something adds urreeswc.dll and hgGyywxw.dll to autostart and cannot be deleted, i can't browse some sites and use search on google and few others...
http://robertk.webd.pl/diox/avptool_syscheck.zip
http://robertk.webd.pl/diox/hijackthis.log
something adds urreeswc.dll and hgGyywxw.dll to autostart and cannot be deleted, i can't browse some sites and use search on google and few others...
http://robertk.webd.pl/diox/avptool_syscheck.zip
http://robertk.webd.pl/diox/hijackthis.log
Execute the following script
Your computer will reboot.Код:begin SearchRootkit(true, true); SetAVZGuardStatus(True); QuarantineFile('C:\WINDOWS\system32\mlJCTKcc.dll',''); QuarantineFile('C:\Program Files\Antispyware\Antispyware.exe',''); QuarantineFile('C:\WINDOWS\system32\urreeswc.dll',''); QuarantineFile('C:\WINDOWS\system32\hgGyywxw.dll',''); DeleteFile('C:\WINDOWS\system32\hgGyywxw.dll'); DeleteFile('C:\WINDOWS\system32\urreeswc.dll'); DeleteFile('C:\WINDOWS\system32\mlJCTKcc.dll'); DelBHO('FFFB03AD-A461-4B99-9A23-D3B127D7C995'); DelBHO('12401F00-D6DD-4112-B187-E8681685D182'); DelWinlogonNotifyByKeyName('mlJCTKcc'); BC_ImportALL; ExecuteSysClean; BC_Activate; RebootWindows(true); end.
Upload the quarantined files according to the rules.
Uninstall the program "Antispyware".
Make new logs.
Месть - мечта слабых, прощение - удел сильных.
Поддержать проект можно здесь
antispyware uninstalled, quarantined files sent
avptool_syscheck.zip
hijackthis.log
Task Scheduler jobs - delete the task about Antispyware
Execute the script
Your computer will reboot.Код:begin ClearQuarantine; SearchRootkit(true, true); SetAVZGuardStatus(True); QuarantineFile('C:\DOCUME~1\User\USTAWI~1\Temp\ewdmaudn.sys',''); DeleteFile('C:\DOCUME~1\User\USTAWI~1\Temp\ewdmaudn.sys'); DeleteFile('C:\WINDOWS\system32\hgGyywxw.dll'); DelBHO('0C5B329C-A62E-40C4-ABB0-1459CBE328AA'); BC_ImportALL; ExecuteSysClean; ExecuteWizard('TSW', 3, 3, false); BC_DeleteSvc('ewdmaudn'); BC_Activate; RebootWindows(true); end.
Upload the quarantined files.
Make new logs.
Месть - мечта слабых, прощение - удел сильных.
Поддержать проект можно здесь
scheduler task deleted
avptool_syscheck.zip
hijackthis.log
I dont see anything bad in the logs anymore
Execute the script
I recommend to delete the program "Bonjour".Код:begin ExecuteWizard('TSW', 2, 2, true); end.
Any problems left?
Месть - мечта слабых, прощение - удел сильных.
Поддержать проект можно здесь
thanks a lot, everything works well now, btw do i still need sp3 if i have legal xp with recent updates? and how to get rid of this "bonjour" thing? i know it's there but don't know how to get rid of it
Yes, you do.
Google knows just all: http://www.ajuaonline.com/2007/10/02...njour-service/
Последний раз редактировалось Rene-gad; 16.08.2008 в 18:08. Причина: Добавлено
dioxxx,i think, the best thing it is prevention infection in the future
Don't use an admin account in the internet, make a new, a limited one http://www.microsoft.com/protect/com...eraccount.mspx
Disable active scripting in browser by default, the best and comfortable way to do it - is using firefox+noscript
In these simple steps you can prevent function/installation about 90 percent of the malware
*Нажми и выполни, если хочешь чтобы помощь улучшилась и ускорилась
*MyFirefox Portable
special avz @ rapidshare.com
md5: 2091925798B7909E010E3F7E328C5F0D
i'm using opera and don't want to switch to ff besides i got infected by my own stupidity downloading crap from unknown sites, anyway i'll think about this account thing, thanks for all your help