MY COMPUTER IS INFECTED [Trojan-Spy.Win32.Zbot.ayqt, Trojan.Win32.Starter.lgb ]

**akram fattoum** · 15.03.2013, 15:36

SCRIPT NOT RUN COORECTLY IN http://virusinfo.info/newreply.php?d...reply&t=134591

Надоело быть жертвой? Стань профи по информационной безопасности, получай самую свежую информацию об угрозах и средствах защиты от ведущего российского аналитического центра Anti-Malware.ru:

**Techno** · 15.03.2013, 15:55

- Пофиксите в HijackThis:

Код:

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,,C:\Program Files\PZKRMogvnл’?lypfqlcm.exe\lypfqlcm.exe
O4 - Startup: lypfqlcm.exe

- Выполните в АВЗ:

Код:

begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
 ClearQuarantine;
 TerminateProcessByName('c:\program files\newdotnet\nnrun.exe');
 SetServiceStart('NNServ', 4);
 StopService('NNServ');
 QuarantineFile('c:\windows\system32\svchost.exe','');
 QuarantineFile('C:\Program Files\NewDotNet\nncore.dll','');
 QuarantineFile('c:\program files\newdotnet\nnrun.exe','');
 DeleteFile('c:\program files\newdotnet\nnrun.exe');
 DeleteFile('C:\Program Files\NewDotNet\nncore.dll');
 DeleteService('NNServ');
 DeleteFileMask('C:\Program Files\NewDotNet','*',true);
 DeleteDirectory('C:\Program Files\NewDotNet');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.

Компьютер перезагрузится

После перезагрузки:
- Выполните в АВЗ:

Код:

begin
 CreateQurantineArchive(GetAVZDirectory+'quarantine.zip'); 
end.

Файл quarantine.zip из папки AVZ загрузите по ссылке "Прислать запрошенный карантин" вверху темы.

Delete folder C:\Program Files\PZKRMogvn?л’Нlypfqlcm.exe

- Установите SP3 (может потребоваться активация), новый Internet Explorer, а также все доступные обновления для Windows

- Повторите логи.

**akram fattoum** · 15.03.2013, 21:57

same problem inmpssible set F2 - REG: system.ini: UserInit = C: \ WINDOWS \ system32 \ userinit.exe, C: \ Program Files \ PZKRMogvn? л '? lypfqlcm.exe \ lypfqlcm.exe
O4 - Startup: lypfqlcm.exe help me please

**Techno** · 15.03.2013, 22:18

http://support2.kaspersky.com/8097

**akram fattoum** · 16.03.2013, 00:36

hello

Please help me on this problem link on http://virusinfo.info/showthread.php?t=134894&p=982973 # post982973

thanks

- - - Updated - - -

I scan the computer again

Here is the result thanks

**Techno** · 16.03.2013, 10:02

http://support2.kaspersky.com/8097

**regist** · 16.03.2013, 11:05

1. Download English version of the Universal Virus Sniffer (uVS)
2. Unzip downloaded folder to your desktop. Open UVS folder and run start.exe application. In the program window select "Start under the current user".
3. From the top menu select "File" => "Save OS Image with checking digital signature (slow)…". You will be prompted to choose destination location for the log files to be saved. Please follow the convention when naming the log file “name_of_the_computer_date_scanned”. Save log file on your desktop.
!!!Attention. If you have archiving applications WinRAR or 7-Zip installed, uVS will archive the logfile for you, otherwise it will have to be done manually.
Please wait till your logs are being collected and saved. Attached your log file to your next post on the forum.
!!! Note: please make sure to run application as an administrator. If you are using Windows XP it will be done automatically. In Windows Vista and Windows 7 to start application as an administrator, please right-click on the application icon and select “Run as administrator”. You might be asked to enter administrator’s password, in that case – enter the password and click “Yes”.
4. More information on how to use uVS can be found here: Как подготовить лог UVS

**akram fattoum** · 21.03.2013, 04:28

I DO NOT UNDERSTAND HOW CHRGER REPORT BECAUSE IT IS ATTACHED TO LARGE

**regist** · 21.03.2013, 11:33

Upload the file here: http://uploadmb.com/
Copy the link inside the Direct Link box and post it in your next reply.

