Guys,
This is completely messing up my system.. Pls advise
Printable View
Guys,
This is completely messing up my system.. Pls advise
Pls. supply the log in NORMAL MODE.
wats the normal mode?? just post the script from the report ???
[QUOTE=maharaja;672021]wats the normal mode??[/QUOTE][QUOTE]System booted in [COLOR="Red"][B]Safe Mode[/B][/COLOR][/QUOTE]And schould be in NORMAL (STANDARD) MODE
sorry my friend im not getting it... i did this scan on safe mode and generated a report... How do you want me to go abt wat u want me to do... pls explain.. thnx
You haven't to boot IN SAFE MODE, but absolutely NORMAL = as usual, then start AVPTool and make a log.
hi, done as u said... hope it helps.. cheers
Close/unload all the programs excepted AVZ and Internet Explorer
Switch off:
- Antivirus and and, if you have - Firewall.
- System Restore
- [URL="http://virusinfo.info/showthread.php?t=9207"]Execute following script[/URL] in Manual Healing
[CODE]begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
TerminateProcessByName('c:\documents and settings\user\application data\windowsupdateb1a2.exe');
TerminateProcessByName('c:\documents and settings\user\application data\nvdisp.exe');
TerminateProcessByName('c:\documents and settings\user\application data\dx10bac\d-xdiag10bc.exe');
TerminateProcessByName('c:\documents and settings\user\application data\dx10bac\d-werwerwrw.exe');
RegKeyParamDel('HKEY_USERS','S-1-5-21-823518204-1390067357-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Run','windowsclient7');
RegKeyParamDel('HKEY_USERS','S-1-5-21-823518204-1390067357-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Run','NVIDIA');
RegKeyParamDel('HKEY_USERS','S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run','Windows Firewall');
RegKeyParamDel('HKEY_USERS','S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run','Microsoft SecureAssist');
RegKeyParamDel('HKEY_USERS','.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run','Windows Firewall');
RegKeyParamDel('HKEY_USERS','.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run','Microsoft SecureAssist');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','windowsclient7');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','NVIDIA');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','d-x10bc');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','d-werwe');
QuarantineFile('C:\WINDOWS\system32\system32\svchost.exe','');
QuarantineFile('C:\WINDOWS\system32\install\server.exe','');
QuarantineFile('C:\WINDOWS\install\Svchost.exe','');
QuarantineFile('C:\Documents and Settings\user\Application Data\winlogon.exe','');
QuarantineFile('C:\Documents and Settings\user\Application Data\windowsupdateb1a2.exe','');
QuarantineFile('c:\documents and settings\user\application data\windowsupdateb1a2.exe','');
QuarantineFile('C:\Documents and Settings\user\Application Data\System.Data.SQLite.dll','');
QuarantineFile('C:\Documents and Settings\user\Application Data\nvdisp.exe','');
QuarantineFile('c:\documents and settings\user\application data\nvdisp.exe','');
QuarantineFile('C:\Documents and Settings\user\Application Data\galaxy.exe','');
QuarantineFile('c:\documents and settings\user\application data\dx10bac\d-xdiag10bc.exe','');
QuarantineFile('c:\documents and settings\user\application data\dx10bac\d-werwerwrw.exe','');
DeleteFile('C:\WINDOWS\system32\system32\svchost.exe');
DeleteFile('C:\WINDOWS\system32\install\server.exe');
DeleteFile('C:\WINDOWS\install\Svchost.exe');
DeleteFile('C:\Documents and Settings\user\Application Data\winlogon.exe');
DeleteFile('c:\documents and settings\user\application data\windowsupdateb1a2.exe');
DeleteFile('C:\Documents and Settings\user\Application Data\windowsupdateb1a2.exe');
DeleteFile('C:\Documents and Settings\user\Application Data\System.Data.SQLite.dll');
DeleteFile('c:\documents and settings\user\application data\nvdisp.exe');
DeleteFile('C:\Documents and Settings\user\Application Data\nvdisp.exe');
DeleteFile('C:\Documents and Settings\user\Application Data\galaxy.exe');
DeleteFile('c:\documents and settings\user\application data\dx10bac\d-xdiag10bc.exe');
DeleteFile('c:\documents and settings\user\application data\dx10bac\d-werwerwrw.exe');
DelCLSID('{T46R5W7L-2GVA-PPE7-SV56-43SLLPO7J7X0}');
DelCLSID('{4RS2H7BF-V8M5-H54K-56RL-C35S4Q0TW421}');
DelCLSID('{3O50H026-26A6-3786-KHDY-63V0X001E7Y4}');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.
[/CODE]
After reboot:
- [URL="http://virusinfo.info/showthread.php?t=9207"]Execute following script[/URL] in Manual Healing
[CODE]begin
CreateQurantineArchive('C:\quarantine.zip');
end.
[/CODE]
- Upload the C:\quarantine.zip here: [url]http://virusinfo.info/upload_virus_eng.php?tid=83132[/url]
- Make a new log file.
- Attach a new log to your new post..
HI DONE AS U SAID N UPLOADED FILE... HERES THE NEW LOG TOO..
Upload result
File saved as 100719_103916_Quarantine_4c43f314772da.zip
File size 1290527
MD5 38cd4bdc32a543d1291f9fc75ee2deed
File uploaded, thank you!
The log file contains nothing suspicious, is your problem solved?
Статистика проведенного лечения:
[LIST][*]Получено карантинов: [B]1[/B][*]Обработано файлов: [B]31[/B][*]В ходе лечения вредоносные программы в карантинах не обнаружены[/LIST]