My log

**vipuladusa** · 14.05.2008, 22:07

There's a virus on my pc. Whenever I surf the web with fire fox pop-ups keep popping up and asking me to download something, in an internet explorer window o.o Here is my log from using kapersky, it asks me to receive a script from you guys, so help me out here. I need to use paypal soon and I need to know if my PC is fully protected @_@ Thanks~

**kps** · 14.05.2008, 22:45

Please download AVZ http://virusinfo.info/showthread.php?t=9184

Then AVZ - File - Custom scripts
Execute the following script (copy it, paste it in the script window of AVZ and execute):

Код:

begin
SetAVZGuardStatus(True);
 QuarantineFile('C:\WINDOWS\system32\opnlKCRh.dll','');
 QuarantineFile('opnlKCRh.dll','');
 DeleteFile('opnlKCRh.dll');
 DeleteFile('C:\WINDOWS\system32\opnlKCRh.dll');
BC_ImportALL;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.

Your computer will reboot.
Upload the quarantined files according to the Appendix 3 of the rules. (upload here http://virusinfo.info/upload_virus_eng.php?tid=22890 )
Then make all 3 logs according to the rules and attach them.

**vipuladusa** · 15.05.2008, 01:09

Thanks for helping. I uploaded my hijackthis.log, and it seems when I kill a program with hijack this, the virus seems to go away. But I do it by deleting everything, so somethings end up not working. I'll upload my archive in a sec.
Then make all 3 logs according to the rules and attach them.
moderated: pls. never quote the post completely

**vipuladusa** · 15.05.2008, 01:20

Сообщение от vipuladusa

Thanks for helping. I uploaded my hijackthis.log, and it seems when I kill a program with hijack this, the virus seems to go away. But I do it by deleting everything, so somethings end up not working. I'll upload my archive in a sec.

K I uploaded my archive. My hijackthis.log is in the post above and here are my last two, thanks for the help, much appreciated.

**kps** · 15.05.2008, 02:33

Please dont fix anything in Hijackthis if we do not ask you to do so.

AVZ - File - Custom scripts
Execute the following script (copy it, paste it in the script window of AVZ and execute):

Код:

begin
ClearQuarantine;
SearchRootkit(true, true);
SetAVZGuardStatus(True);
 QuarantineFile('C:\Program Files\Permeo\e-Border Driver\s5spi.dll','');
 QuarantineFile('C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll','');
 QuarantineFile('C:\WINDOWS\system32\ah.scr','');
 QuarantineFile('C:\WINDOWS\Installer\{44A26F69-C401-4F38-B739-37FB22686C34}\New_Shortcut_S1699_A8EB5A2133B04A97AEEFDFB17E2E701D.exe','');
 QuarantineFile('C:\Documents and Settings\Vipul Dusa\Desktop\zenos\zenos.sys','');
 QuarantineFile('C:\Documents and Settings\Vipul Dusa\Desktop\ALL YOU NEED FOR REV [1].37 GG 1007\ALL YOU NEED FOR REV .37 GG 1007\xp.sys','');
 QuarantineFile('C:\WINDOWS\system32\DRIVERS\vmnetadapter.sys','');
 QuarantineFile('C:\Craby_Launcher\Craby Launcher\spuce.sys','');
 QuarantineFile('C:\Documents and Settings\Vipul Dusa\Desktop\AkumaEngine33\sejt.sys','');
 QuarantineFile('C:\Documents and Settings\Vipul Dusa\Desktop\Craby_Launcher\Craby Launcher\saruen.sys','');
 QuarantineFile('C:\Documents and Settings\Vipul Dusa\Desktop\Puma & Apocalypse CT\puma.sys','');
 QuarantineFile('C:\WINDOWS\system32\drivers\nhcDriver.sys','');
 QuarantineFile('C:\WINDOWS\system32\MzBot.sys','');
 QuarantineFile('LMIRfsClientNP.sys','');
 QuarantineFile('C:\WINDOWS\system32\DRIVERS\lmimirr.sys','');
 QuarantineFile('C:\Documents and Settings\Vipul Dusa\Desktop\New Compressed (zipped) Folder\New Folder (2)\Kaspersky.sys','');
 QuarantineFile('C:\Documents and Settings\Vipul Dusa\Desktop\Tools_Maple-Fun\MoonLight Engine 1129.1\IlvMoney1129.sys','');
 QuarantineFile('C:\Documents and Settings\Vipul Dusa\Desktop\Ultimate_Hack_Pack_7.0_Encore\Ultimate Hack Pack 7.0 Encore\AutoPlay\ICheat_47\iDriver.sys','');
 QuarantineFile('C:\maplehacz0rs\Buffy Engine\Buffy Engine\nvid888.sys','');
 QuarantineFile('C:\WINDOWS\system32\drivers\EagleNT.sys','');
 QuarantineFile('C:\Documents and Settings\Vipul Dusa\Desktop\DaEngine\DAEngine\DAK32.sys','');
 QuarantineFile('C:\Downloads\Hackpack\ce12\cheetah.sys','');
 QuarantineFile('C:\WINDOWS\System32\Drivers\kbdcap.SYS','');
 QuarantineFile('C:\WINDOWS\System32\drivers\Rtlnicxpp.sys','');
 QuarantineFile('C:\WINDOWS\system32\DRIVERS\PSTRIP.SYS','');
 QuarantineFile('c:\windows\system32\cfgsrvc.exe','');
BC_ImportQuarantineList;
BC_Activate;
RebootWindows(true);
end.

Your computer will reboot.
Upload the quarantined files according to the Appendix 3 of the rules. (upload here: http://virusinfo.info/upload_virus_eng.php?tid=22890 )

Fix the following line in Hijackthis

Код:

O20 - Winlogon Notify: opnlKCRh - C:\WINDOWS\

Deinstall the application viewpoint. I hope you dont need it (it may be the reason of your problem). If it is not in the list for deinstallation, then tell us about it, we can remove it with AVZ.

Make a new hijackthis.log.

**vipuladusa** · 15.05.2008, 02:49

Done and done. I uninstalled the programs viewpoint manager and viewpoint toolbar (didn't even know I had them

) but the pop-ups still keep popping up -.- Here's my new log-file.
moderated: pls. never quote the post completely

**kps** · 15.05.2008, 16:58

Please make new logs with AVZ and attach the logs.

My log

Опции темы

My log

Ваши права в разделе