Hello analysts..
Please do send me the required script which can help me fix my pc lil snags...
and please if possible do give me insights on how u ppl actually do this wud rly luv to know!
thanks!
Hello analysts..
Please do send me the required script which can help me fix my pc lil snags...
and please if possible do give me insights on how u ppl actually do this wud rly luv to know!
thanks!
Close/unload all the programs excepted AVZ and Internet Explorer
Switch off:
- Antivirus and and, if you have - Firewall.
- System Restore
- Execute following script
After reboot:Код:begin SearchRootkit(true, true); SetAVZGuardStatus(True); TerminateProcessByName('c:\program files\viorb\viorb.exe'); QuarantineFile('c:\program files\viorb\viorb.exe',''); DeleteFile('c:\program files\viorb\viorb.exe'); DeleteService('Bonjour Service'); DeleteFile('c:\program files\bonjour\mdnsresponder.exe'); BC_ImportAll; ExecuteSysClean; BC_Activate; RebootWindows(true); end.
- Clean Temp-Maps, Cache of Browsers, Recycler. Use Windows service tool cleanmgr or CCleaner or ClearProg
- Close all the programs and start only Internet Explorer!!!
- Repeat 3 log files in accordance with the rules.
- Switch Antivirus and, if you have - Firewall, on.
- Go On-Line
- Upload the quarantine in accordance with Appx. 3 of the rules.
- Attach 3 logs to your new post..
thanksss..il surely try this out and revert bak to u sir!
thank u!..bt its really necessary for me to dlt viorb..tht came wth my transformation pak for vista (....do tell me....
Добавлено через 46 секунд
btw.i sue window washer on a regular basis..to clean out all the trash..alongwith regcure..fr my reg tweaking! ....
Добавлено через 8 минут
*use
I followed the advice given by Mr rene...and executed the following script
im now attaching another log of my pc...........so tht it may be analyzed..thank u all so much..
btw can u pplz temme in which language do u execute this script?
unfortunately ...i cant find where the tool has stored the quarantined files..so am sorry..can't upload....i chkd in the quarantine folders of AVZ>..no zip file found
Добавлено через 21 минуту
and WHAT THE HELL IS THIS...........AVZ tools....is-GNVQ 7......startup.exe..is a KEYLOGGER....DAMMIT....is that true...il have to dlt this AVZ thing then..please do help me in this regard too..
i HAve kaspersky antivirus only,and that only is showing this startup.exe as key logger..now what to do?
Последний раз редактировалось Rene-gad; 24.12.2008 в 00:16.
Pls. read here: http://www.prevx.com/filenames/X6286...VIORB.EXE.html and use a basic English, otherwise I'll write for you in German.
Добавлено через 5 минут
Close/unload all the programs excepted AVZ and Internet Explorer
Switch off:
- Antivirus and and, if you have - Firewall.
- System Restore
- Execute following script
After reboot:Код:begin SearchRootkit(true, true); SetAVZGuardStatus(True); QuarantineFile('C:\WINDOWS\system32\viwc.exe',''); QuarantineFile('interceptor.dll',''); DeleteFile('C:\WINDOWS\system32\viwc.exe'); BC_ImportAll; ExecuteSysClean; BC_Activate; RebootWindows(true); end.
- Clean Temp-Maps, Cache of Browsers, Recycler. Use Windows service tool cleanmgr or CCleaner or ClearProg
- Close all the programs and start only Internet Explorer!!!
- Repeat 3 log files in accordance with the rules.
- Switch Antivirus and, if you have - Firewall, on.
- Go On-Line
- Upload the quarantine in accordance with Appx. 3 of the rules.
- Attach 3 logs to your new post..
Последний раз редактировалось Rene-gad; 10.12.2008 в 11:36. Причина: Добавлено
here are the remainder of the logs..
thank u for checking again
I hope this time am not messing around with your rules, since I am posting in the same POST.
Thanks..
and thank you for German, English is cool with me, Cant understand anything in German.
Thanks
HELOOOOOOOOOOOOOOOOOOOOO..ANYONE THERE TO REPLY?
