Hello,
Сообщение от
fecarreri
Couldnґt generate the log AVZ virus_syscure.zip because my AVZ does not show the option Heal/Quarantine in "Standard Scripst".
It's impossible
Remove Spyware Terminator and Crawler Toolbar - it's not necessary.
Switch off/Disable:
- Antivirus and and, if you have - Firewall.
- System Restore
-Fix with Hijackthis
Код:
F2 - REG:system.ini: Shell=Explorer.exe "C:\WINDOWS\system32\rundll32.dll"
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\ARQUIV~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O3 - Toolbar: Barra de Ferramentas &Crawler - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\ARQUIV~1\Crawler\Toolbar\ctbr.dll
O4 - HKCU\..\Run: [SpywareTerminatorUpdate] "C:\Arquivos de programas\Spyware Terminator\SpywareTerminatorUpdate.exe"
- Execute following script in Manual Cure
Код:
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
ClearQuarantine;
StopService('crbbnsxs');
StopService('waosbj');
StopService('pjgockjzv');
QuarantineFile('C:\WINDOWS\system32\0F.tmp','');
QuarantineFile('C:\WINDOWS\system32\017.tmp','');
QuarantineFile('C:\WINDOWS\system32\0288.tmp','');
DeleteFile('C:\WINDOWS\system32\0288.tmp');
DeleteFile('C:\WINDOWS\system32\017.tmp');
DeleteFile('C:\WINDOWS\system32\0F.tmp');
DeleteFileMask('C:\WINDOWS\system32','*.tmp',false);
DeleteService('bcbutbg');
DeleteService('euozrrn');
DeleteService('nitnwmv');
DeleteService('sjigfis');
DeleteService('wzjzzzhsv');
DeleteService('xdrse');
DeleteService('zftvxup');
DeleteService('crbbnsxs');
DeleteService('waosbj');
DeleteService('pjgockjzv');
RegKeyResetSecurity('HKLM','SYSTEM\CurrentControlSet\Services\bcbutbg');
RegKeyResetSecurity('HKLM','SYSTEM\CurrentControlSet\Services\euozrrn');
RegKeyResetSecurity('HKLM','SYSTEM\CurrentControlSet\Services\nitnwmv');
RegKeyResetSecurity('HKLM','SYSTEM\CurrentControlSet\Services\sjigfis');
RegKeyResetSecurity('HKLM','SYSTEM\CurrentControlSet\Services\wzjzzzhsv');
RegKeyResetSecurity('HKLM','SYSTEM\CurrentControlSet\Services\xdrse');
RegKeyResetSecurity('HKLM','SYSTEM\CurrentControlSet\Services\zftvxup');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
BC_DeleteSvc('crbbnsxs');
BC_DeleteSvc('waosbj');
BC_DeleteSvc('pjgockjzv');
SetAVZPMStatus(True);
RebootWindows(true);
end.
After reboot execute following script
Код:
begin
CreateQurantineArchive('C:\quarantine.zip');
end.
- Upload the C:\quarantine.zip over the link Upload quarantined files on the top of this page.
- Make the log with GMER: http://virusinfo.info/showthread.php?t=51878
- Make and attach 3 new standard logs to your new post..