Help me?

**drpradeepmm** · 30.08.2009, 22:35

Hi i am using bitdefender 2008.today while browsing on Internet my pc suddenly slowed down for 2 to 3 min then after that it started to work at regular speed after that one antivirus program "AV antivirus"suddenly started to scan my system. Before i know anything what is happing virus scan started scan detected about 10 or 12 viruses named trojan.fraud root kit virus. Then i had manually stopped scan and tried to close program but not failed to close it. Then i have noticed that my bitdefender icon in quick launch tray is no longer there i immediately disconnected internet and uninstalled that AV antivrus program of about size of 2 mb. then bitdefender reactivated and shown the popup message rootkit infected with viru in win32/drivers and not able to remove it when i saw history there is list of about 10 to 12 viruses on log which are blocked by bitdefender. then i have run Kaspersky virus removal tool during the scan my system hanged for 3 to 4 time and restarted automatically root kit viruses and 2 viruses in temp file are removed but it never completed full scan as it hang and restart again.
i have attached system report file for manual task crated by Kaspersky virus removal tool plz help me and also suggest me which antivirus program i should use or how should i configure my current antivirus program and also for your information i daily update bitdefender 2008.
Thank you

**drongo** · 31.08.2009, 16:57

Welcome!
Switch off/Disable:
- Antivirus
- System Restore! (in the windows)
Execute the script:

Код:

begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
 QuarantineFile('C:\WINDOWS\msa.exe','');
 DelBHO('{500BCA15-57A7-4eaf-8143-8C619470B13D}');
 QuarantineFile('C:\WINDOWS\system32\msxml71.dll','');
 DelBHO('{09b93bcc-d3b5-422d-ea9a-99b1d366d78c}');
 QuarantineFile('C:\WINDOWS\system32\06JP7LB_.dll','');
 QuarantineFile('C:\WINDOWS\system32\windrvNT.sys','');
 QuarantineFile('C:\Program Files\Cyberlink\Shared Files\brs.exe','');
 TerminateProcessByName('c:\docume~1\pradeep\locals~1\temp\b.exe');
 QuarantineFile('c:\docume~1\pradeep\locals~1\temp\b.exe','');
 DeleteFile('c:\docume~1\pradeep\locals~1\temp\b.exe');
 DeleteFile('C:\WINDOWS\system32\06JP7LB_.dll');
 DeleteFile('C:\WINDOWS\system32\msxml71.dll');
 DeleteFile('C:\WINDOWS\msa.exe');
ExecuteRepair(6);
ExecuteRepair(8);
ExecuteRepair(9);
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
CreateQurantineArchive('C:\quarantine.zip');
RebootWindows(true);
end.

The computer will reboot.

Upload file C:\quarantine.zip, by link Upload quarantined files in the top of this thread.
Make sure to disable bitdefender and then make a full scan with Kaspersky virus removal tool, it should be working fine while another antivirus doesn't working.
After all steps create and attach a new avptool_syscheck.zip to the thread.

P.S. It doesn't matter what antivirus you have and with witch settings, when you're using non-updated system with an administrator account by default.
About antivirus settings, you can ask for assistance in http://virusinfo.info/forumdisplay.php?f=130

Добавлено через 6 часов 34 минуты

What is up? Where the quarantine? Where the new logs?

**drpradeepmm** · 02.09.2009, 20:26

Yes, thank you it is worked for me.Now my system is running fine with out any hick-ups.
Thanks a lot!

**drongo** · 02.09.2009, 21:45

First of all, you must send us your quarantine- it will help our service.
Secondly, it is possible that you have another malware that we will be able to see in a new log (and you're unable to feel it )
P.s. We are glad, that your feelings are ok, but you must follow our requests exactly.

**drpradeepmm** · 03.09.2009, 10:45

here is Quarantine file and new avptool_syscheck zip file.

**drongo** · 03.09.2009, 17:02

It is too hard to understand, that you must send quarantine to us by red link only?
Pay attention, please.
Now, disable system restore, disable antivirus.

Execute this script: (there still some malware and very dangerous settings in internet explorer. As you can see : my guess was correct)

Код:

begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
ClearQuarantine;
 TerminateProcessByName('c:\program files\common files\bugoilen\bungo659.exe');
 QuarantineFile('c:\program files\common files\bugoilen\bungo659.exe','');
 DeleteFile('c:\program files\common files\bugoilen\bungo659.exe');
RegKeyIntParamWrite('HKCU', 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\', '1201', 3);
RegKeyIntParamWrite('HKCU', 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\', '1001', 1);
RegKeyIntParamWrite('HKCU', 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\', '1004', 3);
RegKeyIntParamWrite('HKCU', 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\', '2201', 3);
RegKeyIntParamWrite('HKCU', 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\', '2201', 1);
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
CreateQurantineArchive('C:\quarantine2.zip');
RebootWindows(true);
end.

Remember to upload a new quarantine2.zip by red link only: http://virusinfo.info/upload_virus_eng.php?tid=53294
Make an another log after that and attach it to next post.

**drpradeepmm** · 05.09.2009, 16:59

Thanks here i uploaded new avptool_syscheck and quartine2 file through red link after running above script.

**drongo** · 05.09.2009, 17:41

Now, your log seem to be clean.
You can enable system restore, if you are using it. I prefer special tool, like from Acronis.

**drpradeepmm** · 06.09.2009, 05:10

Thanks!

Help me?

Опции темы

Help me?

Thank you

hi

new avptool_syscheck and quartine2

Ваши права в разделе