Infected with virus - Block access to AV & MS website

[mynor]

Hi there

My PC has been infected by virus which is blocking me from accessing any AV website and MS website.

Everytime I restarted my PC, my Bitdefender block some activities that accessing some chinese website.

I already run Spybot, Bitdefender & Dr Web Cure It.

They managed to clean certain virus but still I cant access those websites.

Below I attached log from Kapersky removal tool.

[Rene-gad]

- Execute following script in Manual Cure

Код:

begin
SetAVZPMStatus(True);
ExecuteRepair(13);
RebootWindows(true);
end.

After reboot
- Clean Temp-Maps, Cache of Browsers, Recycler. Use Windows service tool cleanmgr or CCleaner or ClearProg
- Repeat a log file.

[mynor]

The log attached as per your request.

[Rene-gad]

What is the drive E:\? It contains malicious items, let it ON during the follow operations.

- Startmenu/Run... give the string in:

Код:

edit c:\windows\system32\drivers\etc\hosts

and press Enter, remove all servers besides

Код:

127.0.0.1 localhost

File/Close and Save changings.

Close/unload all the programs excepted AVZ and Internet Explorer

Switch off:
- Antivirus and and, if you have - Firewall.
- System Restore


- Execute following script in Manual Healing

Код:

begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
 QuarantineFile('E:\autorun.inf','');
 QuarantineFile('E:\SPOOLSV.EXE','');
 DeleteFile('E:\SPOOLSV.EXE');
 DeleteFile('E:\autorun.inf');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.

After reboot:
- Execute following script in Manual Healing

Код:

begin
CreateQurantineArchive('C:\quarantine.zip');    
end.

- Clean Temp-Maps, Cache of Browsers, Recycler. Use Windows service tool cleanmgr or CCleaner or ClearProg
- Close all the programs and start only Internet Explorer!!!
- Repeat a log file.
- Switch Antivirus and, if you have - Firewall, on.
- Go On-Line
- Upload the C:\quarantine.zip here: http://virusinfo.info/upload_virus_eng.php?tid=43845
- Attach a new log to your new post..

[mynor]

I already uploaded the quarantine.zip file and already attached log. As additional information, everytime I restart my PC, my AV will block access from my PC to the website like what I attached.

FYI, I even cannot access this website from my PC.I have to use another PC to access to this website

[Rene-gad]

For the 2nd time:
What is the drive E:\?

[mynor]

really sorry...i miss that part.

E: is my thumb drive which is i just reformatted.

[Rene-gad]

Did you clean all temp/cache maps using CCleaner & ClearProg?

I already uploaded the quarantine.zip file

Whereto? I'd like to see it here: http://virusinfo.info/upload_virus_eng.php?tid=48020

[mynor]

yes. i did clean using CCleaner but I havent use ClearProg

update: i just try to scan using ClearProg 1.5.1 Beta 8 but half way it crashed

Добавлено через 17 минут

Did you clean all temp/cache maps using CCleaner & ClearProg?

Whereto? I'd like to see it here: http://virusinfo.info/upload_virus_eng.php?tid=48020

Yes. I uploaded by using your link.

[Rene-gad]

Yes. I uploaded by using your link.

The container is empty. Pls. repeat & copy-paste the message about successful upload.

BTW: You hadn't use Beta of ClearProg but only Final version.

[mynor]

i cannot upload anymore and i got this error:

Upload result

Upload error. This file already was uploaded before

[Rene-gad]

I'm sorry, I gave you a wrong link
Switch off/Disable:
- Antivirus and and, if you have - Firewall.
- System Restore

- Execute following script in Manual Cure

Код:

begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
 ClearQuarantine;
 QuarantineFile('C:\WINDOWS\System32\Drivers\29732f40.sys','');
 QuarantineFile('C:\WINDOWS\system32\DRIVERS\tcpip.sys','');
 QuarantineFile('E:\MPNOTIFY.EXE','');
 QuarantineFile('E:\autorun.inf','');
 DeleteFile('E:\MPNOTIFY.EXE');
 DeleteFile('E:\autorun.inf');
 DeleteFile('C:\WINDOWS\System32\Drivers\29732f40.sys');
BC_ImportAll;
ExecuteSysClean;
ExecuteRepair(2);
ExecuteRepair(3);
ExecuteRepair(4);
BC_Activate;
RebootWindows(true);
end.

After reboot execute following script in Manual Cure

Код:

begin
CreateQurantineArchive('C:\quarantine.zip');
end.

- Repeat a log file.
- Upload the quarantine.zip over this link: http://virusinfo.info/upload_virus_eng.php?tid=48020

[mynor]

quarantine file uploaded successfully.

log as per attached below

[Rene-gad]

System booted in Safe Mode

Log should be done only in NORMAL MODE and you should not remove old log files.

[mynor]

this one log when my pc in normal mode..
i did removed the old log because it going to take space when I attached a new logs

[Rene-gad]

The drive E:\ is infected. Evtl. it will be infected at any other PC. Format it at Linux System or don't use it at all.
Repeat the log without E:\