Hello here is the log from my computer (see atach)..i hope you can give me more information about whats wrong
gr metino
Printable View
Hello here is the log from my computer (see atach)..i hope you can give me more information about whats wrong
gr metino
Some files looks suspicious to me. Please execute the following script, it will just make a copy of them to avptool folder
[code]begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
QuarantineFile('C:\Windows\system32\drivers\regi.sys','');
QuarantineFile('C:\Windows\system32\jlozvsbouz.dll','');
BC_ImportAll;
BC_Activate;
RebootWindows(true);
end.[/code]
Your system will reboot.
Please zip the quarantine (it should be in sub-folder of your avptool )and make sure to protect it with password [B]virus[/B]
- Upload the quarantine over the link [url]http://virusinfo.info/upload_virus_eng.php?tid=37480[/url]
Let us know, when you will done.
first of all thnx for quick response..sorry but i do not understand what you mean...i don't know what to do with your description...can you specify it and tell me simpler how to do things???
gr metino
[size="1"][color="#666686"][B][I]Добавлено через 2 минуты[/I][/B][/color][/size]
and i dont have the avptool folder anymore it is gone???do i have to download it again..and send you the file???please let me know...
[size="1"][color="#666686"][B][I]Добавлено через 31 минуту[/I][/B][/color][/size]
hello i executed the file...the system restarted but i dont know how to do the rest...
there is nothing in my quarantine and there are two different quarantines...afz...and normal...how can i zip the quarantine????
tnxx
[size="1"][color="#666686"][B][I]Добавлено через 13 минут[/I][/B][/color][/size]
Please zip the quarantine (it should be in sub-folder of your avptool )and make sure to protect it with password virus
- Upload the quarantine over the link [url]http://virusinfo.info/upload_virus_eng.php?tid=37480[/url]
Let us know, when you will done.
this does not work on me...i dont know what you mean with zip the quarantine and make sure to protect the virus???
tnx gr metino
g
Ok,forget it. There is another option:
Please download special avz in my signature(it is a single file),create a new folder, for example on desktop.Put this avz inside it.
Disable internet and antivirus.
execute this script in avz: (how-to: [url]http://virusinfo.info/showthread.php?t=9207[/url])
avz will put password on archive instead of you :) Please read appendix 3 of our rules:
[url]http://virusinfo.info/showthread.php?t=9184[/url]in order to send us.
Tnx again...i downloaded avz special trough rapidshare..and thats were i dont know what to do from...where is the script???there is no script anywhere and in custom script there is no execute button...
is this the script???The code changes depending on the concrete case ;) if i put it in custom scripts...it says..error..begin expected in 1:1
am i doing wrong or is this not working either???
gr metino
[size="1"][color="#666686"][B][I]Добавлено через 6 минут[/I][/B][/color][/size]
Executing script in AVZ
--------------------------------------------------------------------------------
1. Select all text in the Code frame with your cursor, right-click it and choose Copy.
Code:
The code changes depending on the concrete case ;)2. Run AVZ, go to File - Custom scripts. In the text field of the opened window right-click and choose Paste.
3. Click the Execute script button.
__________________
Nick Golovko
AVZ English UI Developer
Anti-Virus & General Security Advisor
what sould i copy and paste???
[size="1"][color="#666686"][B][I]Добавлено через 45 секунд[/I][/B][/color][/size]
i did a scan and have the log??but i really do not understand your descriptions??
gr metino
[size="1"][color="#666686"][B][I]Добавлено через 25 минут[/I][/B][/color][/size]
i am clueless. i think i am going to reboot windows...from its factory...
i did gave you a script in post #2 :lol:
here again:
[code]begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
QuarantineFile('C:\Windows\system32\drivers\regi.sys','');
QuarantineFile('C:\Windows\system32\jlozvsbouz.dll','');
BC_ImportAll;
BC_Activate;
RebootWindows(true);
end.[/code]
okk but how do i do de rest???i dont know what you mean
[size="1"][color="#666686"][B][I]Добавлено через 31 секунду[/I][/B][/color][/size]
with password and what should i send you:S
[quote=metin;335164]okk but how do i do de rest???i dont know what you mean
[SIZE=1][COLOR=#666686][B][I]Добавлено через 31 секунду[/I][/B][/COLOR][/SIZE]
with password and what should i send you:S[/quote]
forget about password, avz will make it automatically.:santa:
read appendix 3 in our rules, again ;)
the apendix is only for windows me and xp...i have vista...so it will again not work///
[size="1"][color="#666686"][B][I]Добавлено через 2 минуты[/I][/B][/color][/size]
i cannot turn of system restore...i dont know why it must be such complicated to heal a pc...but were getting there i hope:S
Meantime just send us :)
In vista just remember to lunch any investigation tool like this: Lunch it with right click on mouse, choose Run As administrator, insert your administrator password)
Execute this script:
[code]begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
QuarantineFile('C:\Windows\system32\drivers\regi.sys','');
QuarantineFile('C:\Windows\system32\jlozvsbouz.dll','');
BC_ImportAll;
BC_Activate;
RebootWindows(true);
end.[/code]
After reboot:
[quote]1. Start AVZ, choose from the menu "File"-> "Quarantine folder viewer ".
