Страница 1 из 2 12 Последняя
Показано с 1 по 20 из 28.

disabling my antivirus

  1. #1
    Junior Member Репутация
    Регистрация
    12.04.2008
    Сообщений
    42
    Вес репутации
    36

    disabling my antivirus

    i got a infected by a virus who disabled my kaspersky antivirus 6.0, when i want to start it ,i got a message that its been used by an other application.
    Вложения Вложения

  2. #2
    Senior Member Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация
    Регистрация
    03.04.2006
    Сообщений
    21,108
    Вес репутации
    3000
    Update the signatures in AVZ (File/Database Update)!!!

    Close/unload all the programs excepted AVZ and Internet Explorer

    Switch off:
    - Antivirus and and, if you have - Firewall.
    - System Restore
    - Close all the opended programs excepting AVZ and Internet Explorer


    - Execute following script
    Код:
    begin
    SearchRootkit(true, true);
    SetAVZGuardStatus(True);
    QuarantineFile('C:\WINDOWS\system32\atmlibl.dll','');
     QuarantineFile('C:\WINDOWS\WLXPGSS.SCR','');
     DelBHO('{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}');
     QuarantineFile('C:\WINDOWS\system32\dllcache\wuauclt.exe','');
     QuarantineFile('C:\autorun.inf','');
     QuarantineFile('C:\HNLJ.PIF','');
     QuarantineFile('D:\autorun.inf','');
     QuarantineFile('D:\HNLJ.PIF','');
     DeleteFile('D:\HNLJ.PIF');
     DeleteFile('D:\autorun.inf');
     DeleteFile('C:\HNLJ.PIF');
     DeleteFile('C:\autorun.inf');
     DeleteFile('C:\WINDOWS\system32\dllcache\wuauclt.exe');
     DeleteFile('C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL');
     DeleteFile('C:\WINDOWS\system32\atmlibl.dll');
    BC_ImportAll;
    ExecuteSysClean;
    BC_Activate;
    RebootWindows(true);
    end.
    After reboot:
    - Clean Temp-Maps, Cache of Browsers, Recycler. Use Windows service tool cleanmgr or CCleaner or ClearProg
    - Close all the programs and start only Internet Explorer!!!
    - Repeat 3 log files in accordance with the rules.
    - Switch Antivirus and, if you have - Firewall, on.
    - Go On-Line
    - Attach 3 logs to your new post..

  3. #3
    Junior Member Репутация
    Регистрация
    12.04.2008
    Сообщений
    42
    Вес репутации
    36
    the antivirus can't start and show me message that the program is used by an other application.
    and i got a DOS Windows with
    Код:
    0. Intel(R) 82566DM Gigabit Network Connection (Microsoft's Packet Scheduler)
            IP Address. . . . . : 10.124.0.152
            Physical Address. . : 00-0F-FE-63-AA-95
            Default Gateway . . : 10.124.0.50[*] Bind on 10.124.0.152 Intel(R) 82566DM Gigabit Network Connection (Microsoft'
    s Packet Scheduler) ...
    Scanning Alive Host......
    Found Alive Host:
    1:      125.12.16.2 00-09-E8-78-AF-40
    2:      125.12.16.4 02-00-01-1E-C5-95
    3:      125.12.16.5 00-09-6B-0D-10-43
    4:      125.12.16.6 00-0F-FE-52-CE-89
    .
    .
    .
    29:    125.12.16.86 00-0D-56-78-E1-B2
    Sniffing......
    79.140.80.75
    209.85.154.30
    i really wonder what that DOS windows do ? can u explain me ?
    Вложения Вложения

  4. #4
    Senior Member Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация
    Регистрация
    03.04.2006
    Сообщений
    21,108
    Вес репутации
    3000
    The 2nd and the last time:Update the signatures in AVZ (File/Database Update)!!!. If you will not do it, your topic will be closed

    Fulfill the paragraph 2 of ther rules

    Close/unload all the programs excepted AVZ and Internet Explorer

    Switch off:
    - Antivirus and and, if you have - Firewall.
    - System Restore
    - Close all the opended programs excepting AVZ and Internet Explorer


