I was infected with at least one and probably several viruses, I cleaned them all and I still can't use my browser to go to websites to update my AV software or even Microsoft.
I was infected with at least one and probably several viruses, I cleaned them all and I still can't use my browser to go to websites to update my AV software or even Microsoft.
Attention !!! AVZ-Database was last updated 8/21/2009 it is necessary to update the database (via File - Database update)
Close/unload all the programs excepted AVZ and Internet Explorer
Switch off:
- Antivirus and and, if you have - Firewall.
- System Restore
- Execute following script
After reboot:Код:begin SearchRootkit(true, true); SetAVZGuardStatus(True); QuarantineFile('C:\WINDOWS\system32\MsPMSNSv.dll',''); DeleteFileMask('C:\4a1766680e478fc61a408f\','*.*',true); DeleteFileMask('c:\a0b380931f19f1f778\','*.*',true); DeleteDirectory('C:\4a1766680e478fc61a408f\'); DeleteDirectory('c:\a0b380931f19f1f778\'); BC_ImportAll; ExecuteSysClean; BC_Activate; RebootWindows(true); end.
- Execute following script
- Upload the C:\quarantine.zip here: http://virusinfo.info/upload_virus_eng.php?tid=74384Код:begin CreateQurantineArchive('C:\quarantine.zip'); end.
- Remove Bonjour: http://virusinfo.info/showthread.php?t=42263
- Repeat all the log files and attach them to your next post..
Quarantine File attached
I am unable to update the database on the infected computer because it won't connect to certain websites. Can I do a Manual update?
moderated:::
Upload result
File saved as 100324_175859_quarantine(2)_4baa28b327950.zip
File size 110020
MD5 4cda4c4aa06d3de388faf51b5f491e73
File uploaded, thank you!
Последний раз редактировалось Rene-gad; 24.03.2010 в 17:59.
Pls. read our messages!
You had to add the logs, not a quarantine.
You can download this file on any other PC, copy it to any removable medium and extract the content to ..avz4\base on your PC.
I have repost my log files after running the required scripts
- Execute following script
After reboot:Код:begin SearchRootkit(true, true); SetAVZGuardStatus(True); SetAVZPMStatus(True); ClearQuarantine; StopService('esihdrv'); DeleteService('esihdrv'); BC_DeleteSvc('esihdrv'); QuarantineFile('C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\esihdrv.sys',''); RegKeyParamDel('HKEY_LOCAL_MACHINE','SYSTEM\CurrentControlSet\Services\Eventlog\Application\WgaSetup','EventMessageFile'); DeleteFileMask('C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\','*.*',true); BC_ImportAll; ExecuteSysClean; BC_Activate; RebootWindows(true); end.
- Execute following script
- Upload the C:\quarantine.zip here: http://virusinfo.info/upload_virus_eng.php?tid=74384Код:begin CreateQurantineArchive('C:\quarantine.zip'); end.
- Repeat only the log file virusinfo_syscheck.zip (p. 2 of the rules).
Did as requested
- Execute following script
After reboot:Код:begin SearchRootkit(true, true); SetAVZGuardStatus(True); SetAVZPMStatus(True); ClearQuarantine; StopService('esihdrv'); DeleteService('esihdrv'); BC_DeleteSvc('esihdrv'); StopService('ql600oko'); DeleteService('ql600oko'); BC_DeleteSvc('ql600oko'); QuarantineFile('C:\WINDOWS\system32\drivers\mrxoko.sys',''); DeleteFile('C:\WINDOWS\system32\drivers\mrxoko.sys'); DeleteFile('C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\esihdrv.sys'); BC_ImportAll; ExecuteSysClean; BC_Activate; RebootWindows(true); end.
- Execute following script
- Upload the C:\quarantine.zip here: http://virusinfo.info/upload_virus_eng.php?tid=74384Код:begin CreateQurantineArchive('C:\quarantine.zip'); end.
- Repeat all the logs.
- Make a log of Malwarebytes Antimalware, pls. remove nothing!
Things are definitly improving, hopefully this is the last i need to post.
Any problem more?
I can now use the internet and all my virus scans and and Malware scans are coimng back with no hits. So I am very happy.
Thank you for your assistance.
Статистика проведенного лечения:
- Получено карантинов: 3
- Обработано файлов: 8
- В ходе лечения обнаружены вредоносные программы:
- c:\windows\system32\drivers\mrxoko.sys - Trojan.Win32.Agent.dpoc ( DrWEB: Trojan.NtRootKit.6664, AVAST4: Win32:Malware-gen )