Показано с 1 по 9 из 9.

Help me?

  1. #1
    Junior Member Репутация
    Регистрация
    28.08.2009
    Сообщений
    6
    Вес репутации
    31

    Thumbs up Help me?

    Hi i am using bitdefender 2008.today while browsing on Internet my pc suddenly slowed down for 2 to 3 min then after that it started to work at regular speed after that one antivirus program "AV antivirus"suddenly started to scan my system. Before i know anything what is happing virus scan started scan detected about 10 or 12 viruses named trojan.fraud root kit virus. Then i had manually stopped scan and tried to close program but not failed to close it. Then i have noticed that my bitdefender icon in quick launch tray is no longer there i immediately disconnected internet and uninstalled that AV antivrus program of about size of 2 mb. then bitdefender reactivated and shown the popup message rootkit infected with viru in win32/drivers and not able to remove it when i saw history there is list of about 10 to 12 viruses on log which are blocked by bitdefender. then i have run Kaspersky virus removal tool during the scan my system hanged for 3 to 4 time and restarted automatically root kit viruses and 2 viruses in temp file are removed but it never completed full scan as it hang and restart again.
    i have attached system report file for manual task crated by Kaspersky virus removal tool plz help me and also suggest me which antivirus program i should use or how should i configure my current antivirus program and also for your information i daily update bitdefender 2008.
    Thank you
    Вложения Вложения

  2. #2
    Senior Member Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Аватар для drongo
    Регистрация
    17.09.2004
    Адрес
    Israel
    Сообщений
    7,165
    Вес репутации
    971
    Welcome!
    Switch off/Disable:
    - Antivirus
    - System Restore! (in the windows)
    Execute the script:
    Код:
    begin
    SearchRootkit(true, true);
    SetAVZGuardStatus(True);
     QuarantineFile('C:\WINDOWS\msa.exe','');
     DelBHO('{500BCA15-57A7-4eaf-8143-8C619470B13D}');
     QuarantineFile('C:\WINDOWS\system32\msxml71.dll','');
     DelBHO('{09b93bcc-d3b5-422d-ea9a-99b1d366d78c}');
     QuarantineFile('C:\WINDOWS\system32\06JP7LB_.dll','');
     QuarantineFile('C:\WINDOWS\system32\windrvNT.sys','');
     QuarantineFile('C:\Program Files\Cyberlink\Shared Files\brs.exe','');
     TerminateProcessByName('c:\docume~1\pradeep\locals~1\temp\b.exe');
     QuarantineFile('c:\docume~1\pradeep\locals~1\temp\b.exe','');
     DeleteFile('c:\docume~1\pradeep\locals~1\temp\b.exe');
     DeleteFile('C:\WINDOWS\system32\06JP7LB_.dll');
     DeleteFile('C:\WINDOWS\system32\msxml71.dll');
     DeleteFile('C:\WINDOWS\msa.exe');
    ExecuteRepair(6);
    ExecuteRepair(8);
    ExecuteRepair(9);
    BC_ImportAll;
    ExecuteSysClean;
    BC_Activate;
    CreateQurantineArchive('C:\quarantine.zip');
    RebootWindows(true);
    end.
    The computer will reboot.

    Upload file C:\quarantine.zip, by link Upload quarantined files in the top of this thread.
    Make sure to disable bitdefender and then make a full scan with Kaspersky virus removal tool, it should be working fine while another antivirus doesn't working.
    After all steps create and attach a new avptool_syscheck.zip to the thread.

    P.S. It doesn't matter what antivirus you have and with witch settings, when you're using non-updated system with an administrator account by default.
    About antivirus settings, you can ask for assistance in http://virusinfo.info/forumdisplay.php?f=130

    Добавлено через 6 часов 34 минуты

    What is up? Where the quarantine? Where the new logs?
    Последний раз редактировалось drongo; 31.08.2009 в 15:57. Причина: Добавлено

  3. #3
    Junior Member Репутация
    Регистрация
    28.08.2009
    Сообщений
    6
    Вес репутации
    31

    Thank you

    Yes, thank you it is worked for me.Now my system is running fine with out any hick-ups.
    Thanks a lot!

  4. #4
    Senior Member Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Аватар для drongo
    Регистрация
    17.09.2004
    Адрес
    Israel
    Сообщений
    7,165
    Вес репутации
    971
    First of all, you must send us your quarantine- it will help our service.
    Secondly, it is possible that you have another malware that we will be able to see in a new log (and you're unable to feel it )
    P.s. We are glad, that your feelings are ok, but you must follow our requests exactly.
    Последний раз редактировалось drongo; 02.09.2009 в 20:54.

  5. #5
    Junior Member Репутация
    Регистрация
    28.08.2009
    Сообщений
    6
    Вес репутации
    31

    hi

    here is Quarantine file and new avptool_syscheck zip file.
    Вложения Вложения
    Последний раз редактировалось Numb; 03.09.2009 в 11:11. Причина: quarantine removed

  6. #6
    Senior Member Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Аватар для drongo
    Регистрация
    17.09.2004
    Адрес
    Israel
    Сообщений
    7,165
    Вес репутации
    971
    It is too hard to understand, that you must send quarantine to us by red link only?
    Pay attention, please.
    Now, disable system restore, disable antivirus.

    Execute this script: (there still some malware and very dangerous settings in internet explorer. As you can see : my guess was correct)
    Код:
    begin
    SearchRootkit(true, true);
    SetAVZGuardStatus(True);
    ClearQuarantine;
     TerminateProcessByName('c:\program files\common files\bugoilen\bungo659.exe');
     QuarantineFile('c:\program files\common files\bugoilen\bungo659.exe','');
     DeleteFile('c:\program files\common files\bugoilen\bungo659.exe');
    RegKeyIntParamWrite('HKCU', 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\', '1201', 3);
    RegKeyIntParamWrite('HKCU', 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\', '1001', 1);
    RegKeyIntParamWrite('HKCU', 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\', '1004', 3);
    RegKeyIntParamWrite('HKCU', 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\', '2201', 3);
    RegKeyIntParamWrite('HKCU', 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\', '2201', 1);
    BC_ImportAll;
    ExecuteSysClean;
    BC_Activate;
    CreateQurantineArchive('C:\quarantine2.zip');
    RebootWindows(true);
    end.
    Remember to upload a new quarantine2.zip by red link only: http://virusinfo.info/upload_virus_eng.php?tid=53294
    Make an another log after that and attach it to next post.
    Последний раз редактировалось drongo; 03.09.2009 в 16:17.

  7. #7
    Junior Member Репутация
    Регистрация
    28.08.2009
    Сообщений
    6
    Вес репутации
    31

    new avptool_syscheck and quartine2

    Thanks here i uploaded new avptool_syscheck and quartine2 file through red link after running above script.
    Вложения Вложения

  8. #8
    Senior Member Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Аватар для drongo
    Регистрация
    17.09.2004
    Адрес
    Israel
    Сообщений
    7,165
    Вес репутации
    971
    Now, your log seem to be clean.
    You can enable system restore, if you are using it. I prefer special tool, like from Acronis.

  9. #9
    Junior Member Репутация
    Регистрация
    28.08.2009
    Сообщений
    6
    Вес репутации
    31
    Thanks!

Свернуть/Развернуть Ваши права в разделе

  • Вы не можете создавать новые темы
  • Вы не можете отвечать в темах
  • Вы не можете прикреплять вложения
  • Вы не можете редактировать свои сообщения
  •  
Page generated in 0.00289 seconds with 16 queries