Показано с 1 по 8 из 8.

"virus" i can't get ride off

  1. #1
    Junior Member Репутация
    Регистрация
    03.07.2009
    Сообщений
    4
    Вес репутации
    54

    "virus" i can't get ride off

    HI,
    following a tentative of viral attack, my Norton antivirus software informed me that it sucessfully removed the threat and requested a reboot.
    once the reboot done i had the following issues:
    1) Norton didn't launch automatically,
    2) all my internet connectivity was lost ( even if I could connect to the other computer of the network)
    3) I couldn't start Norton regarless what i was trying.
    4) all my security application couldn't be launch ( adware, spybot search and destroy, malware)

    so I decided to uninstall Norton.
    doing so i got back my connectivity.
    then i bought and installed Kaspersky internet security 2009,
    and even through the installation was completed successfully, Kaspersky still refuse to get launch regardless what i do.
    same thing with any type of security application (all other type of application work Just fine)

    i run out of solution that why i send you the log from kaspersky virus removal tool (that the only thing that seems to work at the moment)
    Hoping that you will be able to help me with that issue.

    thank a lot

    Antesolem
    Вложения Вложения

  2. #2
    Senior Member Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Аватар для Numb
    Регистрация
    04.10.2005
    Сообщений
    2,118
    Вес репутации
    870
    Greetings.
    I'm sorry for so late answer. If your problem still exists, then you should try to execute this script:
    Код:
    begin
    SearchRootkit(true, true);
    SetAVZGuardStatus(True);
     QuarantineFile('c:\windows\system32\snmp.exe','');
     QuarantineFile('C:\WINDOWS\system32\Drivers\sddriver.sys','');
     QuarantineFile('C:\DOCUME~1\Lionel\LOCALS~1\Temp\pfsvgae.sys','');
     QuarantineFile('C:\Program Files\Common Files\Portrait Displays\Shared\PresetsCOM.dll','');
     QuarantineFile('C:\Documents and Settings\Lionel\Desktop\Virus Removal Tool1\AntiNimd.exe','');
     QuarantineFile('\\?\globalroot\systemroot\system32\gxvxcgrdltplsvjkmoyphsehqvrjjkvamygol.dll','');
     QuarantineFile('c:\program files\ageia technologies\trayicon.exe','');
     TerminateProcessByName('c:\windows\system32\flcss.exe');
     QuarantineFile('c:\windows\system32\flcss.exe','');
     QuarantineFile('c:\program files\common files\portrait displays\shared\dtsrvc.exe','');
     DeleteFile('c:\windows\system32\flcss.exe');
     BC_DeleteFile('c:\windows\system32\flcss.exe');
     DeleteFile('\\?\globalroot\systemroot\system32\gxvxcgrdltplsvjkmoyphsehqvrjjkvamygol.dll');
     BC_DeleteFile('\\?\globalroot\systemroot\system32\gxvxcgrdltplsvjkmoyphsehqvrjjkvamygol.dll');
     DeleteFile('C:\DOCUME~1\Lionel\LOCALS~1\Temp\pfsvgae.sys');
     BC_DeleteFile('C:\DOCUME~1\Lionel\LOCALS~1\Temp\pfsvgae.sys');
     DeleteFile('winmok32.dll');
     BC_DeleteFile('winmok32.dll');
    DeleteFile('C:\Windows\System32\winmok32.dll');
    BC_DeleteFile('C:\Windows\System32\winmok32.dll');
     DeleteService('pfsvgae');
     BC_DeleteSvc('pfsvgae');
    BC_ImportquarantineList;
    BC_Activate;
    ExecuteSysClean;
    RebootWindows(true);
    end.
    After restart, upload quarantine using the link http://virusinfo.info/upload_virus_eng.php?tid=49200 and make logs again (you'd better make 3 logs as it's described in the rules of "Help me!" section)

  3. #3
    Junior Member Репутация
    Регистрация
    03.07.2009
    Сообщений
    4
    Вес репутации
    54

    Hi again

    Hello, sorry for the delay..

    Ok i run the script as requested and did as sugegsted.
    Note: Hijackthis REfuse to run on my computer regardless what i'm doing ..
    and i don't even get a warning message. it just doesn't run.
    for the rest here are the requested file.

    thanks again for the help
    Вложения Вложения
    Последний раз редактировалось Antesolem; 14.07.2009 в 08:27. Причина: find some quarantine file in the folder: AVZ_Quarantine

  4. #4
    Senior Member Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Аватар для drongo
    Регистрация
    17.09.2004
    Адрес
    Israel
    Сообщений
    7,164
    Вес репутации
    994
    Not helping much in your case. Rootkit & trojans are still in your system.Lets try in another way. Please download in my signature special version of avz.Unzip all files into the new folder and use it by running on run.cmd.