Последний раз редактировалось Rene-gad; 24.12.2008 в 00:16.
If you will behave you in such way I'll close the topic: you became a script and dissapeared for 2 weeks!!!Now you are coming and bringing the logs you made for two weeks!
Switch off:
- Antivirus and and, if you have - Firewall.
- System Restore
-Fix
- Execute following scriptКод:R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windowsxlive.net
After reboot:Код:begin SearchRootkit(true, true); SetAVZGuardStatus(True); QuarantineFile('interceptor.dll',''); DelCLSID('{B600E6E9-553B-4A19-8696-335E5C896153}'); DelCLSID('{BBCA9F81-8F4F-11D2-90FF-0080C83D3571}'); QuarantineFile('C:\WINDOWS\wc98pp.dll',''); DeleteFile('C:\WINDOWS\wc98pp.dll'); DeleteFile('C:\Program Files\Bonjour\mdnsNSP.dll'); DeleteFile('c:\windows\system32\interceptor.dll'); BC_ImportAll; ExecuteSysClean; ExecuteRepair(13); BC_Activate; RebootWindows(true); end.
- Clean Temp-Maps, Cache of Browsers, Recycler. Use Windows service tool cleanmgr or CCleaner or ClearProg
- Close all the programs and start only Internet Explorer!!!
- Repeat 3 log files in accordance with the rules.
- Switch Antivirus and, if you have - Firewall, on.
- Go On-Line
- Upload the quarantine over the link Upload quarantined files on the top of this page.
- Attach 3 logs to your new post..
Am sorry Mr RENE....But please do understand...Am also not a very regular visitor of this site..and I dont come online much...I try to come here as soon as possible. I also have got my exams and everything else coming up.....and am leading quite a busy life.
Am sorry, as soon as things are over..when I am regular....I will surely post then...
But thanks anyways for your help
I have attached the required logs after executing required scripts.Would be very grateful if you could actually explain what you are deleting ...and for what purpose are those files being deleted,and what potential harm they can cause.would love to know more about this!
thanks a lot
Последний раз редактировалось Rene-gad; 29.12.2008 в 10:20.
Use www.google.[yourcountryabbreviation]
I cannot find any malicious in your last logs, but I don't understand, why didn't you update a database of AVZ?
Is it your provider?
Emirates Telecommunication Corporation
il update it as soon as possible i dint know a new release was out...did not check, sorry..
..yes emirates only is my telecom provider...
I did not get you clearly....but il update my avz for sure...thank you
here are the UPDATED FILES....UPDATED LOGS..ALL LATEST SOFTWARES...
thank u...once again...
plz explain what you meant by my telecom provider reference....And i still did not understand what is being deleted.
Thanks
And where the quarantine? You didn't send us yet by http://virusinfo.info/upload_virus_eng.php?tid=35298 . Only after viewing it, we will be able to answer your question.
*Нажми и выполни, если хочешь чтобы помощь улучшилась и ускорилась
*MyFirefox Portable
special avz @ rapidshare.com
md5: 2091925798B7909E010E3F7E328C5F0D
I am sorry, but what qurantine, I don't think anything was stored in qurantine.
Mr Rene has been kind enough to clear all my queries by just making use of these logs, i have never uploaded the quarantine till now.Please do tell me, il upload some file, dont know for sure whether its qurantined or not.
Thanks
Добавлено через 1 минуту
is it syscure log u talking about, I have no clue. I uploaded all the required logs right, till now my queries were answered on the basis of my logs!!!
Последний раз редактировалось samm316; 09.01.2009 в 20:02. Причина: Добавлено
In this case, you should read more carefully, what Rene-gad did told you in post#6, read it now
If you did delete the quarantine- we are unable to answer on your question: " .And i still did not understand what is being deleted. "- Upload the quarantine over the link Upload quarantined files on the top of this page.
We are also don't understand what" was being deleted", because we didn't get yours quarantine.
Do we understand each other ?
Последний раз редактировалось drongo; 09.01.2009 в 21:44.
