urqOFyVN.dll - a new one, kaspersky will call it Trojan.Win32.Monder.atga
Lets start cleaning, please execute this script:
Код:
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
DeleteFile('C:\autorun.inf');
DelBHO('{C3286198-0FF6-4555-86FF-340C8FBF7C69}');
DelBHO('{9449BBA0-5EA5-4B6B-BA8D-48EB1F98A408}');
DeleteFile('C:\WINDOWS\system32\vtUkhfgG.dll');
DeleteFile('C:\WINDOWS\system32\urqOFyVN.dll');
DeleteFile('C:\resycled\boot.com');
BC_ImportDeletedList;
ExecuteSysClean;
BC_Activate;
ExecuteRepair(6);
ExecuteRepair(8);
ExecuteRepair(9);
RebootWindows(true);
end.
Computer will reboot, after that you will be able (i hope) to disable system restore. Try to disable system restore.
Then close all your programs except your internet browser, only then make a new avptool_syscheck.zip , like you did in your first post.
P.S.
C:\Documents and Settings\All Users.WINDOWS\Application Data\Loud spam else tool\find wait.exe- Do you know what is this ?
It looks like a spyware. if you don't know what is this, first of all you should send us a copy, and then delete it. In this way, many other users will benefit from protection.
( You are welcome to read App#2 of our rules in order to do it.)