I have the above in the file mwsautSp.exe which Internet Security 2010 can not delete or quarantine. How can I get rid of it? I have downloaded virus removal tool 2010 and run the information gathering tool and attach the results. Why am I in a Russian help system, I accessed it from the virus detection and am having to have have Google translate it for me, but I can not read many of the commands or options.
Switch off/Disable:
- Antivirus and and, if you have - Firewall.
- System Restore
- Execute following script in Manual disinfection
After rebootКод:begin SearchRootkit(true, true); SetAVZGuardStatus(True); ClearQuarantine; DelBHO('{07B18EA9-A523-4961-B6BB-170DE4475CCA}'); DelBHO('{07B18EA1-A523-4961-B6BB-170DE4475CCA}'); QuarantineFile('C:\Program Files\MyWebSearch\bar\4.bin\MWSBAR.DLL',''); QuarantineFile('C:\WINDOWS\system32\cgmopenbho.dll',''); QuarantineFile('C:\WINDOWS\system32\DRIVERS\m5228.sys',''); QuarantineFile('C:\Documents and Settings\Ken Cooper\JMSys.sys',''); QuarantineFile('C:\WINDOWS\system32\drivers\pivot.sys',''); QuarantineFile('c:\program files\aliraid\jmapp.exe',''); DeleteFileMask('C:\Program Files\MyWebSearch\','*.*',true); DeleteDirectory('C:\Program Files\MyWebSearch\'); ExecuteWizard('TSW', 2, 2, true); ExecuteWizard('SCU', 2, 2, true); BC_ImportAll; ExecuteSysClean; BC_Activate; CreateQurantineArchive('C:\quarantine.zip'); SetAVZPMStatus(True); RebootWindows(true); end.
- upload the C:\quarantine.zip over the link Upload quarantined files on the top of this page.
- Repeat a log file of AVPTool.
- Make a log file with Hijackthis ( Analysis, p.3 for further informations).
- Attach both logs to your new post..
I can't find the quarantine.zip file.
The script said
CreateQurantineArchive ( 'C: \ quarantine.zip');
should it have said
CreateQuarantineArchive ( 'C: \ quarantine.zip');
and is that why I didn't get the file created?
Open Explorer, go to the root catalog C:\, search the file quarantine.zip. Found or not found?
Not foundСообщение от Rene-gad
OK, make the next steps.
File attached as requested
?!?!?!?!
I don't understand. I have followed the instructions you gave me. I tried to attach the log file from the virus tool, but it wouldn't let me. I attached the file from Hijackit as you requested.
You must remember that I am viewing a translation of this site, so I can't see what the buttons stand for as they are in Russian.
Make the AVP Scan Log in the same way as in your open post and attach it. What kind of problem do you see?
I must only die, the other things I have to do
Why didn't you switch to englisch interface? : http://virusinfo.info/index.php?page=homeeng&langid=1I am viewing a translation of this site
Последний раз редактировалось Rene-gad; 28.02.2010 в 18:52. Причина: Добавлено
OK AVP file attachedMake the AVP Scan Log in the same way as in your open post and attach it. What kind of problem do you see?
I must only die, the other things I have to do
Why didn't you switch to englisch interface? : http://virusinfo.info/index.php?page=homeeng&langid=1
And the system restore is not disabled again...
Is your problem solved?
I don't know, but the message doesn't seem to be appearing now. Looking in the Kaspersky reports, it has managed to Quarantine it, so hopefully it is solved.
Ваши права в разделе
Ответить с цитированием