Switch off:
- Antivirus and and, if you have - Firewall.
- System Restore
- Execute following script in Manual Cure
After reboot:Код:begin SearchRootkit(true, true); SetAVZGuardStatus(True); QuarantineFile('C:\Documents and Settings\Administrator\reader_s.exe',''); QuarantineFile('C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\f5b17vx.exe',''); QuarantineFile('C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\197191652.exe',''); QuarantineFile('C:\WINDOWS\System32\reader_s.exe',''); QuarantineFile('C:\WINDOWS\system32\csrcs.exe',''); QuarantineFile('Explorer.exe csrcs.exe',''); QuarantineFile('C:\WINDOWS\system32\sdra64.exe',''); QuarantineFile('C:\WINDOWS\system32\twext.exe',''); DelBHO('{37B85A21-692B-4205-9CAD-2626E4993404}'); QuarantineFile('C:\Programmi\MyGlobalSearch\bar\1.bin\MGSBAR.DLL',''); QuarantineFile('C:\autorun.inf',''); DeleteFile('C:\autorun.inf'); DeleteFile('C:\Programmi\MyGlobalSearch\bar\1.bin\MGSBAR.DLL'); DeleteFile('C:\WINDOWS\system32\twext.exe'); DeleteFile('C:\WINDOWS\system32\sdra64.exe'); DeleteFile('Explorer.exe csrcs.exe'); DeleteFile('C:\WINDOWS\system32\csrcs.exe'); DeleteFile('C:\WINDOWS\System32\reader_s.exe'); DeleteFile('C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\197191652.exe'); DeleteFile('C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\f5b17vx.exe'); DeleteFile('C:\Documents and Settings\Administrator\reader_s.exe'); BC_ImportAll; ExecuteSysClean; BC_Activate; RebootWindows(true); end.
- Execute following script in Manual Cure
- Remove Bonjour: http://virusinfo.info/showthread.php?t=42263Код:begin CreateQurantineArchive('C:\quarantine.zip'); end.
- Clean Temp-Maps, Cache of Browsers, Recycler. Use Windows service tool cleanmgr or CCleaner or ClearProg
- Close all the programs and start only Internet Explorer!!!
- Repeat a log file.
- Switch Antivirus and, if you have - Firewall, on.
- Go On-Line
- Upload the C:\quarantine.zip here: http://virusinfo.info/upload_virus_eng.php?tid=43845
- Attach a new log to your new post..
Последний раз редактировалось Rene-gad; 04.05.2009 в 16:55. Причина: fullquote removed
Where is your quarantine????
Switch off:
- Antivirus and and, if you have - Firewall.
- System Restore
- Execute following script in Manual Cure
After reboot:Код:begin SearchRootkit(true, true); SetAVZGuardStatus(True); QuarantineFile('C:\WINDOWS\system32\twext.exe',''); QuarantineFile('C:\WINDOWS\system32\KB905474\wgasetup.exe',''); QuarantineFile('C:\WINDOWS\System32\drivers\1555b2a7.sys',''); DeleteFile('C:\WINDOWS\system32\twext.exe'); BC_ImportAll; ExecuteSysClean; BC_Activate; RebootWindows(true); end.
- Execute following script in Manual Cure
- Remove Bonjour: http://virusinfo.info/showthread.php?t=42263Код:begin CreateQurantineArchive('C:\quarantine.zip'); end.
- Clean Temp-Maps, Cache of Browsers, Recycler. Use Windows service tool cleanmgr or CCleaner or ClearProg
- Close all the programs and start only Internet Explorer!!!
- Repeat a log file.
- Make a hijackthis logfile (Rules/Analysis/Point 3)
- Switch Antivirus and, if you have - Firewall, on.
- Go On-Line
- Upload the C:\quarantine.zip here: http://virusinfo.info/upload_virus_eng.php?tid=44759
- Attach 2 logs to your new post..
Последний раз редактировалось Rene-gad; 05.05.2009 в 09:48.
I uploaded my new quarantine to http://virusinfo.info/upload_virus_eng.php?tid=43845
Now i attach 2 new logs and new quarantine
Thank you so much
I'm sorry, unfortunately I gave you a wrong link. This is correct: http://virusinfo.info/upload_virus_eng.php?tid=44759 and I 'd just uploaded your quarantine.Сообщение от sebacoti
Check your system in safe mode with CureIt started from Only-Read-Drive (CD or SD-Card)
Pls. make a log files in accordance with the rules with this AVZ: http://rapidshare.com/files/199106177/toto.pif , because I'm afraid, your AVP tool is corrupt.
i scanned with CureIt . this is the new log by avz
Последний раз редактировалось Rene-gad; 06.05.2009 в 10:15. Причина: wrong log removed
There are the logs we need:
neither less nor more nor other.virusinfo_syscure.zip
virusinfo_syscheck.zip
hijackthis.log
Pls. READ and FULFILL the rules: http://virusinfo.info/showthread.php?t=9184
Ваши права в разделе
Ответить с цитированием