Deeply hidden threat

**jeal61** · 02.07.2010, 17:08

Only Norton Security Scan has found 2 malicious objects which are still infecting my PC:
c:\commonfiles\xhostl.cpl
c:\commonfies\xhostn.dll

**Rene-gad** · 04.07.2010, 23:55

Close/unload all the programs excepted AVZ and Internet Explorer

Switch off:
- Antivirus and and, if you have - Firewall.
- System Restore

- Execute following script in Manual Healing

Код:

begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
 QuarantineFile('c:\Commonfiles\xhostn.dll','');
 DelBHO('{F89CEB6F-335E-43EC-BD6B-7F72D7801158}');
 DeleteFile('c:\Commonfiles\xhostn.dll');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.

After reboot:
- Execute following script in Manual Healing

Код:

begin
CreateQurantineArchive('C:\quarantine.zip');    
end.

- Upload the C:\quarantine.zip here: http://virusinfo.info/upload_virus_eng.php?tid=82346
- Repeat a log file.
- Attach a new log to your new post..

**jeal61** · 05.07.2010, 03:22

Although I could not upload the quarantined Zip file, once it has not been created due to some mistake, I'm sure my PC is already disinfected. Thanks for helping me, Rene-gad.

**Rene-gad** · 05.07.2010, 17:56

Your log seems to be clean.

**jeal61** · 06.07.2010, 02:26

I've just performed a full scan of Norton Security and it indicates my PC still has a trojan/infostealer (c:\commonfiles\xhostl.cpl) which appears twice (Target type: Infection and Browser Cache), ie, one of the two malwares I've reported previously.

**jeal61** · 06.07.2010, 06:32

I've discovered a removal tool that is almost a miracle: ComboFix. The malwares were found and the PC was automatically disinfected (see the attached post-disinfection report).

**Rene-gad** · 06.07.2010, 10:03

It's good possible, that Norton and other tools found malicious files. According to AVZ they were not activated and not really harmful.

**jeal61** · 06.07.2010, 16:33

ComboFix has quarantined 10 files in my PC (see the attached report).

Thanks again for helping me, Rene-gad.

**Rene-gad** · 06.07.2010, 19:32

I'm not sure, that anybody advised you to make any log, e.g. Combofix

**jeal61** · 06.07.2010, 20:32

Nobody asked me to do that. Sorry if I did something wrong. I was just trying to give you as much information as possible once I'd like to be 100% sure that my PC isn't infected anymore.

**Rene-gad** · 06.07.2010, 20:49

Using of Combofix and any other tools is very risky!!!

Сообщение от jeal61

I'd like to be 100% sure that my PC isn't infected anymore.

Such insurance will be given ONLY to the fresh installed OS before the 1st connecting with network.

Deeply hidden threat

Опции темы

Deeply hidden threat

After manual disinfection logfile

It's still infected!!!

Problem solved!

Quarantined files

Похожие темы

KIS2010 and Virus removal tool unable to remove Hidden threat

threat detected

Unknowon Threat PDM

threat

New Threat

Ваши права в разделе