trojan

[lavigne]

please help me!
i dont know what 's happened

[Aleksandra]

1. Please, disable System Restore and antivirus (if you have).
2. Execute this script in AVPTool:

Код:

begin
SetAVZGuardStatus(True);
 SetServiceStart('Schedule', 4);
 RegKeyIntParamWrite('HKLM','SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer','NoDriveTypeAutoRun', 221);
 QuarantineFile('C:\WINDOWS\system32\curslib.dll','');
 DelBHO('{C7B76B90-3455-4AE6-A752-EAC4D19689E5}');
 QuarantineFile('C:\WINDOWS\system32\Jpo--ks.dll','');
 DelBHO('{64F56FC1-1272-44CD-BA6E-39723696E350}');
 QuarantineFile('C:\WINDOWS\system32\regedit.exe','');
 QuarantineFile('C:\WINDOWS\system32\msrcrqhr.dll','');
 QuarantineFile('C:\WINDOWS\system32\3B.tmp','');
 QuarantineFile('C:\Documents and Settings\Compaq_Propriйtaire\Application Data\SystemProc\lsass.exe','');
 QuarantineFile('C:\WINDOWS\system32\drivers\protect.sys','');
 DeleteService('protect');
 QuarantineFile('C:\WINDOWS\system32\drivers\unpr.sys','');
 QuarantineFile('C:\WINDOWS\system32\DRIVERS\atapi.sys','');
 QuarantineFile('c:\windows\msa.exe','');
 TerminateProcessByName('c:\windows\msa.exe');
 QuarantineFile('c:\docume~1\compaq~1\locals~1\temp\g.exe','');
 TerminateProcessByName('c:\docume~1\compaq~1\locals~1\temp\g.exe');
 DeleteFile('c:\docume~1\compaq~1\locals~1\temp\g.exe');
 DeleteFile('c:\windows\msa.exe');
 DeleteFile('C:\WINDOWS\system32\drivers\protect.sys');
 RegKeyParamDel('HKEY_USERS','S-1-5-21-983027222-1415550609-2606126818-1008\Software\Microsoft\Windows\CurrentVersion\Run','ZagrebLand');
 DeleteFile('C:\Documents and Settings\Compaq_Propriйtaire\Application Data\SystemProc\lsass.exe');
 RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run','RTHDBPL');
 DeleteFile('C:\WINDOWS\system32\3B.tmp');
 RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','1256');
 DeleteFile('C:\WINDOWS\system32\msrcrqhr.dll');
 RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','pchswp');
 DeleteFile('C:\WINDOWS\system32\regedit.exe');
 RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','Regedit32');
 DeleteFile('C:\WINDOWS\system32\curslib.dll');
 DeleteFile('D:\autorun.inf');
 DeleteFileMask('C:\WINDOWS\Tasks', '*.job', false);
 DeleteFileMask('%tmp% ','*.* ',true );
BC_ImportDeletedList;
ExecuteSysClean;
ExecuteWizard('TSW', 3, 3, true);
ExecuteWizard('SCU', 3, 3, true);
BC_Activate;
RebootWindows(true);
end.

3. After reboot execute this script in AVPTool:

Код:

begin
 CreateQurantineArchive('C:\quarantine.zip');
end.

Upload file C:\quarantine.zip, by link http://virusinfo.info/upload_virus.php?tid=63994

4. Make new logs.