Autorun virus

[alifaris]

Dear sir,

My computer is infected with autorun virus that has spread in all drives ,I can not remove it because it keeps returning back after each scan

My pc suffers also from slowness and I can not show hidden files

I am not sure If my pc is infected with other malwares or not ,It is your call please help me I 've included analysis report to help u deside

Thanks alot

[Rene-gad]

(database released 15/06/2009; 04:49)

pls. download the last version of AVPTool.Close/unload all the programs excepted AVZ and Internet Explorer

Switch off:
- Antivirus and and, if you have - Firewall.
- System Restore

- Execute following script in Manual Healing

Код:

begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
 QuarantineFile('C:\WINDOWS\system32\drivers\ds1410d.sys','');
 StopService('RkHit');
 DeleteService('RkHit');
 QuarantineFile('C:\WINDOWS\system32\drivers\RKHit.sys','');
 QuarantineFile('C:\RECYCLER\S-1-5-21-9961131997-0024314854-762817216-2165\msdrive.exe','');
 QuarantineFile('C:\Program Files\Spyware Cease\SpywareCease.exe','');
 QuarantineFile('C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\windowsupdate.com','');
 QuarantineFile('C:\WINDOWS\system32\textwareilluminatorbaseProtocol.dll','');
 QuarantineFile('H:\autorun.inf','');
 QuarantineFile('F:\vgyn6ewc.exe','');
 QuarantineFile('F:\autorun.inf','');
 QuarantineFile('E:\vgyn6ewc.exe','');
 QuarantineFile('E:\autorun.inf','');
 QuarantineFile('D:\vgyn6ewc.exe','');
 QuarantineFile('D:\autorun.inf','');
 QuarantineFile('C:\vgyn6ewc.exe','');
 QuarantineFile('C:\autorun.inf','');
 QuarantineFile('C:\DOCUME~1\DRB4EE~1.FAR\LOCALS~1\Temp\nodqq0.dll','');
 DeleteFile('C:\DOCUME~1\DRB4EE~1.FAR\LOCALS~1\Temp\nodqq0.dll');
 DeleteFile('C:\autorun.inf');
 DeleteFile('C:\vgyn6ewc.exe');
 DeleteFile('D:\autorun.inf');
 DeleteFile('D:\vgyn6ewc.exe');
 DeleteFile('E:\autorun.inf');
 DeleteFile('E:\vgyn6ewc.exe');
 DeleteFile('F:\autorun.inf');
 DeleteFile('F:\vgyn6ewc.exe');
 DeleteFile('H:\autorun.inf');
 DeleteFile('C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\windowsupdate.com');
 DelCLSID('{28ABC5C0-4FCB-11CF-AAX5-81CX1C635612} ');
 DeleteFile('C:\RECYCLER\S-1-5-21-9961131997-0024314854-762817216-2165\msdrive.exe');
 DeleteFile('C:\WINDOWS\system32\drivers\RKHit.sys');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.

After reboot:
- Execute following script in Manual Healing

Код:

begin
CreateQurantineArchive('C:\quarantine.zip');    
end.

- Upload the C:\quarantine.zip here: http://virusinfo.info/upload_virus_eng.php?tid=77356
- Install Service Pack 3 for Windows XP + all subsequent updates
- Repeat a log file.
- Attach a new log to your new post..