Показано с 1 по 11 из 11.

please .. need help

  1. #1
    Junior Member Репутация
    Регистрация
    20.01.2008
    Сообщений
    5
    Вес репутации
    37

    please .. need help

    Hi,

    I think my pc has a virus that kaspersky virus removal tool can't find
    since it keeps rebooting and works only in safe mode

    thank you,
    Вложения Вложения

  2. #2
    Senior Member Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация
    Регистрация
    26.12.2006
    Адрес
    Vladivostok
    Сообщений
    23,299
    Вес репутации
    1555
    Execute the following script in AVPtool
    (how: http://avptool.virusinfo.info/en/AVP...curescript.htm)
    Код:
    begin
    SearchRootkit(true, true);
    SetAVZGuardStatus(True);
     QuarantineFile('kus552.dat','');
     QuarantineFile('C:\Program Files\Helper\superdirectsearch.dll','');
     QuarantineFile('C:\WINDOWS\mmall.exe','');
     QuarantineFile('C:\WINDOWS\System32\uauk.dll','');
     QuarantineFile('C:\WINDOWS\System32\bolenjx.exe','');
     QuarantineFile('C:\WINDOWS\System32\J8dj3jg.dll','');
     QuarantineFile('C:\Documents and Settings\LocalService\Local Settings\Application Data\cftmon.exe','');
     QuarantineFile('C:\Documents and Settings\Administrator\Local Settings\Application Data\cftmon.exe','');
     QuarantineFile('C:\WINDOWS\system32\drivers\lvvbanpf.dat','');
     QuarantineFile('C:\WINDOWS\System32\Drivers\Beep.SYS','');
     QuarantineFile('C:\WINDOWS\System32\msftp.dll','');
     QuarantineFile('C:\WINDOWS\system32\drivers\spool.exe','');
     QuarantineFile('C:\Documents and Settings\All Users\Documents\Settings\partnership.dll','');
     DeleteFile('C:\Documents and Settings\All Users\Documents\Settings\partnership.dll');
     DeleteFile('C:\WINDOWS\system32\drivers\spool.exe');
     DeleteFile('C:\WINDOWS\System32\msftp.dll');
     DeleteFile('C:\WINDOWS\System32\Drivers\Beep.SYS');
     DeleteFile('C:\WINDOWS\system32\drivers\lvvbanpf.dat');
     DeleteFile('C:\Documents and Settings\Administrator\Local Settings\Application Data\cftmon.exe');
     DeleteFile('C:\Documents and Settings\LocalService\Local Settings\Application Data\cftmon.exe');
     DeleteFile('C:\WINDOWS\System32\J8dj3jg.dll');
     DeleteFile('C:\WINDOWS\System32\bolenjx.exe');
     DeleteFile('C:\WINDOWS\System32\uauk.dll');
     DeleteFile('C:\WINDOWS\mmall.exe');
     DeleteFile('C:\Program Files\Helper\superdirectsearch.dll');
     DeleteFile('C:\WINDOWS\kus552.dat');
     DeleteFile('C:\WINDOWS\System32\kus552.dat');
    BC_ImportALL;
    ExecuteSysClean;
    BC_Activate;
    RebootWindows(true);
    end.
    Upload quarantine using this page: http://virusinfo.info/upload_virus_eng.php?tid=16690.
    Make a new logfile in AVPTool.
    I am not young enough to know everything...

  3. #3
    Junior Member Репутация
    Регистрация
    20.01.2008
    Сообщений
    5
    Вес репутации
    37
    I'm not sure if this is the quarantine that I should upload but this is all I got
    Вложения Вложения

