You should disable system restore, disable antivirus (if you have)
- Execute following script in Manual Healing
Код:
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
QuarantineFile('C:\NEXT\FILES\NEXT.exe','');
QuarantineFile('C:\Program Files\Dell\QuickSet\dadkeyb.dll','');
QuarantineFile('C:\RECYCLER\k-1-3542-4232123213-7676767-8888886\r00t.exe','');
QuarantineFile('C:\F\UCK\FK.exe','');
QuarantineFile('C:\WINDOWS\System32\drivers\886fd30c.sys','');
DeleteFile('C:\F\UCK\FK.exe');
DeleteFile('C:\RECYCLER\k-1-3542-4232123213-7676767-8888886\r00t.exe');
DeleteFile('C:\NEXT\FILES\NEXT.exe');
DeleteFile('C:\WINDOWS\System32\drivers\886fd30c.sys');
DelCLSID('{23KLN5J0-4OPM-11WE-AAX5-24EF1F187332}');
DelCLSID('{67KLN5J0-4OPM-33WE-AAX5-24KC2A3453431}');
DelCLSID('{67XOR2B0-3GMC-89VV-JIJ1-32KL2R3423321}');
BC_DeleteSvc('886fd30c');
ExecuteRepair(6);
ExecuteRepair(8);
ExecuteRepair(9);
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
SetAVZPMStatus(True);
RebootWindows(true);
end.
After reboot:
- Execute following script in Manual Healing
Код:
begin
CreateQurantineArchive('C:\quarantine.zip');
end.
-Uninstall bonjour service : http://virusinfo.info/showthread.php?t=42263
- Clean Temp-Maps, Cache of Browsers, Recycler. Use Windows service tool cleanmgr or CCleaner or ClearProg
- Close all the programs and start only Internet Explorer!!!
- Make a log file with GMER (www.gmer.net) : download gmer.exe, start a program, press the SCAN - button, wait till GMER will be ready with logging, save the log and attach it to the new message.
- Repeat a log file ( a new one, using kaspersky virus removal tool).
- Switch Antivirus and, if you have - Firewall, on.
- Go On-Line
- Upload the C:\quarantine.zip by red link Upload quarantined files on top of this theme.
- Attach a new log(using kaspersky virus removal tool)to your new post.