Hi,
I think my pc has a virus that kaspersky virus removal tool can't find
since it keeps rebooting and works only in safe mode
thank you,
Hi,
I think my pc has a virus that kaspersky virus removal tool can't find
since it keeps rebooting and works only in safe mode
thank you,
Execute the following script in AVPtool
(how: http://avptool.virusinfo.info/en/AVP...curescript.htm)
Upload quarantine using this page: http://virusinfo.info/upload_virus_eng.php?tid=16690.Код:begin SearchRootkit(true, true); SetAVZGuardStatus(True); QuarantineFile('kus552.dat',''); QuarantineFile('C:\Program Files\Helper\superdirectsearch.dll',''); QuarantineFile('C:\WINDOWS\mmall.exe',''); QuarantineFile('C:\WINDOWS\System32\uauk.dll',''); QuarantineFile('C:\WINDOWS\System32\bolenjx.exe',''); QuarantineFile('C:\WINDOWS\System32\J8dj3jg.dll',''); QuarantineFile('C:\Documents and Settings\LocalService\Local Settings\Application Data\cftmon.exe',''); QuarantineFile('C:\Documents and Settings\Administrator\Local Settings\Application Data\cftmon.exe',''); QuarantineFile('C:\WINDOWS\system32\drivers\lvvbanpf.dat',''); QuarantineFile('C:\WINDOWS\System32\Drivers\Beep.SYS',''); QuarantineFile('C:\WINDOWS\System32\msftp.dll',''); QuarantineFile('C:\WINDOWS\system32\drivers\spool.exe',''); QuarantineFile('C:\Documents and Settings\All Users\Documents\Settings\partnership.dll',''); DeleteFile('C:\Documents and Settings\All Users\Documents\Settings\partnership.dll'); DeleteFile('C:\WINDOWS\system32\drivers\spool.exe'); DeleteFile('C:\WINDOWS\System32\msftp.dll'); DeleteFile('C:\WINDOWS\System32\Drivers\Beep.SYS'); DeleteFile('C:\WINDOWS\system32\drivers\lvvbanpf.dat'); DeleteFile('C:\Documents and Settings\Administrator\Local Settings\Application Data\cftmon.exe'); DeleteFile('C:\Documents and Settings\LocalService\Local Settings\Application Data\cftmon.exe'); DeleteFile('C:\WINDOWS\System32\J8dj3jg.dll'); DeleteFile('C:\WINDOWS\System32\bolenjx.exe'); DeleteFile('C:\WINDOWS\System32\uauk.dll'); DeleteFile('C:\WINDOWS\mmall.exe'); DeleteFile('C:\Program Files\Helper\superdirectsearch.dll'); DeleteFile('C:\WINDOWS\kus552.dat'); DeleteFile('C:\WINDOWS\System32\kus552.dat'); BC_ImportALL; ExecuteSysClean; BC_Activate; RebootWindows(true); end.
Make a new logfile in AVPTool.
I am not young enough to know everything...
I'm not sure if this is the quarantine that I should upload but this is all I got
Execute one more script:
and make a logfile once again.Код:begin SearchRootkit(true, true); SetAVZGuardStatus(True); StopService('Beep'); StopService('ftmxhlqz'); TerminateProcessByName('spool.exe'); DeleteFile('C:\WINDOWS\system32\drivers\spool.exe'); DeleteFile('C:\WINDOWS\System32\msftp.dll'); DeleteFile('C:\WINDOWS\System32\Drivers\Beep.SYS'); DeleteFile('C:\Documents and Settings\All Users\Documents\Settings\partnership.dll'); DeleteFile('C:\WINDOWS\system32\drivers\lvvbanpf.dat'); DeleteFile('C:\WINDOWS\bolenjx.exe'); DeleteFile('C:\WINDOWS\System32\bolenjx.exe'); DelBHO('{7E853D72-626A-48EC-A868-BA8D5E23E045}'); DelBHO('{B5AC49A2-94F2-42BD-F434-2604812C897D}'); DelBHO('{B5AF0562-94F3-42BD-F434-2604812C797D}'); DelBHO('{DD36FFB4-4F50-4071-9E6F-2E4947841DE2}'); DelBHO('{F10587E9-0E47-4CBE-84AE-7DD20B8684CC}'); DelWinlogonNotifyByKeyName('partnershipreg'); BC_ImportDeletedList; ExecuteSysClean; BC_Activate; RebootWindows(true); end.
I am not young enough to know everything...
Hi
After executing the second script a blue screen appeared then the pc restarted after that each time I try to log on, it log off by itself!!
I'm terribly sorry! There was nothing bad in my script...
So, let's try to boot in Safe Mode. If logging on your user account is still impossible, try to log on as Administrator. In case of success, make a new logfile in AVPTool. Else try to run "Last known good configuration" in boot menu.
I am not young enough to know everything...
Unfortunately the registry was damaged by virus. Try following this instruction:After executing the second script a blue screen appeared then the pc restarted after that each time I try to log on, it log off by itself!!
http://support.microsoft.com/kb/555648
Correct path for yours computer is
Userinit=C:\windows\system32\userinit.exe
I tried to log on in safe mode and in "Last known good configuration" but it doesn't work either
how can I edit the registry without logging into windows?
Well, i know how to edit registry using bootable disk, like http://www.nu2.nu/bootcd/
Can you create such a disk by yourself?
*Нажми и выполни, если хочешь чтобы помощь улучшилась и ускорилась
*MyFirefox Portable
special avz @ rapidshare.com
md5: 2091925798B7909E010E3F7E328C5F0D
I have Hiren's bootCD 9.3 and it has a program to edit the registry but the program won't work
I'm not sure if the bootable disk from the website you posted works the same way
is all I have to do is download files put it together and burn it?
Here for example: http://regeditpe.sourceforge.net/
http://windowsxp.mvps.org/peboot.htm
Instructions with pictures are available.
Remember, that you need to upload the registry file of the infected windows ( C:\Windows\System32\Config) and not one of the bootcd.
Последний раз редактировалось drongo; 21.01.2008 в 17:22.
*Нажми и выполни, если хочешь чтобы помощь улучшилась и ускорилась
*MyFirefox Portable
special avz @ rapidshare.com
md5: 2091925798B7909E010E3F7E328C5F0D