KIS 2009 stops working, Windows sends an error report to MS. Kaspersky uploads system dump. Restarts. Happening several times an hour.
Regards
Debansu
KIS 2009 stops working, Windows sends an error report to MS. Kaspersky uploads system dump. Restarts. Happening several times an hour.
Regards
Debansu
Please execute this script:
After reboot, please execute the following script:Код:begin SearchRootkit(true, true); SetAVZGuardStatus(True); QuarantineFile('C:\Program Files\Moyea\FLV Downloader\MoyeaCth.dll',''); QuarantineFile('C:\WINDOWS\JM\JMInsIDE.exe',''); QuarantineFile('C:\WINDOWS\system32\DRIVERS\S3gIGPm.sys',''); QuarantineFile('C:\WINDOWS\System32\Drivers\PxHelp20.sys',''); QuarantineFile('C:\WINDOWS\system32\Drivers\NTGDT.SYS',''); QuarantineFile('C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\c7ktcoqh.default\extensions\{1a71246c-3eb0-4d6c-af77-3ab756017c3a}\components\FFExternalAlert.dll',''); QuarantineFile('C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll',''); QuarantineFile('c:\program files\pdfforge toolbar\searchsettings.exe',''); BC_ImportAll; BC_Activate; RebootWindows(true); end.
- Upload the C:\quarantine.zip over the link Upload quarantined files on the top of this page.Код:begin CreateQurantineArchive('C:\quarantine.zip'); end.
Let us know when you will done.
Kaspersky is freeze or kaspersky's icon is black or something else? Please describe, what do you mean by " kis stops working"
P.s. For my opinion askt bar better uninstall from add/remove programs, along with pdfforge toolbar.
Последний раз редактировалось drongo; 20.04.2009 в 00:52.
*Нажми и выполни, если хочешь чтобы помощь улучшилась и ускорилась
*MyFirefox Portable
special avz @ rapidshare.com
md5: 2091925798B7909E010E3F7E328C5F0D
1. Uploaded quarantine.zip as requested.
2. Removed pdfforge toolbar
3. Couldn't remove asktbar as there was no such programme in the computer.
4. KIS icon goes gray for a few seconds and then comes back on, i.e. becomes red. Then the error messages comes on to the screen.
Today the same thing happened after I boot the computer, but didn't happen after reboot as per your advise.
Regards
Debansu
We have get your files, thanks.
Disable windows system restore.
Execute this script:
Please download in my signature special avz, put it in a new folder, disable kis, disconnect from internet and make a virusinfo_syscure.zip, read how-to in rules http://virusinfo.info/showthread.php?t=9184Код:begin DelBHO('{FE063DB9-4EC0-403e-8DD8-394C54984B2C}'); DelBHO('{FE063DB1-4EC0-403e-8DD8-394C54984B2C}'); DelBHO('{9CB65201-89C4-402c-BA80-02D8C59F9B1D}'); DelBHO('{02478D38-C3F9-4EFB-9B51-7695ECA05670}'); DeleteFile('C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL'); DeleteFile('C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL'); BC_ImportAll; ExecuteSysClean; BC_Activate; ExecuteRepair(1); ExecuteRepair(6); ExecuteRepair(8); ExecuteRepair(9); RebootWindows(true); end.
Do attach this virusinfo_syscure.zip to next post in this topic.
*Нажми и выполни, если хочешь чтобы помощь улучшилась и ускорилась
*MyFirefox Portable
special avz @ rapidshare.com
md5: 2091925798B7909E010E3F7E328C5F0D
Thank you drongo,
I ran the script. But unfortunately being a novice, was unable to execute the next phase of the operation. i.e. to download in your signature etc. etc. If you please elaborate the same, I will be able to do it, I hope.
Regards
Debansu
Последний раз редактировалось Rene-gad; 22.04.2009 в 17:08. Причина: overquoting removed
Dear Rene-gad,
It was not the rules that baffled me. It was that "special signature" that created the confusion. Not being a computer savvy one, it took your push to look closely and now I know, I am to down load the rapidshare file. Then go on doing whatever has been asked by drongo. I will be able to do it today evening, after I reach home. I'm now answering from my office.
Thanks.
Regards
Debansu
Ewe, I'm to run that one too?
Ok, ok, I'll do it. I had completed the others.
BTW, there is a Generic Win 32 problem being faced while booting the computer. Not always, but once in a while.
Добавлено через 1 час 40 минут
I'm uploading two files. One of these SETUP_U.exe was put in to a trusted zone by Kaspersky, There was another N.bat which I couldn't find out.
I just thought you shpuld know.
Последний раз редактировалось debansu1952; 23.04.2009 в 18:37. Причина: Добавлено
And now please repeat the log files with polymorphic AVZ and Hijackthis (3 logs)
The polymorphic AVZ was run yesterday and the log was uploaded in the file. Any way I'm uploading the zip file once again. There is a system info file too in the zip file.
Uploaded file details: File saved as 090424_073017_Sys_info_debansu_49f1324942830.zip
File size 226242
MD5 20565eae3cf9d5ec11ba4bd3b99bb11e
Logs should be attached into your post, quarantine should be send by red link.
What exactly you don't understand?
*Нажми и выполни, если хочешь чтобы помощь улучшилась и ускорилась
*MyFirefox Portable
special avz @ rapidshare.com
md5: 2091925798B7909E010E3F7E328C5F0D
Except the two below, I followed your rules.
1. Didn't quarantine as advised.
2. Zipped the log files through my 7z utility. And sent through the wrong uploader.
Sorry.
Regards
Debansu
Последний раз редактировалось Rene-gad; 25.04.2009 в 10:48. Причина: bullshit removed
You must attach three log files:
virusinfo_syscure.zip
virusinfo_syscheck.zip
hijackthis.log
neither more no other files
Log files, attached.
Последний раз редактировалось Rene-gad; 26.04.2009 в 11:08.
is notКод:virusinfo_syscure.zip virusinfo_syscheck.zipКод:sys_check.txt avz_log_25_04._09.txt
*Нажми и выполни, если хочешь чтобы помощь улучшилась и ускорилась
*MyFirefox Portable
special avz @ rapidshare.com
md5: 2091925798B7909E010E3F7E328C5F0D
Sys_cure & Sys_info files
Switch off:
- Antivirus and and, if you have - Firewall.
- System Restore
-Fix
- Execute following scriptКод:R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - (no file) R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll
Код:begin SetAVZGuardStatus(True); QuarantineFile('C:\WINDOWS\system32\Drivers\NTGDT.SYS',''); BC_ImportAll; BC_Activate; RebootWindows(true); end.
After reboot:
- Clean Temp-Maps, Cache of Browsers, Recycler. Use Windows service tool cleanmgr or CCleaner or ClearProg
- Build a file virus.zip as described in appendix 3 of the rules.
- Upload the over the link Upload quarantined files on the top of this page.
Virus.Zip uploaded
but not here: http://virusinfo.info/upload_virus_eng.php?tid=44152