IPB

Welcome Guest ( Log In | Register )

 
Closed TopicStart new topic
> Kaspersky disabled
sriram
post 2.05.2009 21:56
Post #1


Newbie
*

Group: Members
Posts: 3
Joined: 2.05.2009




Hi,
I am using kaspersky internet security 2009. It was working fine till morning. when i was watching movie online, i got some virus (i think so) and it disabled my kaspersky and i couldn't able to make my laptop restore to previous date also. I tried modify and repair in kaspersky, it processed something, but no improvements. Still kaspersky is disabled and i couldn't able to open the avp.exe also. Usually, i will get in my windows screen 'Protected by Kaspersky lab' whilst logging on, but now that text was not there when i tried to restart my laptop.

Could you please help me out, how to sort this out. I have lot of important datas in my harddisk.


Thanks
-Sriram-
Go to the top of the page
 
+Quote Post
richbuff
post 3.05.2009 02:45
Post #2


Are You Kidding?
*****************

Group: Moderators
Posts: 1000065
Joined: 14.06.2007




Welcome. Please supply the following two items:

1) Please create gsi sysinfo text, and then upload it to this parser site: http://gsi.kaspersky.fr/ and then post the link to the GSI report which may identify issue area, instructions see: http://forum.kaspersky.com/index.php?showtopic=36444

2) Please use the standalone AVZ utility and attach the zipped virusinfo_syscure.zip. When you download it, rename it in the save window before saving it, and also rename avz inside the zip before unpacking it. Instructions, see: http://forum.kaspersky.com/index.php?s=&am...st&p=678334 If download link does not work for you, download from here: ftp://149.7.32.19/devbuilds/AVZ/avz4.zip


--------------------
Please see the Important topics, located at the top of this section, and at the top of other sections of this forum.
Go to the top of the page
 
+Quote Post
sriram
post 3.05.2009 14:26
Post #3


Newbie
*

Group: Members
Posts: 3
Joined: 2.05.2009




hi
Thanks for your replying.. i did a scanning through online Windows live one care and it found some trojen Viruses.. and it removed high infected viruses and my Kaspersky is back. The virus that Windows live one care found and removed are attached herewith. I did a kaspersky full scan and it says protected. It removed some more Trojen viruses, but still when i open my C: drive, it shows a RECYCLER\ (some number) file and path not found (that *.bmp is also attached). Further, i made a AVZ log file and attached.

Could you please let me know how to remove this virus now.


Thanks
-Sriram-
Attached File(s)
Attached File  Recyler_error.JPG ( 18,75K ) Number of downloads: 12
Attached File  onecare_report.JPG ( 54,46K ) Number of downloads: 13
Attached File  sysinfo.zip ( 44,18K ) Number of downloads: 1
 
Go to the top of the page
 
+Quote Post
richbuff
post 4.05.2009 01:44
Post #4


Are You Kidding?
*****************

Group: Moderators
Posts: 1000065
Joined: 14.06.2007




Run this script, instructions linked in the second important topic located at top of this forum page, PC will reboot:
CODE
begin
SetAVZGuardStatus(True);
SearchRootkit(true, true);
QuarantineFile('C:\autorun.inf','');
DeleteFile('C:\autorun.inf');
RegKeyDel('HKCU','Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2');
BC_ImportDeletedList;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.

After run script, attach a Combofix log, please review and follow these instructions carefully.

Download it here -> http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Before Saving it to Desktop, please rename it to something like 123.exe to stop malware from disabling it.

Now, please make sure no other programs are running, close all other windows and pause Kaspersky (right click the K icon and click pause protection > Choose the
option "resume manually" if still active) until after the scanning and removal process has taken place.

Please double click on the file you downloaded. Follow the onscreen prompts to start the scan.
Once the scanning process has started please DO NOT click on the Combofix window or attempt to use your computer as this can cause the scanning process to stall.
It may take a while to complete scanning and this is normal.

You will be disconnected from the internet and your desktop icons/toolbars will disappear during scanning, do not worry, this is normal and it will be restored after
scanning has completed.

Combofix will create a logfile and display it after your computer has rebooted. Usually located in c:\combofix.txt, please attach it to your next post. Also, please don't
forget to resume the Kaspersky that you paused.


--------------------
Please see the Important topics, located at the top of this section, and at the top of other sections of this forum.
Go to the top of the page
 
+Quote Post
sriram
post 4.05.2009 18:04
Post #5


Newbie
*

Group: Members
Posts: 3
Joined: 2.05.2009




Hi

Now my C drive is opening as usual. Hope the virus is disabled. Thanks a lot for it. Hope its due to 'autorun.inf' virus.
Please see the combofix.txt attached herewith and let me know if there is any further infections in my system.

Thanks
-Sriram-
Attached File(s)
Attached File  ComboFix.txt ( 23,91K ) Number of downloads: 3
 
Go to the top of the page
 
+Quote Post
richbuff
post 5.05.2009 04:55
Post #6


Are You Kidding?
*****************

Group: Moderators
Posts: 1000065
Joined: 14.06.2007




Uninstall Combofix by: pause Kaspersky > Start > run > type combofix /u > ok. Or Start > run > type 123 /u > ok. Restart Kaspersky.

Please send these to the Lab and post back with their reply: c:\windows\system32\svchost.exe, c:\windows\system32\winlogon.exe, c:\windows\system32\userinit.exe

Also, if you use Windows System restore, turn it off > reboot and do a full scan with Kaspersky. Then turn system restore back on, if you wish; this to remove malware
from system volume information files. How to turn it off/on: http://support.kaspersky.com/faq/?qid=208279208

Before doing the scan, Clear the Detected list: Detected > Active threats > right click > Disinfect all > right click > Clear list > then scan again > then post
screenshot of Detected > Active threats. With columns widened to show full name and object details.

Also, scan with Malwarebytes' Anti-Malware: http://www.malwarebytes.org/mbam.php and attach its log, but please don't fix anything yet, until the log is reviewed.

How to take and post screenshot: PrtSc (Print screen) key (upper right part of keyboard)> open Paint (Start > All programs > Accessories) > Edit > Paste, File > Save as (jpeg or
png, Not bmp). When replying, Browse > click once to select file > Open > Upload > add reply.




--------------------
Please see the Important topics, located at the top of this section, and at the top of other sections of this forum.
Go to the top of the page
 
+Quote Post

Closed TopicStart new topic

 



Lo-Fi Version Time is now: 23.10.2014 05:36