:furious3:Hello,
Kapersky and other antiviruses found this trojan - hjgruityvtsoaw.dll - in memory, but none was able to remove it.
Can you help ?
Many thanks.
Babouin
Printable View
:furious3:Hello,
Kapersky and other antiviruses found this trojan - hjgruityvtsoaw.dll - in memory, but none was able to remove it.
Can you help ?
Many thanks.
Babouin
Switch off/Disable:
- Antivirus and and, if you have - Firewall.
- System Restore
- [URL="http://virusinfo.info/showthread.php?t=9207"]Execute following script[/URL] in Manual Cure
[CODE]begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
StopService('eqgudxweblioarw');
QuarantineFile('C:\WINDOWS\system32\drivers\qeupa.sys','');
QuarantineFile('%systemroot%\system32\hjgruityvtsoaw.dll','');
QuarantineFile('O:\autorun.inf','');
QuarantineFile('N:\autorun.inf','');
QuarantineFile('M:\autorun.inf','');
QuarantineFile('H:\autorun.inf','');
DeleteFile('O:\autorun.inf');
DeleteFile('N:\autorun.inf');
DeleteFile('M:\autorun.inf');
DeleteFile('H:\autorun.inf');
DeleteFile('%systemroot%\system32\hjgruityvtsoaw.dll');
DeleteFile('C:\WINDOWS\system32\drivers\qeupa.sys');
DeleteService('eqgudxweblioarw');
BC_ImportAll;
ExecuteSysClean;
BC_DeleteSvc('eqgudxweblioarw');
BC_Activate;
SetAVZPMStatus(True);
RebootWindows(true);
end.
[/CODE]
After reboot [URL="http://virusinfo.info/showthread.php?t=9207"]execute following script[/URL] in Manual Cure
[code]begin
CreateQurantineArchive('C:\quarantine.zip');
end.
[/code]
- Remove [URL="http://virusinfo.info/showthread.php?t=42263"]Bonjour[/URL]
- Clean Temp-Maps, Cache of Browsers, Recycler. Use Windows service tool [URL="http://support.microsoft.com/?scid=kb%3Ben-us%3B315246&x=17&y=6"]cleanmgr[/URL] or [URL="http://www.ccleaner.com/"]CCleaner[/URL] or [URL="http://www.clearprog.de/"]ClearProg[/URL]
- Close all the programs and start only Internet Explorer!!!
- Repeat a log file.
- Switch Antivirus and, if you have - Firewall, on.
- Go On-Line
- Upload the C:\quarantine.zip over the link [COLOR="Red"][B]Upload quarantined files[/B][/COLOR] on the top of this page.
- Attach a log to your new post..
Hello,
I have performed your instructions step by step.
I have uploaded the quarantine file and the new log is attached to this message.
After scanning, I still get the message :
[I]not found: Trojan program Trojan.Win32.Agent.crez File: globalroot\systemroot\system32\hjgruityvtsoaw.dll[/I]
Thanks for your help.
Babouin
It's a wrong log. You have to make the same actions as by your 1st post - the result should be a new avptool_syscheck.zip.
Additionally make a GMER log file--- [url]www.gmer.net:[/url] download->run the tool -> press SCAN->wait (possibly 2-3 hours) ->press SAVE - >saved logfile attach here.
I have done it all again.
- quarantine uploaded
- log file attached
GMER currently running. Log file will be posted within 2 hours.
Please note that I cannot disable system restore. The checkbox is unchecked and greyed (although logged as admin...).
And now GMER's log file.
Switch off/Disable:
- Antivirus and and, if you have - Firewall.
- System Restore
- [URL="http://virusinfo.info/showthread.php?t=9207"]Execute following script[/URL] in Manual Cure
[CODE]begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
ClearQuarantine;
StopService('hjgruipqmlxyid');
QuarantineFile('c:\windows\system32\drivers\hjgruiegkenxfd.sys','');
QuarantineFile('c:\windows\system32\hjgruityvtsoaw.dll','');
QuarantineFile('c:\windows\system32\nmsaccessu.exe','');
QuarantineFile('C:\WINDOWS\system32\hjgruippcaoebc.dll','');
QuarantineFile('C:\WINDOWS\system32\hjgruintyhfgvi.dat','');
QuarantineFile('C:\WINDOWS\system32\hjgruiysltoxul.dat','');
RegKeyParamDel('HKLM','SYSTEM\CurrentControlSet\Services','hjgruipqmlxyid');
RegKeyParamDel('HKLM','SYSTEM\ControlSet005\Services','hjgruipqmlxyid');
DeleteFileMask('C:\WINDOWS\system32','hjgrui*.*',false);
DeleteFileMask('C:\WINDOWS\system32\drivers','hjgrui*.*',false);
DeleteService('hjgruipqmlxyid');
BC_ImportAll;
ExecuteSysClean;
BC_DeleteSvc('hjgruipqmlxyid');
BC_Activate;
SetAVZPMStatus(True);
RebootWindows(true);
end.
[/CODE]
After reboot [URL="http://virusinfo.info/showthread.php?t=9207"]execute following script[/URL] in Manual Cure
[code]begin
CreateQurantineArchive('C:\quarantine.zip');
end.
[/code]
- Clean Temp-Maps, Cache of Browsers, Recycler. Use Windows service tool [URL="http://support.microsoft.com/?scid=kb%3Ben-us%3B315246&x=17&y=6"]cleanmgr[/URL] or [URL="http://www.ccleaner.com/"]CCleaner[/URL] or [URL="http://www.clearprog.de/"]ClearProg[/URL]
- Close all the programs and start only Internet Explorer!!!
- Make the new log files avptool_syscheck.zip + gmer.
- Switch Antivirus and, if you have - Firewall, on.
- Go On-Line
- Upload the C:\quarantine.zip over the link [COLOR="Red"][B]Upload quarantined files[/B][/COLOR] on the top of this page.
- Attach the logs to your new post..
Quarantine posted. Avptool_syscheck.zip attached.
GMER coming soon...
No effect when clicking on the attachment icon...
[size="1"][color="#666686"][B][I]Добавлено через 1 минуту[/I][/B][/color][/size]
Same when I click on "Manage attachments" !
Sorry. Here it is.
[QUOTE=bab;440064]Sorry. Here it is.[/QUOTE]GMER log seems to be very small... Have you really SCANNED your system? If YES - it's very good.
Let ONLY ONE antivirus on your system, such tools as A-squared are not really necessary and TuneUp is NOT NECESSARY AT ALL- remove it, please.
Clean Task Sheduler.
Everything looks clean, now.
Thanks a lot for your help, Rene, I'm very grateful. Your latest script was the good one.
Have a nice day.
Babouin