Показано с 1 по 2 из 2.

manual cure - win32.sality infection

  1. #1
    Junior Member Репутация
    Регистрация
    20.05.2009
    Сообщений
    1
    Вес репутации
    32

    manual cure - win32.sality infection

    hi,

    i scanned my computer with avptool. it seems that win32.sality or something infected my computer badly. my kaspersky internet security 2009 is also not functioning anymore. reinstall seems not possible.

    attached is the system info collected by avptool

    thank you for your help!
    Вложения Вложения

  2. #2
    Senior Member Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация
    Регистрация
    03.04.2006
    Сообщений
    21,108
    Вес репутации
    3000
    Switch off/Disable System Restore

    You have Sality-Virus. This infection used non-patched vulnerabilities and your system isn't patched at all.
    First of all you must to check the system with CureIt starting from write-protected drive.
    Than

    Switch off/Disable:
    - Antivirus and and, if you have - Firewall.

    - Execute following script in Manual Cure
    Код:
    begin
    SearchRootkit(true, true);
    SetAVZGuardStatus(True);
     StopService('yxlxznqzj');
     StopService('zldjxsp');
     StopService('zkeqywb');
     StopService('zfjzjouak');
     StopService('zdsshon');
     StopService('yvdsjfe');
     StopService('yocaougg');
     StopService('yfzjvejdf');
     StopService('ycmjiajm');
     StopService('xsauoz');
     StopService('xjfbzrngy');
     StopService('xiphzdgh');
     StopService('xdomdyu');
     StopService('xdjaevfb');
     StopService('wxwdsock');
     StopService('wpfqgizhd');
     StopService('wnonya');
     StopService('wkjdt');
     StopService('wfkgl');
     StopService('wfbixs');
     StopService('vywnmp');
     StopService('vvhunrar');
     StopService('vvfvlvqxl');
     StopService('vlkkbpqct');
     StopService('veoak');
     StopService('usaaodxc');
     StopService('unqukwiax');
     StopService('ufjbpee');
     StopService('uczwkujbv');
     StopService('ubdexn');
     StopService('ubaembr');
     StopService('uatudd');
     StopService('twtig');
     StopService('tvissuzoc');
     StopService('tsfojwp');
     StopService('tpleru');
     StopService('tnzilgxe');
     StopService('tfrfg');
     StopService('tconotegp');
     StopService('szmqv');
     StopService('sumebrwv');
     StopService('soqwez');
     StopService('SjyPkt');
     StopService('rpevm');
     StopService('roytvq');
     StopService('rhmnk');
     StopService('rewhet');
     StopService('rdrhcdbd');
     StopService('rczjlf');
     StopService('qvhxnj');
     StopService('qqwgex');
     StopService('qhwhoyu');
     StopService('qcmvjxwmb');
     StopService('qaxtbb');
     StopService('pmwhz');
     StopService('pierq');
     StopService('pbuarnl');
     StopService('oyohrnbvi');
     StopService('opwwu');
     StopService('oltmk');
     StopService('oajygnv');
     StopService('nzsxcbb');
     StopService('nxwlwzg');
     StopService('ntgmovtwq');
     StopService('npmsydi');
     StopService('nnmxbj');
     StopService('nnkqmcnpz');
