Hi,
Switch off/Disable:
- Antivirus and and, if you have - Firewall.
- System Restore
- Execute following script in Manual disinfection
Код:
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
ClearQuarantine;
TerminateProcessByName('c:\documents and settings\all users\application data\e1447ff\mse144_2124.exe');
StopService('C5sK5');
StopService('AA317sK');
RegKeyParamDel('HKEY_USERS','S-1-5-21-3231245822-1539148231-825504549-1006\Software\Microsoft\Windows\CurrentVersion\Run','My Security Shield');
QuarantineFile('C:\WINDOWS\system32\MY55.exe','');
QuarantineFile('C:\WINDOWS\system32\DRIVERS\uvclf.sys','');
QuarantineFile('C:\WINDOWS\system32\drivers\E3aA.sys','');
QuarantineFile('c:\documents and settings\all users\application data\e1447ff\mse144_2124.exe','');
DeleteService('C5sK5');
DeleteService('AA317sK');
BC_DeleteSvc('C5sK5');
BC_DeleteSvc('AA317sK');
DeleteFile('C:\WINDOWS\system32\MY55.exe');
DeleteFile('C:\WINDOWS\system32\drivers\E3aA.sys');
DeleteFile('c:\documents and settings\all users\application data\e1447ff\mse144_2124.exe');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
SetAVZPMStatus(True);
RebootWindows(true);
end.
After reboot execute following script in Manual disinfection
Код:
begin
CreateQurantineArchive('C:\quarantine.zip');
end.
and upload the C:\quarantine.zip over the link Upload quarantined files on the top of this page.
- Make a new log file of AVPTool.
- Make a log file of Malwarebytes Antimalware
- Attach both log to your new message.