*Нажми и выполни, если хочешь чтобы помощь улучшилась и ускорилась
*MyFirefox Portable
special avz @ rapidshare.com
md5: 2091925798B7909E010E3F7E328C5F0D
hehehehehehhehehee ...I get what you say, no i never had any quarantines . I guess we perfectly understand each other.
Mr Rene used to give me few scripts and in those scripts we had commands like "delete service "..or "delete file"... I was asking about these deletions, not any quarantines.!
Now, I posted the latest logs, Is my computer error free and peerfect now?I do run kaspersky, but i found this community interesting and joined!.Its fun here!
Please do tell me, What to do next!
Thanks!!..btw, are you from Israel Sir?
In Rene-gad's script, you can find : QuarantineFile - it is for copy creation, that you should upolad. Next time, please do it. It well help others to eliminate same malware.
Your logs looks clean. So, if you don't see any problems, i don't see either
In order to not get similar infection in future, you should work under limited user.
P.s.Yes, i am from Israel. If you can support Israel in any peaceful way, it will be your thanks to me.
*Нажми и выполни, если хочешь чтобы помощь улучшилась и ускорилась
*MyFirefox Portable
special avz @ rapidshare.com
md5: 2091925798B7909E010E3F7E328C5F0D
I support humanity sir!.....Very unfortunate all the killings that are taking place around the world, my country(India), your country, gaza..sheesh....Will it ever end?..
Any way I am deviating from the topic!...I support Israel Sir, I support Peace......For that i can support anyone!
As far as understanding scripts is concerned, Lol, i can't understand a thing! .
Which language is it in which you people give me scripts, let my exams get over, Il try to learn too, and perhaps help people out here,Fixing pc's is a passion of mine!
And yes, my logs are clean?..thank goodness, I guessed that, but wasn't sure.
One more doubt, my explorer has started crashing a lot nowadays, anyidea as to why, I have VISTA TRANSFORMATION PACK,9.0.1 installed, after that these frequent on and off crashing started taking place!.
And what exactly is meant by In order to not get similar infection in future, you should work under limited user...i quote you there.
Thanks once again for whatever help you are providing.Hope peace is restored to your region soon!
Добавлено через 1 минуту
PS : Il read Mr Rene's scripts again, did not notice the quarantine part! .
And yes, am i supposed to do anything else now, take more logs and all for instance, or I am not required to do anything else?.
Thank YOu!
Последний раз редактировалось samm316; 11.01.2009 в 00:07. Причина: Добавлено
1. limited user:
http://www.microsoft.com/protect/com...eraccount.mspx
2. It is an avz-script language, not hard to learn and use.There is one little problem- help mainly in Russian Translation still in progress...
3.VISTA TRANSFORMATION PACK or such, can cause you problems, so my advice- uninstall it, and check all system files with original ones, don't forget update the windows itself.
4. Your logs are clean.No need to do more, at least now
*Нажми и выполни, если хочешь чтобы помощь улучшилась и ускорилась
*MyFirefox Portable
special avz @ rapidshare.com
md5: 2091925798B7909E010E3F7E328C5F0D
thank you so much Mr Drongo!!! ..
I have been using the pack for a long time now, i so dont want to remove it, can u tell me an alternative instead?plz plz plz, and thank you so much for giving me valuable insight on the language used, no one was telling me here, you are the first person to do so, thank you so much!Il wait for the translation!..
sir,any idea why a start menu would refuse to open, even after pressing windows key, is this also something to do with windows vista transformation pack, all this started afte installation only, not that it harms me , but still!....I probably will wait for their next update, or can u suggest a better alternative to transfrom XP, forgive me ,am into this useless fancy stuff...thank you!
Sorry, i don't using staff like this About 3 years ago, i did used something like this, but not for long There is always chance to catch a bug, but using modified system files this chance is increasing exponentially
You can try to send request to creator of this VISTA TRANSFORMATION PACK, perhaps it will assist you.
*Нажми и выполни, если хочешь чтобы помощь улучшилась и ускорилась
*MyFirefox Portable
special avz @ rapidshare.com
md5: 2091925798B7909E010E3F7E328C5F0D