    - Execute following script
    Код:
    begin
    SearchRootkit(true, true);
    SetAVZGuardStatus(True);
    QuarantineFile('C:\WINDOWS\system32\atmlibl.dll','');
      QuarantineFile('D:\HNLJ.PIF','');
     QuarantineFile('D:\autorun.inf','');
     QuarantineFile('C:\HNLJ.PIF','');
     QuarantineFile('C:\autorun.inf','');
     DelBHO('{0A1230F1-EB52-4CA3-9D34-DE2ABC2EED35}');
     QuarantineFile('C:\Program Files\zzToolBar\ToolBand.dll','');
     DelBHO('{489873CE-F3E1-44A3-8E89-04BE26BE4446}');
     QuarantineFile('C:\Program Files\zzToolBar\Toolbar_bho.dll','');
     QuarantineFile('C:\WINDOWS\360safe.exe','');
     QuarantineFile('C:\WINDOWS\soni.exe','');
     QuarantineFile('C:\WINDOWS\system32\wuauclt.exe','');
     QuarantineFile('C:\WINDOWS\system32\wmpeisfect.dll','');
     QuarantineFile('c:\windows\avtapit.dll','');
     QuarantineFile('c:\windows\system32\dllcache\wuauclt.exe','');
     QuarantineFile('c:\hnlj.pif','');
     QuarantineFile('c:\6132t.exe','');
     DeleteFile('c:\6132t.exe');
     DeleteFile('c:\hnlj.pif');
     DeleteFile('c:\windows\system32\dllcache\wuauclt.exe');
     DeleteFile('c:\windows\avtapit.dll');
     DeleteFile('C:\WINDOWS\system32\atmlibl.dll');
     DeleteFile('C:\WINDOWS\system32\wmpeisfect.dll');
     DeleteFile('C:\WINDOWS\system32\wuauclt.exe');
     DeleteFile('C:\WINDOWS\soni.exe');
     DeleteFile('C:\WINDOWS\360safe.exe');
     DeleteFile('C:\Program Files\zzToolBar\Toolbar_bho.dll');
     DeleteFile('C:\Program Files\zzToolBar\ToolBand.dll');
     DeleteFile('C:\autorun.inf');
     DeleteFile('C:\HNLJ.PIF');
     DeleteFile('D:\autorun.inf');
     DeleteFile('D:\HNLJ.PIF');
    BC_ImportAll;
    ExecuteSysClean;
    BC_Activate;
    RebootWindows(true);
    end.
    After reboot:
    - Clean Temp-Maps, Cache of Browsers, Recycler. Use Windows service tool cleanmgr or CCleaner or ClearProg
    - Close all the programs and start only Internet Explorer!!!
    - Repeat 3 log files in accordance with the rules.
    - Switch Antivirus and, if you have - Firewall, on.
    - Go On-Line
    - Attach 3 logs to your new post..

  5. #5
    Junior Member Репутация
    Регистрация
    12.04.2008
    Сообщений
    42
    Вес репутации
    36
    sorry for the Update
    Вложения Вложения

  6. #6
    Senior Member Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация
    Регистрация
    03.04.2006
    Сообщений
    21,108
    Вес репутации
    3000
    Fulfill the paragraph 2 of ther rules
    CHECK A SYSTEM DATE OF YOUR PC
    Scanning started at 13/09/2004 14:10:32

    Close/unload all the programs excepted AVZ and Internet Explorer

    Switch off:
    - Antivirus and and, if you have - Firewall.
    - System Restore
    - Close all the opended programs excepting AVZ and Internet Explorer


