My laptop has been infected with the Bagle and a couple other virus' and it wont allow me to install any antivirus or spyware software on my system to kill it. Please help
My laptop has been infected with the Bagle and a couple other virus' and it wont allow me to install any antivirus or spyware software on my system to kill it. Please help
Execute script:When the script runs. your system will restart - it's normal. After restart , upload quarantine using this link: http://virusinfo.info/upload_virus_eng.php?tid=17983 (see appendix 3 of the rules for details )Код:begin SearchRootkit(true, true); SetAVZGuardStatus(True); QuarantineFile('C:\WINDOWS\system32\wintems.exe',''); QuarantineFile('C:\WINDOWS\system32\drivers\hldrrr.exe',''); QuarantineFile('C:\Documents and Settings\Permit-It\Application Data\m\flec006.exe',''); BC_ImportquarantineList; BC_Activate; RebootWindows(true); end.
I did this and it would not execute the script. I rebooted and rescanned and it found 596 infected files. So I tried to run the AVZ Antiviral Toolkit and nothing would happen so I tried to run HijackThis and it said it was not a valid win32 application
Try to scan your PC with AVPTool http://devbuilds.kaspersky-labs.com/devbuilds/AVPTool/
Месть - мечта слабых, прощение - удел сильных.
Поддержать проект можно здесь
I ran the tool and here is the log ... it says it deleted the 3 files but they are still there when I re-scan
Sorry here is the log file of the scan
Execute script in avptool :9 how -to -> http://avptool.virusinfo.info/en/AVP...curescript.htm )
Do make a full scan of all disks with fresh cureit (#2 in our rules ) it should create a log after curing, please attach it to your next post.Код:begin SearchRootkit(true, true); SetAVZGuardStatus(True); StopService('srosa'); SetServiceStart('srosa', 4); DeleteService('srosa'); QuarantineFile('C:\WINDOWS\system32\drivers\srosa.sys',''); QuarantineFile('C:\WINDOWS\system32\drivers\hldrrr.exe',''); QuarantineFile('C:\WINDOWS\system32\wintems.exe',''); DeleteFile('c:\windows\system32\drivers\srosa.sys'); DeleteFile('C:\WINDOWS\system32\drivers\hldrrr.exe'); DeleteFile('C:\WINDOWS\system32\wintems.exe'); BC_DeleteSvc('srosa'); BC_ImportAll; ExecuteSysClean; ExecuteRepair(1); ExecuteRepair(6); ExecuteRepair(8); ExecuteRepair(9); ExecuteRepair(12); BC_Activate; RebootWindows(true); end.
*** When the script runs. your system will restart - it's normal. After restart , upload quarantine using this link: http://virusinfo.info/upload_virus_eng.php?tid=17983 (see appendix 3 of the rules for details )
__________________
Последний раз редактировалось drongo; 14.02.2008 в 14:18.
*Нажми и выполни, если хочешь чтобы помощь улучшилась и ускорилась
*MyFirefox Portable
special avz @ rapidshare.com
md5: 2091925798B7909E010E3F7E328C5F0D
I pasted and executed this and it didn't do anything. It turned gray but didn't reboot.
Did you reboot manually? If no then do so.
Месть - мечта слабых, прощение - удел сильных.
Поддержать проект можно здесь
I zipped and uploaded the quarantine file and I rebooted. What next?
So I need to rescan and upload the new logs?
I am not sure what is going on but I can not start AVZ or HiJackThis. When I try to start both my computer freezes. I even deleted them both twice and redownloaded them and still the same thing. What can I do?
Can you run the AVPTool?
Месть - мечта слабых, прощение - удел сильных.
Поддержать проект можно здесь
No... it says "Not Responding" .. I can run DrWeb and Kaspersky Lab Tool but it will not let me run AVZ or HiJackThis
I tried that but this is the weirdest thing ... when I try to boot in safe mode, it loads the files and then reboots. It other words it willo not let me boot in safe mode it is just a loop
Run the Recovery Console. To do so, boot with the Windows XP CD and select "R" at the Welcome Screen.
From there try to delete the following files:
c:\windows\system32\drivers\srosa.sys
c:\windows\system32\drivers\hldrrr.exe
c:\windows\system32\wintems.exe
c:\windows\system32\mdelk.exe
Does it mean that you can run the AVPTool ? You answered "No" and then you said that you can do it
Последний раз редактировалось kps; 15.02.2008 в 10:46.
Месть - мечта слабых, прощение - удел сильных.
Поддержать проект можно здесь
Ok here are the logs ... Adware Alert just did a scan and it claimes to have just found 3679 infected files. I amnot sure which one is correct but here are the logs