pls i need help dont know how to get rid of this kaspersky shows this in smss.exe and service.exe my sound suddenly closes evrey 5 minutes
Printable View
pls i need help dont know how to get rid of this kaspersky shows this in smss.exe and service.exe my sound suddenly closes evrey 5 minutes
in this file Procese din Memorie Infectate:
C:\System Volume Information\Microsoft\services.exe (Trojan.Agent) -> Failed to unload process.
C:\System Volume Information\Microsoft\smss.exe (Trojan.Agent) -> Failed to unload process.
pls some one heeeeeeeeellllllllllppppppppp meeeee :(:help::wall:
Close/unload all the programs excepted AVZ and Internet Explorer
Switch off:
- Antivirus and and, if you have - Firewall.
- System Restore
- [URL="http://virusinfo.info/showthread.php?t=9207"]Execute following script[/URL] in Manual Healing
[CODE]begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
QuarantineFile('alg.exe','');
StopService('MEMSWEEP2');
DeleteService('MEMSWEEP2');
QuarantineFile('C:\WINDOWS\system32\4D0.tmp','');
QuarantineFile('c:\system volume information\microsoft\smss.exe','');
QuarantineFile('c:\system volume information\microsoft\services.exe','');
TerminateProcessByName('c:\system volume information\microsoft\smss.exe');
TerminateProcessByName('c:\system volume information\microsoft\services.exe');
DeleteFile('c:\system volume information\microsoft\services.exe');
DeleteFile('c:\system volume information\microsoft\smss.exe');
DeleteFile('C:\WINDOWS\system32\4D0.tmp');
BC_DeleteSvc('MEMSWEEP2');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.
[/CODE]
After reboot:
- [URL="http://virusinfo.info/showthread.php?t=9207"]Execute following script[/URL] in Manual Healing
[CODE]begin
CreateQurantineArchive('C:\quarantine.zip');
end.
[/CODE]
- Upload the C:\quarantine.zip here: [url]http://virusinfo.info/upload_virus_eng.php?tid=82405[/url]
- Repeat a log file.
- Attach a new log to your new post..
I dont know if ive done exactli how you said becaus im not very good with computers:( and it look like viruses are still there
1. Download [url]http://www.esagelab.com/files/bootkit_remover.rar[/url]
2. Unzip it.
3. Double click on remover.exe.
4. Attach a screenshot of the Bootkit Remover report.
Bootkit Remover version 1.0.0.1
(c) 2009 eSage Lab
[url]www.esagelab.com[/url]
\\.\C: -> \\.\PhysicalDrive0
MD5: 305658c5e95259df8541c6683a71d729
\\.\D: -> \\.\PhysicalDrive0
Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Unknown boot code
Unknown boot code has been found on some of your physical disks.
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>
Press any key to quit... This is what it shows me after double click
1. Unzip this batch in a folder with remover.exe.
2. Click on [B]run_me.bat[/B] and reboot your computer.
3. Run remover.exe again and attach a new screenshot to your new post.
4. Make a new log of AVPTool.
thanks i think this is it it looks like is normal again :beer::clapping:Bootkit Remover version 1.0.0.1
(c) 2009 eSage Lab
[URL="http://www.esagelab.com"]www.esagelab.com[/URL]
\\.\C: -> \\.\PhysicalDrive0
MD5: 6def5ffcbcdbdb4082f1015625e597bd
\\.\D: -> \\.\PhysicalDrive0
Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)
Press any key to quit...
Pls tell me if is ok after you see this avptool
I could not find any malware in your log.
ok thank you are the best
Take advantage of our best service [URL]http://virusinfo.info/911test[/URL]
Kind regards,
Aleksa.
Статистика проведенного лечения:
[LIST][*]Получено карантинов: [B]1[/B][*]Обработано файлов: [B]11[/B][*]В ходе лечения вредоносные программы в карантинах не обнаружены[/LIST]