Hi...
I'm having problems with the downloader virus and others, then i use kaspersky as clean some but i cannot solve all.
Here is the atached file os syscheck!!!
Can you hel p me please!
Thanks.
att.:Nuno Ferreira
Hi...
I'm having problems with the downloader virus and others, then i use kaspersky as clean some but i cannot solve all.
Here is the atached file os syscheck!!!
Can you hel p me please!
Thanks.
att.:Nuno Ferreira
Последний раз редактировалось firmaster; 10.07.2008 в 14:27.
Please execute the following script in AVPTool:
Your computer will reboot.Код:begin SearchRootkit(true, true); SetAVZGuardStatus(True); QuarantineFile('C:\WINDOWS\system32\xkifkn.dll',''); QuarantineFile('C:\WINDOWS\system32\dbgjpeqc.dll',''); QuarantineFile('C:\WINDOWS\system32\jkkLCttr.dll',''); QuarantineFile('C:\WINDOWS\RavMon.exe',''); QuarantineFile('C:\WINDOWS\system32\nycfogws.dll',''); QuarantineFile('C:\WINDOWS\system32\msnvdmir.dll',''); QuarantineFile('C:\WINDOWS\system32\geBuuRkL.dll',''); DeleteFile('C:\WINDOWS\system32\geBuuRkL.dll'); DeleteFile('C:\WINDOWS\RavMon.exe'); DeleteFile('C:\WINDOWS\system32\jkkLCttr.dll'); DeleteFile('C:\WINDOWS\system32\nycfogws.dll'); DeleteFile('C:\WINDOWS\system32\msnvdmir.dll'); DeleteFile('C:\WINDOWS\system32\dbgjpeqc.dll'); DeleteFile('C:\WINDOWS\system32\xkifkn.dll'); DelBHO('D554A583-D4CF-4A6F-B07A-CB25F60FA743'); DelBHO('B4BDA769-E0C9-4661-873D-AFB60D09E034'); DelBHO('45027d75-050b-4b41-ba63-2335f26dfd99'); DelBHO('199A7C8F-8FDC-43F3-956E-78E52452486e'); BC_ImportALL; ExecuteSysClean; BC_Activate; RebootWindows(true); end.
Upload the quarantined files according to the Appendix 3 of the rules.
Then download AVZ (the download link is in the rules) and make 3 logs according to the rules.
P.S. Are you from Portugal ?
Месть - мечта слабых, прощение - удел сильных.
Поддержать проект можно здесь
Thanks KPS
Here it is the files!
Yes i'm from Portugal!Why?
P.S.-I think that i uploaded the wrong quarantined file, but i d'ont find no one, because i erased the quarantined files before i post this thread!!! is there a problem...
Последний раз редактировалось firmaster; 10.07.2008 в 14:41.
AVZ - File - Custom scripts
Execute the following script (copy it, paste it in the script window of AVZ and execute):
Your computer will reboot.Код:begin SearchRootkit(true, true); SetAVZGuardStatus(True); DeleteFile('C:\WINDOWS\system32\jkkLCttr.dll'); DeleteFile('C:\Documents and Settings\Nuno Ferreira\Definiзхes locais\Temporary Internet Files\Content.IE5\JZ177X8W\3077ahntdksr[1].dll'); DeleteFile('C:\WINDOWS\system32\geBuuRkL.dll'); DelBHO('A93B86C6-43F1-4042-B763-B7048ACE01B8'); DelBHO('DB4DC36D-A95F-4097-8743-74AED64E5919'); BC_ImportDeletedList; DelWinlogonNotifyByKeyName('jkkLCttr'); ExecuteSysClean; BC_Activate; ExecuteRepair(1); RebootWindows(true); end.
You have the program Bonjour, you can find it here c:\programas\bonjour\
It is recommended to delete this program.
Do you know these entries:
If you dont, then fix them in HijackThis.Код:O17 - HKLM\System\CCS\Services\Tcpip\..\{B5E3FF90-5DAE-4ECC-8AFE-3A175C292B91}: NameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\..\{F889B13C-26C5-4247-B24A-7A3649C38C2F}: NameServer = 192.168.0.190
Clear your temp folders and the internet cache.
Make new 3 logs.
P.S. The question was because of the interest, we usually help users from other countries and because i like the way of football play by the portugal team.
Последний раз редактировалось kps; 10.07.2008 в 15:30.
Месть - мечта слабых, прощение - удел сильных.
Поддержать проект можно здесь
Well these log's take a while to get, but here are them, and tanks again!
The entries are from my gateways!
And now i disable the bonjour.
I don't know how did you find all this, but that's a good help.
Thanks again.
p.s. And the Portugal team play very well, but have bad luck, maybe next time, it's was always a next time! lolol
Your logs are clean, but there is an error, so please execute the following script in AVZ:
Your computer will reboot.Код:begin AutoFixSPI; RebootWindows(false); end.
Any problems left?
If not - we are interested in your opinion about our project, it can help us to improve our service http://virusinfo.info/showthread.php?t=19966
Месть - мечта слабых, прощение - удел сильных.
Поддержать проект можно здесь