Cannot find virus. have tried AVG, MS live one care, kaspersky.
Spybot will not run!
All help appreciated
Logs attached
Cannot find virus. have tried AVG, MS live one care, kaspersky.
Spybot will not run!
All help appreciated
Logs attached
Please read carefully the rules, your logs are almost useless to us.
You should update avz bases, disable antivirus and make logs in normal mode and not in safe mode, like you did.
Describe your problem. You can't boot in normal mode?
Последний раз редактировалось drongo; 31.07.2009 в 19:15.
*Нажми и выполни, если хочешь чтобы помощь улучшилась и ускорилась
*MyFirefox Portable
special avz @ rapidshare.com
md5: 2091925798B7909E010E3F7E328C5F0D
Will do normal mode although may take a time as keeps locking
thanks
if you will disable all your programs in system tray, except your browser(browser should be running)- it will be faster.
*Нажми и выполни, если хочешь чтобы помощь улучшилась и ускорилась
*MyFirefox Portable
special avz @ rapidshare.com
md5: 2091925798B7909E010E3F7E328C5F0D
let you know
hopefully these are what you need - back in safe mode.....
Последний раз редактировалось Rene-gad; 01.08.2009 в 10:22. Причина: quarantine removed
Switch off/Disable:
- Antivirus and and, if you have - Firewall.
- System Restore
-Fix with Hijackthis
- Execute following scriptКод:O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file) O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file) O2 - BHO: (no name) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - (no file)
After reboot execute following scriptКод:begin SearchRootkit(true, true); SetAVZGuardStatus(True); QuarantineFile('%systemroot%\system32\UACnbacbigjwy.dll',''); DeleteFile('%systemroot%\system32\UACnbacbigjwy.dll'); BC_ImportAll; ExecuteSysClean; BC_Activate; SetAVZPMStatus(True); RebootWindows(true); end.
- Clean Temp-Maps, Cache of Browsers, Recycler. Use Windows service tool cleanmgr or CCleaner or ClearProgКод:begin CreateQurantineArchive('C:\quarantine.zip'); end.
- Close all the programs and start only Internet Explorer!!!
- Repeat steps 1...3 of Analysis and attach 3 new logs
- Make a log with GMER www.gmer.net (download, start, press SCAN, wait a couple of minutes till the scanning will be to the end, press SAVE and save a log as gmer.log, attach the log together with 3 standard logs).
- Switch Antivirus and, if you have - Firewall, on.
- Go On-Line
- Upload the C:\quarantine.zip over the link Upload quarantined files on the top of this page.
Hi
More logs.
Cannot get GMER to finish - starts to run then locks up = time period varies for lock up.
thanks
have done that GMER still locks but varies on how long before it locks
Добавлено через 2 часа 48 минут
once I start gmer it quickly states warning gmer has found system modification which might have been caused by ROOTKIT activity. Dou want to fully scan your system?
I have been saying yes.
I notice that highlighted in red is;
Type Name value
service C:\windows\system32\drivers\UACxocntoymcj.sys (System) UACd.sys
hope this helps
Последний раз редактировалось neilwool; 02.08.2009 в 14:23. Причина: Добавлено
Copy & paste follow code
in a new text file, save it as e.g. 123.bat in the same directory where lies gmer.exe and start it with double click.Код:gmer.exe -del service UACd.sys gmer.exe -del file "C:\windows\system32\drivers\UACxocntoymcj.sys" gmer.exe -reboot
After reboot switch firewall & antivirus off and repeat Gmer.log
after runing CHKDSK ran on reboot and rebuilt the usn journal.
also avg detected and removed trojan horse generic 13.BQVV on restart.
GMER ran sucessfully and I attach log
Copy & paste follow code
in a new text file, save it as e.g. 321.bat in the same directory where lies gmer.exe and start it with double click.Код:gmer.exe -del reg "HKLM\SYSTEM\ControlSet002\Services\UACd.sys" gmer.exe -del file "C:\windows\system32\drivers\UACuwpritrdme.sys" gmer.exe -del file "C:\windows\system32\UACtboebebhwt.dll" gmer.exe -reboot
After reboot switch firewall & antivirus off and repeat Gmer.log
gmer log
Hi
No more problems all seems fine - thank you very much.
Best wishes
Neil
sent USD35 hope thats OK
cheers