Показано с 1 по 18 из 18.

HEUR:Worm.Win32.Generic

  1. #1
    Junior Member Репутация
    Регистрация
    14.11.2009
    Сообщений
    9
    Вес репутации
    30

    HEUR:Worm.Win32.Generic

    I have followed your instructions on the 'things to do before posting a new thread' and attached are the log files requested from the suggested programmes. PLease advise how to remove the above virus as I have scanned my computer several times with Kaspersky several times and the version on my computer doesnt seem to remove it altho this version is still in its annual subscription until May 2010. PLease helP!!
    Последний раз редактировалось Terry Jennings; 15.11.2009 в 01:25. Причина: Edited to add AVPtool log file!

  2. #2
    Senior Member Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация
    Регистрация
    03.04.2006
    Сообщений
    21,108
    Вес репутации
    3000
    Hello,

    - Update AVZ-Database (File/Database Update)
    - If you hadn't install WildTangent yourself - remove it!
    - Remove Ad-Aware - it's a useless program.

    Switch off/Disable:
    - Antivirus and and, if you have - Firewall.
    - System Restore

    - Execute following script
    Код:
    begin
    SearchRootkit(true, true);
    SetAVZGuardStatus(True);
    ClearQuarantine;
     StopService('ddxgb');
     QuarantineFile('ekbsqhimir.exe','');
     QuarantineFile('D:\MiniNT\system32\RASMAN.DLL','');
     QuarantineFile('D:\autorun.inf','');
     QuarantineFile('C:\WINDOWS\system32\Drivers\ps6agqwb.sys','');
     QuarantineFile('C:\WINDOWS\system32\Drivers\pe3agqwb.sys','');
     QuarantineFile('c:\windows\system\hpsysdrv.exe','');
     QuarantineFile('C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\ddxgb.sys','');
     DeleteService('ddxgb');
     DeleteFile('ekbsqhimir.exe');
     DeleteFile('C:\WINDOWS\ekbsqhimir.exe');
     DeleteFile('C:\WINDOWS\system32\ekbsqhimir.exe');
     DeleteFile('C:\WINDOWS\system32\Drivers\ps6agqwb.sys');
     DeleteFile('C:\WINDOWS\system32\Drivers\pe3agqwb.sys');
     DeleteFile('C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe');
     DeleteFile('C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe');
     DeleteFile('C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\ddxgb.sys');
     RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\RunServices','Windows Recylinder Check');
     RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','MyWebSearch Email Plugin');
     RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','My Web Search Bar Search Scope Monitor');
    BC_ImportAll;
    ExecuteSysClean;
    BC_Activate;
    BC_DeleteSvc('ddxgb');
    SetAVZPMStatus(True);
    RebootWindows(true);
    end.
    After reboot execute following script
    Код:
    begin
    CreateQurantineArchive('C:\quarantine.zip');
    end.
    - Remove Bonjour
    - Clean Temp-Maps, Cache of Browsers, Recycler. Use Windows service tool cleanmgr or CCleaner or ClearProg
    - Upload the C:\quarantine.zip over the link Upload quarantined files on the top of this page.
    - Make 3 logs (syscure, syscheck, hijackthis). AVPTool log isn't necessary in such case.
    Последний раз редактировалось PavelA; 15.11.2009 в 13:08.

  3. #3
    Junior Member Репутация
    Регистрация
    14.11.2009
    Сообщений
    9
    Вес репутации
    30

    Complete

    Many thanks for the help. I have followed your instructions and uploaded the quarantine.zip file.
    Also I have run AVZ and Hijack thisa again and attached the log files as asked.
    Is this all I need to do now.

    If so many thanks and fingers crossed!!!

    Terry

  4. #4
    Senior Member Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация
    Регистрация
    03.04.2006
    Сообщений
    21,108
    Вес репутации
    3000
    Hello,
    AVZ/File/Quarantine folder viewer.
    Mark the files:
    Код:
    ps6agqwb.sys
    pe3agqwb.sys
    and press Restore-Button.

    Pls. download Mbam: http://download.cnet.com/Malwarebyte...=dl&tag=button, install the application, update database (runs normally just after the installation), make FULL SCAN, DON'T DELETE ANYTHING, attach the log to your next post.

  5. #5
    Junior Member Репутация
    Регистрация
    14.11.2009
    Сообщений
    9
    Вес репутации
    30

    Follow up

    I have looked in the AVZ quarantine folder and the files:

    ps6agqwb.sys
    pe3agqwb.sys

    are not even there to select so have been unable to restore them. I have now installed the malwarebytes Anti-malware programme and done a full scan and the log is attached.

    Terry

  6. #6
    Senior Member Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация
    Регистрация
    03.04.2006
    Сообщений
    21,108
    Вес репутации
    3000
    All items from Malwarebytes log should be removed with MBAM
    Pls. repeat MBAM log after removing them.

    The files you can find in attachment (if you really need them copy them to the C:\windows\system32\drivers\).

  7. #7
    Junior Member Репутация
    Регистрация
    14.11.2009
    Сообщений
    9
    Вес репутации
    30

    Update

    Deletion done and new log attached.
    Ever since the original scan and deletion I now have a found new hardware screen come up every time I start the computer up and it doesnt say what it is or cannot find the drivers. Any advice od should I just click the 'dont prompt me again to install this software'?

    Terry

  8. #8
    Senior Member Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация
    Регистрация
    03.04.2006
    Сообщений
    21,108
    Вес репутации
    3000
    Цитата Сообщение от Terry Jennings Посмотреть сообщение
    I now have a found new hardware screen come up every time I start the computer
    Open Hardware manager and remove Unknown Hardware

    Any problem more?

