IPB

Welcome Guest ( Log In | Register )

 
Closed TopicStart new topic
> HEUR:Trojan virus
tamarind85
post 9.12.2008 20:35
Post #1


Newbie
*

Group: Members
Posts: 4
Joined: 9.12.2008




pls help me on this...attachin my avp file
Attached File(s)
Attached File  sysinfo.zip ( 23,15K ) Number of downloads: 3
 
Go to the top of the page
 
+Quote Post
Lucian Bara
post 9.12.2008 20:40
Post #2


Are You Kidding?
*****************

Group: Gold beta testers
Posts: 56947
Joined: 28.01.2006
From: Timisoara, Romania




hello
run this script:
CODE
begin
SetAVZGuardStatus(True);
SearchRootkit(true, true);
QuarantineFile('C:\WINDOWS\system32\flcdlmsg.dll','');
QuarantineFile('D:\autorun.inf','');
QuarantineFile('C:\autorun.inf','');
DeleteFile('C:\autorun.inf');
DeleteFile('D:\autorun.inf');
DeleteFile('C:\WINDOWS\system32\flcdlmsg.dll');
BC_ImportDeletedList;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.


instructions: http://forum.kaspersky.com/index.php?showt...st&p=678328
afterwards post a combofix log:
Download it here -> http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Before saving it to Desktop, please rename it to something like 123.exe to stop malware from disabling it.

Now, please make sure no other programs are running, close all other windows and pause Kaspersky (Choose the option "resume manually" if still active) until after the scanning and removal process has taken place.

Please double click on the file you downloaded. Follow the onscreen prompts to start the scan.
Once the scanning process has started please DO NOT click on the Combofix window or attempt to use your computer as this can cause the scanning process to stall. It may take a while to complete scanning and this is normal.

You will be disconnected from the internet and your desktop icons/toolbars will disappear during scanning, do not worry, this is normal and it will be restored after scanning has completed.

Combofix will create a logfile and display it after your computer has rebooted. Usually located in c:\combofix.txt , please attach it to your next post. Also, please don't forget to resume the Kaspersky that you paused
Go to the top of the page
 
+Quote Post
tamarind85
post 9.12.2008 21:17
Post #3


Newbie
*

Group: Members
Posts: 4
Joined: 9.12.2008




QUOTE(tamarind85 @ 9.12.2008 22:05) *
pls help me on this...attachin my avp file

Go to the top of the page
 
+Quote Post
tamarind85
post 9.12.2008 21:19
Post #4


Newbie
*

Group: Members
Posts: 4
Joined: 9.12.2008




QUOTE(Lucian Bara @ 9.12.2008 22:10) *
hello
run this script:
CODE
begin
SetAVZGuardStatus(True);
SearchRootkit(true, true);
QuarantineFile('C:\WINDOWS\system32\flcdlmsg.dll','');
QuarantineFile('D:\autorun.inf','');
QuarantineFile('C:\autorun.inf','');
DeleteFile('C:\autorun.inf');
DeleteFile('D:\autorun.inf');
DeleteFile('C:\WINDOWS\system32\flcdlmsg.dll');
BC_ImportDeletedList;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.


instructions: http://forum.kaspersky.com/index.php?showt...st&p=678328
afterwards post a combofix log:
Download it here -> http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Before saving it to Desktop, please rename it to something like 123.exe to stop malware from disabling it.

Now, please make sure no other programs are running, close all other windows and pause Kaspersky (Choose the option "resume manually" if still active) until after the scanning and removal process has taken place.

Please double click on the file you downloaded. Follow the onscreen prompts to start the scan.
Once the scanning process has started please DO NOT click on the Combofix window or attempt to use your computer as this can cause the scanning process to stall. It may take a while to complete scanning and this is normal.

You will be disconnected from the internet and your desktop icons/toolbars will disappear during scanning, do not worry, this is normal and it will be restored after scanning has completed.

Combofix will create a logfile and display it after your computer has rebooted. Usually located in c:\combofix.txt , please attach it to your next post. Also, please don't forget to resume the Kaspersky that you paused


Attached File(s)
Attached File  ComboFix.txt ( 13,3K ) Number of downloads: 3
 
Go to the top of the page
 
+Quote Post
Lucian Bara
post 9.12.2008 22:40
Post #5


Are You Kidding?
*****************

Group: Gold beta testers
Posts: 56947
Joined: 28.01.2006
From: Timisoara, Romania




any more detections for the heur, any popups etc etc?
run this script too:
CODE
begin
CreateQurantineArchive('c:\quarantine.zip');
RegKeyDel('HKCU','Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2');
end.


A file called quarantine.zip should be created in c:\. Then please zip up C:\qoobox\quarantine and upload both it and C:\quarantine.zip to a filehost such as
http://rapidshare.de/ Then, send the link in an email to newvirus@kaspersky.com. Lastly, uninstall Combofix by: pause
Kaspersky > Start > run > type combofix /u > ok. Restart Kaspersky.
Go to the top of the page
 
+Quote Post

Closed TopicStart new topic

 



Lo-Fi Version Time is now: 27.11.2014 19:54