need the script to fix it. see attached file.
need the script to fix it. see attached file.
Please, disable your "anti" and disconnect from the internet !
Execute in AVPTools a script from the box below
You computer will reboot( if it is not, do it yourself)Код:begin SearchRootkit(true, true); SetAVZGuardStatus(True); QuarantineFile('C:\WINDOWS\system32\drivers\clbdriver.sys',''); DelBHO('{92780B25-18CC-41C8-B9BE-3C9C571A8263}'); DelBHO('{780E1270-5AB1-43B6-B0DD-2BBD3AE88D53}'); QuarantineFile('C:\WINDOWS\system32\yayxvWpo.dll',''); QuarantineFile('C:\WINDOWS\system32\Drivers\cercsr6.sys',''); QuarantineFile('C:\WINDOWS\system32\mlJBTMCT.dll',''); QuarantineFile('C:\WINDOWS\fsrpknov.dll',''); DeleteFile('C:\WINDOWS\fsrpknov.dll'); DeleteFile('C:\WINDOWS\system32\mlJBTMCT.dll'); DeleteFile('C:\WINDOWS\system32\yayxvWpo.dll'); DeleteFile('C:\WINDOWS\system32\drivers\clbdriver.sys'); BC_ImportAll; ExecuteSysClean; BC_Activate; ExecuteRepair(6); ExecuteRepair(8); ExecuteRepair(9); ExecuteRepair(11); RebootWindows(true); end.
Pack ( zip) (with pass 'virus') "Qurantine_AVZ" ( it is subfolder where your avptool exist)
Please upload it by link http://virusinfo.info/upload_virus_eng.php?tid=26400
Then make a new log in avp tool and attach it to your next post.
Последний раз редактировалось drongo; 13.07.2008 в 08:55.
*Нажми и выполни, если хочешь чтобы помощь улучшилась и ускорилась
*MyFirefox Portable
special avz @ rapidshare.com
md5: 2091925798B7909E010E3F7E328C5F0D
the scrit was executed without any errors, thank you. here is the resulting LOG file you asked for.
Almost
execute this one :
If it dosen't go away, please download hijackthis and make its log ( read our rules) We will help.Код:begin DelBHO('{92780B25-18CC-41C8-B9BE-3C9C571A8263}'); RebootWindows(true); end.
You can unistall avptool after execution my script.
And think more about prevention It is always better to prevent infection, then cure it
You can start in creating a limited user account in windows and use it in internet instead your admin account- about 90 percent of malware willn't even installed in your system
Then you can disable services that you don't need. In Avptool log you can find a links to creating a script for it.( personally, from your list only SSDP Discovery Service i didn't close, cause closing it cause my system instability.)
P.S. By the way, the quarantine you can also send to your antivirus company. In this simple action you will be able to check a time response of the trendmicro lab
Последний раз редактировалось drongo; 25.07.2008 в 00:02.
*Нажми и выполни, если хочешь чтобы помощь улучшилась и ускорилась
*MyFirefox Portable
special avz @ rapidshare.com
md5: 2091925798B7909E010E3F7E328C5F0D