\easyca~1\guardit.exe','');
DeleteFile('LogonDll.dll');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.
[/CODE]
After reboot:
- [URL="http://virusinfo.info/showthread.php?t=9207"]Execute following script[/URL]
[code]begin
CreateQurantineArchive(GetAVZDirectory+'quarantine.zip');
end.
[/code]
After reboot:
- Clean Temp-Maps, Cache of Browsers, Recycler. Use Windows service tool [URL="http://support.microsoft.com/?scid=kb%3Ben-us%3B315246&x=17&y=6"]cleanmgr[/URL] or [URL="http://www.ccleaner.com/"]CCleaner[/URL] or [URL="http://www.clearprog.de/"]ClearProg[/URL]
- Close all the programs and start only Internet Explorer!!!
- Repeat the log file
- Switch Antivirus and, if you have - Firewall, on.
- Go On-Line
- Upload the quarantine.zip over the link [COLOR="Red"][B]Upload quarantined files[/B][/COLOR] on the top of this page.
- Attach new log to your post..
Thanks :good2:
[COLOR=#0532aa]new log file Kapersky Removal Tool[/COLOR]
[COLOR=#0532aa][/COLOR]
Where is the quarantine?
[size="1"][color="#666686"][B][I]Добавлено через 10 минут[/I][/B][/color][/size]
You must clean your system from file virus Sality before. Use CureIt from Dr.Web or AVPTool from Kaspersky (s. links by the rules) You have to download them using any clean system or Live CD and start them from any external drive (CD or Only-Read-SD-Card).
After healing:
Switch off:
- Antivirus and and, if you have - Firewall.
- [COLOR="Red"][SIZE="4"]System Restore[/SIZE][/COLOR]- I hope, you can see this sentence now >:(
- [URL="http://virusinfo.info/showthread.php?t=9207"]Execute following script[/URL]
[CODE]begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
StopService('abp470n5');
StopService('EGPZGJYNVTH');
TerminateProcessByName('c:\docume~1\maather\locals~1\temp\lclscp.exe');
TerminateProcessByName('c:\docume~1\maather\locals~1\temp\winfxftf.exe');
TerminateProcessByName('c:\docume~1\maather\locals~1\temp\winexxoax.exe');
TerminateProcessByName('c:\docume~1\maather\locals~1\temp\abwbdt.exe');
QuarantineFile('C:\Program Files\MSN Messenger\usnsvc.exe','');
QuarantineFile('C:\DOCUME~1\MAATHER\LOCALS~1\Temp\EGPZGJYNVTH.exe','');
QuarantineFile('C:\WINDOWS\system32\drivers\rgstn.sys','');
QuarantineFile('c:\docume~1\maather\locals~1\temp\winexxoax.exe','');
QuarantineFile('c:\docume~1\maather\locals~1\temp\winfxftf.exe','');
QuarantineFile('c:\docume~1\maather\locals~1\temp\lclscp.exe','');
QuarantineFile('c:\docume~1\maather\locals~1\temp\abwbdt.exe','');
DeleteFile('c:\docume~1\maather\locals~1\temp\abwbdt.exe');
DeleteFile('c:\docume~1\maather\locals~1\temp\lclscp.exe');
DeleteFile('c:\docume~1\maather\locals~1\temp\winfxftf.exe');
DeleteFile('c:\docume~1\maather\locals~1\temp\winexxoax.exe');
DeleteFile('C:\DOCUME~1\MAATHER\LOCALS~1\Temp\EGPZGJYNVTH.exe');
DeleteFile('C:\WINDOWS\system32\drivers\rgstn.sys');
DeleteService('EGPZGJYNVTH');
DeleteService('abp470n5');
BC_ImportAll;
ExecuteSysClean;
BC_DeleteSvc('EGPZGJYNVTH');
BC_DeleteSvc('abp470n5');
BC_Activate;
RebootWindows(true);
end.
[/CODE]
After reboot:
- [URL="http://virusinfo.info/showthread.php?t=9207"]Execute following script[/URL]
[code]begin
CreateQurantineArchive(GetAVZDirectory+'quarantine.zip');
end.
[/code]
After reboot:
- Clean Temp-Maps, Cache of Browsers, Recycler. Use Windows service tool [URL="http://support.microsoft.com/?scid=kb%3Ben-us%3B315246&x=17&y=6"]cleanmgr[/URL] or [URL="http://www.ccleaner.com/"]CCleaner[/URL] or [URL="http://www.clearprog.de/"]ClearProg[/URL]
- Close all the programs and start only Internet Explorer!!!
- Repeat the log file
- Switch Antivirus and, if you have - Firewall, on.
- Go On-Line
- Upload the quarantine.zip over the link [COLOR="Red"][B]Upload quarantined files[/B][/COLOR] on the top of this page.
- Attach new log to your post..