Trojan.Win32.refroso.cev and Backdoor.Win32.IRCBoot.lqt

[MaFerreira]

Hello everybody!

I used the Kaspersky Virus removal and it didn't resolve my problem with an annoing virus/trojan that i'm having.

I used the automatic scan, deleted the files, but they kept comming back as soon as I restarted the computer. So I did the Manual Cure that said for me to post the 'report' it generated here in this forum.

Thats what I'm doing. Hope you can help me as soon as possible.

I think i attached somewhere the log.

;**

[Rene-gad]

Close/unload all the programs excepted AVZ and Internet Explorer

Switch off:
- Antivirus and and, if you have - Firewall.
- System Restore


- Execute following script in Manual Healing

Код:

begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
 QuarantineFile('C:\WINDOWS\system32\explorer.exe\explorer.exe.exe','');
 QuarantineFile('C:\RECYCLER\S-1-5-21-5869598583-6358572698-774508446-1572\wmiprvse.exe','');
 QuarantineFile('C:\RECYCLER\k-1-3542-4232123213-7676767-8888886\hn.exe','');
 DeleteFile('C:\RECYCLER\k-1-3542-4232123213-7676767-8888886\hn.exe');
 DeleteFile('C:\RECYCLER\S-1-5-21-5869598583-6358572698-774508446-1572\wmiprvse.exe');
 DeleteFile('C:\WINDOWS\system32\explorer.exe\explorer.exe.exe');
 DelCLSID('{23KLN5J0-4OPM-11WE-AAX5-24EF1F387232}');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
SetAVZPMStatus(True);
RebootWindows(true);
end.

After reboot:
- Execute following script in Manual Healing

Код:

begin
CreateQurantineArchive('C:\quarantine.zip');    
end.

- Remove Bonjour: http://virusinfo.info/showthread.php?t=42263
- Clean Temp-Maps, Cache of Browsers, Recycler. Use Windows service tool cleanmgr or CCleaner or ClearProg
- Close all the programs and start only Internet Explorer!!!
- Repeat a log file.
- Switch Antivirus and, if you have - Firewall, on.
- Go On-Line
- Upload the C:\quarantine.zip here: http://virusinfo.info/upload_virus_eng.php?tid=51438
- Attach a new log to your new post..

[MaFerreira]

so, i think I did all you requested me to do.

The Bonjour thing I removed using the AVZ. When I used the MSDOS prompter to do so, it said i didn't have the application. So, i runned the script in AVZ.

The log generated in Kaspersky i'm attaching here.

The quarentine.zip file i uploded in the link you gave to me.

waiting for the follow up in the process.

Thanks for helping

[Rene-gad]

I cannot find any suspicious item. Is your problem solved?