Bagle virus attacking my computer

[Numb]

All malicious registry entries seem to be here again Let's try again: before execute script, disconnect your network connection and stop the anti-virus monitor.
Execute script:

Код:

begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
 SetServiceStart('srosa', 4); 
BC_DeleteSvc('srosa');
 BC_DeleteFile('C:\WINDOWS\system32\drivers\srosa.sys');
 DeleteFile('C:\WINDOWS\system32\drivers\hldrrr.exe');
 BC_DeleteFile('C:\WINDOWS\system32\drivers\hldrrr.exe');
 DeleteFile('C:\WINDOWS\system32\wintems.exe');
 BC_DeleteFile('C:\WINDOWS\system32\wintems.exe');
BC_Activate;
ExecuteSysClean;
RebootWindows(false);
end.

. If script works correctly, your system will restart. After restart, turn on your antivirus monitor and network connection, make the step 10 of the rules and attach the log here.

[godsdsipl]

I ran the Kaspersky Lab Tool and it does nothing. It wont reboot so I manually rebooted. I am going to try and do the Recovery Console again but I am not sure that I am doing it right. Once I get in to the console and get to the C:\Windows what do I type to delete these and how do I know if it worked? I am getting frustrated I have been working on this virus for going on 4 days now

Run the Recovery Console. To do so, boot with the Windows XP CD and select "R" at the Welcome Screen.
From there try to delete the following files:
c:\windows\system32\drivers\srosa.sys
c:\windows\system32\drivers\hldrrr.exe
c:\windows\system32\wintems.exe
c:\windows\system32\mdelk.exe


Does it mean that you can run the AVPTool ? You answered "No" and then you said that you can do it

[kps]

Clear your internet cache.
Run the AVPTool http://devbuilds.kaspersky-labs.com/devbuilds/AVPTool/
Go to the "Manual Cure" window.
Copy and paste the following script (how to do this: read here http://avptool.virusinfo.info/en/AVP...curescript.htm)
Execute it.

Код:

begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
StopService('srosa'); 
SetServiceStart('srosa', 4);
DeleteService('srosa');
QuarantineFile('C:\WINDOWS\system32\drivers\srosa.sys','');
QuarantineFile('C:\WINDOWS\system32\drivers\hldrrr.exe','');
QuarantineFile('C:\WINDOWS\system32\wintems.exe','');
DeleteFile('c:\windows\system32\drivers\srosa.sys');
DeleteFile('C:\WINDOWS\system32\drivers\hldrrr.exe');
DeleteFile('C:\WINDOWS\system32\wintems.exe');
DeleteFileMask('c:\WINDOWS\system32\drivers\down', '*.*', true); 
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.

Do and paste new log files http://avptool.virusinfo.info/en/AVPTool_manual.htm and paste them here.

[godsdsipl]

OK here you go

[godsdsipl]

Any Help?

[Bratez]

Execute the following script:

Код:

begin
ClearQuarantine;
SearchRootkit(true, true);
SetAVZGuardStatus(True);
 QuarantineFile('C:\WINDOWS\system32\kasperskyLive32.exe','');
 DeleteFile('C:\WINDOWS\system32\kasperskyLive32.exe');
RegKeyParamDel( 'HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', 'drvsyskit');
RegKeyParamDel( 'HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', 'german.exe');
BC_ImportALL;
BC_DeleteSvc('srosa');
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.

After your system reboots, upload new quarantine according to appendix #3 of Rules and make a new "syscheck" logfile.