1. Uninstall kis7, and download kis2009-always use last version- this is advice of any software company. Frankly speaking, they are right
2.I have seeing in you log signs of the symantec, you should better download their remover tool and run it.(http://service1.symantec.com/Support...05033108162039)
3.download special version of avz in my signature(you have somewhere working internet, wright ? )
disable antivirus and disconnect from internet/network, disable system restore (read in our rules, if you don't know how)
execute this script:
Код:
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
QuarantineFile('E:\autorun.inf','');
QuarantineFile('D:\autorun.inf','');
QuarantineFile('C:\autorun.inf','');
QuarantineFile('D:\WINDOWS\system32\ieudinit.exe','');
QuarantineFile('D:\WINDOWS\inf\unregmp2.exe','');
DelBHO('{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}');
DelBHO('{CDE8EAB9-CEF3-4885-B12F-26960A25C800}');
DelBHO('{7E853D72-626A-48EC-A868-BA8D5E23E045}');
QuarantineFile('D:\WINDOWS\system32\gpprefcl.dll','');
QuarantineFile('D:\WINDOWS\system32\WPDShServiceObj.dll','');
QuarantineFile('D:\WINDOWS\System32\srchadmin.dll','');
QuarantineFile('D:\WINDOWS\system32\drivers\tiehdusb.sys','');
DeleteService('MHNDRV');
QuarantineFile('D:\WINDOWS\system32\DRIVERS\mhndrv.sys','');
QuarantineFile('D:\WINDOWS\system32\Drivers\cercsr6.sys','');
QuarantineFile('D:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys','');
QuarantineFile('D:\WINDOWS\nvoclock.sys','');
QuarantineFile('D:\WINDOWS\system32\drivers\hardlock.sys','');
QuarantineFile('D:\WINDOWS\system32\DRIVERS\fallback.sys','');
QuarantineFile('D:\WINDOWS\system32\Drivers\Diag69xp.sys','');
QuarantineFile('D:\WINDOWS\System32\drivers\BrPar.sys','');
QuarantineFile('D:\WINDOWS\system32\DRIVERS\basic2.sys','');
QuarantineFile('D:\WINDOWS\system32\windrvNT.sys','');
QuarantineFile('D:\WINDOWS\System32\Drivers\TICalc.SYS','');
DeleteFile('D:\WINDOWS\system32\DRIVERS\mhndrv.sys');
DeleteFile('C:\autorun.inf');
DeleteFile('D:\autorun.inf');
DeleteFile('E:\autorun.inf');
BC_ImportAll;
ExecuteSysClean;
ExecuteRepair(6);
ExecuteRepair(8);
ExecuteRepair(9);
ExecuteRepair(14);
BC_Activate;
RebootWindows(true);
end.
Please upload the quarantine according to our rules (please read appendix 3)
Use this link: http://virusinfo.info/upload_virus_eng.php?tid=37418
make a new logs according to our rules http://virusinfo.info/showthread.php?t=9184