I scan it with AVP and it found some traces i deleted them but the virus came back again.
I scan it with AVP and it found some traces i deleted them but the virus came back again.
Последний раз редактировалось Rene-gad; 16.11.2009 в 11:26. Причина: non-standard font
Hello
Switch off/Disable:
- Antivirus and and, if you have - Firewall.
- System Restore
- Execute following script in Manual Cure
After reboot execute following script in Manual CureКод:begin SearchRootkit(true, true); SetAVZGuardStatus(True); ClearQuarantine; QuarantineFile('C:\WINDOWS\msa.exe',''); QuarantineFile('C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\a.exe',''); DeleteFile('C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\a.exe'); DeleteFile('C:\WINDOWS\msa.exe'); DeleteFileMask('C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp','*.*',true); BC_ImportAll; ExecuteSysClean; BC_Activate; ExecuteRepair(13); SetAVZPMStatus(True); RebootWindows(true); end.
- Remove BonjourКод:begin CreateQurantineArchive('C:\quarantine.zip'); end.
- Clean Temp-Maps, Cache of Browsers, Recycler. Use Windows service tool cleanmgr or CCleaner or ClearProg
- Close all the programs and start only Internet Explorer!!!
- Repeat a log file.
- Switch Antivirus and, if you have - Firewall, on.
- Go On-Line
- Upload the C:\quarantine.zip over the link Upload quarantined files on the top of this page.
- Attach a log to your new post..
Thank you very much for your help.
I did everything you said.
The problem is that AVP didn't create any quarantined files.
I went to search and found 2 files in C:\Windows\Prefetch starting with same names as you wrote in the script.
Here is the full story: i went to kaspersky online scanner and scanned an executable file before downloading and executing it, the scanner said that the file is clean.
After i run the exe file it deleted itself and shut down the windows explorer.
I turned off the computer and started it in safe mode.
Again the windows explorer.exe couldn't start, in task manager i opened properties of explorer.exe and noticed that access permissions were changed to Anyone, then i changed the permissions to my user name and put a checkmark on deny writing (modifying the file).
After that i run explorer.exe without a problem.
I think that the virus is not allowing my Kaspersky Antivirus Program to enable all of it's components.
First it was saying that i do not have permissions to install system somponents on my computer, then somehow i managed to install Kaspersky, i tried to repair the istallation so it can start all the protection components but it didn't help (i uploded the log of Kaspersky antivirus error).
Thank You in advance!
Последний раз редактировалось Rene-gad; 17.11.2009 в 01:03. Причина: It's prohibited to write the whole post in non standard font
It's not a problem.
AVZ/Service/Task Schedule Job Manager and remove all the jobs.
Pls. make a log with Malwarebytes Antimalware (Fullscan, pls. remove nothing!!!)
When i try to install Malware Bytes i get the following Windows error message:
mbam.exe - Unable To Locate Component
This application has failed to start because MSVBVM60.DLL was not found. Re-installing the application may fix this problem.
I tried reinstalling the application and get the same error message when reinstalling and trying to run the app.
Fixed, it's working now!
Последний раз редактировалось undergr0und; 17.11.2009 в 02:48.
I did a full scan with malware bytes and it found alot of staff.
Rene-gad thanks alot for your help!
God bless you.
??? Why did you ignore it?
Execute a script
Upload C:\virus.zip as a previous quarantine.Код:begin ClearQuarantine; QuarantineFile('C:\WINDOWS\ServicePackFiles\i386\user32.dll',''); QuarantineFile('C:\WINDOWS\$NtServicePackUninstall$\user32.dll',''); QuarantineFile('C:\WINDOWS\win32k.sys',''); CreateQurantineArchive('C:\virus.zip'); end.
Run MBAM once more and remove all items.
Repeat logs of Mbam and AVPTool