**akram fattoum** · 24.03.2013, 01:48

HELLO

- - - Updated - - -

Techno,

**CyberHelper** · 24.03.2013, 01:58

Статистика проведенного лечения:

Получено карантинов: 2
Обработано файлов: 30
В ходе лечения обнаружены вредоносные программы:
1. \\recycler\\s-7-4-38-4740253138-7350076088-143011504-7227\\anqbdkol.cpl - Trojan.Win32.Starter.lgb ( DrWEB: Win32.Rmnet.1, BitDefender: Win32.Ramnit.L, NOD32: Win32/Ramnit.F virus, AVAST4: Win32:Starter-BH [Trj] )
2. \\recycler\\s-7-4-38-4740253138-7350076088-143011504-7227\\avsoodam.cpl - Trojan.Win32.Starter.lgb ( DrWEB: Win32.Rmnet.1, BitDefender: Win32.Ramnit.L, NOD32: Win32/Ramnit.F virus, AVAST4: Win32:Starter-BH [Trj] )
3. \\recycler\\s-7-4-38-4740253138-7350076088-143011504-7227\\aygwpqud.exe - Trojan-Spy.Win32.Zbot.ayqt ( DrWEB: Trojan.Rmnet.1, BitDefender: Trojan.Generic.5704568, NOD32: Win32/Ramnit.A virus, AVAST4: Win32:Zbot-MYP [Trj] )
4. \\recycler\\s-7-4-38-4740253138-7350076088-143011504-7227\\ayhkrlbf.cpl - Trojan.Win32.Starter.lgb ( DrWEB: Win32.Rmnet.1, BitDefender: Win32.Ramnit.L, NOD32: Win32/Ramnit.F virus, AVAST4: Win32:Starter-BH [Trj] )
5. \\recycler\\s-7-4-38-4740253138-7350076088-143011504-7227\\bwecesov.exe - Trojan-Spy.Win32.Zbot.ayqt ( DrWEB: Trojan.Rmnet.1, BitDefender: Trojan.Generic.5704568, NOD32: Win32/Ramnit.A virus, AVAST4: Win32:Zbot-MYP [Trj] )
6. \\recycler\\s-7-4-38-4740253138-7350076088-143011504-7227\\facconsw.exe - Trojan-Spy.Win32.Zbot.ayqt ( DrWEB: Trojan.Rmnet.1, BitDefender: Trojan.Generic.5704568, NOD32: Win32/Ramnit.A virus, AVAST4: Win32:Zbot-MYP [Trj] )
7. \\recycler\\s-7-4-38-4740253138-7350076088-143011504-7227\\haqrrudm.exe - Trojan-Spy.Win32.Zbot.ayqt ( DrWEB: Trojan.Rmnet.1, BitDefender: Trojan.Generic.5704568, NOD32: Win32/Ramnit.A virus, AVAST4: Win32:Zbot-MYP [Trj] )
8. \\recycler\\s-7-4-38-4740253138-7350076088-143011504-7227\\iowbluah.exe - Trojan-Spy.Win32.Zbot.ayqt ( DrWEB: Trojan.Rmnet.1, BitDefender: Trojan.Generic.5704568, NOD32: Win32/Ramnit.A virus, AVAST4: Win32:Zbot-MYP [Trj] )
9. \\recycler\\s-7-4-38-4740253138-7350076088-143011504-7227\\itlwuaji.cpl - Trojan.Win32.Starter.lgb ( DrWEB: Win32.Rmnet.1, BitDefender: Win32.Ramnit.L, NOD32: Win32/Ramnit.F virus, AVAST4: Win32:Starter-BH [Trj] )
10. \\recycler\\s-7-4-38-4740253138-7350076088-143011504-7227\\lipstrwd.cpl - Trojan.Win32.Starter.lgb ( DrWEB: Win32.Rmnet.1, BitDefender: Win32.Ramnit.L, NOD32: Win32/Ramnit.F virus, AVAST4: Win32:Starter-BH [Trj] )
11. \\recycler\\s-7-4-38-4740253138-7350076088-143011504-7227\\mgdchbcn.cpl - Trojan.Win32.Starter.lgb ( DrWEB: Win32.Rmnet.1, BitDefender: Win32.Ramnit.L, NOD32: Win32/Ramnit.F virus, AVAST4: Win32:Starter-BH [Trj] )
