Показано с 1 по 15 из 15.

Yahoo Messenger virus!

  1. #1
    Junior Member Репутация
    Регистрация
    09.08.2009
    Сообщений
    10
    Вес репутации
    32

    Yahoo Messenger virus!

    Hello! I've got a virus/trojan that periodically sends a message with the virus's link to all my friends on the list. I tried to remove but I can't. The nod smart security and the windows defender didn't find the virus. I searched for the virus in the google and I find that the "vshot.exe" is the virus. I find this at http://communicationik.blogspot.com/...85220775954522 link. I've downloaded the Kaspersky Virus Removal tool from here. I now where is the virus but I can't delet becouse it is hidden. plesa help me I send my informations collected by the virus removal tool.
    Вложения Вложения

  2. #2
    Senior Member Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация
    Регистрация
    03.04.2006
    Сообщений
    21,108
    Вес репутации
    3001
    Switch off/Disable:
    - Antivirus and and, if you have - Firewall.
    - System Restore


    - Execute following script in Manual Cure
    Код:
    begin
    SearchRootkit(true, true);
    SetAVZGuardStatus(True);
     QuarantineFile('C:\vshost.exe','');
     QuarantineFile('D:\autorun.inf','');
     QuarantineFile('D:\vshost.exe','');
     QuarantineFile('E:\autorun.inf','');
     QuarantineFile('E:\vshost.exe','');
     DeleteFile('C:\autorun.inf');
     DeleteFile('C:\vshost.exe');
     DeleteFile('D:\autorun.inf');
     DeleteFile('D:\vshost.exe');
     DeleteFile('E:\autorun.inf');
     DeleteFile('E:\vshost.exe');
    BC_ImportAll;
    ExecuteSysClean;
    BC_Activate;
    SetAVZPMStatus(True);
    RebootWindows(true);
    end.
    After reboot execute following script in Manual Cure
    Код:
    begin
    CreateQurantineArchive('C:\quarantine.zip');
    end.
    - Clean Temp-Maps, Cache of Browsers, Recycler. Use Windows service tool cleanmgr or CCleaner or ClearProg
    - Close all the programs and start only Internet Explorer!!!
    - Repeat a log file.
    - Switch Antivirus and, if you have - Firewall, on.
    - Go On-Line
    - Upload the C:\quarantine.zip over the link Upload quarantined files on the top of this page.
    - Attach a log to your new post..

  3. #3
    Junior Member Репутация
    Регистрация
    09.08.2009
    Сообщений
    10
    Вес репутации
    32

    I can't log on windows :(

    I turned off my computer after I post the comment. When I turned on, after the welcome screen the comuter logged off, and the welcome screen with the account selection was displayed. I selected my account and it happends again. The computer automatically loged off atfer every logon. So I can't use the virus cleaner. I think I must to took the computer where I bought. If you can help me without that please post a replay! (I have the windows installation CD, and the CD-s for the computer components, if that can help something.)

    I wrote this from an another computer, but this computer was connected to my computer by a network with a modem. Can this computer be infected too???
    Последний раз редактировалось szssamuel; 09.08.2009 в 23:00. Причина: I forget to say:

  4. #4
    Senior Member Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация
    Регистрация
    03.04.2006
    Сообщений
    21,108
    Вес репутации
    3001
    Try to log-in in another mode:
    Press F8-key at booting, choose:
    -safe mode
    -safe mode with network support - so you can connect your PC with internet
    -last known configuration - it would be the best of all
    Execute the script I wrote.

    If you suppose, you have malware on the other PC, make the log from it and open A NEW TOPIC.

  5. #5
    Junior Member Репутация
    Регистрация
    09.08.2009
    Сообщений
    10
    Вес репутации
    32
    I tried
    -Safe Mode,
    -Safe Mode with Networking,
    -Safe Mode with Command Prompt,
    -Last Known Good konfigurations,
    but it's not worked. I think the malwere owerwrite my registry and every time I log on the registry settings Log me off. Do you think I can repair the problem if I heal my registry? Can I do this with my Windows CD or from a different computer with "Connect Network Registry..."? Or I must to took the computer were I bought it? It's in warranti. Probably they can fix the problem If I can't.

    I opened a new topic with the log of my second PC because I suppose It's infected too.

