Kaspersky can not clean this virus, thanks.
Kaspersky can not clean this virus, thanks.
Switch off/Disable:
- Antivirus and and, if you have - Firewall.
- System Restore
- Execute following script in Manual Cure
After reboot execute following script in Manual CureКод:begin SearchRootkit(true, true); SetAVZGuardStatus(True); StopService('Nxh33'); TerminateProcessByName('c:\windows\system32\w6drto1m.exe'); QuarantineFile('C:\WINDOWS\system32\w6drto1m.exe',''); QuarantineFile('C:\WINDOWS\system32\drivers\12847810.sys',''); QuarantineFile('C:\WINDOWS\system32\Drivers\ibpcimpm.sys',''); QuarantineFile('C:\WINDOWS\System32\drivers\Nxh33.sys',''); QuarantineFile('C:\Documents and Settings\All Users\Start Menu\Programs\Startup\malware.exe.old',''); QuarantineFile('C:\WINDOWS\system32\sadsldp.dll',''); DeleteFile('C:\WINDOWS\system32\sadsldp.dll'); DeleteFile('C:\WINDOWS\System32\drivers\Nxh33.sys'); DeleteFile('C:\WINDOWS\system32\w6drto1m.exe'); DelBHO('{8603E7E7-F89D-45F5-BAE5-9792F53E9219}'); DeleteService('Nxh33'); BC_ImportAll; ExecuteSysClean; ExecuteRepair(6); ExecuteRepair(9); BC_DeleteSvc('Nxh33'); SetAVZPMStatus(True); BC_Activate; RebootWindows(true); end.
Код:begin CreateQurantineArchive('C:\quarantine.zip'); end.
- Clean Temp-Maps, Cache of Browsers, Recycler. Use Windows service tool cleanmgr or CCleaner or ClearProg
- Close all the programs and start only Internet Explorer!!!
- Repeat a log file.
- Switch Antivirus and, if you have - Firewall, on.
- Go On-Line
- Upload the quarantine.zip over the link Upload quarantined files on the top of this page.
- Attach a log to your new post..
Thank you for your help. I try all you sent me but i think it was not sucesfully. Thanks.
- Execute following script in Manual Cure
- Upload the C:\quarantine1.zip over the link Upload quarantined files on the top of this page.Код:begin ClearQuarantine; QuarantineFile('C:\WINDOWS\SYSTEM32\DRIVERS\VICHW11.SYS',''); CreateQurantineArchive('C:\quarantine1.zip'); end.
Dear Rene,
I had kill all process and modules with letters *mtk0 (like utuzmtk0) with the MegaLab.it_G_m_E_r.exe and discover that it had created by the Virus Removal Tool. Every time I run the Kaspersky (setup_7.0.0.290_24.05.2009_05-14.exe) the CA AV finds the Win32/Bagle.FN infection. May be it is infected or is not ok?
What do you think? Thanks.
Where had I written about killing of something? You killed an AVZ driver!!! I'm not sure we can help you.Сообщение от adra
You have the last chance: download special avz over the link in my signature and make the logs accordant to our rules: http://virusinfo.info/showthread.php?t=9184
Ваши права в разделе
Ответить с цитированием