i got PCsod virus, everytime i opne internet explorer there are pop-ups of PCsod.
i prepared all of 3 logs and attached.
thank you!
i got PCsod virus, everytime i opne internet explorer there are pop-ups of PCsod.
i prepared all of 3 logs and attached.
thank you!
Execute the following script in AVZ:
The system will reboot.Код:begin SearchRootkit(true, true); SetAVZGuardStatus(True); QuarantineFile('C:\WINDOWS\system32\khfeCVLD.dll',''); QuarantineFile('C:\WINDOWS\system32\nnnNGYPg.dll',''); QuarantineFile('C:\WINDOWS\system32\tppaiexq.dll',''); QuarantineFile('C:\WINDOWS\system32\rqRIyXOh.dll',''); DeleteFile('C:\WINDOWS\system32\rqRIyXOh.dll'); DeleteFile('C:\WINDOWS\system32\tppaiexq.dll'); DeleteFile('C:\WINDOWS\system32\nnnNGYPg.dll'); DeleteFile('C:\WINDOWS\system32\khfeCVLD.dll'); BC_ImportALL; DelBHO('{CEA9FFDA-A195-472A-9FB1-62371382A07F}'); DelBHO('{CBC5C692-5316-431A-BA67-920F118AA335}'); DelBHO('{B3102264-D09D-4322-B625-503FBF18DD7E}'); ExecuteSysClean; BC_Activate; RebootWindows(true); end.
Upload all quarantined files according to Appendix #3 of the Rules (use red link above).
Make new logfiles.
! While using AVZ, internet connection and antivirus program should be off.
Последний раз редактировалось Bratez; 14.05.2008 в 15:16.
I am not young enough to know everything...
thank you..
but, how do i execute the script in AVZ?
Rene-gad thanks.
i uploded the quarantined files..should i gave you some link or something? cuz i dont find one.
and this is the new logfiles:
moderated:::You should repead all 3 log files and attach them to your post.
Последний раз редактировалось Rene-gad; 14.05.2008 в 18:00.
here is the all 3 log files
Now everything seems to be OK. Just fix the following lined in HijackThis:
Добавлено через 1 минутуКод:O2 - BHO: (no name) - {0C8BD81F-DAA2-4E46-B910-440FE28D7987} - (no file) O2 - BHO: (no name) - {61A673EA-D1C3-45B4-94A6-CDECB532CA19} - C:\WINDOWS\system32\rqRIyXOh.dll (file missing) O2 - BHO: (no name) - {EDCD05B8-F2BD-4286-9C3B-69F893CE2598} - (no file) O2 - BHO: (no name) - {F90E7ABD-6413-4020-8883-98192764E5D4} - (no file)
Repeat HijackThis log once more.
Do you still have any problems?
Последний раз редактировалось Bratez; 15.05.2008 в 10:01. Причина: Добавлено
I am not young enough to know everything...
It wasn't too complicated, was it?
Fix with HJT
Run the scriptКод:O2 - BHO: (no name) - {61A673EA-D1C3-45B4-94A6-CDECB532CA19} - C:\WINDOWS\system32\rqRIyXOh.dll (file missing)
The PC will be rebooted. Upload all quarantined files according to Appendix #3 of the Rules (use red link above). Make new logfiles.While using AVZ, internet connection and antivirus program should be off.Код:begin SearchRootkit(true, true); SetAVZGuardStatus(True); DelBHO('{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}'); DelBHO('{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E}'); DelBHO('{F90E7ABD-6413-4020-8883-98192764E5D4}'); DelBHO('{EDCD05B8-F2BD-4286-9C3B-69F893CE2598}'); DelBHO('{61A673EA-D1C3-45B4-94A6-CDECB532CA19}'); DelBHO('{0C8BD81F-DAA2-4E46-B910-440FE28D7987}'); StopService('SetupNTGLM7X'); DeleteService('SetupNTGLM7X'); StopService('GMSIPCI'); DeleteService('GMSIPCI'); QuarantineFile('E:\NTGLM7X.sys',''); QuarantineFile('E:\INSTALL\GMSIPCI.SYS',''); DeleteFile('E:\INSTALL\GMSIPCI.SYS'); DeleteFile('E:\NTGLM7X.sys'); BC_ImportDeletedList; ExecuteSysClean; BC_Activate; RebootWindows(true); end.
Bratez :
after i fixed what Rene-gad told me to fix,i didn't saw the files you tell me to fix.
Rene-gad :
i tried to upload the quarantined files , but AVZ didn't find any quarantined files .
(after i did "automatic quarantining" AVZ did found quarantined files
and i uploded them)
i attached the 3 logfiles.
there no more pop-ups, but theKaspersky Anti-Virus found :
"trojan.win32.Monder"
"trojan.win32.KillAv"
Последний раз редактировалось lysk88; 16.05.2008 в 02:15.
Fix this in hijack this:
Execute this script in avz:Код:O20 - Winlogon Notify: nnnNGYPg - C:\WINDOWS\
P.S. spydoctor and spybot in your case are superfluous. Uninstall them.Recheck settings in kaspersky accourding to the link in the rules. Rescan all computer, better one time in safe mode and one in normal. In order to prevent infection-> More effective idea is to use ( especially, in the internet) an limited user account instead of an administrator account. P.s. If you can't understand something in my english, i can explain you in PM in HebrewКод:begin SearchRootkit(true, true); SetAVZGuardStatus(True); DeleteFile('E:\NTACCESS.sys'); BC_DeleteSvc('NTACCESS'); BC_ImportDeletedList; ExecuteSysClean; BC_Activate; ExecuteRepair(6); ExecuteRepair(8); RebootWindows(true); end.
Последний раз редактировалось drongo; 16.05.2008 в 19:50.
*Нажми и выполни, если хочешь чтобы помощь улучшилась и ускорилась
*MyFirefox Portable
special avz @ rapidshare.com
md5: 2091925798B7909E010E3F7E328C5F0D
hey man..i done what you said,hope for the best (:
i sent to you PM(:
thanks!
what should i do next?
moderated:::full quote removed
Последний раз редактировалось Rene-gad; 17.05.2008 в 00:16.
Please update kaspersky, rescan all your computer. Cure/delete- if it will find something. Then disable your antivirus and make a fresh logs.
*Нажми и выполни, если хочешь чтобы помощь улучшилась и ускорилась
*MyFirefox Portable
special avz @ rapidshare.com
md5: 2091925798B7909E010E3F7E328C5F0D
i did what you said
here is a fresh new logs
They seems to be clean. But what is the Drive E:\ ?
I mean this file: E:\INSTALL\GMSIPCI.SYS