    - Execute following script
    Код:
    begin
    SearchRootkit(true, true);
    SetAVZGuardStatus(True);
     QuarantineFile('C:\WINDOWS\RavNT.exe','');
     QuarantineFile('C:\WINDOWS\qqshel.exe','');
     QuarantineFile('c:\windows\ias.dll','');
     QuarantineFile('c:\windows\icpb.dll','');
     QuarantineFile('C:\WINDOWS\360safe.exe','');
     QuarantineFile('C:\WINDOWS\soni.exe','');
     DelBHO('{285AB8C6-FB22-4D17-8834-064E2BA0A6F0}');
     QuarantineFile('C:\WINDOWS\system32\oobe\pbhealth.dll','');
     QuarantineFile('C:\Program Files\Fichiers communs\PushWare\cpush.dll','');
     DelBHO('{11F09AFD-75AD-4E51-AB43-E09E9351CE16}');
     DeleteFile('C:\Program Files\Fichiers communs\PushWare\cpush.dll');
     DeleteFile('C:\WINDOWS\system32\oobe\pbhealth.dll');
     DeleteFile('C:\WINDOWS\soni.exe');
     DeleteFile('C:\WINDOWS\360safe.exe');
     DeleteFile('c:\windows\icpb.dll');
     DeleteFile('c:\windows\ias.dll');
     DeleteFile('C:\WINDOWS\qqshel.exe');
     DeleteFile('C:\WINDOWS\RavNT.exe');
     DeleteFile('c:\windows\system32\dllcache\wuauclt.exe'); 
    BC_ImportAll;
    ExecuteSysClean;
    BC_Activate;
    RebootWindows(true);
    end.
    After reboot:
    - Clean Temp-Maps, Cache of Browsers, Recycler. Use Windows service tool cleanmgr or CCleaner or ClearProg
    - Close all the programs and start only Internet Explorer!!!
    - Repeat 3 log files in accordance with the rules.
    - Switch Antivirus and, if you have - Firewall, on.
    - Go On-Line
    - Attach 3 logs to your new post..

  7. #7
    Junior Member Репутация
    Регистрация
    12.04.2008
    Сообщений
    42
    Вес репутации
    36
    the date change by it self to ../../2004
    Вложения Вложения

  8. #8
    Senior Member Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация
    Регистрация
    03.04.2006
    Сообщений
    21,108
    Вес репутации
    3000
    Did you make it: Fulfill the paragraph 2 of ther rules ?
    You have got file infection , AVZ cannot heal your PC in this case.

  9. #9
    Junior Member Репутация
    Регистрация
    12.04.2008
    Сообщений
    42
    Вес репутации
    36
    the problem is that i cant access to the safe mode of my computer,eatch time that i chose to access to safe mode the computer reboot.
    i don't know if it's ok to scan in noraml mode ?

  10. #10
    Senior Member Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация
    Регистрация
    03.04.2006
    Сообщений
    21,108
    Вес репутации
    3000
    AVZ, File/System Restore, mark the point 10, execute, reboot and try to logging in the safe mode.

  11. #11
    Senior Member Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Аватар для RiC
    Регистрация
    22.04.2005
    Сообщений
    1,988
    Вес репутации
    548
    Цитата Сообщение от yotta Посмотреть сообщение
    i don't know if it's ok to scan in noraml mode ?
    If safe mode can't work, download CureIt, turn off internet connection, close all possible started programs and try to scan in normal mode, it unrecommended, but possible.

  12. #12
    Junior Member Репутация
    Регистрация
    12.04.2008
    Сообщений
    42
    Вес репутации
    36
    i made scan with normal mode cause i coudn't access to safe mode even with AVZ .
    Вложения Вложения

  13. #13
    Senior Member Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация
    Регистрация
    03.04.2006
    Сообщений
    21,108
    Вес репутации
    3000
    Close/unload all the programs excepted AVZ and Internet Explorer

    Switch off:
    - Antivirus and and, if you have - Firewall.
    - System Restore
    - Close all the opended programs excepting AVZ and Internet Explorer


    - Execute following script
    Код:
    begin
    SearchRootkit(true, true);
    SetAVZGuardStatus(True);
     QuarantineFile('C:\WINDOWS\system32\dllcache\wuauclt.exe','');
     QuarantineFile('D:\CSG.PIF','');
     QuarantineFile('D:\autorun.inf','');
     QuarantineFile('C:\CSG.PIF','');
     QuarantineFile('C:\autorun.inf','');
     DeleteFile('C:\autorun.inf');
     DeleteFile('C:\CSG.PIF');
     DeleteFile('D:\autorun.inf');
     DeleteFile('D:\CSG.PIF');
     DeleteFile('C:\WINDOWS\system32\dllcache\wuauclt.exe');
    BC_ImportAll;
    ExecuteSysClean;
    BC_Activate;
    RebootWindows(true);
    end.
    After reboot:
    - Clean Temp-Maps, Cache of Browsers, Recycler. Use Windows service tool cleanmgr or CCleaner or ClearProg
    - Close all the programs and start only Internet Explorer!!!
    - Repeat 3 log files in accordance with the rules.
    - Switch Antivirus and, if you have - Firewall, on.
    - Go On-Line
    - Attach 3 logs to your new post..

