After some years of trouble free use my system is now reporting that Kaspersky Anti-Virus has stopped working. The Windows anti-virus is now being used by default. I can access your website but when I try to download the latest software or the the Kasperski Virus Removal Tool I get the message "Address not found". I have run the appropriate scans. Any suggestions as to how I might fix the problem?

2. Why you didn't read carefully our rules?
Don't attach quarantine to your posts!
Here the files that you should attach: virusinfo_syscure.zip, virusinfo_syscheck.zip, hijackthis.log

In Vista, always remember lunching all investigation tools with right click- please choose run as administrator.

Please execute this script in avz http://virusinfo.info/showthread.php?t=9207) (Do remember before execution scripts to exit antivirus and disconnect from internet, disable System Restore ) Lunch avz with right click every time!

Êîä:
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
QuarantineFile('C:\Windows\System32\pmxscrll.dll','');
QuarantineFile('C:\Windows\system32\btmmhook.dll','');
DelBHO('{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E}');
DelBHO('{3041d03e-fd4b-44e0-b742-2d9b88305f98}');
DelBHO('{201f27d4-3704-41d6-89c1-aa35e39143ed}');
DelBHO('{7E853D72-626A-48EC-A868-BA8D5E23E045}');
QuarantineFile('C:\Windows\system32\ICO.EXE','');
QuarantineFile('C:\Windows\system32\APOMngr.dll','');
DeleteFile('C:\Windows\system32\APOMngr.dll');
BC_ImportAll;
ExecuteSysClean;
ExecuteRepair(3);
ExecuteRepair(4);
ExecuteRepair(9);
ExecuteRepair(6);
ExecuteRepair(8);
ExecuteRepair(9);
ExecuteRepair(14);
ExecuteRepair(16);
BC_Activate;
SetAVZPMStatus(true);
RebootWindows(true);
end.
After restart lunch hijack this and scan system. If you will find this lines:
Êîä:
O17 - HKLM\System\CCS\Services\Tcpip\..\{4DC21A25-C3DC-4D38-A471-79B1A409C707}: NameServer = 85.255.112.39,85.255.112.40
O17 - HKLM\System\CCS\Services\Tcpip\..\{98DC1F48-2DAA-43C0-99DA-E90DA26C0AF8}: NameServer = 85.255.112.39,85.255.112.40
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.39,85.255.112.40
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.39,85.255.112.40
Fix them

Make a new set of logs, make sure to read carefully http://virusinfo.info/showthread.php?t=9184

3. ## Kasperski has stopped working (3)

I fixed the "Ask" problem after I created the files I am attaching. Thankyou for your prompt responses.

4. This is another computer, or the same ? one system- one theme

Same computer, same system, same theme.

6. So, why you did open a new theme? Please,don't do it again, i will organize it with previous.
You should open a new theme only if you have an another system, or previous topic is closed.

1.Your system restore is still active- you must disable it. Do it now!
3.Did you lunch hijack this and scan system ?.
Êîä:
O17 - HKLM\System\CCS\Services\Tcpip\..\{4DC21A25-C3DC-4D38-A471-79B1A409C707}: NameServer = 85.255.112.39,85.255.112.40
O17 - HKLM\System\CCS\Services\Tcpip\..\{98DC1F48-2DAA-43C0-99DA-E90DA26C0AF8}: NameServer = 85.255.112.39,85.255.112.40
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.39,85.255.112.40
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.39,85.255.112.40
Fix them again.
4.Please execute this script in avz:
Êîä:
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
QuarantineFile('C:\Windows\SYSTEM32\CmdRtr.DLL','');
QuarantineFile('C:\Windows\SYSTEM32\APOMngr.DLL','');
DeleteFile('C:\Windows\SYSTEM32\APOMngr.DLL');
DeleteFile('C:\Windows\SYSTEM32\CmdRtr.DLL');
ClearHostsFile();
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
ExecuteRepair(6);
ExecuteRepair(8);
ExecuteRepair(9);
RebootWindows(true);
end.
6.After that, make a new set of logs, but please attach them in this theme in your next reply.

7. ## New logs

New log files as requested.

8. Now i see very interesting driver. We would like to see a copy of it
Execute this script
Êîä:
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
QuarantineFile('C:\Windows\system32\drivers\gaopdxobguiorx.sys','');
BC_ImportAll;
BC_Activate;
RebootWindows(true);
end.

Thanks, it is look like a fresh trojan,
Lets delete it.
Êîä:
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
DeleteFile('C:\Windows\system32\drivers\gaopdxobguiorx.sys');
BC_DeleteSvc('gaopdxobguiorx');
BC_ImportAll;
BC_Activate;
ExecuteRepair(6);
ExecuteRepair(8);
ExecuteRepair(9);
RebootWindows(true);
end.
After that please make a new virusinfo_syscure.zip again and attach it to next reply.

9. ## New log

Kaspersky is now working.

On my previous 3-4 reboots I get
"Found New Hardware"
"Windows needs to install driver software for your Unknown Device"

Also Kaspersky informs me of gaopdxevnipe.dll trying to load. Unable to delete - can only ignore.

