Hello here is the log from my computer (see atach)..i hope you can give me more information about whats wrong
gr metino
Hello here is the log from my computer (see atach)..i hope you can give me more information about whats wrong
gr metino
Some files looks suspicious to me. Please execute the following script, it will just make a copy of them to avptool folder
Your system will reboot.Код:begin SearchRootkit(true, true); SetAVZGuardStatus(True); QuarantineFile('C:\Windows\system32\drivers\regi.sys',''); QuarantineFile('C:\Windows\system32\jlozvsbouz.dll',''); BC_ImportAll; BC_Activate; RebootWindows(true); end.
Please zip the quarantine (it should be in sub-folder of your avptool )and make sure to protect it with password virus
- Upload the quarantine over the link http://virusinfo.info/upload_virus_eng.php?tid=37480
Let us know, when you will done.
Последний раз редактировалось drongo; 16.01.2009 в 00:42.
*Нажми и выполни, если хочешь чтобы помощь улучшилась и ускорилась
*MyFirefox Portable
special avz @ rapidshare.com
md5: 2091925798B7909E010E3F7E328C5F0D
first of all thnx for quick response..sorry but i do not understand what you mean...i don't know what to do with your description...can you specify it and tell me simpler how to do things???
gr metino
Добавлено через 2 минуты
and i dont have the avptool folder anymore it is gone???do i have to download it again..and send you the file???please let me know...
Добавлено через 31 минуту
hello i executed the file...the system restarted but i dont know how to do the rest...
there is nothing in my quarantine and there are two different quarantines...afz...and normal...how can i zip the quarantine????
tnxx
Добавлено через 13 минут
Please zip the quarantine (it should be in sub-folder of your avptool )and make sure to protect it with password virus
- Upload the quarantine over the link http://virusinfo.info/upload_virus_eng.php?tid=37480
Let us know, when you will done.
this does not work on me...i dont know what you mean with zip the quarantine and make sure to protect the virus???
tnx gr metino
g
Последний раз редактировалось metin; 16.01.2009 в 03:32. Причина: Добавлено
Ok,forget it. There is another option:
Please download special avz in my signature(it is a single file),create a new folder, for example on desktop.Put this avz inside it.
Disable internet and antivirus.
execute this script in avz: (how-to: http://virusinfo.info/showthread.php?t=9207)
avz will put password on archive instead of you Please read appendix 3 of our rules:
http://virusinfo.info/showthread.php?t=9184in order to send us.
*Нажми и выполни, если хочешь чтобы помощь улучшилась и ускорилась
*MyFirefox Portable
special avz @ rapidshare.com
md5: 2091925798B7909E010E3F7E328C5F0D
Tnx again...i downloaded avz special trough rapidshare..and thats were i dont know what to do from...where is the script???there is no script anywhere and in custom script there is no execute button...
is this the script???The code changes depending on the concrete case if i put it in custom scripts...it says..error..begin expected in 1:1
am i doing wrong or is this not working either???
gr metino
Добавлено через 6 минут
Executing script in AVZ
--------------------------------------------------------------------------------
1. Select all text in the Code frame with your cursor, right-click it and choose Copy.
Code:
The code changes depending on the concrete case 2. Run AVZ, go to File - Custom scripts. In the text field of the opened window right-click and choose Paste.
3. Click the Execute script button.
__________________
Nick Golovko
AVZ English UI Developer
Anti-Virus & General Security Advisor
what sould i copy and paste???
Добавлено через 45 секунд
i did a scan and have the log??but i really do not understand your descriptions??
gr metino
Добавлено через 25 минут
i am clueless. i think i am going to reboot windows...from its factory...
Последний раз редактировалось metin; 16.01.2009 в 15:10. Причина: Добавлено
i did gave you a script in post #2
here again:
Код:begin SearchRootkit(true, true); SetAVZGuardStatus(True); QuarantineFile('C:\Windows\system32\drivers\regi.sys',''); QuarantineFile('C:\Windows\system32\jlozvsbouz.dll',''); BC_ImportAll; BC_Activate; RebootWindows(true); end.
