Unremovable trojan!!

**maharaja** · 15.07.2010, 10:58

Guys,

This is completely messing up my system.. Pls advise

**Rene-gad** · 15.07.2010, 11:38

Pls. supply the log in NORMAL MODE.

**maharaja** · 18.07.2010, 13:09

wats the normal mode?? just post the script from the report ???

**Rene-gad** · 18.07.2010, 13:47

Сообщение от maharaja

wats the normal mode??

System booted in Safe Mode

And schould be in NORMAL (STANDARD) MODE

**maharaja** · 18.07.2010, 14:57

sorry my friend im not getting it... i did this scan on safe mode and generated a report... How do you want me to go abt wat u want me to do... pls explain.. thnx

**Rene-gad** · 18.07.2010, 17:05

You haven't to boot IN SAFE MODE, but absolutely NORMAL = as usual, then start AVPTool and make a log.

**maharaja** · 18.07.2010, 21:04

hi, done as u said... hope it helps.. cheers

**Rene-gad** · 18.07.2010, 21:17

Close/unload all the programs excepted AVZ and Internet Explorer

Switch off:
- Antivirus and and, if you have - Firewall.
- System Restore

- Execute following script in Manual Healing

Код:

begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
 TerminateProcessByName('c:\documents and settings\user\application data\windowsupdateb1a2.exe');
 TerminateProcessByName('c:\documents and settings\user\application data\nvdisp.exe');
 TerminateProcessByName('c:\documents and settings\user\application data\dx10bac\d-xdiag10bc.exe');
 TerminateProcessByName('c:\documents and settings\user\application data\dx10bac\d-werwerwrw.exe');
 RegKeyParamDel('HKEY_USERS','S-1-5-21-823518204-1390067357-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Run','windowsclient7');
 RegKeyParamDel('HKEY_USERS','S-1-5-21-823518204-1390067357-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Run','NVIDIA');
 RegKeyParamDel('HKEY_USERS','S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run','Windows Firewall');
 RegKeyParamDel('HKEY_USERS','S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run','Microsoft SecureAssist');
 RegKeyParamDel('HKEY_USERS','.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run','Windows Firewall');
 RegKeyParamDel('HKEY_USERS','.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run','Microsoft SecureAssist');
 RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','windowsclient7');
 RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','NVIDIA');
 RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','d-x10bc');
 RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','d-werwe');
 QuarantineFile('C:\WINDOWS\system32\system32\svchost.exe','');
 QuarantineFile('C:\WINDOWS\system32\install\server.exe','');
 QuarantineFile('C:\WINDOWS\install\Svchost.exe','');
 QuarantineFile('C:\Documents and Settings\user\Application Data\winlogon.exe','');
 QuarantineFile('C:\Documents and Settings\user\Application Data\windowsupdateb1a2.exe','');
 QuarantineFile('c:\documents and settings\user\application data\windowsupdateb1a2.exe','');
 QuarantineFile('C:\Documents and Settings\user\Application Data\System.Data.SQLite.dll','');
 QuarantineFile('C:\Documents and Settings\user\Application Data\nvdisp.exe','');
 QuarantineFile('c:\documents and settings\user\application data\nvdisp.exe','');
 QuarantineFile('C:\Documents and Settings\user\Application Data\galaxy.exe','');
 QuarantineFile('c:\documents and settings\user\application data\dx10bac\d-xdiag10bc.exe','');
 QuarantineFile('c:\documents and settings\user\application data\dx10bac\d-werwerwrw.exe','');
 DeleteFile('C:\WINDOWS\system32\system32\svchost.exe');
 DeleteFile('C:\WINDOWS\system32\install\server.exe');
 DeleteFile('C:\WINDOWS\install\Svchost.exe');
 DeleteFile('C:\Documents and Settings\user\Application Data\winlogon.exe');
 DeleteFile('c:\documents and settings\user\application data\windowsupdateb1a2.exe');
 DeleteFile('C:\Documents and Settings\user\Application Data\windowsupdateb1a2.exe');
 DeleteFile('C:\Documents and Settings\user\Application Data\System.Data.SQLite.dll');
 DeleteFile('c:\documents and settings\user\application data\nvdisp.exe');
 DeleteFile('C:\Documents and Settings\user\Application Data\nvdisp.exe');
 DeleteFile('C:\Documents and Settings\user\Application Data\galaxy.exe');
 DeleteFile('c:\documents and settings\user\application data\dx10bac\d-xdiag10bc.exe');
 DeleteFile('c:\documents and settings\user\application data\dx10bac\d-werwerwrw.exe');
 DelCLSID('{T46R5W7L-2GVA-PPE7-SV56-43SLLPO7J7X0}');
 DelCLSID('{4RS2H7BF-V8M5-H54K-56RL-C35S4Q0TW421}');
 DelCLSID('{3O50H026-26A6-3786-KHDY-63V0X001E7Y4}');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.

After reboot:
- Execute following script in Manual Healing

Код:

begin
CreateQurantineArchive('C:\quarantine.zip');    
end.

- Upload the C:\quarantine.zip here: http://virusinfo.info/upload_virus_eng.php?tid=83132
- Make a new log file.
- Attach a new log to your new post..

**maharaja** · 19.07.2010, 10:49

HI DONE AS U SAID N UPLOADED FILE... HERES THE NEW LOG TOO..

**maharaja** · 19.07.2010, 10:52

Upload result
File saved as 100719_103916_Quarantine_4c43f314772da.zip
File size 1290527
MD5 38cd4bdc32a543d1291f9fc75ee2deed
File uploaded, thank you!

**Rene-gad** · 19.07.2010, 11:21

The log file contains nothing suspicious, is your problem solved?

**CyberHelper** · 20.07.2010, 11:21

Статистика проведенного лечения:

Получено карантинов: 1
Обработано файлов: 31
В ходе лечения вредоносные программы в карантинах не обнаружены

Unremovable trojan!!

Опции темы

Unremovable trojan!!

Итог лечения

Похожие темы

Multiple Trojans, some unremovable

MY PC IS INFECTED WITH UNREMOVABLE VIRUSES

unremovable virus

unremovable viruses and unrepairable errors

Trojan.Spambot.2559, Trojan.Inject.544, Trojan.Proxy.2373, Trojan.MulDrop.9764 и др.

Ваши права в разделе