    Uninstall symantec completely- you have very old version, now it just may conflict with curing process.- it doesn't know your trojans and rootkit. So it will not help anyway.
    Do uninstall kaspersky avptool too.(for some reason you have couple copies of it)

    Disconnect from internet and run this script in special avz:
    Код:
    begin
    SearchRootkit(true, true);
    SetAVZGuardStatus(True);
     DelBHO('{FD03F3BF-FA17-415F-9976-4D9658528B42}');
     DelBHO('{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}');
     DelBHO('{5C255C8A-E604-49b4-9D64-90988571CECB}');
     QuarantineFile('\systemroot\system32\drivers\gxvxcotnqrdltfumoqbiqjvrtbwyroyidqjoo.sys','');
     QuarantineFile('C:\WINDOWS\system32\DRIVERS\26066021.sys','');
     QuarantineFile('\\?\globalroot\systemroot\system32\gxvxcmprqpkdabciythhppuiuiynmgrbrswib.dll','');
      QuarantineFile('C:\WINDOWS\system32\gxvxcserv.sys','');
     QuarantineFile('\\?\globalroot\systemroot\system32\gxvxcgrdltplsvjkmoyphsehqvrjjkvamygol.dll','');
     DeleteFile('\\?\globalroot\systemroot\system32\gxvxcgrdltplsvjkmoyphsehqvrjjkvamygol.dll');
     DeleteFile('\\?\globalroot\systemroot\system32\gxvxcmprqpkdabciythhppuiuiynmgrbrswib.dll');
     DeleteFile('C:\WINDOWS\system32\DRIVERS\26066021.sys');
     DeleteFile('\systemroot\system32\drivers\gxvxcotnqrdltfumoqbiqjvrtbwyroyidqjoo.sys');
     DeleteFile('C:\WINDOWS\system32\gxvxcserv.sys');
    DeleteService('gxvxcserv');
     BC_DeleteSvc('gxvxcserv');
    BC_ImportAll;
    BC_Activate;
    ExecuteSysClean;
    ExecuteRepair(6);
    ExecuteRepair(8);
    ExecuteRepair(9);
    ExecuteRepair(7);
    ExecuteRepair(12);
    CreateQurantineArchive('C:\quarantine.zip');
    SetAVZPMStatus(true);
    RebootWindows(true);
    end.
    Computer will reboot.
    Upload file C:\quarantine.zip, by link Upload quarantined files in the top of this thread.
    Please try to make a log with hijack this again ( download it again and rename it)
    Do create logs with special avz and attach to next post.
    Последний раз редактировалось drongo; 14.07.2009 в 10:29.

  5. #5
    Junior Member Репутация
    Регистрация
    03.07.2009
    Сообщений
    4
    Вес репутации
    54
    Hi
    Sorry for the Delay.
    So i did everything you told me to.
    and since i completely removed all possible version of Norton everything seems to work has it is supposed too.
    nevertheless here are all the files (i still not certain that the threat has been removed).
    thanks again for the help
    Вложения Вложения
    Последний раз редактировалось Rene-gad; 30.07.2009 в 23:35. Причина: quarantine removed

  6. #6
    Senior Member Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация
    Регистрация
    03.04.2006
    Сообщений
    21,100
    Вес репутации
    3023
    Цитата Сообщение от Antesolem Посмотреть сообщение
    So i did everything you told me to.
    No, you didn't:
    drongo wrote: Do create logs with special avz - you used the normal avz without uptodated database
    drongo wrote: Upload file C:\quarantine.zip, by link Upload quarantined files - you attached the file to the topic

    - Remove Bonjour
    - Clean Temp-Maps, Cache of Browsers, Recycler. Use Windows service tool cleanmgr or CCleaner or ClearProg
    Install the latest version of Adobe Reader.

  7. #7
    Junior Member Репутация
    Регистрация
    03.07.2009
    Сообщений
    4
    Вес репутации
    54
    Цитата Сообщение от Rene-gad Посмотреть сообщение
    drongo wrote: Upload file C:\quarantine.zip, by link Upload quarantined files - you attached the file to the topic
    .
    The link Upload doesn't allow me to send a new quarantine file (statement: link already used).
    for the rest .. i'm working on that now

  8. #8
    Senior Member Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация
    Регистрация
    03.04.2006
    Сообщений
    21,100
    Вес репутации
    3023
    Цитата Сообщение от Antesolem Посмотреть сообщение
    The link Upload doesn't allow me to send a new quarantine file (statement: link already used).
    This link is always at your's command: http://virusinfo.info/upload_virus_eng.php?tid=49200 . If your try to upload the same file for the 2nd time, you will be informed about it.
    In each case it's not allowed to attach suspicious files to the topic.
    Цитата Сообщение от Antesolem Посмотреть сообщение
    for the rest .. i'm working on that now
    It's not necessary - if your problem is solved - to make new logs now.

Похожие темы

  1. Ответов: 7
    Последнее сообщение: 26.04.2012, 16:16
  2. Ответов: 3
    Последнее сообщение: 22.02.2009, 09:42
  3. Ответов: 45
    Последнее сообщение: 22.02.2009, 07:57
  4. Ответов: 4
    Последнее сообщение: 22.02.2009, 03:39
  5. Ответов: 1
    Последнее сообщение: 28.11.2008, 17:59

Свернуть/Развернуть Ваши права в разделе

  • Вы не можете создавать новые темы
  • Вы не можете отвечать в темах
  • Вы не можете прикреплять вложения
  • Вы не можете редактировать свои сообщения
  •  
Page generated in 0.00352 seconds with 20 queries