Показано с 1 по 8 из 8.

Help removing infection

  1. #1
    Junior Member Репутация
    Регистрация
    05.03.2009
    Сообщений
    4
    Вес репутации
    33

    Help removing infection

    Hi there,

    Attached is the report that the Kaspersky Virus Removal tool has generated.
    My laptop has not been able to run any form of anti virus scan for the past 48 hours.... I am able to boot Windows Vista however the laptop freezes after around 15 minutes of use.

    Any help on how to remove the infection most appreciated.

    Chris
    Вложения Вложения

  2. #2
    Senior Member Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Аватар для drongo
    Регистрация
    17.09.2004
    Адрес
    Israel
    Сообщений
    7,165
    Вес репутации
    972
    Please execute this script in Kaspersky Virus Removal tool
    Код:
    begin
    SearchRootkit(true, true);
    SetAVZGuardStatus(True);
     QuarantineFile('C:\Program Files\HP Games\Shooting Stars Pool\WebDriver\webdriver.dll','');
     QuarantineFile('C:\Windows\system32\drivers\sdpiosys.sys','');
    BC_ImportAll;
    BC_Activate;
    RebootWindows(true);
    end.
    Quarantine_avz should be created inside the Kaspersky Virus Removal folder.
    Do zip Quarantine_avz and be sure to protect it with password virus
    send by http://virusinfo.info/upload_virus_eng.php?tid=41036

    If it will not work (for any reason), you welcome to
    download in my signature special avz, put it in new folder on desktop.
    Please execute this script in avz (http://virusinfo.info/showthread.php?t=9207)
    (Do remember before lunching avz-> to exit your antivirus and disconnect from internet)
    Please upload the quarantine according to appendix 3 of rules(http://virusinfo.info/showthread.php?t=9184) , by link http://virusinfo.info/upload_virus_eng.php?tid=41036
    avz will zip it itself.



    It will just make a copy, in order to investigate some of your files.
    Let us know, when you will done.
    Последний раз редактировалось drongo; 06.03.2009 в 01:05.

  3. #3
    Junior Member Репутация
    Регистрация
    05.03.2009
    Сообщений
    4
    Вес репутации
    33
    Drongo,

    I have run the command and the AVZ_quarantine file has been created however it is not allowing me to zip the folder (I am receiving a message that the operation access is denied)

    How do I proceed?

    Chris

  4. #4
    Senior Member Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Аватар для drongo
    Регистрация
    17.09.2004
    Адрес
    Israel
    Сообщений
    7,165
    Вес репутации
    972
    Nice
    Download in my signature special avz, put it in new folder on desktop.
    Please execute this script in avz (http://virusinfo.info/showthread.php?t=9207)
    (Do remember before lunching avz-> to exit your antivirus and disconnect from internet)
    Please upload the quarantine according to appendix 3 of rules(http://virusinfo.info/showthread.php?t=9184) , by link http://virusinfo.info/upload_virus_eng.php?tid=40774
    don't need to zip, it will do it itself.

  5. #5
    Junior Member Репутация
    Регистрация
    05.03.2009
    Сообщений
    4
    Вес репутации
    33
    I have managed to get the quarantine file into a zip and have uploaded to the link as instructed.

    Chris

  6. #6
    Senior Member Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Аватар для drongo
    Регистрация
    17.09.2004
    Адрес
    Israel
    Сообщений
    7,165
    Вес репутации
    972
    sdpiosys.sys- looks like a rootkit, lets delete it.
    Execute this script in avz.
    Код:
    begin
    SearchRootkit(true, true);
    SetAVZGuardStatus(True);
    DeleteFile('C:\Windows\system32\drivers\sdpiosys.sys');
    BC_ImportAll;
    ExecuteSysClean; 
     BC_DeleteSvc('sdpiosys');
    BC_Activate;
    ExecuteRepair(6);
    ExecuteRepair(8);
    ExecuteRepair(9);
    SetAVZPMStatus(true);
    RebootWindows(true);
    end.
    System will reboot, please make all 3 logs according to rules: http://virusinfo.info/showthread.php?t=9184 and attach it to this topic to next post.
    Perhaps we will find more...

  7. #7
    Junior Member Репутация
    Регистрация
    05.03.2009
    Сообщений
    4
    Вес репутации
    33
    I have run the script in AVZ on several occasions however the virus refuses to be removed. HELP!

    It appears that the virus located at 'C:\Windows\system32\drivers\sdpiosys.sys' has been removed while the one located at 'C:\Program Files\HP Games\Shooting Stars Pool\WebDriver\webdriver.dll' remains.

    I have run another analysis log which I have uploaded to the link you provided previously as well as a scan from Hijack This

    Добавлено через 33 минуты

    I have run the script in AVZ on several occasions however the virus refuses to be removed. HELP!

    It appears that the virus located at 'C:\Windows\system32\drivers\sdpiosys.sys' has been removed while the one located at 'C:\Program Files\HP Games\Shooting Stars Pool\WebDriver\webdriver.dll' remains.

    I have run another analysis log which is attached
    Последний раз редактировалось Christopher_Anthony; 06.03.2009 в 21:15. Причина: Добавлено

  8. #8
    Senior Member Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Аватар для drongo
    Регистрация
    17.09.2004
    Адрес
    Israel
    Сообщений
    7,165
    Вес репутации
    972
    I didn't wrote in the script removing instruction for webdriver.dll, because i don't thing it is too dangerous and you will unable to play with your Shooting Stars Pool. I think, you can remove by yourself from add/remove programs these hpgames
    Please make 3 logs in accordance to http://virusinfo.info/showthread.php?t=9184

Похожие темы

  1. need help removing something called
    От virginiagfish в разделе Malware Removal Service
    Ответов: 0
    Последнее сообщение: 25.06.2010, 20:25
  2. Malware not removing
    От dmonighetti в разделе Malware Removal Service
    Ответов: 10
    Последнее сообщение: 28.04.2010, 20:30
  3. Removing weaxa.exe
    От Maxilla в разделе Malware Removal Service
    Ответов: 1
    Последнее сообщение: 16.02.2010, 10:49
  4. Removing a tmpa.exe
    От toluabi в разделе Malware Removal Service
    Ответов: 1
    Последнее сообщение: 23.01.2009, 12:05
  5. help removing MAL otorun1
    От casan0va в разделе Malware Removal Service
    Ответов: 3
    Последнее сообщение: 29.08.2008, 19:45

Свернуть/Развернуть Ваши права в разделе

  • Вы не можете создавать новые темы
  • Вы не можете отвечать в темах
  • Вы не можете прикреплять вложения
  • Вы не можете редактировать свои сообщения
  •  
Page generated in 0.01645 seconds with 21 queries