Hello,
i've got some virus trouble named: Backdoor.Win32.Sinowal.cb and i cannot remove it.
Please find attached the Kaspersky removal tool report.
Thank you for your help.
Hello,
i've got some virus trouble named: Backdoor.Win32.Sinowal.cb and i cannot remove it.
Please find attached the Kaspersky removal tool report.
Thank you for your help.
Switch off/Disable:
- Antivirus and and, if you have - Firewall.
- System Restore
- Execute following script in Manual disinfection
After reboot execute following script in Manual disinfectionКод:begin SearchRootkit(true, true); SetAVZGuardStatus(True); ClearQuarantine; QuarantineFile('C:\Program Files\webserv\webserv.exe',''); QuarantineFile('C:\AdventNet\ME\AssetExplorer\bin\wrapper.exe',''); DelBHO('{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE}'); QuarantineFile('C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll',''); DelBHO('{F0626A63-410B-45E2-99A1-3F2475B2D695}'); DelBHO('{8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6}'); QuarantineFile('C:\Program Files\SGPSA\BHO.dll',''); QuarantineFile('C:\Program Files\SGPSA\SearchAssistant.dll',''); DelCLSID('{5E2121EE-0300-11D4-8D3B-444553540000}'); QuarantineFile('C:\PROGRA~1\ANTIMA~1\amext.dll',''); QuarantineFile('C:\WINDOWS\system32\ED76jfu3.exe',''); QuarantineFile('C:\autorun.inf',''); DeleteFile('C:\autorun.inf'); DeleteFile('C:\WINDOWS\system32\ED76jfu3.exe'); DeleteFile('C:\PROGRA~1\ANTIMA~1\amext.dll'); DeleteFile('C:\Program Files\SGPSA\SearchAssistant.dll'); DeleteFile('C:\Program Files\SGPSA\BHO.dll'); DeleteFile('C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll'); DeleteFileMask('c:\windows\tasks\','At*.job',false); BC_ImportAll; ExecuteSysClean; BC_Activate; SetAVZPMStatus(True); RebootWindows(true); end.
and upload the C:\quarantine.zip over the link Upload quarantined files on the top of this page.Код:begin CreateQurantineArchive('C:\quarantine.zip'); end.
- Install Service Pack 3 for Windows XP + all subsequent updates + Internet Explorer 8
- Upgrade your Antivirus till the LAST VERSION!
- Update Java Runtime Environment.
- Update OpenOffice
- Repeat a log file of AVPTool.
- Attach a log to your new post..
hello,
thanks for the response.
I've followed the instructions and there is attached the new log...
Not completely
- Execute following script in Manual disinfection- Install Service Pack 3 for Windows XP + all subsequent updates + Internet Explorer 8
- Upgrade your Antivirus till the LAST VERSION!
- Update Java Runtime Environment.
- Update OpenOffice
and fulfill all recommendations.Код:begin SearchRootkit(true, true); SetAVZGuardStatus(True); ClearQuarantine; DeleteService('Audio Windows (AudioSrv)'); BC_DeleteSvc('Audio Windows (AudioSrv)'); DeleteFile('C:\AdventNet\ME\AssetExplorer\bin\wrapper.exe'); RegKeyParamDel('HKEY_LOCAL_MACHINE','SYSTEM\CurrentControlSet\Services\Eventlog\Application\assetexplorer','EventMessageFile'); DeleteFile('C:\Program Files\webserv\webserv.exe'); BC_ImportAll; ExecuteSysClean; BC_Activate; SetAVZPMStatus(True); RebootWindows(true); end.
hi,
when i try to intall pack 3, the computer switch off by itself
i have desinstall open office due to space on the driver...
I have done the update (java runtime,anti virus) and installed service pack3. Internet explorer 8 was apprently allready done.
Please find attached the log
regards
Hi, check you comp. http://www.freedrweb.com/download+cureit/?lng=en
download and scan cureit.
Hello,
I've update the anti virus and there is the log
Did you scan your system as Alex_Goodwin advised?
- Execute following script in Manual disinfection
and upload the C:\quarantine.zip over this linkКод:begin ClearQuarantine; QuarantineFile('iexplore.exe',''); CreateQurantineArchive('C:\quarantine.zip'); end.
Done.
Do you have any problem more?
apparently not! it seems to be removed!
Thank you very much guys for your help
Статистика проведенного лечения:
- Получено карантинов: 2
- Обработано файлов: 38
- В ходе лечения вредоносные программы в карантинах не обнаружены