Help - Search - Members
Full Version: Unable to enable kaspersky protection
Kaspersky Lab Forum > English User Forum > Virus-related issues
AbsoluteZ
Hi, i recently suspected that my computer is infected with viruses, but upon installation of kaspersky i am unable to start to protection nor run scans on my computer, here is the log i gathered using AVZ



appreciate any help, thanks
Lucian Bara
hello
run this script, use avz file>custom scripts
CODE
begin
SetAVZGuardStatus(True);
SearchRootkit(true, true);
QuarantineFile('C:\System Volume Information\_restore{FB0B7E35-1791-4838-8FCB-12BD2312AC3E}\RP625\A0156279.exe:ext.exe:$DATA','');
QuarantineFile('C:\System Volume Information\_restore{70FD1DB3-E30F-48EC-ABEA-2DE81F03A8C6}\RP7\A0001624.exe:ext.exe:$DATA','');
QuarantineFile('C:\System Volume Information\_restore{70FD1DB3-E30F-48EC-ABEA-2DE81F03A8C6}\RP1\A0000004.exe:ext.exe:$DATA','');
QuarantineFile('C:\System Volume Information\_restore{70FD1DB3-E30F-48EC-ABEA-2DE81F03A8C6}\RP1\A0000004.exe:exe.exe:$DATA','');
DelBHO('{2670000a-7350-4f3c-8081-5663ee0c6c49}');
DelBHO('{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}');
DelBHO('{7E853D72-626A-48EC-A868-BA8D5E23E045}');
DelBHO('{7409DBFF-929C-491D-B01B-23C8F8DABA2E}');
QuarantineFile('c:\windows\system32\brqanoe.dll','');
QuarantineFile('brqanoe.dll','');
QuarantineFile('C:\WINDOWS\system32\csrcs.exe','');
QuarantineFile('C:\WINDOWS\system32\drivers\fxjmlusu.sys','');
StopService('fxjmlusu');
DeleteService('fxjmlusu');
QuarantineFile('C:\WINDOWS\system32\Drivers\fxjmlusu.sys','');
QuarantineFile('C:\WINDOWS\System32\drivers\e2890bad.sys','');
QuarantineFile('C:\WINDOWS\System32\drivers\a7447eb4.sys','');
DeleteFile('C:\WINDOWS\System32\drivers\a7447eb4.sys');
DeleteFile('C:\WINDOWS\System32\drivers\e2890bad.sys');
DeleteFile('C:\WINDOWS\system32\Drivers\fxjmlusu.sys');
DeleteFile('C:\WINDOWS\system32\drivers\fxjmlusu.sys');
DeleteFile('C:\WINDOWS\system32\csrcs.exe');
DeleteFile('brqanoe.dll');
DeleteFile('c:\windows\system32\brqanoe.dll');
DeleteFile('C:\System Volume Information\_restore{70FD1DB3-E30F-48EC-ABEA-2DE81F03A8C6}\RP1\A0000004.exe:exe.exe:$DATA');
DeleteFile('C:\System Volume Information\_restore{70FD1DB3-E30F-48EC-ABEA-2DE81F03A8C6}\RP1\A0000004.exe:ext.exe:$DATA');
DeleteFile('C:\System Volume Information\_restore{70FD1DB3-E30F-48EC-ABEA-2DE81F03A8C6}\RP7\A0001624.exe:ext.exe:$DATA');
DeleteFile('C:\System Volume Information\_restore{FB0B7E35-1791-4838-8FCB-12BD2312AC3E}\RP625\A0156279.exe:ext.exe:$DATA');
BC_ImportDeletedList;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.


--------------------------------------
afterwards post a combofix log:
Download it here -> http://download.bleepingcomputer.com/sUBs/ComboFix.exe . Save the file to your desktop.

Now, please make sure no other programs are running, close all other windows and pause Kaspersky (Choose the option "resume manually" if still active) until after the scanning and removal process has taken place.

Please double click on the file you downloaded. Follow the onscreen prompts to start the scan.
Once the scanning process has started please DO NOT click on the Combofix window or attempt to use your computer as this can cause the scanning process to stall. It may take a while to complete scanning and this is normal.

You will be disconnected from the internet and your desktop icons/toolbars will disappear during scanning, do not worry, this is normal and it will be restored after scanning has completed.

Combofix will create a logfile and display it after your computer has rebooted. Usually located in c:\combofix.txt , please attach it to your next post. Also, please don't forget to resume the Kaspersky that you paused.
AbsoluteZ
Hi Lucian,

I did as you instructed, attached is my combofix log, however kaspersky protection is still unable to start

Thanks

Lucian Bara
use winrar to archive and send me this file: c:\windows\system32\svchost.exe. in the advanced tab when creating an archive, winrar has an option called save file streams, check it.

you have to reinstall kaspersky, while doing that, also perform the norton removal steps: http://forum.kaspersky.com/index.php?showtopic=5233
AbsoluteZ
ok i'll reinstall..


thanks again heres my svchost.exe
Lucian Bara
post back, on the outcome of the reinstallation.
AbsoluteZ
Reinstalled kaspersky and managed to get it working now.

Thanks
Lucian Bara
ok, now, go into settings>scan>full scan>settings>additional and enable the extended rootkit scan. make a full scan with kaspersyk and remove any infections found. Post a screenshot of the detected list afterwards

afterwards run this script
CODE
begin
CreateQurantineArchive('c:\quarantine.zip');
end.


A file called quarantine.zip should be created in C:\. Then please zip up C:\qoobox\quarantine and upload both it and C:\quarantine.zip to the viruslab by using the WebForm: http://support.kaspersky.ru/virlab/helpdesk.html?LANG=en . Uninstall Combofix by: pause Kaspersky > Start > run > type combofix /u > ok. Restart Kaspersky.

Install and update Malwarebytes Anti-malware, make a full scan with it and post it's log: http://www.malwarebytes.org/mbam.php don't remove anything it detected, yet.
AbsoluteZ
heres my list of detected trojans/virus

Lucian Bara
perfect, only system restore. disable and reenable it: http://support.kaspersky.com/faq/?qid=208279208
what about malwarebytes?
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2014 Invision Power Services, Inc.