  14. #14
    Junior Member Репутация
    Регистрация
    12.04.2008
    Сообщений
    42
    Вес репутации
    36
    good luck
    Вложения Вложения

  15. #15
    Senior Member Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация
    Регистрация
    03.04.2006
    Сообщений
    21,108
    Вес репутации
    3000
    Pls. repair you PC in the such way, that you could set a correct system data.
    Without it we have not got any chance to heal it.

    Close/unload all the programs excepted AVZ and Internet Explorer

    Switch off:
    - Antivirus and and, if you have - Firewall.
    - System Restore
    - Close all the opended programs excepting AVZ and Internet Explorer


    - Execute following script
    Код:
    begin
    SearchRootkit(true, true);
    SetAVZGuardStatus(True);
     QuarantineFile('D:\autorun.inf','');
     QuarantineFile('C:\autorun.inf','');
     QuarantineFile('C:\WINDOWS\system32\dllcache\wuauclt.exe','');
     QuarantineFile('D:\CSG.PIF','');
     QuarantineFile('C:\Documents and Settings\9.pif','');
     QuarantineFile('C:\Documents and Settings\6.pif','');
     QuarantineFile('C:\Documents and Settings\3.pif','');
     QuarantineFile('C:\Documents and Settings\2.pif','');
     QuarantineFile('C:\CSG.PIF','');
     DelBHO('{92780B25-18CC-41C8-B9BE-3C9C571A8263}');
     DelBHO('{36ECAF82-3300-8F84-092E-AFF36D6C7040}');
     DelBHO('{7E853D72-626A-48EC-A868-BA8D5E23E045}');
     DelBHO('{285AB8C6-FB22-4D17-8834-064E2BA0A6F0}');
     QuarantineFile('C:\WINDOWS\Aseo\pbhealth.dll','');
     QuarantineFile('C:\Documents and Settings\Administrateur\Bureau\obj2.sys','');
     QuarantineFile('C:\WINDOWS\system32\drivers\acpidisk.sys','');
     QuarantineFile('C:\WINDOWS\system32\winlib .dll','');
     QuarantineFile('C:\WINDOWS\system32\cardses.dll','');
     DeleteFile('C:\WINDOWS\system32\cardses.dll');
     DeleteFile('C:\WINDOWS\system32\winlib .dll');
     DeleteFile('C:\WINDOWS\system32\drivers\acpidisk.sys');
     DeleteFile('C:\Documents and Settings\Administrateur\Bureau\obj2.sys');
     DeleteFile('C:\WINDOWS\Aseo\pbhealth.dll');
     DeleteFile('C:\CSG.PIF');
     DeleteFile('C:\Documents and Settings\2.pif');
     DeleteFile('C:\Documents and Settings\3.pif');
     DeleteFile('C:\Documents and Settings\6.pif');
     DeleteFile('C:\Documents and Settings\9.pif');
     DeleteFile('D:\CSG.PIF');
     DeleteFile('C:\WINDOWS\system32\dllcache\wuauclt.exe');
     DeleteFile('C:\autorun.inf');
     DeleteFile('D:\autorun.inf');
    BC_ImportAll;
    ExecuteSysClean;
     BC_DeleteSvc('acpidisk');
    SetAVZPMStatus(True);
    BC_Activate;
    RebootWindows(true);
    end.
    After reboot:
    - Close all the programs and start only Internet Explorer!!!
    - Repeat 3 log files in accordance with the rules.
    - Attach 3 logs to your new post..

  16. #16
    Junior Member Репутация
    Регистрация
    12.04.2008
    Сообщений
    42
    Вес репутации
    36
    can you explain me please how to repair my PC ?

  17. #17
    Senior Member Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация
    Регистрация
    03.04.2006
    Сообщений
    21,108
    Вес репутации
    3000
    Цитата Сообщение от yotta Посмотреть сообщение
    can you explain me please how to repair my PC ?
    Possibly the CMOS-Battery on the Motherboard is too old. That is why you cannot set a correct system date.

