Downloader.bf and onlinegames
Hello
i am getting a big trouble with a virus called DOWNLOADER, it change the date of my PC to 2002 and disable my kaspersky antivirus and create some files in my hard disk ,here is the description of the virus http://www.threatexpert.com/report.a...5-ecb0b5baff08
i tried many tools to remove this virus but with no success,i even tried the Kaspersky Lab remover tools, and with no success too .
i attached the 03 files of the analyzes of my system and hope to get an answer very soon.
thank you
Последний раз редактировалось yotta; 01.06.2008 в 14:14.
Fix the following line in HijackThis:
Execute the following script in AVZ:Код:F2 - REG:system.ini: Shell=Explorer.exe taskmger.com
Upload all quarantined files according to Appendix #3 of Rules using the red link above.Код:begin ClearQuarantine; SearchRootkit(true, true); SetAVZGuardStatus(True); QuarantineFile('C:\explorer.exe',''); QuarantineFile('C:\autorun.inf',''); QuarantineFile('C:\WINDOWS\system32\wuauc1t.exe',''); QuarantineFile('C:\WINDOWS\system32\wbsys.dll',''); QuarantineFile('C:\WINDOWS\system32\H@tKeysH@@k.DLL',''); QuarantineFile('taskmger.com',''); QuarantineFile('C:\WINDOWS\system32\drivers\svchast.exe',''); QuarantineFile('C:\WINDOWS\system32\iexplorer.exe',''); DeleteFile('C:\WINDOWS\system32\iexplorer.exe'); DeleteFile('C:\WINDOWS\system32\drivers\svchast.exe'); DeleteFile('C:\WINDOWS\system32\H@tKeysH@@k.DLL'); DeleteFile('C:\autorun.inf'); DeleteFile('C:\explorer.exe'); DeleteFile('D:\autorun.inf'); DeleteFile('D:\explorer.exe'); BC_ImportALL; ExecuteSysClean; BC_Activate; RebootWindows(true); end.
I am not young enough to know everything...
Pls. fix.
Run a scriptКод:O4 - HKLM\..\Run: [IEXPLORER] C:\WINDOWS\system32\iexplorer.exe O4 - HKCU\..\Run: [svcshare] C:\WINDOWS\system32\drivers\svchast.exe
Upload the quarantine and make the new logs.Код:begin SearchRootkit(true, true); SetAVZGuardStatus(True); QuarantineFile('D:\explorer.exe',''); QuarantineFile('D:\autorun.inf',''); QuarantineFile('C:\explorer.exe',''); QuarantineFile('C:\WINDOWS\system32\wuauc1t.exe',''); QuarantineFile('C:\autorun.inf',''); QuarantineFile('C:\Documents and Settings\sgc\Bureau\AGLIALFATRON\TRAVAIL\annulation 2007\DBASE.COM',''); QuarantineFile('Explorer.exe taskmger.com',''); QuarantineFile('C:\WINDOWS\system32\drivers\svchast.exe',''); QuarantineFile('C:\WINDOWS\system32\iexplorer.exe',''); TerminateProcessByName('c:\windows\system32\iexplorer.exe'); QuarantineFile('c:\windows\system32\iexplorer.exe',''); DeleteFile('c:\windows\system32\iexplorer.exe'); DeleteFile('C:\WINDOWS\system32\iexplorer.exe'); DeleteFile('C:\WINDOWS\system32\drivers\svchast.exe'); DeleteFile('Explorer.exe taskmger.com'); DeleteFile('C:\autorun.inf'); DeleteFile('C:\WINDOWS\system32\wuauc1t.exe'); DeleteFile('C:\explorer.exe'); DeleteFile('D:\autorun.inf'); DeleteFile('D:\explorer.exe'); BC_ImportDeletedList; ExecuteSysClean; BC_Activate; RebootWindows(true); end.
EDIT: My script ist larger
please can you tell me how to fix those lines ?
thank you
http://virusinfo.info/showthread.php?t=9206Сообщение от yotta
04 is for which service ?Код:O4 - HKLM\..\Run: [IEXPLORER] C:\WINDOWS\system32\iexplorer.exe O4 - HKCU\..\Run: [svcshare] C:\WINDOWS\system32\drivers\svchast.exe
Do it, pls. You have a full box of malware. Here is each second important. All the questions we could reply later.
hope that will help.
thank you
Последний раз редактировалось yotta; 01.06.2008 в 14:14.
when i executed your script all application stopped working,is that normal ?
Try to run AVZ by right-click and selecting "Run As...".
If it works, execute the following script:
Код:begin ExecuteRepair(1); ExecuteRepair(6); ExecuteRepair(9); RebootWindows(true); end.
I am not young enough to know everything...
probleme solved ...
thank you very much
The job is not completed.
Please, upload your quarantine and make new set of logfiles.
I am not young enough to know everything...
Ваши права в разделе
Ответить с цитированием