Показано с 1 по 5 из 5.

New Trojan virus acquired through Skype

  1. #1
    Junior Member Репутация
    Регистрация
    13.12.2009
    Сообщений
    3
    Вес репутации
    30

    New Trojan virus acquired through Skype

    I got new Trojan virus through malicious link in Skype message.
    Virus disables avtivirus protection and blocks all attempts to run any antivirus program or open containing folder. Web bowser was blocked from openig any antivirus related pages.
    I was not able to restart PC in Safe mode (it restarts constantly).

    I managed to install Kaspersky Virus Removal Tool from USB stick only after several attempts to kill some active malicious processes.

    After scaning I got multiple detections of Trojan.Win32.Generic and Trojan.Win32.Vilsel.piv

    Kaspersky Virus Removal Tool still was not able to delete threats. PC eather restarts or toll stops responding.

    Please look at attached system information file, created by Virus Removal Tool.

  2. #2
    VIP Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Аватар для Aleksandra
    Регистрация
    13.01.2007
    Сообщений
    7,705
    Вес репутации
    2833
    1. Please, disable System Restore and antivirus (if you have).
    2. Execute this script in AVPTool:

    Код:
    begin
    ClearHostsFile;
    SetAVZGuardStatus(True);
     RegKeyIntParamWrite('HKLM','SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer','NoDriveTypeAutoRun', 221);
     QuarantineFile('C:\WINDOWS\system32\xqcpiangrifdddzz.exe','');
     QuarantineFile('C:\WINDOWS\system32\liypmizwlghjnrrvtqgx.exe','');
     QuarantineFile('C:\WINDOWS\system32\ayphfcusiegjotuzywnfd.exe','');
     QuarantineFile('C:\DOCUME~1\Tetis\LOCALS~1\Temp\yujzvqgcqkklorqtqmb.exe .','');
     QuarantineFile('C:\DOCUME~1\Tetis\LOCALS~1\Temp\xqcpiangrifdddzz.exe','');
     QuarantineFile('C:\DOCUME~1\Tetis\LOCALS~1\Temp\niwlgapkxqpprtrtpk.exe','');
     QuarantineFile('C:\DOCUME~1\Tetis\LOCALS~1\Temp\eylztmaugywvwxuvq.exe','');
     DeleteFile('C:\DOCUME~1\Tetis\LOCALS~1\Temp\eylztmaugywvwxuvq.exe');
     RegKeyParamDel('HKEY_USERS','S-1-5-21-1409082233-1614895754-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Run','eqvbnyequ');
     DeleteFile('C:\DOCUME~1\Tetis\LOCALS~1\Temp\niwlgapkxqpprtrtpk.exe');
     RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','skvhzqcueuqnmlg');
     DeleteFile('C:\DOCUME~1\Tetis\LOCALS~1\Temp\xqcpiangrifdddzz.exe');
     RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run','nychschs');
     DeleteFile('C:\DOCUME~1\Tetis\LOCALS~1\Temp\yujzvqgcqkklorqtqmb.exe .');
     RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\RunOnce','pgqbsitktidzxv');
     RegKeyParamDel('HKEY_USERS','S-1-5-21-1409082233-1614895754-725345543-1003\Software\Microsoft\Windows\CurrentVersion\RunOnce','xkqxkwdqvg');
     DeleteFile('C:\WINDOWS\system32\ayphfcusiegjotuzywnfd.exe');
     RegKeyParamDel('HKEY_USERS','S-1-5-21-1409082233-1614895754-725345543-1003\Software\Microsoft\Windows\CurrentVersion\RunOnce','oenxncmckysnk');
     DeleteFile('C:\WINDOWS\system32\liypmizwlghjnrrvtqgx.exe');
     RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','eqvbnyequ');
     RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run','sgnvjwesykc');
     DeleteFile('C:\WINDOWS\system32\xqcpiangrifdddzz.exe');
     RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\RunOnce','xkqxkwdqvg');
     RegKeyParamDel('HKEY_USERS','S-1-5-21-1409082233-1614895754-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Run','pemvkyhwdqjd');
     DeleteFile('C:\autorun.inf');
     DeleteFile('D:\autorun.inf');
     DeleteFile('E:\autorun.inf');
     DeleteFileMask('%tmp% ','*.* ',true );
    BC_ImportDeletedList;
    ExecuteSysClean;
    ExecuteWizard('TSW', 3, 3, true);
    ExecuteWizard('SCU', 3, 3, true);
    BC_Activate;
    SetAVZPMStatus(True);
    RebootWindows(true);
    end.
    3. After reboot execute this script in AVPTool:

    Код:
    begin
     CreateQurantineArchive('C:\quarantine.zip');
    end.
    Upload file C:\quarantine.zip, by link http://virusinfo.info/upload_virus.php?tid=63486

    4. Attach a new log to your new post.
    Сердце решает кого любить... Судьба решает с кем быть...

  3. #3
    Junior Member Репутация
    Регистрация
    13.12.2009
    Сообщений
    3
    Вес репутации
    30
    After executing this script file C:\quarantine.zip was not created. I have nothing to upload.
    Message: Quarantine file (direct disk reading) "%S" - failed (error).

    Additionally I can say that tool managed to disinfect file
    'C:\DOCUME~1\Tetis\LOCALS~1\luwziq.exe'

    I suppose this file was restoring all secondary malitios processes and exe's in different folders.

    I can't look at hidden files, as "Show hidden files" function does not work anymore.

    Добавлено через 18 минут

    During Autoscan Tool foud virus in quarantine:
    2009.12.13 12:18:45 Detected: HEUR:Trojan.Win32.Generic C:\Documents and Settings\Tetis\Desktop\Virus Removal Tool\setup_9.0.0.722_12.12.2009_20-35\AVZ_Quarantine\2009-12-13\avz00003.dta

    However, I can not see this file. If you would like to have it uploded, how can I do that?

    Добавлено через 6 минут

    During Autoscan Tool foud virus in quarantine:
    2009.12.13 12:18:45 Detected: HEUR:Trojan.Win32.Generic C:\Documents and Settings\Tetis\Desktop\Virus Removal Tool\setup_9.0.0.722_12.12.2009_20-35\AVZ_Quarantine\2009-12-13\avz00003.dta

    However, I can not see this file. If you would like to have it uploded, how can I do that?
    Последний раз редактировалось LiutaurasG; 13.12.2009 в 13:38. Причина: Добавлено

  4. #4
    VIP Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Аватар для Aleksandra
    Регистрация
    13.01.2007
    Сообщений
    7,705
    Вес репутации
    2833
    Make new logs.
    Сердце решает кого любить... Судьба решает с кем быть...

  5. #5
    Junior Member Репутация
    Регистрация
    13.12.2009
    Сообщений
    3
    Вес репутации
    30
    After few scans and system restarts Virus Removal Tool captured file "luwziq.exe".
    After that malitious processes did not appear again. Despite tool was not able to complete scans, I had a chance to save some important data, format drive C: and reinstall Windows.

    Anyway, thanks for help, Aleksandra.

Похожие темы

  1. Kaspersky Anti-Virus: forbidden incoming virus Trojan-Downloader.BAT.Small.aq
    От makstarikov в разделе Помогите!
    Ответов: 28
    Последнее сообщение: 29.06.2012, 13:01
  2. Ответов: 5
    Последнее сообщение: 27.06.2012, 14:42
  3. Virus - url:mal + trojan +
    От magstorm в разделе Помогите!
    Ответов: 13
    Последнее сообщение: 24.02.2012, 19:43
  4. 2 Trojan virus
    От jcotton в разделе Malware Removal Service
    Ответов: 0
    Последнее сообщение: 08.08.2010, 01:13
  5. I think i have a trojan virus
    От BigG1 в разделе Malware Removal Service
    Ответов: 10
    Последнее сообщение: 27.03.2010, 13:55

Метки для этой темы

Свернуть/Развернуть Ваши права в разделе

  • Вы не можете создавать новые темы
  • Вы не можете отвечать в темах
  • Вы не можете прикреплять вложения
  • Вы не можете редактировать свои сообщения
  •  
Page generated in 0.01004 seconds with 16 queries