2. Mark files in the list which should be sent.
3. Click "Archive” and specify a place on the disk where the archive should be kept.
4. Upload the archive using the upload link (Upload quarantined files) -> [url]http://virusinfo.info/upload_virus_eng.php?tid=37480[/url][/quote]
hi...now this worked...i uploaded the files...to you
Upload result
File saved as 090117_105329_virus_49718e79caa95.zip
File size 109828
MD5 9ae07c0dc1a2e1fd8a291772859ae0ab
File uploaded, thank you!
tnxx..should i wait for your next description now???
gr metinoi
no, you did uploaded other files...try to send us only these files:
[B] C:\Windows\system32\drivers\regi.sys
C:\Windows\system32\jlozvsbouz.dll[/B]
[quote] 1. Click "File" - "Add to quarantine by list ".
2. Enter the list of files which were asked to send.
3. Press "Start" and wait until "File addition process – complete” notification appears at the bottom of the window.
4. Close current window “Add to quarantine by list ".
5. Choose from the menu "File"-> “Quarantine folder viewer ".
6. Mark files in the list which should be sent.
7. Click "Archive" and specify a place on the disk where the archive should be kept.
8. Upload the archive using the upload by [url]http://virusinfo.info/upload_virus_eng.php?tid=37480[/url][/quote]
okk i send the folder...but i could not find C:\Windows\system32\drivers\regi.sys
the other ine i did find...in stead i put the two other that ends with driver/regi/sys
Upload result
File saved as 090117_235343_virus2_497245573c256.zip
File size 608
MD5 46d7d2698c2bc833f96ba0a720a96118
File uploaded, thank you!
Well, they are not there :) Perhaps, you did send a different archive. Never mind.
Please, make full set of logs according to our rules.Use an avz special edition from my signature.
hello...here is a log that i did 1 minute ago
i also uploaded to your archive
gr metino
read again, how to attach logs: [url]http://virusinfo.info/faq.php?faq=vb3_reading_posting#faq_vb3_attachments[/url]
here is the log:rolleyes:
no :lol: read again how create a logs [url]http://virusinfo.info/showthread.php?t=9184[/url] :)
your latest upload:
C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
C:\Windows\system32\btmmhook.dll
Please explain, why did you send these files? I didn't asked you to do it. They are clean :)
i read how to create logs and did exactly what they asked...i did a system check up by avztool and zipped the quarantine folder...these files were in my quarintine folder...so what do i have to do???i dont know if this will help..me everytime there is something else thats wont work???
i did excaclty as the steps and here are the logs...
gr metino
let me know if this is enough..
virusinfo_cure.zip- it is forbidden to attach in themes. So, my conclusion is that you didn't read or you didn't understand simple english.
lets try from beginning :)
is my english bad...whats is saying here???
create a new thread in the "Help Me" section only. The header should contain a brief description of the problem and the body should provide the details. Attach the logfiles created during the system analysis [B](AVZ - virusinfo_syscure.zip, AVZ - virusinfo_syscheck.zip, HJT - hijackthis.log)[/B] to the message. There should be 3 logs in general. We will do our best to help you.
i am not crazy
do you notice some difference between virusinfo_syscure.zip and virusinfo_cure.zip ?
ofcourse..but whats the difference???it says no where...i think i overread it..and thats normal because it is a minor thing and i dont know anything about it...so wich file should i send the other one ist there
[size="1"][color="#666686"][B][I]Добавлено через 5 минут[/I][/B][/color][/size]
i also sent you the syscure zip...??
[size="1"][color="#666686"][B][I]Добавлено через 2 минуты[/I][/B][/color][/size]
so what to do next...???
What is the difference between a virus and human ? Both are have self-replication mechanism, right ?
You may not answer, just think about it.
for us "difference between virusinfo_syscure.zip and virusinfo_cure.zip "- is like a difference between a virus and human :)
I will wright you a new script. Just follow exactly, ok?
o know whats the difference...i just overread it....and i also sent the otherone so you did not have to check that one...so what s the problem...??
ok sent me a new script
Disconnect from internet, disable AVG (basically, in any antivirus settings you can find an options to disable a real-time protection, i don't remember yours version in details), disable Windows Defender ( How-to:
[url]http://www.vista4beginners.com/How-to-disable-Windows-Defender[/url] )
Then right click with mouse on avz, choose "Run as Administrator", insert your password for approval( i don't know your system administrator password, and i don't want to know) and click OK.
