Sality is a file virus and you have to heal your system in safe mode from any write-protected drive (CD or SD-Card) with CureIt from Dr.Web.
After healing:
Switch off/Disable:
- Antivirus and and, if you have - Firewall.
- System Restore
- Execute following script in Manual Cure
Код:
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
TerminateProcessByName('c:\windows\temp\oacb.exe');
TerminateProcessByName('c:\windows\temp\side.exe');
TerminateProcessByName('c:\windows\temp\winpins.exe');
StopService('abp470n5');
StopService('mjytrxqij');
QuarantineFile('C:\WINDOWS\TEMP\oacb.exe','');
QuarantineFile('C:\WINDOWS\system32\drivers\fflgph.sys','');
QuarantineFile('C:\DOCUME~1\Juka\LOCALS~1\Temp\ktalk.sys','');
QuarantineFile('C:\WINDOWS\system32\01.tmp','');
QuarantineFile('c:\windows\temp\winpins.exe','');
QuarantineFile('c:\windows\temp\side.exe','');
DeleteFile('c:\windows\temp\side.exe');
DeleteFile('c:\windows\temp\winpins.exe');
DeleteFile('C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\KAV Personal Pro\5.0\Bases\anti-blacklist.bat');
DeleteFile('C:\WINDOWS\system32\01.tmp');
DeleteFile('C:\WINDOWS\system32\drivers\fflgph.sys');
DeleteFile('C:\WINDOWS\TEMP\oacb.exe');
DeleteService('abp470n5');
DeleteService('mjytrxqij');
BC_ImportAll;
ExecuteSysClean;
BC_DeleteSvc('abp470n5');
BC_DeleteSvc('mjytrxqij');
BC_Activate;
SetAVZPMStatus(True);
RebootWindows(true);
end.
After reboot execute following script in Manual Cure
Код:
begin
CreateQurantineArchive('C:\quarantine.zip');
end.
- Clean Temp-Maps, Cache of Browsers, Recycler. Use Windows service tool cleanmgr or CCleaner or ClearProg
- Close all the programs and start only Internet Explorer!!!
- Repeat a log file.
- Switch Antivirus and, if you have - Firewall, on.
- Go On-Line
- Upload the C:\quarantine.zip over the link Upload quarantined files on the top of this page.
- Attach a log to your new post..
what can i do apart from complete reinstall......HELP please
Ваши права в разделе
Ответить с цитированием