  18. #18
    Junior Member Репутация
    Регистрация
    12.04.2008
    Сообщений
    42
    Вес репутации
    36
    the problem of the date is not from a hardware,but the virus who is repensable of the change of date.
    Вложения Вложения

  19. #19
    Senior Member Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Аватар для drongo
    Регистрация
    17.09.2004
    Адрес
    Israel
    Сообщений
    7,165
    Вес репутации
    971
    Very interesting.
    Lets try this one:
    Код:
    begin
    SearchRootkit(true, true);
    SetAVZGuardStatus(True);
     TerminateProcessByName('c:\documents and settings\3.pif');
     QuarantineFile('c:\documents and settings\3.pif','');
    SearchRootkit(true, true);
    SetAVZGuardStatus(True);
     QuarantineFile('D:\xk2n.bat','');
     QuarantineFile('D:\autorun.inf','');
     QuarantineFile('C:\xk2n.bat','');
     QuarantineFile('C:\autorun.inf','');
     QuarantineFile('C:\WINDOWS\system32\wglsp.dll','');
     DelBHO('{489873CE-F3E1-44A3-8E89-04BE26BE4446}');
     QuarantineFile('C:\Program Files\zzToolBar\Toolbar_bho.dll','');
     QuarantineFile('C:\WINDOWS\Aseo\pbhealth.dll','');
     QuarantineFile('C:\WINDOWS\WLXPGSS.SCR','');
     QuarantineFile('C:\WINDOWS\system32\winlib .dll','');
     QuarantineFile('C:\WINDOWS\system32\dllcache\wuauclt.exe','');
     QuarantineFile('C:\WINDOWS\system32\ckvo0.dll','');
     QuarantineFile('C:\WINDOWS\system32\ChsBrKrs.dll','');
     DeleteFile('C:\WINDOWS\system32\ChsBrKrs.dll');
     DeleteFile('C:\WINDOWS\system32\ckvo0.dll');
     DeleteFile('C:\WINDOWS\system32\winlib .dll');
     DeleteFile('C:\Program Files\zzToolBar\Toolbar_bho.dll');
     DeleteFile('c:\documents and settings\3.pif');
     DeleteFile('C:\autorun.inf');
     DeleteFile('C:\xk2n.bat');
     DeleteFile('D:\autorun.inf');
     DeleteFile('C:\WINDOWS\system32\dllcache\wuauclt.exe');
    BC_ImportAll;
    ExecuteSysClean;
    BC_Activate;
    executerepair(6);
    executerepair(8);
    executerepair(9);
    RebootWindows(true);
    end.
    After reboot:
    - Close all the programs and start only Internet Explorer!!!
    - Repeat 3 log files in accordance with the rules.
    - Attach 3 logs to your new post..
    -send us the quarantine by link http://virusinfo.info/upload_virus_eng.php?tid=29883

  20. #20
    Junior Member Репутация
    Регистрация
    12.04.2008
    Сообщений
    42
    Вес репутации
    36
    Hello
    i fixecd the problem of date by uninstaling Kaspersky antivirus 6.0 and installing AVG.
    but i still doubt that my PC still unfected cause i tried to install kaspersky 2009 ,and just when i finish the installtion it got disabled .

Страница 1 из 2 12 Последняя

Похожие темы

  1. Ответов: 7
    Последнее сообщение: 25.04.2008, 13:52
  2. Disabling Messenger Service popups
    От NickGolovko в разделе FAQ
    Ответов: 0
    Последнее сообщение: 02.08.2007, 19:52
  3. Disabling special hidden shared resource IPC$
    От NickGolovko в разделе FAQ
    Ответов: 0
    Последнее сообщение: 02.08.2007, 15:48
  4. Disabling hidden shared resources (C$, ADMIN$, etc)
    От NickGolovko в разделе FAQ
    Ответов: 0
    Последнее сообщение: 02.08.2007, 15:33
  5. Disabling SpyBot TeaTimer
    От NickGolovko в разделе FAQ
    Ответов: 0
    Последнее сообщение: 01.05.2007, 07:19

Свернуть/Развернуть Ваши права в разделе

  • Вы не можете создавать новые темы
  • Вы не можете отвечать в темах
  • Вы не можете прикреплять вложения
  • Вы не можете редактировать свои сообщения
  •  
Page generated in 0.01484 seconds with 17 queries