Execute this script in avz: (how-to: [url]http://virusinfo.info/showthread.php?t=9207[/url] )
[code]begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
ClearQuarantine;
QuarantineFile('C:\Windows\system32\drivers\regi.sys','');
QuarantineFile('C:\PROGRA~1\GOOGLE~1\BAE.dll','');
QuarantineFile('C:\Windows\system32\jlozvsbouz.dll','');
QuarantineFile('C:\Windows\System32\CDDBUISony32.dll','');
QuarantineFile('C:\Windows\system32\DRIVERS\nwlnkfwd.sys','');
QuarantineFile('C:\Windows\system32\Drivers\HDJAsioK.sys','');
QuarantineFile('C:\Windows\system32\DRIVERS\EC168BDA.sys','');
QuarantineFile('C:\Windows\system32\Drivers\HDJBulk.sys','');
BC_ImportAll;
BC_Activate;
CreateQurantineArchive('C:\virusinfo_quarantine.zip');
RebootWindows(true);
end.[/code]
computer will reboot.
File [B]virusinfo_quarantine.zip[/B] will be created in disk C, upload it using this link [url]http://virusinfo.info/upload_virus_eng.php?tid=37480[/url]
P.S. No password, nothing else. Just do it like i did described. Is there something, that you didn't understand?
hello i cannot disable defender...the decription goes to advanced options and i dont have the same screen when i open tools???
[size="1"][color="#666686"][B][I]Добавлено через 3 минуты[/I][/B][/color][/size]
i did it another way forget about it
[size="1"][color="#666686"][B][I]Добавлено через 14 минут[/I][/B][/color][/size]
hello..everything done but cannot find the virusinfo_quarantine.zip....anywhere on my computerr....???real strange i think i am getting crazy
or is this the right one???
[B]metin[/B],
please go to [B]START[/B] -> [B]My Computer[/B] -> [B]Local Disk (C:)[/B],
look for file called [B]virusinfo_quarantine.zip[/B] or [B]virusinfo_quarantine[/B],
upload it using this link [url]http://virusinfo.info/upload_virus_eng.php?tid=37480[/url].
Thank You!!!
i did look there it is not there....
Strange.
In your post #30 was something close :)
Don't attach it again, upload it using [url]http://virusinfo.info/upload_virus_eng.php?tid=37480[/url]
Thanks.
you think i dont know where to look on local disk??? very irritating post
[size="1"][color="#666686"][B][I]Добавлено через 2 минуты[/I][/B][/color][/size]
i just took al steps...and there is no log called. virusinfo_quarantine.zip or virusinfo_quarantine i searched on the computer under search button too...
In your post #30 what it was?
what do you mean...i could not find that virusinfo_quarantine.zip or virusinfo_quarantine...
and a now know that the folder wasnt the right one...but there is nothing like virusinfo_quarantine.zip or virusinfo_quarantine in my C drive local disk...
I am repeat: file that you did attached in post # 30- do you remember where it is now ? upload it by [url]http://virusinfo.info/upload_virus_eng.php?tid=37480[/url]
name was different, for some reason, i don't know why.
and another thing i attached more than 1 file....i dont know wich on you mean...but i uploaded one...hope that this one is the right one
[size="1"][color="#666686"][B][I]Добавлено через 37 минут[/I][/B][/color][/size]
the admin sent me a mail but i already tried that...i havent got that files...everything is going wrong...i think i must reboot my computer
[size="1"][color="#666686"][B][I]Добавлено через 14 минут[/I][/B][/color][/size]
[B]this is what you asked me to do>>>>>>[/B]
here's the list of files you're asked to send -
---Quote (Originally by drongo)---
no, you did uploaded other files...try to send us only these files:
* C:\Windows\system32\drivers\regi.sys
C:\Windows\system32\jlozvsbouz.dll*
---End Quote---
and the directions -
---Quote---
1. Click "File" - "Add to quarantine by list ".
2. Enter the list of files which were asked to send.
3. Press "Start" and wait until "File addition process – complete” notification appears at the bottom of the window.
4. Close current window “Add to quarantine by list ".
5. Choose from the menu "File"-> “Quarantine folder viewer ".
6. Mark files in the list which should be sent.
7. Click "Archive" and specify a place on the disk where the archive should be kept.
8. Upload the archive using the upload by [url]http://virusinfo.info/upload_virus_eng.php?tid=37480[/url]
---End Quote---
I did this but there is no file like C:\Windows\system32\drivers\regi.sys the other file is there and i did archive it see uploaded files...
these are the files in the folder viewer:
- C:\Windows\system32\jlozvsbouz.dll
- C:\ PROGRA~1\GOOGLE~1\BAE.dll
- C:\Windows\system32\DriversC:\HDJAsioK.sys
- C:\Windows\system32\DriversC:\HDJBulk.sys
gr metino///
Ok, thanks. Now you know how to upload to us,so curing will go faster :)
Please wait. We would like to be sure, we are waiting an answer from virus annalist.
P.s. it is possible that in your system one script command not working, i will contact with author.
okk..tnx but i didnt upload the second file you needed???
[I]I did this but there is no file like C:\Windows\system32\drivers\regi.sys [/I]
is everything correct now???