Switch off/Disable:
- Antivirus and and, if you have - Firewall.
- System Restore
- Execute following script in Manual Cure
Код:
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
ClearQuarantine;
TerminateProcessByName('c:\windows\services.exe');
QuarantineFile('E:\HBCD\WinTools\Autorun.exe','');
QuarantineFile('C:\WINDOWS\system32\XDva321.sys','');
QuarantineFile('C:\WINDOWS\system32\XDva317.sys','');
QuarantineFile('C:\WINDOWS\system32\XDva297.sys','');
QuarantineFile('C:\WINDOWS\system32\XDva294.sys','');
QuarantineFile('C:\WINDOWS\system32\XDva281.sys','');
QuarantineFile('C:\WINDOWS\system32\drivers\vvftav.sys','');
StopService('XDva321');
StopService('XDva317');
StopService('XDva297');
StopService('XDva294');
StopService('XDva281');
QuarantineFile('Explorer.exe C:\WINDOWS\system32\fservice.exe','');
QuarantineFile('C:\WINDOWS\system32\fservice.exe','');
DelCLSID('{5Y99AE78-58TT-11dW-BE53-Y67078979Y}');
QuarantineFile('C:\WINDOWS\system\sservice.exe','');
QuarantineFile('C:\WINDOWS\system32\winkey.dll','');
QuarantineFile('C:\WINDOWS\system32\wcdrtc32.dll','');
QuarantineFile('C:\WINDOWS\system32\reginv.dll','');
QuarantineFile('C:\WINDOWS\services.exe','');
DeleteFile('C:\WINDOWS\services.exe');
DeleteFile('C:\WINDOWS\system32\reginv.dll');
DeleteFile('C:\WINDOWS\system32\wcdrtc32.dll');
DeleteFile('C:\WINDOWS\system32\winkey.dll');
DeleteFile('C:\WINDOWS\system\sservice.exe');
DeleteFile('C:\WINDOWS\system32\fservice.exe');
DeleteFile('Explorer.exe C:\WINDOWS\system32\fservice.exe');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
BC_DeleteSvc('');
ExecuteRepair(17);
SetAVZPMStatus(True);
RebootWindows(true);
end.
After reboot execute following script in Manual Cure
Код:
begin
CreateQurantineArchive('C:\quarantine.zip');
end.
and upload the C:\quarantine.zip over the link Upload quarantined files on the top of this page.
- Clean Temp-Maps, Cache of Browsers, Recycler. Use Windows service tool cleanmgr or CCleaner or ClearProg
- Close all the programs and start only Internet Explorer!!!
- Repeat a log file of AVPTool.
- Make a log file with Hijackthis ( Analysis, p.3 for further informations).
- Switch Antivirus and, if you have - Firewall, on.
- Go On-Line
- Attach both logs to your new post..