Показано с 1 по 4 из 4.

virus.win32.salita.aa detected-uanable to remove

  1. #1
    Junior Member Репутация
    Регистрация
    14.06.2009
    Сообщений
    2
    Вес репутации
    55

    virus.win32.salita.aa detected-uanable to remove

    Hai,

    Recently my computer is infected with a virus...it diables task manger and registry editor also turns off windows firewall.

    After trying scans like Malwarebytes, Combofix etc..i reformated the OS drive (i have 3 other drives which i cannot afford to format)
    still the issue is same. its now not letting me to activate any antivirus software.

    I tried booting in safemode but unabe to do so.

    Can someone help me with this.

    Note: i tried to check running processes using Process explorer and i dont find any malicous process turnning...and my efforts to enable task manger and registry editor end up in vain.


    i have kaspersky antivirus but unable to activate it or any other antivirus, the window disappears...then i tried portable kaspersky virus removal tool...it detected virus.win32.salita.aa removed it then after restarting the computer in 5 minutes i got those virus back before even getting online.


    I have attached all the require log files..hope someone can help me
    Вложения Вложения

  2. #2
    Senior Member Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация
    Регистрация
    03.04.2006
    Сообщений
    21,100
    Вес репутации
    3023
    Your system is not uptodate, your antivirus - too. Also you haven't any chance to defend yourself against malware.

    Switch off/Disable:
    - Antivirus and and, if you have - Firewall.
    - System Restore

    - Remove SuperAntiSpyware

    - Execute following script in Manual Cure
    Код:
    begin
    SearchRootkit(true, true);
    SetAVZGuardStatus(True);
     StopService('asc3360pr');
     QuarantineFile('F:\WINDOWS\system32\drivers\hhhgkn.sys','');
     DeleteFile('F:\WINDOWS\system32\drivers\hhhgkn.sys');
     DeleteService('asc3360pr');
    BC_ImportAll;
    ExecuteSysClean;
    BC_DeleteSvc('asc3360pr');
    BC_Activate;
    SetAVZPMStatus(True);
    RebootWindows(true);
    end.
    After reboot execute following script in Manual Cure
    Код:
    begin
    CreateQurantineArchive('C:\quarantine.zip');
    end.
    - Clean Temp-Maps, Cache of Browsers, Recycler. Use Windows service tool cleanmgr or CCleaner or ClearProg
    - Close all the programs and start only Internet Explorer!!!
    - Repeat a log file.
    - Switch Antivirus and, if you have - Firewall, on.
    - Go On-Line
    - Upload the quarantine.zip over the link Upload quarantined files on the top of this page.
    - Attach a log to your new post..

    PLS: Make either avptool or avz log files, not both of them. In the 2nd case pls. update the database.

  3. #3
    Junior Member Репутация
    Регистрация
    14.06.2009
    Сообщений
    2
    Вес репутации
    55
    Thank u rene...

    i am out of station now...i ill execute the scripts and post the reply as asoon as possibel.

    Hai,

    I have uploaded the quarantined files.....

    after running the scripts no improvement in the situation...ran Kaspersky virus removal tool it again detected the same virus

    i also ran combo fix after that adding that log also....

    Waiting for the reply

    I have uploaded the quarntined file in the link mentioned above.
    Вложения Вложения
    Последний раз редактировалось Rene-gad; 21.06.2009 в 18:37.

  4. #4
    Senior Member Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация
    Регистрация
    03.04.2006
    Сообщений
    21,100
    Вес репутации
    3023
    First of all you should to check your disk with CureIt from Dr.Web during the installed system is not active. It could be done, if you use a LiveCD or re-build your hard disk into any other PC.