*Нажми и выполни, если хочешь чтобы помощь улучшилась и ускорилась
*MyFirefox Portable
special avz @ rapidshare.com
md5: 2091925798B7909E010E3F7E328C5F0D
okk but how do i do de rest???i dont know what you mean
Добавлено через 31 секунду
with password and what should i send you:S
Последний раз редактировалось metin; 16.01.2009 в 18:01. Причина: Добавлено
*Нажми и выполни, если хочешь чтобы помощь улучшилась и ускорилась
*MyFirefox Portable
special avz @ rapidshare.com
md5: 2091925798B7909E010E3F7E328C5F0D
the apendix is only for windows me and xp...i have vista...so it will again not work///
Добавлено через 2 минуты
i cannot turn of system restore...i dont know why it must be such complicated to heal a pc...but were getting there i hope:S
Последний раз редактировалось metin; 16.01.2009 в 21:35. Причина: Добавлено
Meantime just send us
In vista just remember to lunch any investigation tool like this: Lunch it with right click on mouse, choose Run As administrator, insert your administrator password)
Execute this script:
After reboot:Код:begin SearchRootkit(true, true); SetAVZGuardStatus(True); QuarantineFile('C:\Windows\system32\drivers\regi.sys',''); QuarantineFile('C:\Windows\system32\jlozvsbouz.dll',''); BC_ImportAll; BC_Activate; RebootWindows(true); end.
1. Start AVZ, choose from the menu "File"-> "Quarantine folder viewer ".
2. Mark files in the list which should be sent.
3. Click "Archive” and specify a place on the disk where the archive should be kept.
4. Upload the archive using the upload link (Upload quarantined files) -> http://virusinfo.info/upload_virus_eng.php?tid=37480
Последний раз редактировалось drongo; 17.01.2009 в 10:43.
*Нажми и выполни, если хочешь чтобы помощь улучшилась и ускорилась
*MyFirefox Portable
special avz @ rapidshare.com
md5: 2091925798B7909E010E3F7E328C5F0D
hi...now this worked...i uploaded the files...to you
Upload result
File saved as 090117_105329_virus_49718e79caa95.zip
File size 109828
MD5 9ae07c0dc1a2e1fd8a291772859ae0ab
File uploaded, thank you!
tnxx..should i wait for your next description now???
gr metinoi
no, you did uploaded other files...try to send us only these files:
C:\Windows\system32\drivers\regi.sys
C:\Windows\system32\jlozvsbouz.dll
1. Click "File" - "Add to quarantine by list ".
2. Enter the list of files which were asked to send.
3. Press "Start" and wait until "File addition process – complete” notification appears at the bottom of the window.
4. Close current window “Add to quarantine by list ".
5. Choose from the menu "File"-> “Quarantine folder viewer ".
6. Mark files in the list which should be sent.
7. Click "Archive" and specify a place on the disk where the archive should be kept.
8. Upload the archive using the upload by http://virusinfo.info/upload_virus_eng.php?tid=37480
*Нажми и выполни, если хочешь чтобы помощь улучшилась и ускорилась
*MyFirefox Portable
special avz @ rapidshare.com
md5: 2091925798B7909E010E3F7E328C5F0D
okk i send the folder...but i could not find C:\Windows\system32\drivers\regi.sys
the other ine i did find...in stead i put the two other that ends with driver/regi/sys
Upload result
File saved as 090117_235343_virus2_497245573c256.zip
File size 608
MD5 46d7d2698c2bc833f96ba0a720a96118
File uploaded, thank you!
Well, they are not there Perhaps, you did send a different archive. Never mind.
Please, make full set of logs according to our rules.Use an avz special edition from my signature.
*Нажми и выполни, если хочешь чтобы помощь улучшилась и ускорилась
*MyFirefox Portable
special avz @ rapidshare.com
md5: 2091925798B7909E010E3F7E328C5F0D
hello...here is a log that i did 1 minute ago
i also uploaded to your archive
gr metino
Последний раз редактировалось drongo; 18.01.2009 в 17:10.
read again, how to attach logs: http://virusinfo.info/faq.php?faq=vb...b3_attachments
*Нажми и выполни, если хочешь чтобы помощь улучшилась и ускорилась
*MyFirefox Portable
special avz @ rapidshare.com
md5: 2091925798B7909E010E3F7E328C5F0D
here is the log
no read again how create a logs http://virusinfo.info/showthread.php?t=9184
your latest upload:
C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
C:\Windows\system32\btmmhook.dll
Please explain, why did you send these files? I didn't asked you to do it. They are clean
Последний раз редактировалось drongo; 18.01.2009 в 19:11. Причина: Добавлено
*Нажми и выполни, если хочешь чтобы помощь улучшилась и ускорилась
*MyFirefox Portable
special avz @ rapidshare.com
md5: 2091925798B7909E010E3F7E328C5F0D
i read how to create logs and did exactly what they asked...i did a system check up by avztool and zipped the quarantine folder...these files were in my quarintine folder...so what do i have to do???i dont know if this will help..me everytime there is something else thats wont work???
i did excaclty as the steps and here are the logs...
gr metino
Последний раз редактировалось drongo; 19.01.2009 в 00:00.