Virus [Trojan.Win32.BHO.kse ]

[metin]

i know...i am doing the rules now...if you follow the rules...YOU WILL GET A HYJACK LOG...WILL YOU YES YOU WILL..AND YOU WILL GET A AVZ LOG..TOO..dont tell me i am wrong because thats why we are getting no where...i know how to follow the rules...

[drongo]

fine

[metin]

have done al the logs and now i want to attach them...but wich ones..

4. Create a new thread in the "Help Me" section only. The header should contain a brief description of the problem and the body should provide the details. Attach the logfiles created during the system analysis (AVZ - virusinfo_syscure.zip, AVZ - virusinfo_syscheck.zip, HJT - hijackthis.log) to the message. There should be 3 logs in general. We will do our best to help you.

can i do it in this tread or must i create a new one...and i attached the zipfile earlier and you gave me a red card...virusinfo_syscure.zip...in my log there are 3 different files of
- virusinfo_syscure.zip
- virusinfo_syscheck.zip

xml document
firefox doxument
zip documennt

this ar 6 files..and there is also 1 virusinfo_cure zip file

so in total 7 files...

gr metino

[drongo]

read again(in red is better ?)
only these:
virusinfo_syscure.zip
virusinfo_syscheck.zip

[metin]

i did this earlier and i read it well...but than you gave me a red card//thats why i ask...

nevermind...

here are the 3 logs

[drongo]

Cause earlier you did attached a quarantine twice After first time i did just removed it and told you, on second time i must too do so It is my duty, sorry for that.Hope you are understand.
Now i see in your logs, that you steel have an infection.
Disable system restore, because of system restore your infection is steel inside your computer.It is protect now on your trojan

Again , unload all anti and execute this script(remember do it with right click, run as administrator, otherwise it will not work):

Код:

begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
 DelBHO('{7E853D72-626A-48EC-A868-BA8D5E23E045}');
 DelBHO('{0749B30F-E0C3-AB2F-D11F-5FAFDA3735DF}');
 DeleteFile('C:\Windows\system32\jlozvsbouz.dll');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
ExecuteRepair(6);
ExecuteRepair(8);
RebootWindows(true);
end.

You better uninstall all your avptool- i see some different installation.

Open KVRT (Kaspersky Virus Removal Tool) then click "Complete Antivirus Protection" . It will open default web browser (open Kaspersky website) and uninstall KVRT.



After that, please make just a new virusinfo_syscure.zip and attach it to your next post, i want to see that your system is clean from malware.

[metin]

i turned of system restore....but what do you want me to do next.where do i execute this in (avz or Kaspersky) and i dont have avztool installed...it is just when i start fighter...thats when it works...and i cannot open avz by administrator...it just opens...and why do you want me to uninstall KVRT...???i realy do not understand your stepsss

Again , unload all anti and execute this script(remember do it with right click, run as administrator, otherwise it will not work):
Code:

begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
DelBHO('{7E853D72-626A-48EC-A868-BA8D5E23E045}');
DelBHO('{0749B30F-E0C3-AB2F-D11F-5FAFDA3735DF}');
DeleteFile('C:\Windows\system32\jlozvsbouz.dll');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
ExecuteRepair(6);
ExecuteRepair(;
RebootWindows(true);
end.

You better uninstall all your avptool- i see some different installation.

Open KVRT (Kaspersky Virus Removal Tool) then click "Complete Antivirus Protection" . It will open default web browser (open Kaspersky website) and uninstall KVRT.

Добавлено через 38 минут

and what do i have to do on the website????do not know what you mean..

Добавлено через 4 минуты

Cause earlier you did attached a quarantine twice After first time i did just removed it and told you, on second time i must too do so It is my duty, sorry for that.Hope you are understand.
Now i see in your logs, that you steel have an infection.
Disable system restore, because of system restore your infection is steel inside your computer.It is protect now on your trojan

Did al af things above

Again , unload all anti and execute this script(remember do it with right click, run as administrator, otherwise it will not work):

Код:

begin where in AFZ or Kaspersky and i cannot run fighter by administrator
SearchRootkit(true, true);
SetAVZGuardStatus(True);
 DelBHO('{7E853D72-626A-48EC-A868-BA8D5E23E045}');
 DelBHO('{0749B30F-E0C3-AB2F-D11F-5FAFDA3735DF}');
 DeleteFile('C:\Windows\system32\jlozvsbouz.dll');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
ExecuteRepair(6);
ExecuteRepair(8);
RebootWindows(true);
end.