  6. #6
    Senior Member Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация
    Регистрация
    03.04.2006
    Сообщений
    21,108
    Вес репутации
    3001
    Try to replace files:
    c:\windows\system32\userinit.exe
    c:\windows\system32\winlogon.exe
    using recovery console: http://support.microsoft.com/?scid=k...14058&x=19&y=7
    The original files are lying in X:\i386 (instead of X set a letter for the drive with Windows CD).
    To find it use the commands:
    Код:
    dir x:\i386\userinit*
    dir x:\i386\winlogon*
    IMPORTANT: If the file has an extension EXE, you could copy it with the command:
    Код:
    copy x:\i386\[filename].exe c:\windows\system32\[filename].exe
    If the file has an extension EX_, you could extract it with the command:
    Код:
    expand x:\i386\[filename].ex_ c:\windows\system32\[filename].exe

  7. #7
    Junior Member Репутация
    Регистрация
    09.08.2009
    Сообщений
    10
    Вес репутации
    32
    I find the files using the "dir" comman. They are at:
    "f:\i386\winlogon.ex_"
    and
    "f:\i386\userinit.ex_"

    I entered the expand command:
    "expand f:\i386\winlogon.ex_ c:\windows\system32\winlogon.exe"
    than I recive:
    "Unable to create file winlogon.exe.
    0 file(s) expanded."

    And the same with "userinit.ex_"

    I entered the expand command:
    "expand f:\i386\userinit.ex_ c:\windows\system32\userinit.exe"
    than I recive:
    "Unable to create file userinit.exe.
    0 file(s) expanded."

    I don't now If I wrote something wrong or the system really can't do this.

    Do you think that can I try to remove the virus files with the "delet" command?
    Последний раз редактировалось szssamuel; 10.08.2009 в 13:13.

  8. #8
    Senior Member Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация
    Регистрация
    03.04.2006
    Сообщений
    21,108
    Вес репутации
    3001
    Is your system on the partition c:\? If not - replace c:\ with [letter]:\
    What do you see if you type:
    Код:
    cd c:\windows\system32
    dir winlogon*

  9. #9
    Junior Member Репутация
    Регистрация
    09.08.2009
    Сообщений
    10
    Вес репутации
    32
    I found! It says:

    "C:\WINDOWS\SYSTEM32>dir einlogon*
    The volum in drive C has no label
    The volume Serial Number is 0cc0-903f

    Directory of C:\WINDOWS\SYSTEM32\winlogon*

    04/14/08 03:12a -a------ 507904 winlogon.exe
    1 file(s) 507904 bytes
    28948070400 bytes free"
    Последний раз редактировалось szssamuel; 10.08.2009 в 14:18.

  10. #10
    Senior Member Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация
    Регистрация
    03.04.2006
    Сообщений
    21,108
    Вес репутации
    3001
    What do you see if you type:
    Код:
    cd c:\windows\system32
    dir userinit*
    ?

  11. #11
    Junior Member Репутация
    Регистрация
    09.08.2009
    Сообщений
    10
    Вес репутации
    32
    It says:

    "C:\WINDOWS\SYSTEM32>dir userinit*
    The volum in drive C has no label
    The volume Serial Number is 0cc0-903f

    Directory of C:\WINDOWS\SYSTEM32\userinit*

    04/14/08 03:12a -a------ 26112 userinit.exe
    1 file(s) 26112 bytes
    28948070400 bytes free"

  12. #12
    Senior Member Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация
    Регистрация
    03.04.2006
    Сообщений
    21,108
    Вес репутации
    3001
    The files seems to be OK and at the correct positions.
    Pls. read this article: http://windowsxp.mvps.org/peboot.htm

  13. #13
    Junior Member Репутация
    Регистрация
    09.08.2009
    Сообщений
    10
    Вес репутации
    32
    It's working! Thank you very very mutch!!! Now I most to do the script?

    I fixed the problem with the script. Here is the new log:
    Вложения Вложения
    Последний раз редактировалось Rene-gad; 10.08.2009 в 16:41.

  14. #14
    Senior Member Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация
    Регистрация
    03.04.2006
    Сообщений
    21,108
    Вес репутации
    3001
    Your log file seems to be clean.
    Any problem more?

  15. #15
    Junior Member Репутация
    Регистрация
    09.08.2009
    Сообщений
    10
    Вес репутации
    32
    I think my system is completly clean. I don't have any problems. Thank you very much for help!

Похожие темы

  1. yahoo messenger virus
    От cattallinus в разделе Malware Removal Service
    Ответов: 1
    Последнее сообщение: 31.07.2010, 19:16
  2. Ответов: 0
    Последнее сообщение: 18.12.2005, 11:02

Метки для этой темы

Свернуть/Развернуть Ваши права в разделе

  • Вы не можете создавать новые темы
  • Вы не можете отвечать в темах
  • Вы не можете прикреплять вложения
  • Вы не можете редактировать свои сообщения
  •  
Page generated in 0.00258 seconds with 17 queries