It is about 2:00am so I am going to call it a night now. Maybe in touch tomorrow.

regards, Bob Frost

10. Good morning!
kaspersky working-it is good. Does kaspersky had mentioned the exact location of this file, i mean : gaopdxevnipe.dll ?
Lets try this: disconnect from internet and exit kaspersky (right click on his icon in tray --> exit )
script:
Êîä:
begin
ClearQuarantine;
SearchRootkit(true, true);
SetAVZGuardStatus(True);
QuarantineFile('gaopdxevnipe.dll','');
QuarantineFile('C:\Windows\system32\gaopdxevnipe.dll','');
QuarantineFile('C:\Windows\system32\DRIVERS\WUDFRd.sys','');
QuarantineFile('C:\Windows\system32\DRIVERS\WUDFPf.sys','');
DeleteFile('C:\Windows\system32\gaopdxevnipe.dll');
BC_ImportAll;
BC_Activate;
ExecuteRepair(6);
ExecuteRepair(8);
ExecuteRepair(9);
RebootWindows(true);
end.
Upload a new quarantine, if something will be there of cause.If quarantine will empty, just told us
Please download special avz from my signature, and save it to some new folder on your disk. Before lunching it, disable kaspersky and internet, make a new virusinfo_syscure.zip with special avz and attach virusinfo_syscure.zip to next reply.

11. ## Unable to find DLL

I am unable to find gaopdxevnipe.dll anywhere on my computer (searched for gaopdx). I did find gaopdxcounter (no extension) in the the System32 folder as well as 2 other files created today. These are 7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 and 7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0. The first appears to contain font information and the other is in use. They maybe unrelated.

The link to special avz (http://rapidshare.com/files/199106177/toto.pif) goes to the Rapid Share site. I am unable to find avg here.

Kaspersky is still working.

When I boot I still get Found New Hardware dialog (I have not made any hardware changes). Windows needs to install driver software for your Unknown Device. I select "Cancel" here. Maybe trying to load the driver you asked me to delete.

I await further instruction before I continue.

12. http://rapidshare.com/files/199106177/toto.pif- this is special avz I did renamed special avz to toto.pif
Click on free button, wait some time and when Download button will appear- please download. And make log with it, like i did said. Could you quarantine this gaopdxcounter ? use appendix#2 of rules It could be related to trojan too.
About"Found New Hardware dialog"- i think it just a vista allergic reaction to avz driver, don't worry about it. I will give you script for curing from this latter.

13. New Logs

14. You may delete the gaopdxcounter, definitely your computer don't need it.
I haven't seen these files :
C:\Windows\system32\DRIVERS\WUDFRd.sys
C:\Windows\system32\DRIVERS\WUDFPf.sys
use use appendix#2 of rules again and do upload.

15. ## Unable to add files to quarantine list

I am unable to add files
C:\Windows\system32\DRIVERS\WUDFRd.sys
C:\Windows\system32\DRIVERS\WUDFPf.sys
to quarantine list. They will not load for some reason. I tried both versions of avz and both failed. Both reported "File addition process - complete" but were not present in Quarantine Folder viewer. I also tried loading a copy of these files in another location but this also failed.

I deleted gaopdxcounter file.

16. I see, probably they are clean. There is some restrict mechanism in avz for quarantining clean Microsoft files. Could you, just in case, copy them manually with winzip, make sure to protect archive with password :virus

Êîä:
begin
SetAVZPMStatus(false);
ExecuteStdScr(6);
RebootWindows(true);
end.
Let us know after restart, if the problem
"Found New Hardware dialog" is stile exist.

17. ## Problem still exists

Running the script made no difference. Dialog box is attached. I also did a full scan with Kasperski that listed some problems (output attached). I have not dealt with these yet.

18. About kaspersky : it is show to you what you should update. You can click on links, for future assistance.(remember: kaspersky virus removal tool from your desktop must be uninstalled-Open KVRT (Kaspersky Virus Removal Tool) then click "Complete Antivirus Protection" . It will open default web browser (open Kaspersky website) and uninstall KVRT.)

About new hardware: what is happening if you choose "don't show this message" ?

19. ## Am I free of this virus?

New hardware dialog has gone away. Am I now free of this virus? If so what was it? Does it have a name? Has it done any damage?

20. We did not get answer from kaspersky yet, very strange for them.(Perhaps your trojans hard to decrypt and it takes more time than usual, i will ask kaspersky lab about your quarantine again.)
Here virustotal scan for it: https://www.virustotal.com/analisis/...716a9661a19995
My opinion: it is design for antivirus malfunction .
C:\Windows\system32\DRIVERS\WUDFPf.sys we did get an answer from kaspersky- they are clean.

For now, i don't see other viruses on your system.If you like in the future to have better protection, do create in windows a user account, so such trojans will unable to get in your system without your permission.
Did you remember after what circumstances kaspersky had stooped working? (Perhaps you did installation of some program? Did you going to interesting site, etc? )This information could be helpful.

