I am afraid, under terminal session it will not work well.
Is that a chance that someone will execute our scripts under local admin and logs of the Kaspersky Virus Removal Tool?
Can you run there hijackthis?
You can try this one:
Disable antivirus if it's running.
Please execute the following script in avptool:
Код:
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
QuarantineFile('C:\WINDOWS\system32\karina.dat','');
QuarantineFile('C:\WINDOWS\system32\_scui.cpl','');
QuarantineFile('C:\WINDOWS\System32\drivers\tcpsr.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Arx24.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Beep.SYS','');
TerminateProcessByName('c:\windows\system32\buritos.exe');
QuarantineFile('c:\windows\system32\buritos.exe','');
DeleteFile('c:\windows\system32\buritos.exe');
DeleteFile('C:\WINDOWS\System32\drivers\tcpsr.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Arx24.sys');
DeleteFile('C:\WINDOWS\system32\karina.dat');
DeleteFile('C:\WINDOWS\system32\_scui.cpl');
BC_ImportAll;
ExecuteSysClean;
BC_DeleteSvc('Arx24');
BC_DeleteSvc('tcpsr');
BC_Activate;
executerepair(6);
executerepair(8);
RebootWindows(true);
end.
Pack ( zip) (with pass virus)-> Qurantine_AVZ ( it is subfolder where your Kaspersky Virus Removal Tool exist)
Please upload it by link http://virusinfo.info/upload_virus_eng.php?tid=29653
Then make a new log in Kaspersky Virus Removal Tool and attach it to your next post.
Remember to lunch Internet Explorer before making a new log.