Close/unload all the programs
Switch off:
- Antivirus and, if you have - Firewall.
- Execute following script in Manual Healing
Код:
begin
SearchRootkit(true, true);
SetAVZGuardStatus(true);
QuarantineFile('C:\Users\User\AppData\Local\Temp\4036982825.exe','');
QuarantineFile('C:\Users\User\AppData\Local\Temp\b90a9.exe','');
QuarantineFile('C:\Users\User\AppData\Local\Temp\cmd.exe','');
QuarantineFile('C:\Users\User\AppData\Local\Temp\ecxawnsrom.exe','');
QuarantineFile('C:\Users\User\AppData\Local\Temp\ipm1h.exe','');
QuarantineFile('C:\Users\User\AppData\Local\Temp\msllhsjn.dll','');
QuarantineFile('C:\Users\User\AppData\Local\Temp\p95tukvqyc2h.exe','');
QuarantineFile('C:\Users\User\AppData\Local\Temp\sysedit.exe','');
QuarantineFile('C:\Users\User\AppData\Local\Temp\system.exe','');
QuarantineFile('C:\Users\User\AppData\Local\Temp\win32.exe','');
DeleteFile('C:\Users\User\AppData\Local\Temp\win32.exe');
RegKeyParamDel('HKEY_USERS','S-1-5-21-3145862903-2119528392-1372316911-1000\Software\Microsoft\Windows\CurrentVersion\Run','Lvifiejlq+');
DeleteFile('C:\Users\User\AppData\Local\Temp\system.exe');
RegKeyParamDel('HKEY_USERS','S-1-5-21-3145862903-2119528392-1372316911-1000\Software\Microsoft\Windows\CurrentVersion\Run','Lvifiejlud');
DeleteFile('C:\Users\User\AppData\Local\Temp\sysedit.exe');
RegKeyParamDel('HKEY_USERS','S-1-5-21-3145862903-2119528392-1372316911-1000\Software\Microsoft\Windows\CurrentVersion\Run','Lvifiejlupc');
DeleteFile('C:\Users\User\AppData\Local\Temp\p95tukvqyc2h.exe');
RegKeyParamDel('HKEY_USERS','S-1-5-21-3145862903-2119528392-1372316911-1000\Software\Microsoft\Windows\CurrentVersion\Run','LvifiejlOyfcr\AppData\Local\Temp\p95tukvqyc2h.exe');
DeleteFile('C:\Users\User\AppData\Local\Temp\msllhsjn.dll');
RegKeyParamDel('HKEY_USERS','S-1-5-21-3145862903-2119528392-1372316911-1000\Software\Microsoft\Windows\CurrentVersion\Run','byivqr');
DeleteFile('C:\Users\User\AppData\Local\Temp\ipm1h.exe');
RegKeyParamDel('HKEY_USERS','S-1-5-21-3145862903-2119528392-1372316911-1000\Software\Microsoft\Windows\CurrentVersion\Run','LvifiejloL');
DeleteFile('C:\Users\User\AppData\Local\Temp\ecxawnsrom.exe');
RegKeyParamDel('HKEY_USERS','S-1-5-21-3145862903-2119528392-1372316911-1000\Software\Microsoft\Windows\CurrentVersion\Run','ecxawnsrom.exe');
DeleteFile('C:\Users\User\AppData\Local\Temp\cmd.exe');
RegKeyParamDel('HKEY_USERS','S-1-5-21-3145862903-2119528392-1372316911-1000\Software\Microsoft\Windows\CurrentVersion\Run','Lvifiejlkc');
DeleteFile('C:\Users\User\AppData\Local\Temp\b90a9.exe');
RegKeyParamDel('HKEY_USERS','S-1-5-21-3145862903-2119528392-1372316911-1000\Software\Microsoft\Windows\CurrentVersion\Run','LvifiejlJL');
DeleteFile('C:\Users\User\AppData\Local\Temp\4036982825.exe');
RegKeyParamDel('HKEY_USERS','S-1-5-21-3145862903-2119528392-1372316911-1000\Software\Microsoft\Windows\CurrentVersion\Run','Lvifiejl82zer\AppData\Local\Temp\4036982825.exe');
BC_ImportAll;
ExecuteSysClean;
ExecuteWizard('TSW',2,2,true);
BC_Activate;
RebootWindows(true);
end.
After reboot:
- Execute following script in Manual Healing
Код:
begin
CreateQurantineArchive('C:\quarantine.zip');
end.
- Upload the C:\quarantine.zip here: upload_virus_eng.
- Make a new log file and Attach a new log to your new post..