    AVPTool is out of date!!!
    Kaspersky Virus Removal Tool 7.0.0.290 (database released 18/11/2008; 13:08 )
    Download the last version of AVPTool

    After that

    Switch off/Disable:
    - Antivirus and and, if you have - Firewall.
    - System Restore

    - Remove SuperAntiSpyware

    - Execute following script in Manual Cure
    Код:
    begin
    SearchRootkit(true, true);
    SetAVZGuardStatus(True);
      ClearQuarantine;
      TerminateProcessByName('f:\docume~1\appu\locals~1\temp\winmeawi.exe');
     TerminateProcessByName('f:\docume~1\appu\locals~1\temp\ujqvcl.exe');
     TerminateProcessByName('f:\docume~1\appu\locals~1\temp\eaqdba.exe');
     StopService('catchme');
     StopService('asc3360pr');
     QuarantineFile('F:\WINDOWS\system32\drivers\hhhgkn.sys','');
     QuarantineFile('F:\DOCUME~1\Appu\LOCALS~1\Temp\winmeawi.exe','');
     QuarantineFile('F:\DOCUME~1\Appu\LOCALS~1\Temp\ujqvcl.exe','');
     QuarantineFile('F:\DOCUME~1\Appu\LOCALS~1\Temp\eaqdba.exe','');
     QuarantineFile('F:\DOCUME~1\Appu\LOCALS~1\Temp\catchme.sys','');
     DeleteService('catchme');
     DeleteService('asc3360pr');
     DeleteFile('F:\WINDOWS\system32\drivers\hhhgkn.sys');
     DeleteFile('F:\DOCUME~1\Appu\LOCALS~1\Temp\winmeawi.exe');
     DeleteFile('F:\DOCUME~1\Appu\LOCALS~1\Temp\ujqvcl.exe');
     DeleteFile('F:\DOCUME~1\Appu\LOCALS~1\Temp\eaqdba.exe');
     DeleteFile('F:\DOCUME~1\Appu\LOCALS~1\Temp\catchme.sys');
    BC_ImportAll;
    ExecuteSysClean;
    BC_DeleteSvc('asc3360pr');
    BC_DeleteSvc('catchme');
    BC_Activate;
    SetAVZPMStatus(True);
    RebootWindows(true);
    end.
    After reboot execute following script in Manual Cure
    Код:
    begin
    CreateQurantineArchive('C:\quarantine.zip');
    end.
    - Clean Temp-Maps, Cache of Browsers, Recycler. Use Windows service tool cleanmgr or CCleaner or ClearProg
    - Close all the programs and start only Internet Explorer!!!
    - Repeat a log file.
    - Switch Antivirus and, if you have - Firewall, on.
    - Go On-Line
    - Upload the quarantine.zip over the link Upload quarantined files on the top of this page.
    - Attach a log to your new post..

Похожие темы

  1. My Kaspersky Anti Virus indicates a detected virus can not remove.
    От coshca в разделе Malware Removal Service
    Ответов: 1
    Последнее сообщение: 14.07.2010, 13:19
  2. Worm.Win32.Mabezat... need to remove virus.
    От mervyne в разделе Malware Removal Service
    Ответов: 7
    Последнее сообщение: 31.05.2010, 17:29
  3. Virus Win32/Sality:AM - help remove
    От vivs28 в разделе Malware Removal Service
    Ответов: 1
    Последнее сообщение: 27.12.2009, 03:53
  4. How to remove: virus.win32.sality.aa
    От eshui2007 в разделе Malware Removal Service
    Ответов: 12
    Последнее сообщение: 27.06.2009, 09:22
  5. not-a-virus:AdWare.Win32.Vapsup.awu help to remove
    От mberryaz в разделе Malware Removal Service
    Ответов: 1
    Последнее сообщение: 17.02.2008, 23:55

Свернуть/Развернуть Ваши права в разделе

  • Вы не можете создавать новые темы
  • Вы не можете отвечать в темах
  • Вы не можете прикреплять вложения
  • Вы не можете редактировать свои сообщения
  •  
Page generated in 0.01561 seconds with 20 queries