-
Yep,there is a problem, because he can see that ESQULserv tracks are still in your system.
Lets try in this way:
Please download special avz archive from my signature. Unpack files to new folder.Disconnect from internet , disable your kaspersky and then launch special avz by clicking on Run.cmd file, execute this script in special avz:
[code]
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
QuarantineFile('C:\Program Files\SIFXINST\SIFXINST.EXE','');
QuarantineFile('C:\WINDOWS\system32\drivers\symlcbrd.sys','');
QuarantineFile('C:\WINDOWS\system32\drivers\ESQULserv.sys','');
QuarantineFile('C:\WINDOWS\system32\drivers\wdmaud.sys','');
DeleteFile('C:\WINDOWS\system32\drivers\symlcbrd.sys');
DeleteFile('C:\WINDOWS\system32\drivers\ESQULserv.sys');
BC_ImportAll;
ExecuteSysClean;
BC_DeleteSvc('ESQULserv');
BC_DeleteSvc('symlcbrd');
BC_Activate;
ExecuteRepair(6);
ExecuteRepair(8);
ExecuteRepair(9);
RebootWindows(true);
end.
[/code]
Upload quarantine according to rules(see
Appendix 3. How to send us requested files.)
Please make after reboot a new virusinfo_syscure.zip using this special avz, also i would like to see a log from the gmer.
[url]http://www.gmer.net/[/url] Do attach both to your next post.
-
I'm not seeing them still there. Am I missing them somewhere and just can't see them? I'll run the processes as soon as I get back in about an hour.
-
Вложений: 4
I may have inadvertently attached old files previously. I have performed the script requested just in case and have uploaded the new logs. Will post results of GMER scan when it completes.
GMER log attached.
-
Copy follow code into a new file
[CODE]gmer.exe -del service ESQULserv
gmer.exe -del reg " HKLM\SYSTEM\CurrentControlSet\Services\ESQULserv"
gmer.exe -del reg " HKLM\SYSTEM\CurrentControlSet001\Services\ESQULserv"
gmer.exe -del reg " HKLM\SYSTEM\CurrentControlSet002\Services\ESQULserv"
gmer.exe -del reg " HKLM\SYSTEM\CurrentControlSet003\Services\ESQULserv"
gmer.exe -del reg " HKLM\SYSTEM\CurrentControlSet004\Services\ESQULserv"
gmer.exe -del reg " HKLM\SYSTEM\CurrentControlSet005\Services\ESQULserv"
gmer.exe -del file "%systemroot%\system32\drivers\ESQULnjcwmkqlvuquwfkutvqhpmnnabrxuscc.sys"
gmer.exe -del file "%systemroot%\system32\ESQULrdajbvevobhxhyavykbgcrqenhhhifwi.dll"
gmer.exe -del file "%systemroot%\system32\ESQULxyiocviqvabanebapxrdngduogdangsm.dll"
gmer.exe -reboot[/CODE]
and save it in the same directory with gmer.exe with the name 123.bat
Start this file with double-click.
After reboot repeat gmer- logfile.
-
Am I copying this into AVZ?
-
[QUOTE=Rene-gad;437395]Copy follow code [SIZE="6"]into a new file[/SIZE]
[/QUOTE] 8)
-
Вложений: 1
-
Nothing suspicious. How does your PC doing?
Make the standard logs, pls.
-
Вложений: 3
Everything seems to be running great. Thanks!
New logs uploaded.
-
Do it once more:
- Start/Run..., copy & paste follow string:
[CODE]edit %systemroot%\system32\drivers\etc\hosts[/CODE]
press Enter, remove in the file all strings after 127.0.0.1 localhost.
File/Close/Safe changings ... [CENTER][COLOR="Red"]DON'T CLOSE THE WINDOW WITH A RED CROSS!!![/COLOR][/CENTER]
Don't use NOTHING excepted Antivirus and if you want - Firewall.
Update your version of Kaspersky.
-
Page generated in 0.00663 seconds with 10 queries