You better uninstall all your avptool- i see some different installation.

Open KVRT (Kaspersky Virus Removal Tool) then click "Complete Antivirus Protection" . It will open default web browser (open Kaspersky website) and uninstall KVRT. why should i go to the website?? there is nothing there??



After that, please make just a new virusinfo_syscure.zip and attach it to your next post, i want to see that your system is clean from malware.

in AFZ or Kaspersky???


So what shoul i do

[drongo]

wherever you like avz or avptool will understand it too, just make sure to run a tool with administrator rights.
KVRT=avptool for detection/curing just for single use, because it hasn't ability to update. For that reason i advice you to uninstall it. In order to unistall it, you should follow what i did sad.

[metin]

Open KVRT (Kaspersky Virus Removal Tool) then click "Complete Antivirus Protection" . It will open default web browser (open Kaspersky website) and uninstall KVRT.

this is what you say how to uninstall....but this hasnt anything to do with it...

and why i must uninstall...you are not answering my questions

Добавлено через 1 минуту

i cannot open avz (fighter) with right click either...

[drongo]

Because i don't see a reason to see 4 drivers of kaspersky, when you don't need them In my opinion, having more active drivers from different antiviruses in system folder may lead to strange things
You can try execute in avptool or normal avz, if fighter.pif on your vista is not working .

[metin]

fighter pif is working now...i am executing now and will send you teh files

grtz

[metin]

Here are the new logs..

grtzz

[drongo]

Finally, your trojan is history
Logs looks clean. No need more, at least for now

[metin]

Hmm ok...thats good news...tnx a lot for all your time and support..it may not
have been easy all the time....another thing my com is still slower...strange

[drongo]

about that your computer still slower...-possible that software that you did installed lately, not so good to your system. Unistall it, after that do "cleaning" with portable ccleaner (http://www.ccleaner.com/download/bui...ading-portable)

P.S. With my insistence and your assistance
kaspersky will call it( jlozvsbouz.dll-) as Trojan.Win32.BHO.kse

[metin]

i uninstalled it earlier...but i will do the cleaner.....do i have to put system restore on again???

Добавлено через 25 минут

i did cleaner and there more more than 300 problems in registry and cleaner...fixed them all..now i am doing regcure and it says more than 300 problems????very strange

Добавлено через 1 минуту

regcure cleaned another 880 errors..hope me com will work faster now

Добавлено через 2 минуты

is it true that you have to do more than 1 scan with ccleaner en regcure to clean better...because the first time there are a lot errors second time less and third time nothing...???

[drongo]

You may enable windows restore, but...
The original Microsoft system restore didn't restore all, it is useless in most cases after virus attack(on the contrary, virus creators using "windows system restore" to protect their creations by disabling ability to shut it off) it doesn't helps with serious bugs either; use some 3th company product with image creation ability(that you can burn on dvd ) , for example: http://www.acronis.com/homecomputing...cts/trueimage/

About ccleaner:i am personally use one time under limited user (my regular account) and after that one time with administator rigts. Don't know why in your case 3 times- you can ask ccleaner developer. ;-)

[metin]

okkk..should i enable system restore???

and my comp...is running faster...but it shutted down instantly 10 minutes ago...a blue screen came up...and said some software isnt right installed etc etc..

and in security center i can not turn it on....

[drongo]

about: system restore-> it is up to you, i did told you my advice.
in blue screen you should see what it cause, and uninstall the conflict program. if you unable understand, you can post it here.
i don't use any security center - i am a security center myself
Perhaps this script will help:

Код:

begin
ExecuteRepair(6);
ExecuteRepair(8);
ExecuteRepair(9);
RebootWindows(true);
end.

[metin]

it says error expected at position 4 when i try to excetuce