Показано с 1 по 3 из 3.

Hi! please help me analyzing this report!

  1. #1
    Junior Member Репутация
    Регистрация
    22.04.2009
    Сообщений
    2
    Вес репутации
    32

    Hi! please help me analyzing this report!

    Hi!
    recently my computer was working good now in the last 2 days its acting weird,slow processing and administrator priviliges was disabled like task manager,regedit can be opened but will close by itself,i'm quite sure that there is a virus,whenever i insert a usb drive theres an autorun.ini being executed and a new folder.exe is created opn every folder,but my avast anti-v can't detect them,i've tried using the kapersky virus removal tool but it's clean,i tried using "RemoveIT pro V4".it detected virus like "sys32.vnchook,sys32.logmessages or something like that" but i'm not really sure if it was cured already.sp please help analyze the repot that i will send using AVZ and HJT log files.thank you in advance.
    Вложения Вложения
    Последний раз редактировалось Rene-gad; 22.04.2009 в 16:09. Причина: quarantine removed!!!

  2. #2
    Senior Member Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация
    Регистрация
    03.04.2006
    Сообщений
    21,108
    Вес репутации
    3001
    Switch off:
    - Antivirus and and, if you have - Firewall.
    - System Restore
    -Fix
    Код:
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
    - Execute following script
    Код:
    begin
    SearchRootkit(true, true);
    SetAVZGuardStatus(True);
     TerminateProcessByName('c:\docume~1\admini~1.ils\locals~1\temp\{f9f38e63-7ef2-49c8-80d6-205bb003aaba}\ clearness time.exe');
     StopService('EuGdiDrv');
     StopService('epmntdrv');
     QuarantineFile('YMTray.exe','');
     QuarantineFile('J:\RRT\RRT.exe','');
     QuarantineFile('E:\Downloads\ Clearness time.exe','');
     QuarantineFile('C:\WINDOWS\VM303_STI.EXE','');
     QuarantineFile('C:\WINDOWS\VM302Snap.exe','');
     QuarantineFile('C:\WINDOWS\system32\EuGdiDrv.sys','');
     QuarantineFile('C:\WINDOWS\system32\epmntdrv.sys','');
     QuarantineFile('C:\WINDOWS\system32\drivers\vvftav302.sys','');
     QuarantineFile('c:\docume~1\admini~1.ils\locals~1\temp\{f9f38e63-7ef2-49c8-80d6-205bb003aaba}\ clearness time.exe','');
     DeleteService('EuGdiDrv');
     DeleteService('epmntdrv');
     DeleteFile('C:\WINDOWS\system32\EuGdiDrv.sys');
     DeleteFile('C:\WINDOWS\system32\epmntdrv.sys');
     DeleteFile('C:\WINDOWS\system32\drivers\vvftav302.sys');
     DeleteFile('c:\docume~1\admini~1.ils\locals~1\temp\{f9f38e63-7ef2-49c8-80d6-205bb003aaba}\ clearness time.exe');
    BC_ImportAll;
    ExecuteSysClean; 
     BC_DeleteSvc('EuGdiDrv');
     BC_DeleteSvc('epmntdrv');
    BC_Activate;
    RebootWindows(true);
    end.

    After reboot:
    - Clean Temp-Maps, Cache of Browsers, Recycler. Use Windows service tool cleanmgr or CCleaner or ClearProg
    - Close all the programs and start only Internet Explorer!!!
    - Repeat 3 log files in accordance with the rules.
    - Switch Antivirus and, if you have - Firewall, on.
    - Go On-Line
    - Upload the quarantine (see Appendix 2 and 3 of the Rules) virus.zip over the link Upload quarantined files on the top of this page.
    - Attach 3 logs to your new post..

  3. #3
    Junior Member Репутация
    Регистрация
    22.04.2009
    Сообщений
    2
    Вес репутации
    32
    ok thanks for analyzing it for me and giving me solutions,i will try to upload the quarantined files but if im not mistaken theres no files that was quaratined when avz reported it and save the log file.but anyway i will try and search for it..thanks again...

Похожие темы

  1. report
    От joedamn в разделе Malware Removal Service
    Ответов: 1
    Последнее сообщение: 05.09.2010, 08:27
  2. my report ...
    От zenzehar в разделе Malware Removal Service
    Ответов: 1
    Последнее сообщение: 21.04.2009, 20:53
  3. my report
    От kekefefe в разделе Malware Removal Service
    Ответов: 1
    Последнее сообщение: 17.04.2009, 23:11
  4. help me analyzing my file thanks
    От markozavala в разделе Malware Removal Service
    Ответов: 2
    Последнее сообщение: 24.12.2008, 17:54
  5. vista - analyzing tools
    От momuas в разделе AntiViruses, Anti-Adware / Spyware / Hijackers
    Ответов: 1
    Последнее сообщение: 26.07.2008, 18:11

Свернуть/Развернуть Ваши права в разделе

  • Вы не можете создавать новые темы
  • Вы не можете отвечать в темах
  • Вы не можете прикреплять вложения
  • Вы не можете редактировать свои сообщения
  •  
Page generated in 0.00879 seconds with 17 queries