Trojan.Win32.AntiAV.

My computer just behaves bad:). Mouse is stoping to move sometimes, internet connection was blocked(skype works), sound disapears also etc.after many errors somehow i succseded to instal KIS2011 trial. Little by little i deleted some of the trojans and viruses, then i even was 'alowed' to update kaspersky database. During scan kaspersky cleaned my computer exept these files:
Trojan.Win32.AntiAV.erw ainxafm.bat
Backdoor.Win32.Zepfod.g
Kaspersky does see these files.They are 'Detected', but there is no way to get rid of them yet.
Mozzila and Google Chrome are working, but blocking entering kaspersky websites etc.

also there is question about process named KLWTBLFS.exe
i also atached avptool sysinfo.zip file

waiting for response.

Vygis

[QUOTE=vygis;668820]My computer just behaves bad:)[/QUOTE]I cannot say anything about computer, but it's owner behaves himself very bad and irresponsible: Windows version: Microsoft Windows XP, Build=2600, SP="Service Pack 2" is abslotely vulnerable and not supported anymore, also the installation of SP3 and all subsequent updates is indispensable.

Close/unload all the programs excepted AVZ and Internet Explorer

Switch off:
- Antivirus and and, if you have - Firewall.
- System Restore

- [URL="http://virusinfo.info/showthread.php?t=9207"]Execute following script[/URL] in Manual Healing
[CODE]
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
ClearQuarantine;
DelCLSID('{28ABC5C0-4FCB-11CF-AAX5-81CX1C635612}');
QuarantineFile('C:\autorun.inf','');
QuarantineFile('H:\autorun.inf','');
QuarantineFile('I:\autorun.inf','');
QuarantineFile('J:\autorun.inf','');
QuarantineFile('K:\autorun.inf','');
QuarantineFile('L:\autorun.inf','');
QuarantineFile('C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\isew32.exe','');
StopService('yyzirbwq');
DeleteService('yyzirbwq');
BC_DeleteSvc('yyzirbwq');
QuarantineFile('H:\WINDOWS\System32\Drivers\yyzirbwq.sys','');
StopService('kuofwpgw');
DeleteService('kuofwpgw');
BC_DeleteSvc('kuofwpgw');
QuarantineFile('H:\WINDOWS\System32\Drivers\kuofwpgw.sys','');
DeleteFile('H:\WINDOWS\System32\Drivers\kuofwpgw.sys');
DeleteFile('H:\WINDOWS\System32\Drivers\yyzirbwq.sys');
DeleteFile('C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\isew32.exe');
DeleteFile('C:\autorun.inf');
DeleteFile('H:\autorun.inf');
DeleteFile('I:\autorun.inf');
DeleteFile('J:\autorun.inf');
DeleteFile('K:\autorun.inf');
DeleteFile('L:\autorun.inf');
ExecuteWizard('TSW', 2, 2, true);
ExecuteWizard('SCU', 2, 2, true);
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
SetAVZPMStatus(True);
RebootWindows(true);
end.
[/CODE]
After reboot:
- [URL="http://virusinfo.info/showthread.php?t=9207"]Execute following script[/URL] in Manual Healing
[CODE]begin
CreateQurantineArchive('C:\quarantine.zip');
end.
[/CODE]
- Upload the C:\quarantine.zip here: [url]http://virusinfo.info/upload_virus_eng.php?tid=82929[/url]
- Install SP3 + all updates + Internet Explorer 8
- Repeat a log file.
- Attach a new log to your new post..