Please advice me!
Please advice me!
Please execute this script in avz: ( remember disable antivirus and internet before launching an avz)
System will reboot.Код:begin SearchRootkit(true, true); SetAVZGuardStatus(True); DelBHO('{71B6ACF7-4F0F-4FD8-BB69-6D1A4D271CB7}'); DelBHO('{A20854FD-DDB5-4931-8F76-D11EA2364D94}'); QuarantineFile('C:\Program Files\Mario Forever Toolbar\v3.2.0.0\MarioForever_Toolbar.dll',''); QuarantineFile('C:\Program Files\Datecs\FlexType 2K\FType2K.exe',''); QuarantineFile('C:\WINDOWS\system32\drivers\synsenddrv.sys',''); QuarantineFile('C:\WINDOWS\system32\drivers\yndcztryetwwpq.sys',''); QuarantineFile('C:\Program Files\Norton2009Reset.exe',''); TerminateProcessByName('c:\windows\system32\rundll.exe'); QuarantineFile('c:\windows\system32\rundll.exe',''); DeleteFile('c:\windows\system32\rundll.exe'); DeleteFile('C:\WINDOWS\system32\drivers\yndcztryetwwpq.sys'); DeleteFile('C:\WINDOWS\system32\drivers\synsenddrv.sys'); DeleteFile('C:\Program Files\Mario Forever Toolbar\v3.2.0.0\MarioForever_Toolbar.dll'); BC_DeleteSvc('synsend'); BC_DeleteSvc('srcedtbgg'); ExecuteRepair(6); ExecuteRepair(8); ExecuteRepair(9); ExecuteRepair(16); BC_ImportAll; ExecuteSysClean; BC_Activate; SetAVZPMStatus(true); RebootWindows(true); end.
Please upload the quarantine according to appendix 3 of rules(http://virusinfo.info/showthread.php?t=9184)
Make an another set of logs.
Update windows to SP3 and latest patches, do update adobe reader or uninstall and use an alternative.
Nowadays,to use fleshget it is dangerous too, on their official update site trojans distributed to all their costumers
Последний раз редактировалось drongo; 25.03.2009 в 18:13.
*Нажми и выполни, если хочешь чтобы помощь улучшилась и ускорилась
*MyFirefox Portable
special avz @ rapidshare.com
md5: 2091925798B7909E010E3F7E328C5F0D
Could You give me confirmation that FType2K.exe have malicious code?
When we'll get an answer from lab, we shall inform you.Сообщение от ikostov
For now, i can say it needs newdll.dll to run.
And newdll.dll act like a keylogger, we would like to see it.Keylogger ability can be used in different friendly programs, but if you can live without such programs that using this kind of technology- it is much safer in my opinion.
Because, if this program become too popular, bad guys can use "friendly" keylogger and may create some little application in order to get information from friendly keylogger (that you are trust).
advantages to bad gues:
* no need writing and installing keylogger to victim ( it is already installed by user)
* better hiding ability from antivirus/hips(cause their application will not going to do any suspicious things like a keylogger itself )
Here script in order to copy:
Upload by http://virusinfo.info/upload_virus_eng.php?tid=42427Код:begin clearquarantine; SearchRootkit(true, true); SetAVZGuardStatus(True); QuarantineFile('C:\WINDOWS\system32\newdll.dll',''); BC_ImportAll; BC_Activate; RebootWindows(true); end.
Последний раз редактировалось drongo; 26.03.2009 в 01:43.
*Нажми и выполни, если хочешь чтобы помощь улучшилась и ускорилась
*MyFirefox Portable
special avz @ rapidshare.com
md5: 2091925798B7909E010E3F7E328C5F0D
This is known issue.
Thank You for everything!
Ваши права в разделе
Ответить с цитированием