My computer is very slow
My computer is very slow
Here is the collected system information
A lot of interesting files, we would like to see a copy of them more closer, in order to find out if they are malicious or not.
In order to make it more easy for you,
please download special avz in my signature and put it in new folder (for ex. on Desktop)
Do execute this script in avz( how-to: http://virusinfo.info/showthread.php?t=9207) (Do remember before lunching an avz to exit/unload your symantec antivirus and disconnect from internet )
System will reboot.Код:begin SearchRootkit(true, true); SetAVZGuardStatus(True); QuarantineFile('L:\autorun.inf',''); QuarantineFile('C:\WINDOWS\system32\uRLCUoNH.dll',''); QuarantineFile('C:\WINDOWS\system32\yhvbhn.dll',''); QuarantineFile('C:\WINDOWS\system32\iiFYrqQg.dll',''); QuarantineFile('C:\WINDOWS\system32\Drivers\cercsr6.sys',''); QuarantineFile('C:\Program Files\Common Files\SureThing Shared\stllssvr.exe',''); QuarantineFile('C:\WINDOWS\system32\drivers\wpsdrvnt.sys',''); QuarantineFile('C:\WINDOWS\system32\Drivers\SysPlant.sys',''); QuarantineFile('C:\WINDOWS\system32\fvcnpv.dll',''); QuarantineFile('C:\WINDOWS\system32\yhvbhn.dll',''); QuarantineFile('C:\WINDOWS\svcadmin.exe',''); QuarantineFile('C:\WINDOWS\system32\gvjxhwqk.dll',''); QuarantineFile('C:\WINDOWS\system32\geBsrRlk.dll',''); QuarantineFile('C:\WINDOWS\system32\fbswuubm.dll',''); QuarantineFile('C:\WINDOWS\system32\DLAAPI_W.DLL',''); QuarantineFile('C:\Program Files\CZ Solution\CZ Print Job Tracker\srvany.exe',''); QuarantineFile('c:\program files\symantec\symantec endpoint protection\savui.exe',''); QuarantineFile('c:\program files\cz solution\cz print job tracker\printsaver.exe',''); QuarantineFile('c:\program files\cz solution\cz print job tracker\prints.exe',''); BC_ImportAll; BC_Activate; RebootWindows(true); end.
Please upload quarantine according to Appendix# 3 of rules by http://virusinfo.info/upload_virus_eng.php?tid=42375
Let us know, when you done.
Последний раз редактировалось drongo; 24.03.2009 в 14:26.
*Нажми и выполни, если хочешь чтобы помощь улучшилась и ускорилась
*MyFirefox Portable
special avz @ rapidshare.com
md5: 2091925798B7909E010E3F7E328C5F0D
OK , the quarantine file uploaded for you.
Did you scan all disks with kaspersky virus removal tool ? at least one of your trojans it should know.
C:\WINDOWS\system32\uRLCUoNH.dll -> Packed.Win32.Krap.f (kaspersky)
You didn't used avz, it is very bad. Because of this, archive not protected.
Now we are possibly will not get an answer from lab.Please follow our instructions exactly.
Please find according to appendix#2 files : dbrxubcw.com , olhrwef.exe
and send us a quarantine according to rules, and not like you want.
After that you can delete it, it kind of fresh worm (possible, made in China ).
Disable system restore, disable antivirus, disconnect from net/internet
Execute in avz this script:
If quarantine will not empty, send us.Код:begin SearchRootkit(true, true); SetAVZGuardStatus(True); QuarantineFile('C:\WINDOWS\system32\yhvbhn.dll',''); QuarantineFile('C:\WINDOWS\system32\iiFYrqQg.dll',''); QuarantineFile('C:\WINDOWS\system32\fvcnpv.dll',''); QuarantineFile('C:\WINDOWS\system32\yhvbhn.dll',''); QuarantineFile('C:\WINDOWS\system32\gvjxhwqk.dll',''); QuarantineFile('C:\WINDOWS\system32\geBsrRlk.dll',''); QuarantineFile('C:\WINDOWS\system32\fbswuubm.dll',''); DelBHO('{B0A6494F-3A08-420F-A41C-D8E31B94EBA8}'); DelBHO('{1791608a-7a40-4e80-9512-7a11be12d37e}'); DelBHO('{10E1B952-E899-46AE-BE63-84976F7076B6}'); DelBHO('{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}'); QuarantineFile('C:\WINDOWS\system32\gvjxhwqk.dll',''); DeleteFile('C:\WINDOWS\system32\yhvbhn.dll'); DeleteFile('C:\WINDOWS\system32\iiFYrqQg.dll'); DeleteFile('C:\WINDOWS\system32\uRLCUoNH.dll'); DeleteFile('C:\WINDOWS\system32\fvcnpv.dll'); DeleteFile('C:\WINDOWS\system32\yhvbhn.dll'); DeleteFile('C:\WINDOWS\system32\geBsrRlk.dll'); DeleteFile('C:\WINDOWS\system32\gvjxhwqk.dll'); DeleteFile('C:\WINDOWS\system32\fbswuubm.dll'); DeleteFile('L:\autorun.inf'); BC_ImportAll; ExecuteSysClean; BC_Activate; ExecuteRepair(6); ExecuteRepair(8); ExecuteRepair(9); ExecuteRepair(16); RebootWindows(true); end.
Also please make all sett of logs http://virusinfo.info/showthread.php?t=9184, in order to continue curing your system.
*Нажми и выполни, если хочешь чтобы помощь улучшилась и ускорилась
*MyFirefox Portable
special avz @ rapidshare.com
md5: 2091925798B7909E010E3F7E328C5F0D