Hello,
- Update AVZ-Database (File/Database Update)
- If you hadn't install WildTangent yourself - remove it!
- Remove Ad-Aware - it's a useless program.
Switch off/Disable:
- Antivirus and and, if you have - Firewall.
- System Restore
- Execute following script
Код:
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
ClearQuarantine;
StopService('ddxgb');
QuarantineFile('ekbsqhimir.exe','');
QuarantineFile('D:\MiniNT\system32\RASMAN.DLL','');
QuarantineFile('D:\autorun.inf','');
QuarantineFile('C:\WINDOWS\system32\Drivers\ps6agqwb.sys','');
QuarantineFile('C:\WINDOWS\system32\Drivers\pe3agqwb.sys','');
QuarantineFile('c:\windows\system\hpsysdrv.exe','');
QuarantineFile('C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\ddxgb.sys','');
DeleteService('ddxgb');
DeleteFile('ekbsqhimir.exe');
DeleteFile('C:\WINDOWS\ekbsqhimir.exe');
DeleteFile('C:\WINDOWS\system32\ekbsqhimir.exe');
DeleteFile('C:\WINDOWS\system32\Drivers\ps6agqwb.sys');
DeleteFile('C:\WINDOWS\system32\Drivers\pe3agqwb.sys');
DeleteFile('C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe');
DeleteFile('C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe');
DeleteFile('C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\ddxgb.sys');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\RunServices','Windows Recylinder Check');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','MyWebSearch Email Plugin');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','My Web Search Bar Search Scope Monitor');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
BC_DeleteSvc('ddxgb');
SetAVZPMStatus(True);
RebootWindows(true);
end.
After reboot execute following script
Код:
begin
CreateQurantineArchive('C:\quarantine.zip');
end.
- Remove Bonjour
- Clean Temp-Maps, Cache of Browsers, Recycler. Use Windows service tool cleanmgr or CCleaner or ClearProg
- Upload the C:\quarantine.zip over the link Upload quarantined files on the top of this page.
- Make 3 logs (syscure, syscheck, hijackthis). AVPTool log isn't necessary in such case.