  4. #4
    Senior Member Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация
    Регистрация
    26.12.2006
    Адрес
    Vladivostok
    Сообщений
    23,299
    Вес репутации
    1555
    Execute one more script:
    Код:
    begin
    SearchRootkit(true, true);
    SetAVZGuardStatus(True);
     StopService('Beep');
     StopService('ftmxhlqz');
     TerminateProcessByName('spool.exe');
     DeleteFile('C:\WINDOWS\system32\drivers\spool.exe');
     DeleteFile('C:\WINDOWS\System32\msftp.dll');
     DeleteFile('C:\WINDOWS\System32\Drivers\Beep.SYS');
     DeleteFile('C:\Documents and Settings\All Users\Documents\Settings\partnership.dll');
     DeleteFile('C:\WINDOWS\system32\drivers\lvvbanpf.dat');
     DeleteFile('C:\WINDOWS\bolenjx.exe');
     DeleteFile('C:\WINDOWS\System32\bolenjx.exe');
    DelBHO('{7E853D72-626A-48EC-A868-BA8D5E23E045}');
    DelBHO('{B5AC49A2-94F2-42BD-F434-2604812C897D}');
    DelBHO('{B5AF0562-94F3-42BD-F434-2604812C797D}');
    DelBHO('{DD36FFB4-4F50-4071-9E6F-2E4947841DE2}');
    DelBHO('{F10587E9-0E47-4CBE-84AE-7DD20B8684CC}');
    DelWinlogonNotifyByKeyName('partnershipreg');
    BC_ImportDeletedList;
    ExecuteSysClean;
    BC_Activate;
    RebootWindows(true);
    end.
    and make a logfile once again.
    I am not young enough to know everything...

  5. #5
    Junior Member Репутация
    Регистрация
    20.01.2008
    Сообщений
    5
    Вес репутации
    37
    Hi

    After executing the second script a blue screen appeared then the pc restarted after that each time I try to log on, it log off by itself!!

  6. #6
    Senior Member Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация
    Регистрация
    26.12.2006
    Адрес
    Vladivostok
    Сообщений
    23,299
    Вес репутации
    1555
    I'm terribly sorry! There was nothing bad in my script...

    So, let's try to boot in Safe Mode. If logging on your user account is still impossible, try to log on as Administrator. In case of success, make a new logfile in AVPTool. Else try to run "Last known good configuration" in boot menu.
    I am not young enough to know everything...

  7. #7
    Senior Member Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Аватар для AndreyKa
    Регистрация
    08.01.2005
    Адрес
    Россия
    Сообщений
    13,625
    Вес репутации
    1291
    After executing the second script a blue screen appeared then the pc restarted after that each time I try to log on, it log off by itself!!
    Unfortunately the registry was damaged by virus. Try following this instruction:
    http://support.microsoft.com/kb/555648
    Correct path for yours computer is
    Userinit=C:\windows\system32\userinit.exe

  8. #8
    Junior Member Репутация
    Регистрация
    20.01.2008
    Сообщений
    5
    Вес репутации
    37
    I tried to log on in safe mode and in "Last known good configuration" but it doesn't work either
    how can I edit the registry without logging into windows?

  9. #9
    Senior Member Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Аватар для drongo
    Регистрация
    17.09.2004
    Адрес
    Israel
    Сообщений
    7,165
    Вес репутации
    971
    Well, i know how to edit registry using bootable disk, like http://www.nu2.nu/bootcd/
    Can you create such a disk by yourself?

  10. #10
    Junior Member Репутация
    Регистрация
    20.01.2008
    Сообщений
    5
    Вес репутации
    37
    I have Hiren's bootCD 9.3 and it has a program to edit the registry but the program won't work

    I'm not sure if the bootable disk from the website you posted works the same way
    is all I have to do is download files put it together and burn it?

  11. #11
    Senior Member Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Аватар для drongo
    Регистрация
    17.09.2004
    Адрес
    Israel
    Сообщений
    7,165
    Вес репутации
    971
    Here for example: http://regeditpe.sourceforge.net/
    http://windowsxp.mvps.org/peboot.htm
    Instructions with pictures are available.
    Remember, that you need to upload the registry file of the infected windows ( C:\Windows\System32\Config) and not one of the bootcd.
    Последний раз редактировалось drongo; 21.01.2008 в 17:22.

Свернуть/Развернуть Ваши права в разделе

  • Вы не можете создавать новые темы
  • Вы не можете отвечать в темах
  • Вы не можете прикреплять вложения
  • Вы не можете редактировать свои сообщения
  •  
Page generated in 0.01659 seconds with 16 queries