solddowns, and internet connection issues

Printable View

20.10.2009, 13:18
lee.

solddowns, and internet connection issues

Please help!
20.10.2009, 14:44
Numb

The log you've made isnt the log we expect to see. Please, read [url=http://virusinfo.info/showthread.php?t=9184]the rules[/url] and follow the instructions there.
20.10.2009, 17:03
lee.

correct log attached. Thanks!
21.10.2009, 21:51
Белый Сокол

We are waiting for AVZ logs too :)
22.10.2009, 04:47
lee.

ugh. SORRY! Here they are!
22.10.2009, 18:42
drongo

Why you did not disable your symantec , zonealarm and other "anti" before making our logs? Moreover, using symantec internet security and zonealarm firewall simulteniusly it is too big pressure for the system. You should uninstall both, and choose something one.At least, disable in the symantec firewall completely:)
Why you did not update the avz itself and system restore is not disabled ? It is briefly explained in the rules...
Now, disable all your anti, and internet connection.
Run this script in avz:
[code]
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
Clearquarantine;
QuarantineFile('D:\WINDOWS\system32\MyCleaner.exe','');
QuarantineFile('D:\WINDOWS\Temp\FrXlhqOR.sys','');
QuarantineFile('D:\WINDOWS\Temp\7s0a64Cc.sys','');
QuarantineFile('D:\Windows\system32\USER32.dll','');
BC_ImportAll;
BC_Activate;
RebootWindows(true);
end.
[/code]
Computer will reboot. This script will change nothing, it just for making a copy of some files.
Now, we need to see them. In order to do that, please execute this script right after reboot:
[code]begin
CreateQurantineArchive('C:\quarantine.zip');
end.
[/code]
Upload file [B]C:\quarantine.zip[/B], by link [B][COLOR="Red"]Upload quarantined files[/COLOR][/B] in the top of this thread.
Let us know, when you will done!
22.10.2009, 19:36
lee.

alright. disabled antivirus and network connection and ran the scripts. here are the files.

I had installed a few AV programs in an attempt to remove this junk, should have uninstalled when done.

THANKS FOR THE HELP! Not getting anywhere on my own!
22.10.2009, 20:12
drongo

Are you unable see a red color? Do it as i said, and do not like you want.
22.10.2009, 21:54
lee.

My apologies. Corrected by uploading to the correct section. SORRY!
23.10.2009, 00:27
drongo

What junk do you want to remove? Please describe your problem.
A quarantine was send to antivirus lab. As long as we will get an answer, we will let you know.
Meantime, uninstall all your "anti" collection, because this collection can cause problems, and it is interfering into our detection process. We are hunting anti-virus modules, instead of real viruses.
Then, please make a set of fresh logs and do attach them to next post.