Security Tool, please help disinfect

Printable View

31.07.2010, 20:45
tommyklab

Security Tool, please help disinfect

Security Tool and possible other viruses, please help disinfect, i append log:
31.07.2010, 20:49
Rene-gad

Close/unload all the programs excepted Internet Explorer

Switch off:
- Antivirus and and, if you have - Firewall.
- System Restore

Start KVRT "AS ADMINITRATOR"

- [URL="http://virusinfo.info/showthread.php?t=9207"]Execute following script[/URL] in Manual Healing
[CODE]begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
QuarantineFile('C:\Users\xxx\AppData\LocalLow\BestEstimation\bestestimatiie.dll','');
QuarantineFile('C:\PROGRA~1\COMMON~1\owysu.ovu','');
QuarantineFile('c:\users\xxx\appdata\local\temp\pmkifd.dll','');
QuarantineFile('c:\users\xxx\appdata\local\933249.exe','');
TerminateProcessByName('c:\users\xxx\appdata\local\933249.exe');
DeleteFile('c:\users\xxx\appdata\local\933249.exe');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.
[/CODE]
After reboot:
- [URL="http://virusinfo.info/showthread.php?t=9207"]Execute following script[/URL] in Manual Healing
[CODE]begin
CreateQurantineArchive('C:\quarantine.zip');
end.
[/CODE]
- Upload the C:\quarantine.zip here: [url]http://virusinfo.info/upload_virus_eng.php?tid=84294[/url]
- Make a new log file of KVRT.
- Attach a new log to your new post..
31.07.2010, 21:19
tommyklab

Quarantine uploaded.

New log attach:
01.08.2010, 10:42
Rene-gad

Close/unload all the programs excepted Internet Explorer

Switch off:
- Antivirus and and, if you have - Firewall.
- System Restore

[COLOR="Red"][B]Start KVRT "AS ADMINITRATOR"[/B][/COLOR]

- [URL="http://virusinfo.info/showthread.php?t=9207"]Execute following script[/URL] in Manual Healing
[CODE]begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
DeleteFile('c:\users\xxx\appdata\local\temp\pmkifd.dll');
DeleteFile('C:\Users\xxx\AppData\LocalLow\BestEstimation\bestestimatiie.dll');
DeleteFileMask('C:\Users\xxx\AppData\LocalLow\BestEstimation\','*.*',true);
DeleteDirectory('C:\Users\xxx\AppData\LocalLow\BestEstimation\');
DeleteFile('C:\Users\xxx\AppData\Roaming\a7dc7394.exe');
DeleteFile('C:\windows\tasks\a7dc7394.job');
ExecuteWizard('TSW', 2, 2, true);
ExecuteWizard('SCU', 3, 3, true);
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.
[/CODE]
After reboot:
[COLOR="Red"][B]Start KVRT "AS ADMINITRATOR"[/B][/COLOR]
- Make a new log file of KVRT.
- Attach a new log to your new post..
02.08.2010, 10:42
CyberHelper

Итог лечения

Статистика проведенного лечения:
[LIST][*]Получено карантинов: [B]1[/B][*]Обработано файлов: [B]11[/B][*]В ходе лечения обнаружены вредоносные программы:
[LIST=1][*] c:\users\xxx\appdata\local\933249.exe - [B]Trojan.Win32.FakeAV.arj[/B] ( DrWEB: Trojan.Fakealert.18495, BitDefender: Trojan.Generic.KD.23557, AVAST4: Win32:FakeAlert-NQ [Trj] )[/LIST][/LIST]