12. \\recycler\\s-7-4-38-4740253138-7350076088-143011504-7227\\nqwlpfvo.exe - Trojan-Spy.Win32.Zbot.ayqt ( DrWEB: Trojan.Rmnet.1, BitDefender: Trojan.Generic.5704568, NOD32: Win32/Ramnit.A virus, AVAST4: Win32:Zbot-MYP [Trj] )
13. \\recycler\\s-7-4-38-4740253138-7350076088-143011504-7227\\oimoquof.cpl - Trojan.Win32.Starter.lgb ( DrWEB: Win32.Rmnet.1, BitDefender: Win32.Ramnit.L, NOD32: Win32/Ramnit.F virus, AVAST4: Win32:Starter-BH [Trj] )
14. \\recycler\\s-7-4-38-4740253138-7350076088-143011504-7227\\outajiks.cpl - Trojan.Win32.Starter.lgb ( DrWEB: Win32.Rmnet.1, BitDefender: Win32.Ramnit.L, NOD32: Win32/Ramnit.F virus, AVAST4: Win32:Starter-BH [Trj] )
15. \\recycler\\s-7-4-38-4740253138-7350076088-143011504-7227\\pcuyvywf.cpl - Trojan.Win32.Starter.lgb ( DrWEB: Win32.Rmnet.1, BitDefender: Win32.Ramnit.L, NOD32: Win32/Ramnit.F virus, AVAST4: Win32:Starter-BH [Trj] )
16. \\recycler\\s-7-4-38-4740253138-7350076088-143011504-7227\\pinfbsji.exe - Trojan-Spy.Win32.Zbot.ayqt ( DrWEB: Trojan.Rmnet.1, BitDefender: Trojan.Generic.5704568, NOD32: Win32/Ramnit.A virus, AVAST4: Win32:Zbot-MYP [Trj] )
17. \\recycler\\s-7-4-38-4740253138-7350076088-143011504-7227\\rxhvmgsy.exe - Trojan-Spy.Win32.Zbot.ayqt ( DrWEB: Trojan.Rmnet.1, BitDefender: Trojan.Generic.5704568, NOD32: Win32/Ramnit.A virus, AVAST4: Win32:Zbot-MYP [Trj] )
18. \\recycler\\s-7-4-38-4740253138-7350076088-143011504-7227\\sntblthq.cpl - Trojan.Win32.Starter.lgb ( DrWEB: Win32.Rmnet.1, BitDefender: Win32.Ramnit.L, NOD32: Win32/Ramnit.F virus, AVAST4: Win32:Starter-BH [Trj] )
19. \\recycler\\s-7-4-38-4740253138-7350076088-143011504-7227\\wcdwdneg.exe - Trojan-Spy.Win32.Zbot.ayqt ( DrWEB: Trojan.Rmnet.1, BitDefender: Trojan.Generic.5704568, NOD32: Win32/Ramnit.A virus, AVAST4: Win32:Zbot-MYP [Trj] )
20. \\recycler\\s-7-4-38-4740253138-7350076088-143011504-7227\\zqtxxqqi.exe - Trojan-Spy.Win32.Zbot.ayqt ( DrWEB: Trojan.Rmnet.1, BitDefender: Trojan.Generic.5704568, NOD32: Win32/Ramnit.A virus, AVAST4: Win32:Zbot-MYP [Trj] )

Рекомендации:

Обнаружены троянские программы класса Trojan-PSW/Trojan-Spy - настоятельно рекомендуется поменять все пароли !

MY COMPUTER IS INFECTED [Trojan-Spy.Win32.Zbot.ayqt, Trojan.Win32.Starter.lgb ] (заявка № 134591)

Опции темы

Итог лечения

Похожие темы

restore sistem does not works,I have some adds trying me to buy them a antivirus to fix my computer, the screan of my computer says is infected with a virus, i can not open the browser. (заявка №45872)

infected computer

fix an infected computer

Your computer is infected

Your computer is infected

Метки для этой темы

Ваши права в разделе