[URL="file:///C:/Documents%20and%20Settings/Administrator/Desktop/Virus%20Removal%20Tool/is-QC56N/LOG/avptool_syscheck.zip"][ATTACH]128710[/ATTACH][/URL]
Printable View
[URL="file:///C:/Documents%20and%20Settings/Administrator/Desktop/Virus%20Removal%20Tool/is-QC56N/LOG/avptool_syscheck.zip"][ATTACH]128710[/ATTACH][/URL]
Switch off:
- Antivirus and and, if you have - Firewall.
- System Restore
- [URL="http://virusinfo.info/showthread.php?t=9207"]Execute following script[/URL] in Manual Cure
[CODE]begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
QuarantineFile('C:\Documents and Settings\Administrator\reader_s.exe','');
QuarantineFile('C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\f5b17vx.exe','');
QuarantineFile('C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\197191652.exe','');
QuarantineFile('C:\WINDOWS\System32\reader_s.exe','');
QuarantineFile('C:\WINDOWS\system32\csrcs.exe','');
QuarantineFile('Explorer.exe csrcs.exe','');
QuarantineFile('C:\WINDOWS\system32\sdra64.exe','');
QuarantineFile('C:\WINDOWS\system32\twext.exe','');
DelBHO('{37B85A21-692B-4205-9CAD-2626E4993404}');
QuarantineFile('C:\Programmi\MyGlobalSearch\bar\1.bin\MGSBAR.DLL','');
QuarantineFile('C:\autorun.inf','');
DeleteFile('C:\autorun.inf');
DeleteFile('C:\Programmi\MyGlobalSearch\bar\1.bin\MGSBAR.DLL');
DeleteFile('C:\WINDOWS\system32\twext.exe');
DeleteFile('C:\WINDOWS\system32\sdra64.exe');
DeleteFile('Explorer.exe csrcs.exe');
DeleteFile('C:\WINDOWS\system32\csrcs.exe');
DeleteFile('C:\WINDOWS\System32\reader_s.exe');
DeleteFile('C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\197191652.exe');
DeleteFile('C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\f5b17vx.exe');
DeleteFile('C:\Documents and Settings\Administrator\reader_s.exe');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.
[/CODE]
After reboot:
- [URL="http://virusinfo.info/showthread.php?t=9207"]Execute following script[/URL] in Manual Cure
[CODE]begin
CreateQurantineArchive('C:\quarantine.zip');
end.
[/CODE]
- Remove Bonjour: [url]http://virusinfo.info/showthread.php?t=42263[/url]
- Clean Temp-Maps, Cache of Browsers, Recycler. Use Windows service tool [URL="http://support.microsoft.com/?scid=kb%3Ben-us%3B315246&x=17&y=6"]cleanmgr[/URL] or [URL="http://www.ccleaner.com/"]CCleaner[/URL] or [URL="http://www.clearprog.de/"]ClearProg[/URL]
- Close all the programs and start only Internet Explorer!!!
- Repeat a log file.
- Switch Antivirus and, if you have - Firewall, on.
- Go On-Line
- Upload the C:\quarantine.zip here: [url]http://virusinfo.info/upload_virus_eng.php?tid=43845[/url]
- Attach a new log to your new post..
[ATTACH]129619[/ATTACH]
Where is your quarantine????
Switch off:
- Antivirus and and, if you have - Firewall.
- System Restore
- [URL="http://virusinfo.info/showthread.php?t=9207"]Execute following script[/URL] in Manual Cure
[CODE]begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
QuarantineFile('C:\WINDOWS\system32\twext.exe','');
QuarantineFile('C:\WINDOWS\system32\KB905474\wgasetup.exe','');
QuarantineFile('C:\WINDOWS\System32\drivers\1555b2a7.sys','');
DeleteFile('C:\WINDOWS\system32\twext.exe');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.
[/CODE]
After reboot:
- [URL="http://virusinfo.info/showthread.php?t=9207"]Execute following script[/URL] in Manual Cure
[CODE]begin
CreateQurantineArchive('C:\quarantine.zip');
end.
[/CODE]
- Remove Bonjour: [url]http://virusinfo.info/showthread.php?t=42263[/url]
- Clean Temp-Maps, Cache of Browsers, Recycler. Use Windows service tool [URL="http://support.microsoft.com/?scid=kb%3Ben-us%3B315246&x=17&y=6"]cleanmgr[/URL] or [URL="http://www.ccleaner.com/"]CCleaner[/URL] or [URL="http://www.clearprog.de/"]ClearProg[/URL]
- Close all the programs and start only Internet Explorer!!!
- Repeat a log file.
- Make a hijackthis logfile (Rules/Analysis/Point 3)
- Switch Antivirus and, if you have - Firewall, on.
- Go On-Line
- Upload the C:\quarantine.zip here: [url]http://virusinfo.info/upload_virus_eng.php?tid=44759[/url]
- Attach 2 logs to your new post..
I uploaded my new quarantine to [URL="http://virusinfo.info/upload_virus_eng.php?tid=43845"][COLOR=#0532aa]http://virusinfo.info/upload_virus_eng.php?tid=43845[/COLOR][/URL]
Now i attach 2 new logs and new quarantine
Thank you so much
[QUOTE=sebacoti;397137]I uploaded my new quarantine[/QUOTE]I'm sorry, unfortunately I gave you a wrong link. This is correct: [url]http://virusinfo.info/upload_virus_eng.php?tid=44759[/url] and I 'd just uploaded your quarantine.
Check your system in safe mode with CureIt started from Only-Read-Drive (CD or SD-Card)
Pls. make a log files in accordance with the rules with this AVZ: [url]http://rapidshare.com/files/199106177/toto.pif[/url] , because I'm afraid, your AVP tool is corrupt.
i scanned with CureIt . this is the new log by avz
There are the logs we need:
[QUOTE]virusinfo_syscure.zip
virusinfo_syscheck.zip
hijackthis.log[/QUOTE]neither less nor more nor other.
Pls. READ and FULFILL the rules: [url]http://virusinfo.info/showthread.php?t=9184[/url]