  9. #9
    Junior Member Репутация
    Регистрация
    14.11.2009
    Сообщений
    9
    Вес репутации
    30
    No option to delete but have disables. I now have an option to uninstall the unknown device, shal I do this or just leave it disabled?

  10. #10
    Senior Member Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация
    Регистрация
    03.04.2006
    Сообщений
    21,108
    Вес репутации
    3000
    - Execute following script
    Код:
    begin
    SetAVZPMStatus(false);
    RebootWindows(true);
    end.

  11. #11
    Junior Member Репутация
    Регистрация
    14.11.2009
    Сообщений
    9
    Вес репутации
    30
    Hi, I have followed your instructions to the letter but having done all that and then put my system restore back on a day ago. The computer was working really slow today so upon scanning again with Kaspersky AntiVirus the virus is still there!! HELP!!

  12. #12
    Senior Member Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация
    Регистрация
    03.04.2006
    Сообщений
    21,108
    Вес репутации
    3000
    Disable system restore, repeat 3 logs according to the ruels.

  13. #13
    Junior Member Репутация
    Регистрация
    14.11.2009
    Сообщений
    9
    Вес репутации
    30
    System restore disabled now. But which logs do you need from me and which programme shall I use to create them from the 3 I have installed and run?

    I have now updated with the new scan and updated logs which I think you need.

    Just thought I would also mention that the computer seems to be running at 100% CPU usage most of the time!!
    Вложения Вложения
    Последний раз редактировалось Terry Jennings; 21.11.2009 в 01:56. Причина: Updating logs.

  14. #14
    Senior Member Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация
    Регистрация
    03.04.2006
    Сообщений
    21,108
    Вес репутации
    3000
    You have got a full chaos @ your system!!!

    In Hijackthis Log I can see Kaspersky Antivirus, in AVZ-Logs - I cann't.
    If you prefer to use Symantec - use the last version.

    You had AGV7 too.
    Remove the rests with the script.
    Код:
    begin
    SearchRootkit(true, true);
    SetAVZGuardStatus(True);
     DeleteFile('C:\Program Files\Grisoft\AVG Free\avglog.dll');
     RegKeyParamDel('HKEY_LOCAL_MACHINE','SYSTEM\CurrentControlSet\Services\Eventlog\Application\AVG7','EventMessageFile');
    BC_ImportAll;
    ExecuteSysClean;
    BC_Activate;
    RebootWindows(true);
    end.
    Remove the rests of KAV: http://support.kaspersky.com/faq/?qid=208279463

    If you'll have any problem further - repeat the virusinfo_syscheck & hijackthis - logs
    Последний раз редактировалось Rene-gad; 21.11.2009 в 11:48.

  15. #15
    Junior Member Репутация
    Регистрация
    14.11.2009
    Сообщений
    9
    Вес репутации
    30
    I have done all this and it seems to have gone. But my cpu is now constantly running at 100% and causing my computer to run VERY slow. It looks like it is the agent.exe file and the ISUSPM files. I have just ended these process and the computer perfroms loads better but I cannot see any way of deleting them. Any advice. Thanks again

  16. #16
    Senior Member Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация
    Регистрация
    03.04.2006
    Сообщений
    21,108
    Вес репутации
    3000
    You haven't remove anything. Please:
    -start AVZ
    -Menu Service/File Search
    -Set a hook at system drive in the left panel
    -on the right side in the field File Name or Template type the name of file to be searched.
    - Press Start.
    Found files attach attach to the quarantine and upload it (App. 3 of the rules).

  17. #17
    Junior Member Репутация
    Регистрация
    14.11.2009
    Сообщений
    9
    Вес репутации
    30
    Hello,
    I have just done as requested and uploaded the 2 files that seem to be slowing my computer down and using 100% CPU usage. If I disable these 2 the computer runs fine and so do the games that werent.

  18. #18
    Senior Member Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация
    Регистрация
    03.04.2006
    Сообщений
    21,108
    Вес репутации
    3000
    Цитата Сообщение от Terry Jennings Посмотреть сообщение
    I have just done as requested and uploaded the 2 files .
    They are definitely not malicious.

Похожие темы

  1. HEUR:Trojan.Win32.Generic или UDS:DangerousObject.Multi.Generic
    От sento в разделе Помогите!
    Ответов: 7
    Последнее сообщение: 28.01.2012, 13:19
  2. Worm.Win32.Generic И Trojan.Win32.Generic (заявка №42923)
    От CyberHelper в разделе Отчеты сервиса лечения VirusInfo
    Ответов: 3
    Последнее сообщение: 29.12.2010, 00:00
  3. heur:worm.script.generic (заявка №32025)
    От CyberHelper в разделе Отчеты сервиса лечения VirusInfo
    Ответов: 1
    Последнее сообщение: 11.10.2010, 20:00
  4. HEUR:Trojan.Win32.Generic
    От vasek в разделе Помогите!
    Ответов: 7
    Последнее сообщение: 25.09.2010, 16:35
  5. Ответов: 1
    Последнее сообщение: 17.06.2010, 15:15

Свернуть/Развернуть Ваши права в разделе

  • Вы не можете создавать новые темы
  • Вы не можете отвечать в темах
  • Вы не можете прикреплять вложения
  • Вы не можете редактировать свои сообщения
  •  
Page generated in 0.01018 seconds with 17 queries