     StopService('nhsccr');
     StopService('ndwhwfkp');
     StopService('mtxny');
     StopService('mopfd');
     StopService('lzbliqvmu');
     StopService('lxjzktp');
     StopService('lwcgxmkr');
     StopService('ltvmm');
     StopService('lfmng');
     StopService('ldttovuxr');
     StopService('kzvwebtci');
     StopService('kzlsizuk');
     StopService('kcesopqpc');
     StopService('jzfpnvq');
     StopService('jsebij');
     StopService('jlxzxepvd');
     StopService('jaaurcg');
     StopService('iurtp');
     StopService('isnno');
     StopService('irkhjz');
     StopService('imzcslc');
     StopService('ilqlz');
     StopService('ihzsxkn');
     StopService('hzkjd');
     StopService('hweemkehv');
     StopService('hvwovdk');
     StopService('hirzvj');
     StopService('hgpzcttf');
     StopService('gyywszthy');
     StopService('gxglx');
     StopService('guzjonyrs');
     StopService('gpkudnna');
     StopService('govptlxp');
     StopService('goqtzkgc');
     StopService('gmgut');
     StopService('gkiayvhcm');
     StopService('gjumngwc');
     StopService('ghxoibdix');
     StopService('ftaagyk');
     StopService('fkpvwfxo');
     StopService('fhrvchdaf');
     StopService('ffgkqp');
     StopService('fantqhy');
     StopService('exxlkf');
     StopService('erdehm');
     StopService('eralogjyf');
     StopService('emenm');
     StopService('duluarrik');
     StopService('dmtsi');
     StopService('dijljtenm');
     StopService('dgwhtuh');
     StopService('dbewvljje');
     StopService('cstbevlfo');
     StopService('cndplxvar');
     StopService('chnrjabbx');
     StopService('cbuhxa');
     StopService('bvymta');
     StopService('buqaf');
     StopService('bivjx');
     StopService('belsisye');
     StopService('asc3360pr');
     StopService('aowijcfxq');
     QuarantineFile('I:\autorun.inf','');
     QuarantineFile('C:\WINDOWS\System32\Drivers\SjyPkt.sys','');
     QuarantineFile('C:\WINDOWS\system32\drivers\qmnkfp.sys','');
     QuarantineFile('C:\WINDOWS\system32\08.tmp','');
     QuarantineFile('C:\WINDOWS\system32\06.tmp','');
     QuarantineFile('C:\WINDOWS\system32\05.tmp','');
     QuarantineFile('C:\WINDOWS\system32\04.tmp','');
     QuarantineFile('C:\WINDOWS\system32\03.tmp','');
     QuarantineFile('C:\WINDOWS\system32\02.tmp','');
     QuarantineFile('C:\WINDOWS\system32\01.tmp','');
     QuarantineFile('C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mc23.tmp','');
     DeleteService('zldjxsp');
     DeleteService('zkeqywb');
     DeleteService('zfjzjouak');
     DeleteService('zdsshon');
     DeleteService('yxlxznqzj');
     DeleteService('yvdsjfe');
     DeleteService('yocaougg');
     DeleteService('yfzjvejdf');
     DeleteService('ycmjiajm');
     DeleteService('xsauoz');
     DeleteService('xjfbzrngy');
     DeleteService('xiphzdgh');
     DeleteService('xdomdyu');
     DeleteService('xdjaevfb');
     DeleteService('wxwdsock');
     DeleteService('wpfqgizhd');
     DeleteService('wnonya');
     DeleteService('wkjdt');
     DeleteService('wfkgl');
     DeleteService('wfbixs');
