Hi,
This P.C. always takes me to an advert site whenever I click on a link,
can you help?
Hi,
This P.C. always takes me to an advert site whenever I click on a link,
can you help?
Welcome!
1.Do you have something from PC Tools company? Like an antivirus/antirutkit?
Please disasable all your antiviruses, antirutkits etc and disconnect from internet/local network
2. What is a disk G in this system? If it is a removable disk, and you have it, please connect it to this computer before next step.
3.Execute this script in avptools: ( in manual cure)
4.After reboot execute following script in Manual CureКод:begin SearchRootkit(true, true); SetAVZGuardStatus(True); QuarantineFile('G:\autorun.inf',''); QuarantineFile('C:\WINDOWS\system32\Drivers\cercsr6.sys',''); QuarantineFile('C:\WINDOWS\system32\gxvxcvkdqbpjetuxicapqbupmmttkbeyymylt.dll',''); QuarantineFile('\\?\globalroot\systemroot\system32\gxvxcvkdqbpjetuxicapqbupmmttkbeyymylt.dll',''); BC_ImportAll; BC_Activate; SetAVZPMStatus(True); RebootWindows(true); end.
5.Upload the C:\quarantine.zip over the link Upload quarantined files on the top of this page.Код:begin CreateQurantineArchive('C:\quarantine.zip'); end.
Let us know, when you will done.
P.s. For your information:these steps will not solve your problem yet, they are for collecting data in order to cure your system in the future.
Последний раз редактировалось drongo; 13.10.2009 в 23:43.
*Нажми и выполни, если хочешь чтобы помощь улучшилась и ускорилась
*MyFirefox Portable
special avz @ rapidshare.com
md5: 2091925798B7909E010E3F7E328C5F0D
Thanks for the reply,
G was just the pen drive i used to transfere kaspersky virus removal from my p.c. to this one as i can never get the website i want on this pc,
please find attached quarantine zip, hope you can help!!!
thanks!
Последний раз редактировалось drongo; 17.10.2009 в 00:09.
No, definitely you don't understand. A quarantine you should send by red link only.: Upload quarantined files
It is forbidden to attach any quarantine here.
Please upload, as i did requested before.
Let us know, when you done.And please, do answer to my questions from 1&2 .
Последний раз редактировалось drongo; 17.10.2009 в 00:14.
*Нажми и выполни, если хочешь чтобы помощь улучшилась и ускорилась
*MyFirefox Portable
special avz @ rapidshare.com
md5: 2091925798B7909E010E3F7E328C5F0D
on this p.c. is avg antivirus, spybot and ad aware but they won`t update properly and sypbot won`t run,
G was just the pen drive i used to transfere kaspersky virus removal from my p.c. to this one as i can never get the website i want on this pc
Strange, i am seeing that PCTCore.sys is active and it is from pctools company, as far i know. So, if you said that you don't know about that- very strange.
Go to add remove programs and look for it again Uninstall, if you will find something. Then, please disable: Ad-Aware, teatimer(it is registry protector from spybot) and avg antivirus, disconnect from internet, disable windows system restore and only then execute this script:
After restart, please make a fresh log from avptool like you did in your first post.Код:begin SearchRootkit(true, true); SetAVZGuardStatus(True); StopService('PCTCore'); DeleteFile('C:\WINDOWS\system32\drivers\PCTCore.sys'); DeleteFile('G:\autorun.inf'); DeleteFile('\\?\globalroot\systemroot\system32\gxvxcvkdqbpjetuxicapqbupmmttkbeyymylt.dll'); DeleteFile('C:\WINDOWS\system32\gxvxcvkdqbpjetuxicapqbupmmttkbeyymylt.dll'); ExecuteRepair(6); ExecuteRepair(8); ExecuteRepair(9); BC_ImportAll; ExecuteSysClean; BC_Activate; BC_DeleteSvc('PCTCore'); SetAVZPMStatus(true); RebootWindows(true); end.
Also, i would like to see a log from gmer. (http://virusinfo.info/showthread.php?t=51878 )
Both, please attach in this theme in next post.
Последний раз редактировалось drongo; 18.10.2009 в 13:45.
*Нажми и выполни, если хочешь чтобы помощь улучшилась и ускорилась
*MyFirefox Portable
special avz @ rapidshare.com
md5: 2091925798B7909E010E3F7E328C5F0D
Thanks for the reply couldn`t find anything in add or remove programs from PC tools
Ran script
Please find attached log.
every time i try to run gmer it says onijy4r6.exe has encountered a problem and must close
hope this helps
thanks again
Switch off/Disable:
- Antivirus and and, if you have - Firewall.
- System Restore
- Execute following script in Manual Cure
After rebootКод:begin SearchRootkit(true, true); SetAVZGuardStatus(True); Clearquarantine; QuarantineFile('C:\DOCUME~1\Shona\LOCALS~1\Temp\awkiqpoc.sys',''); QuarantineFile('C:\WINDOWS\system32\DRIVERS\78083283.sys',''); DeleteFile('\systemroot\system32\drivers\gxvxcfhxnssiymfoepxegaxvhpdpagenwsdvx.sys'); DeleteFile('\\?\globalroot\systemroot\system32\gxvxcfmitktytdrbfwkngiqfyywrqpnpqmxur.dll'); BC_ImportAll; ExecuteSysClean; BC_Activate; ExecuteRepair(6); ExecuteRepair(8); ExecuteRepair(9); RebootWindows(true); end.
- Repeat a log file.
- Try to make GMER-Log. Before starting of GMER disable your installed Antivirus+Firewall.
-
Execute this script
Do upload a new quarantine by red link.Код:begin CreateQurantineArchive('C:\quarantine.zip'); end.
Последний раз редактировалось drongo; 29.10.2009 в 00:11.
Please, disable your system restore before executing script in post #8, otherwise your malware will survive...
Последний раз редактировалось drongo; 29.10.2009 в 00:12.
*Нажми и выполни, если хочешь чтобы помощь улучшилась и ускорилась
*MyFirefox Portable
special avz @ rapidshare.com
md5: 2091925798B7909E010E3F7E328C5F0D