task manager blocked

**rmr619** · 13.07.2008, 08:57

My pc starts up very slowly and the windows task manager says its blocked.
The internet explorer keeps popping up different windows.

**kps** · 13.07.2008, 13:21

AVZ - File - Custom scripts
Execute the following script (copy it, paste it in the script window of AVZ and execute):

Код:

begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
 QuarantineFile('C:\Program Files\WildTangent\Apps\CDA\CDALogger0402.dll','');
 QuarantineFile('C:\WINDOWS\wt\webdriver\4.1.1\webdriver.dll','');
 QuarantineFile('C:\autorun.inf','');
 QuarantineFile('C:\WINDOWS\iexplorer.exe','');
 QuarantineFile('C:\WINDOWS\system32\admincfg.exe','');
 QuarantineFile('C:\WINDOWS\system32\BACSCPL.cpl','');
 QuarantineFile('C:\WINDOWS\Downloaded Program Files\ZIntro.ocx','');
 QuarantineFile('C:\WINDOWS\Downloaded Program Files\MsnPUpld.dll','');
 QuarantineFile('C:\WINDOWS\Downloaded Program Files\SnapfishActivia1000.ocx','');
 QuarantineFile('C:\Program Files\Juno\toolbar.dll','');
 QuarantineFile('C:\Program Files\Juno\exec.exe','');
 QuarantineFile('C:\WINDOWS\System32\drivers\tcpip66.sys','');
 QuarantineFile('C:\WINDOWS\system32\tewiwyqu.dll','');
 QuarantineFile('C:\WINDOWS\system32\skeekn.dll','');
 QuarantineFile('C:\WINDOWS\system32\byXOiGVP.dll','');
 DeleteFile('C:\WINDOWS\system32\byXOiGVP.dll');
 DeleteFile('C:\WINDOWS\system32\skeekn.dll');
 DeleteFile('C:\WINDOWS\system32\tewiwyqu.dll');
 DeleteFile('C:\WINDOWS\iexplorer.exe');
 DeleteFile('C:\Program Files\WildTangent\Apps\CDA\CDALogger0402.dll');
 DeleteFile('C:\WINDOWS\wt\webdriver\4.1.1\webdriver.dll');
 DelBHO('ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880');
 DelBHO('fd9bc004-8331-4457-b830-4759ff704c22');
 DelBHO('fcaddc14-bd46-408a-9842-cdbe1c6d37eb');
 DelBHO('e3eebbe8-9cab-4c76-b26a-747e25ebb4c6');
 DelBHO('e2ddf680-9905-4dee-8c64-0a5de7fe133c');
 DelBHO('cf021f40-3e14-23a5-cba2-717765721306');
 DelBHO('bc97b254-b2b9-4d40-971d-78e0978f5f26');
 DelBHO('b847676d-72ac-4393-bfff-43a1eb979352');
 DelBHO('a55581dc-2cdb-4089-8878-71a080b22342');
 DelBHO('98dbbf16-ca43-4c33-be80-99e6694468a4');
 DelBHO('940fca98-c331-4780-9c07-2c3ed8b511a5');
 DelBHO('799a370d-5993-4887-9df7-0a4756a77d00');
 DelBHO('79369d5c-2903-4b7a-ade2-d5e0dee14d24');
 DelBHO('587dbf2d-9145-4c9e-92c2-1f953da73773');
 DelBHO('5321e378-ffad-4999-8c62-03ca8155f0b3');
 DelBHO('4E17949E-D955-4947-A4E7-B85BAF833CF7');
 DelBHO('467faeb2-5f5b-4c81-bae0-2a4752ca7f4e');
 DelBHO('2e9caff6-30c7-4208-8807-e79d4ec6f806');
 DelBHO('2d38a51a-23c9-48a1-a33c-48675aa2b494');
 DelBHO('1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2');
 DelBHO('1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1');
 DelBHO('17da0c9e-4a27-4ac5-bb75-5d24b8cdb972');
 DelBHO('150fa160-130d-451f-b863-b655061432ba');
 DelBHO('086ae192-23a6-48d6-96ec-715f53797e85');
 DelBHO('00110011-4b0b-44d5-9718-90c88817369b');
BC_ImportALL;
ExecuteSysClean;
BC_Activate;
ExecuteRepair(11);
RebootWindows(true);
end.

Your computer will reboot.
Upload the quarantined files according to the Appendix 3 of the rules. (upload here http://virusinfo.info/upload_virus_eng.php?tid=26402 )

C:\Documents and Settings\Jose Sanchez\My Documents\My eBooks\Download_v2d.exe
C:\Documents and Settings\Jose Sanchez\My Documents\My eBooks\installdrivecleanerstart.exe
These 2 files are malicious. Delete them by yourself.

Make new logs.

**rmr619** · 14.07.2008, 01:24

I have uploaded the quarantined files and made new logs.

**kps** · 14.07.2008, 12:42

AVZ - File - Custom scripts
Execute the following script (copy it, paste it in the script window of AVZ and execute):

Код:

begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
 DeleteFile('C:\WINDOWS\System32\drivers\tcpip66.sys');
 DeleteFile('C:\WINDOWS\system32\ycwdwekn.dll');
 DeleteFile('C:\WINDOWS\system32\byXOiGVP.dll');
 DeleteFile('C:\WINDOWS\system32\admincfg.exe');
 DeleteFile('C:\autorun.inf');
 DelBHO('F17F656B-2946-4ABB-AC19-3AB3000B5584');
BC_ImportDeletedList;
ExecuteSysClean;
BC_DeleteSvc('tcpip66');
BC_Activate;
RebootWindows(true);
end.

Your computer will reboot.

Make new logs.

**rmr619** · 16.07.2008, 10:09

I executed the script and i made new logs. Thank you for your help.
There is a window that pops up before it starts and its not connecting to the wireless internet anymore.

**kps** · 16.07.2008, 12:40

Please download http://www.tksinc.us/downloads/WinsockXPFix.exe
Write the settings of your internet before you use the program. Then run the program and press "Fix".
After reboot input your internet settings and look if the problem with the internet exists.

About the popup window - can you attach a screenshoot?

**rmr619** · 17.07.2008, 22:52

Thanks for your help the internet connected again. I attached a screenshot of the pop up.

**kps** · 17.07.2008, 23:00

AVZ - File - Custom scripts
Execute the following script (copy it, paste it in the script window of AVZ and execute):

Код:

begin
ExecuteRepair(7);
ExecuteRepair(16);
RebootWindows(true);
end.

Your computer will reboot.
Is the problem solved ?

**rmr619** · 19.07.2008, 05:52

No the pop up window is still there but it looks different.

task manager blocked

Опции темы