     DeleteService('vywnmp');
     DeleteService('vvhunrar');
     DeleteService('vvfvlvqxl');
     DeleteService('vlkkbpqct');
     DeleteService('veoak');
     DeleteService('usaaodxc');
     DeleteService('unqukwiax');
     DeleteService('ufjbpee');
     DeleteService('uczwkujbv');
     DeleteService('ubdexn');
     DeleteService('ubaembr');
     DeleteService('uatudd');
     DeleteService('twtig');
     DeleteService('tvissuzoc');
     DeleteService('tsfojwp');
     DeleteService('tpleru');
     DeleteService('tfrfg');
     DeleteService('tconotegp');
     DeleteService('szmqv');
     DeleteService('sumebrwv');
     DeleteService('soqwez');
     DeleteService('SjyPkt');
     DeleteService('rpevm');
     DeleteService('roytvq');
     DeleteService('rhmnk');
     DeleteService('rewhet');
     DeleteService('rdrhcdbd');
     DeleteService('rczjlf');
     DeleteService('qvhxnj');
     DeleteService('qqwgex');
     DeleteService('qhwhoyu');
     DeleteService('qcmvjxwmb');
     DeleteService('qaxtbb');
     DeleteService('pmwhz');
     DeleteService('pierq');
     DeleteService('pbuarnl');
     DeleteService('oyohrnbvi');
     DeleteService('opwwu');
     DeleteService('oltmk');
     DeleteService('oajygnv');
     DeleteService('nzsxcbb');
     DeleteService('nxwlwzg');
     DeleteService('ntgmovtwq');
     DeleteService('npmsydi');
     DeleteService('nnmxbj');
     DeleteService('nnkqmcnpz');
     DeleteService('nhsccr');
     DeleteService('mtxny');
     DeleteService('mopfd');
     DeleteService('lzbliqvmu');
     DeleteService('lxjzktp');
     DeleteService('lwcgxmkr');
     DeleteService('ltvmm');
     DeleteService('lfmng');
     DeleteService('ldttovuxr');
     DeleteService('kzvwebtci');
     DeleteService('kzlsizuk');
     DeleteService('kcesopqpc');
     DeleteService('jzfpnvq');
     DeleteService('jsebij');
     DeleteService('jlxzxepvd');
     DeleteService('jaaurcg');
     DeleteService('iurtp');
     DeleteService('isnno');
     DeleteService('irkhjz');
     DeleteService('imzcslc');
     DeleteService('ilqlz');
     DeleteService('ihzsxkn');
     DeleteService('hzkjd');
     DeleteService('hweemkehv');
     DeleteService('hvwovdk');
     DeleteService('hirzvj');
     DeleteService('hgpzcttf');
     DeleteService('gyywszthy');
     DeleteService('gxglx');
     DeleteService('guzjonyrs');
     DeleteService('gpkudnna');
     DeleteService('govptlxp');
     DeleteService('goqtzkgc');
     DeleteService('gmgut');
     DeleteService('gkiayvhcm');
     DeleteService('gjumngwc');
     DeleteService('ghxoibdix');
     DeleteService('ftaagyk');
     DeleteService('fkpvwfxo');
     DeleteService('fhrvchdaf');
     DeleteService('ffgkqp');
     DeleteService('fantqhy');
     DeleteService('exxlkf');
     DeleteService('erdehm');
     DeleteService('eralogjyf');
     DeleteService('emenm');
     DeleteService('duluarrik');
     DeleteService('dmtsi');
     DeleteService('dijljtenm');
     DeleteService('dgwhtuh');
     DeleteService('dbewvljje');
     DeleteService('cstbevlfo');
     DeleteService('cndplxvar');
     DeleteService('chnrjabbx');
