Показано с 1 по 2 из 2.

Cannot clean PC of virus

  1. #1
    Junior Member Репутация
    Регистрация
    23.04.2010
    Сообщений
    1
    Вес репутации
    51

    Cannot clean PC of virus

    Hi. I am having some difficulty getting my pc to clean up. I have run the anti-virus program Kaspersky Virus Removal Tool, but cannot remove the virus without crashing my machine completely seeing how it has infected key files. I have also attached the requested files after using Macafee to scan the file before emailing it to another computer to post to this site. Whatever virus I have, I cannot get to any anti-virus websites or Microsoft update websites at all.
    I have attached the system info zip file that Kapersky assembles and here is my Hijackthis log file:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 4:32:47 PM, on 4/22/2010
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    c:\program files\mcafee.com\agent\mcdetect.exe
    C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\Program Files\Digital Media Reader\readericon45G.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\zHotkey.exe
    C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
    C:\Program Files\Windows Media Player\wmplayer.exe
    C:\WINDOWS\System32\Rundll32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\TEMP\xq8i.exe
    C:\WINDOWS\TEMP\xq8i.exe
    C:\WINDOWS\system32\PereSvc.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\BitTorrent\bittorrent.exe
    C:\Documents and Settings\Owner.KOPA-1782\Application Data\Simply Super Software\Trojan Remover\ols1F2.exe
    C:\Program Files\Windows Media Player\wmplayer.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.gateway.com/g/sidepanel.h...s=DTP&M=GT4024
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.h...s=DTP&M=GT4024
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.h...s=DTP&M=GT4024
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.h...s=DTP&M=GT4024
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.com/g/sidepanel.h...s=DTP&M=GT4024
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [readericon] C:\Program Files\Digital Media Reader\readericon45G.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
    O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
    O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [Cleanup] C:\DOCUME~1\OWNER~1.KOP\LOCALS~1\Temp\201042212832 _mcappins.exe /v=3 /cleanup
    O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
    O4 - HKLM\..\Run: [msci] C:\DOCUME~1\OWNER~1.KOP\LOCALS~1\Temp\201042212820 _mcinfo.exe /insfin
    O4 - HKLM\..\Run: [xrhukt] RUNDLL32.EXE C:\WINDOWS\system32\msmesslb.dll,w
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Policies\Explorer\Run: [zh5l] C:\WINDOWS\TEMP\xq8i.exe
    O4 - HKUS\S-1-5-18\..\Run: [Power2GoExpress] NA (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [Power2GoExpress] NA (User 'Default user')
    O4 - Startup: setup_9.0.0.722_21.04.2010_23-14.lnk = C:\Documents and Settings\Owner.KOPA-1782\Desktop\Virus Removal Tool\setup_9.0.0.722_21.04.2010_23-14\startup.exe
    O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
    O23 - Service: peresvc Service (peresvc) - ifdef sys - C:\WINDOWS\system32\PereSvc.exe
    O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

    --
    End of file - 5012 bytes
    ===========================

    Any help and whatever code I need to use on Kaspersky to use the Manual removal would be greatly appricated. I cannot afford to reformat my PC until I know what files I can save or I loose my entire business and all of my college school work.
    Thanks y'all!

  2. #2
    VIP Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Аватар для Aleksandra
    Регистрация
    13.01.2007
    Сообщений
    7,761
    Вес репутации
    2856
    1. Please, disable System Restore and antivirus (if you have).
    2. Execute this script in AVPTool:

    Код:
    begin
    SetAVZGuardStatus(True);
     QuarantineFile('C:\WINDOWS\System32\userinit.exe','');
     QuarantineFile('C:\WINDOWS\system32\msmesslb.dll','');
     QuarantineFile('c:\windows\temp\xq8i.exe','');
     TerminateProcessByName('c:\windows\temp\xq8i.exe');
     QuarantineFile('c:\windows\system32\w.exe','');
     TerminateProcessByName('c:\windows\system32\w.exe');
     QuarantineFile('c:\windows\fonts\services.exe','');
     TerminateProcessByName('c:\windows\fonts\services.exe');
     QuarantineFile('c:\windows\system32\3184.exe','');
     TerminateProcessByName('c:\windows\system32\3184.exe');
     DeleteFile('c:\windows\system32\3184.exe');
     DeleteFile('c:\windows\fonts\services.exe');
     DeleteFile('c:\windows\system32\w.exe');
     DeleteFile('c:\windows\temp\xq8i.exe');
     RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run','zh5l');
     RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run','exec');
    BC_ImportDeletedList;
    ExecuteSysClean;
    BC_Activate;
    RebootWindows(true);
    end.
    3. After reboot execute this script in AVPTool:

    Код:
    begin
     CreateQurantineArchive(GetAVZDirectory+'quarantine.zip');
    end.
    Upload file quarantine.zip, by link http://virusinfo.info/upload_virus.php?tid=76833

    4. Make a new log of AVPTool.
    Сердце решает кого любить... Судьба решает с кем быть...

Похожие темы

  1. IT can clean up through clean tech
    От wise-wistful в разделе Offtopic
    Ответов: 1
    Последнее сообщение: 16.10.2020, 07:23
  2. help me to clean
    От Nitin в разделе Malware Removal Service
    Ответов: 0
    Последнее сообщение: 18.09.2010, 15:24
  3. i can't clean or remove this virus
    От mionaaa_8 в разделе Malware Removal Service
    Ответов: 0
    Последнее сообщение: 16.09.2010, 19:43
  4. I Can't successfully clean the virus on my machine
    От Martinm1 в разделе Malware Removal Service
    Ответов: 1
    Последнее сообщение: 12.05.2009, 13:33
  5. is it clean?
    От parufka в разделе Помогите!
    Ответов: 6
    Последнее сообщение: 22.02.2009, 01:40

Свернуть/Развернуть Ваши права в разделе

  • Вы не можете создавать новые темы
  • Вы не можете отвечать в темах
  • Вы не можете прикреплять вложения
  • Вы не можете редактировать свои сообщения
  •  
Page generated in 0.00502 seconds with 17 queries