Help. I got infected with Win32.Sality Virus. I need the script ASAP.
Printable View
Help. I got infected with Win32.Sality Virus. I need the script ASAP.
Use the Live CD Vba32 Rescue. Links to download:
[url]ftp://anti-virus.by/pub/vbarescue-beta.iso[/url]
[url]ftp://vba.ok.by/vba/vbarescue-beta.iso[/url]
After attach a log C:\VbaRescue\vba32.rpt
Looks like my system has already been cleaned. Huge thanks to COMODO INTERNET SECURITY, DRWEB CUREIT and KASPERSKY VIRUS REMOVAL TOOL.
hooray, I no longer need to reformat!
Attach a new [B]avptool_syscheck.zip.[/B]
Please verify if my system is clean. [B]avptool_syscheck.zip[/B] attached. Thanks.
It is better you deinstall Spy Sweeper.
1. Please, disable System Restore and antivirus (if you have).
2. Execute the script in AVPTool:
[CODE]begin
SetAVZGuardStatus(True);
QuarantineFile('C:\DOCUME~1\Susan\LOCALS~1\Temp\b.exe','');
QuarantineFile('C:\WINDOWS\system32\RVHOST.exe','');
DeleteService('asc3360pr');
DeleteFile('C:\WINDOWS\system32\drivers\imphmq.sys');
DeleteFile('C:\WINDOWS\system32\RVHOST.exe');
DeleteFileMask('C:\WINDOWS\Tasks', 'At*.job', false);
DeleteFile('C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe');
DeleteFile('C:\WINDOWS\Tasks\wrSpySweeper_LF229B83443D74C6A845227A6B3C8900F.job');
DeleteFile('wrSpySweeper_LF229B83443D74C6A845227A6B3C8900F.job');
DeleteFile('C:\DOCUME~1\Susan\LOCALS~1\Temp\b.exe');
DeleteFile('C:\WINDOWS\Tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job');
DeleteFile('{BB65B0FB-5712-401b-B616-E69AC55E2757}.job');
BC_ImportDeletedList;
ExecuteSysClean;
BC_Activate;
CreateQurantineArchive('C:\quarantine.zip');
RebootWindows(true);
end.[/CODE]
After restart upload file C:\quarantine.zip, by link [url]http://virusinfo.info/upload_virus.php?tid=57529[/url]
3. Attach a new [B]avptool_syscheck.zip.[/B]