I tried using program on auto but it got stuck on calc.dll so i went to manual mode but cant submit via the infected computer so im using another one..here is the file
Printable View
I tried using program on auto but it got stuck on calc.dll so i went to manual mode but cant submit via the infected computer so im using another one..here is the file
Hello,
your system is not really your's one - such collection of vulnerabilities I haven't seen since a couple of months... :O
Why the very important Service Packs and patches are not installed?
Why do you use an ancient antivirus?
Switch off/Disable:
- Antivirus and and, if you have - Firewall.
- System Restore
- [URL="http://virusinfo.info/showthread.php?t=9207"]Execute following script[/URL] in Manual Cure
[CODE]begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
ClearQuarantine;
StopService('tcpsr');
StopService('daqdrv');
QuarantineFile('explorer.exe,c:\windows\system32\W1NL0g0.exe','');
QuarantineFile('C:\WINDOWS\TEMP\i9xo50.exe','');
QuarantineFile('C:\WINDOWS\TEMP\avp.exe','');
QuarantineFile('C:\WINDOWS\system32\userinit.exe','');
QuarantineFile('c:\windows\system32\rundll32.exe','');
QuarantineFile('C:\WINDOWS\system32\restorer32_a.exe','');
QuarantineFile('C:\WINDOWS\system32\regedit.exe','');
QuarantineFile('C:\WINDOWS\System32\reader_s.exe','');
QuarantineFile('C:\WINDOWS\System32\p52s6x9.dll','');
QuarantineFile('C:\WINDOWS\System32\fgjk4wvb.dll','');
QuarantineFile('C:\WINDOWS\System32\drivers\tcpsr.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\NDIS.sys','');
QuarantineFile('C:\WINDOWS\System32\daqdrv.sys','');
QuarantineFile('C:\WINDOWS\system32\calc.dll','');
QuarantineFile('C:\WINDOWS\system32\10.tmp','');
QuarantineFile('C:\WINDOWS\msagent\agentdpv.exe','');
QuarantineFile('C:\WINDOWS\fonts\services.exe','');
QuarantineFile('C:\Documents and Settings\tai\restorer32_a.exe','');
QuarantineFile('C:\Documents and Settings\LocalService\restorer32_a.exe','');
QuarantineFile('C:\DOCUME~1\tai\LOCALS~1\Temp\i.exe','');
QuarantineFile('C:\DOCUME~1\tai\LOCALS~1\Temp\h.exe','');
DeleteService('tcpsr');
DeleteService('daqdrv');
DeleteFile('explorer.exe,c:\windows\system32\W1NL0g0.exe');
DeleteFile('C:\WINDOWS\TEMP\i9xo50.exe');
DeleteFile('C:\WINDOWS\TEMP\avp.exe');
DeleteFile('C:\WINDOWS\system32\restorer32_a.exe');
DeleteFile('C:\WINDOWS\system32\regedit.exe');
DeleteFile('C:\WINDOWS\System32\reader_s.exe');
DeleteFile('C:\WINDOWS\System32\p52s6x9.dll');
DeleteFile('C:\WINDOWS\System32\fgjk4wvb.dll');
DeleteFile('C:\WINDOWS\System32\drivers\tcpsr.sys');
DeleteFile('C:\WINDOWS\System32\daqdrv.sys');
DeleteFile('C:\WINDOWS\system32\calc.dll');
DeleteFile('C:\WINDOWS\system32\10.tmp');
DeleteFile('C:\WINDOWS\msagent\agentdpv.exe');
DeleteFile('C:\WINDOWS\fonts\services.exe');
DeleteFile('C:\Documents and Settings\tai\restorer32_a.exe');
DeleteFile('C:\Documents and Settings\LocalService\restorer32_a.exe');
DeleteFile('C:\DOCUME~1\tai\LOCALS~1\Temp\i.exe');
DeleteFile('C:\DOCUME~1\tai\LOCALS~1\Temp\h.exe');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
SetAVZPMStatus(True);
RebootWindows(true);
end.[/CODE]
After reboot [URL="http://virusinfo.info/showthread.php?t=9207"]execute following script[/URL] in Manual Cure
[code]begin
CreateQurantineArchive('C:\quarantine.zip');
end.
[/code]
- Upload the C:\quarantine.zip over the link [COLOR="Red"][B]Upload quarantined files[/B][/COLOR] on the top of this page.
- Make and attach a new log to your new post..
not mine but a friend that not computer smart...was able to do a scan in safe mode will see if i still need more help..should i do the above if i was able to scan in safe? also went to reboot in reg mode and got a bunch of errors and in safe as well userinit logon encountered a problem..doing repair install
You could execute the script in safe mode, but it has to be normal mode for the logging.