     DeleteService('cbuhxa');
     DeleteService('bvymta');
     DeleteService('buqaf');
     DeleteService('bivjx');
     DeleteService('belsisye');
     DeleteService('asc3360pr');
     DeleteService('aowijcfxq');
     DeleteFile('I:\autorun.inf');
     DeleteFile('C:\WINDOWS\System32\Drivers\SjyPkt.sys');
     DeleteFile('C:\WINDOWS\system32\drivers\qmnkfp.sys');
     DeleteFile('C:\WINDOWS\system32\08.tmp');
     DeleteFile('C:\WINDOWS\system32\06.tmp');
     DeleteFile('C:\WINDOWS\system32\05.tmp');
     DeleteFile('C:\WINDOWS\system32\04.tmp');
     DeleteFile('C:\WINDOWS\system32\03.tmp');
     DeleteFile('C:\WINDOWS\system32\02.tmp');
     DeleteFile('C:\WINDOWS\system32\01.tmp');
     DeleteFile('C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mc23.tmp');
    BC_ImportAll;
    ExecuteSysClean;
     BC_DeleteSvc('zldjxsp');
     BC_DeleteSvc('zkeqywb');
     BC_DeleteSvc('zfjzjouak');
     BC_DeleteSvc('zdsshon');
     BC_DeleteSvc('yxlxznqzj');
     BC_DeleteSvc('yvdsjfe');
     BC_DeleteSvc('yocaougg');
     BC_DeleteSvc('yfzjvejdf');
     BC_DeleteSvc('ycmjiajm');
     BC_DeleteSvc('xsauoz');
     BC_DeleteSvc('xjfbzrngy');
     BC_DeleteSvc('xiphzdgh');
     BC_DeleteSvc('xdomdyu');
     BC_DeleteSvc('xdjaevfb');
     BC_DeleteSvc('wxwdsock');
     BC_DeleteSvc('wpfqgizhd');
     BC_DeleteSvc('wnonya');
     BC_DeleteSvc('wkjdt');
     BC_DeleteSvc('wfkgl');
     BC_DeleteSvc('wfbixs');
     BC_DeleteSvc('vywnmp');
     BC_DeleteSvc('vvhunrar');
     BC_DeleteSvc('vvfvlvqxl');
     BC_DeleteSvc('vlkkbpqct');
     BC_DeleteSvc('veoak');
     BC_DeleteSvc('usaaodxc');
     BC_DeleteSvc('unqukwiax');
     BC_DeleteSvc('ufjbpee');
     BC_DeleteSvc('uczwkujbv');
     BC_DeleteSvc('ubdexn');
     BC_DeleteSvc('ubaembr');
     BC_DeleteSvc('uatudd');
     BC_DeleteSvc('twtig');
     BC_DeleteSvc('tvissuzoc');
     BC_DeleteSvc('tsfojwp');
     BC_DeleteSvc('tpleru');
     BC_DeleteSvc('tfrfg');
     BC_DeleteSvc('tconotegp');
     BC_DeleteSvc('szmqv');
     BC_DeleteSvc('sumebrwv');
     BC_DeleteSvc('soqwez');
     BC_DeleteSvc('SjyPkt');
     BC_DeleteSvc('rpevm');
     BC_DeleteSvc('roytvq');
     BC_DeleteSvc('rhmnk');
     BC_DeleteSvc('rewhet');
     BC_DeleteSvc('rdrhcdbd');
     BC_DeleteSvc('rczjlf');
     BC_DeleteSvc('qvhxnj');
     BC_DeleteSvc('qqwgex');
     BC_DeleteSvc('qhwhoyu');
     BC_DeleteSvc('qcmvjxwmb');
     BC_DeleteSvc('qaxtbb');
     BC_DeleteSvc('pmwhz');
     BC_DeleteSvc('pierq');
     BC_DeleteSvc('pbuarnl');
     BC_DeleteSvc('oyohrnbvi');
     BC_DeleteSvc('opwwu');
     BC_DeleteSvc('oltmk');
     BC_DeleteSvc('oajygnv');
     BC_DeleteSvc('nzsxcbb');
     BC_DeleteSvc('nxwlwzg');
     BC_DeleteSvc('ntgmovtwq');
     BC_DeleteSvc('npmsydi');
     BC_DeleteSvc('nnmxbj');
     BC_DeleteSvc('nnkqmcnpz');
     BC_DeleteSvc('nhsccr');
     BC_DeleteSvc('mtxny');
     BC_DeleteSvc('mopfd');
     BC_DeleteSvc('lzbliqvmu');
     BC_DeleteSvc('lxjzktp');
     BC_DeleteSvc('lwcgxmkr');
     BC_DeleteSvc('ltvmm');
     BC_DeleteSvc('lfmng');
     BC_DeleteSvc('ldttovuxr');
