-
virus attacks
Please help me remove the viruses in my comp. I have kaspersky internet security 2010. it detects a virus, such as worm.win32.autorun.ftp, virus.win32.protector.c, net-worm-win32.kolab.fap. But everytime it tries to execute special procedures rundll box pops out saying error loading basegui.ppl and all operation stops, all other softwares cant be opened saying its not a valid win32 program. My operating system is windows xp, 32 bit, service pack3.
hoping for your urgent reply, thanks in advance!
-
1. Please, disable System Restore and antivirus (if you have).
2. Execute this script in avz or avptool:
[CODE]begin
ClearHostsFile;
SetAVZGuardStatus(True);
RegKeyIntParamWrite('HKLM','SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer','NoDriveTypeAutoRun', 221);
DelBHO('{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}');
QuarantineFile('C:\WINDOWS\system32\regedit.exe','');
QuarantineFile('c:\windows\msdrv32.exe','');
TerminateProcessByName('c:\windows\msdrv32.exe');
QuarantineFile('c:\documents and settings\donna\av_md.exe','');
TerminateProcessByName('c:\documents and settings\donna\av_md.exe');
QuarantineFile('c:\windows\system32\av_md.exe','');
TerminateProcessByName('c:\windows\system32\av_md.exe');
DeleteFile('c:\windows\system32\av_md.exe');
DeleteFile('c:\documents and settings\donna\av_md.exe');
DeleteFile('c:\windows\msdrv32.exe');
RegKeyParamDel('HKEY_USERS','S-1-5-21-1715567821-2052111302-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Run','av_md');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','Microsoft Driver Setup');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run','Microsoft Driver Setup');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','av_md');
DeleteFile('C:\WINDOWS\system32\regedit.exe');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','Regedit32');
DeleteFileMask('%tmp% ','*.* ',true );
BC_ImportDeletedList;
ExecuteSysClean;
ExecuteWizard('TSW', 3, 3, true);
ExecuteWizard('SCU', 3, 3, true);
BC_Activate;
CreateQurantineArchive('C:\quarantine.zip');
RebootWindows(true);
end.[/CODE]
After restart upload file C:\quarantine.zip, by link [url]http://virusinfo.info/upload_virus.php?tid=61658[/url]
3. Attach a new log to your new post.
Page generated in 0.00950 seconds with 10 queries