     BC_DeleteSvc('kzvwebtci');
     BC_DeleteSvc('kzlsizuk');
     BC_DeleteSvc('kcesopqpc');
     BC_DeleteSvc('jzfpnvq');
     BC_DeleteSvc('jsebij');
     BC_DeleteSvc('jlxzxepvd');
     BC_DeleteSvc('jaaurcg');
     BC_DeleteSvc('iurtp');
     BC_DeleteSvc('isnno');
     BC_DeleteSvc('irkhjz');
     BC_DeleteSvc('imzcslc');
     BC_DeleteSvc('ilqlz');
     BC_DeleteSvc('ihzsxkn');
     BC_DeleteSvc('hzkjd');
     BC_DeleteSvc('hweemkehv');
     BC_DeleteSvc('hvwovdk');
     BC_DeleteSvc('hirzvj');
     BC_DeleteSvc('hgpzcttf');
     BC_DeleteSvc('gyywszthy');
     BC_DeleteSvc('gxglx');
     BC_DeleteSvc('guzjonyrs');
     BC_DeleteSvc('gpkudnna');
     BC_DeleteSvc('govptlxp');
     BC_DeleteSvc('goqtzkgc');
     BC_DeleteSvc('gmgut');
     BC_DeleteSvc('gkiayvhcm');
     BC_DeleteSvc('gjumngwc');
     BC_DeleteSvc('ghxoibdix');
     BC_DeleteSvc('ftaagyk');
     BC_DeleteSvc('fkpvwfxo');
     BC_DeleteSvc('fhrvchdaf');
     BC_DeleteSvc('ffgkqp');
     BC_DeleteSvc('fantqhy');
     BC_DeleteSvc('exxlkf');
     BC_DeleteSvc('erdehm');
     BC_DeleteSvc('eralogjyf');
     BC_DeleteSvc('emenm');
     BC_DeleteSvc('duluarrik');
     BC_DeleteSvc('dmtsi');
     BC_DeleteSvc('dijljtenm');
     BC_DeleteSvc('dgwhtuh');
     BC_DeleteSvc('dbewvljje');
     BC_DeleteSvc('cstbevlfo');
     BC_DeleteSvc('cndplxvar');
     BC_DeleteSvc('chnrjabbx');
     BC_DeleteSvc('cbuhxa');
     BC_DeleteSvc('bvymta');
     BC_DeleteSvc('buqaf');
     BC_DeleteSvc('bivjx');
     BC_DeleteSvc('belsisye');
     BC_DeleteSvc('asc3360pr');
     BC_DeleteSvc('aowijcfxq');
    BC_Activate;
    RebootWindows(true);
    end.
    After reboot execute following script in Manual Cure
    Код:
    begin
    CreateQurantineArchive('C:\quarantine.zip');
    end.
    - Remove Bonjour
    - Clean Temp-Maps, Cache of Browsers, Recycler. Use Windows service tool cleanmgr or CCleaner or ClearProg
    - Close all the programs and start only Internet Explorer!!!
    - Repeat a log file.
    - Switch Antivirus and, if you have - Firewall, on.
    - Go On-Line
    - Upload the quarantine.zip over the link Upload quarantined files on the top of this page.
    - Attach a log to your new post..

Похожие темы

  1. Win32.Sality Infection
    От aodhowain в разделе Malware Removal Service
    Ответов: 5
    Последнее сообщение: 20.10.2009, 03:23
  2. manual cure
    От vico в разделе Malware Removal Service
    Ответов: 1
    Последнее сообщение: 11.07.2009, 15:18
  3. Manual Cure
    От Ennio Alvarez в разделе Malware Removal Service
    Ответов: 11
    Последнее сообщение: 23.05.2009, 09:45
  4. my manual cure
    От mario995 в разделе Malware Removal Service
    Ответов: 1
    Последнее сообщение: 16.05.2009, 23:30
  5. Manual cure !
    От briancan в разделе Malware Removal Service
    Ответов: 1
    Последнее сообщение: 08.02.2009, 11:21

Свернуть/Развернуть Ваши права в разделе

  • Вы не можете создавать новые темы
  • Вы не можете отвечать в темах
  • Вы не можете прикреплять вложения
  • Вы не можете редактировать свои сообщения
  •  
Page generated in 0.01044 seconds with 17 queries