Kaspersky Lab Forum > rootkit.Win32.Podnuha.a

Help - Search - Members

Full Version: rootkit.Win32.Podnuha.a

Kaspersky Lab Forum > Deutschsprachiges Benutzer-Forum > Virenbezogene Themen

Buschi1

25.07.2009 10:29

Hallo,

ich kann rootkit.Win32.Podnuha.a, habe nun gelesen was zu tun ist. Anbei der AVZ log...

mfg

Lucian Bara

25.07.2009 10:42

hallo
fuhre dieses script aus:

CODE

begin
SetAVZGuardStatus(True);
SearchRootkit(true, true);
DelBHO('{1765F51E-F1D0-4AEE-8A8A-A078C9B5BAD4}');
DelBHO('{37308554-4FAA-4BD2-90DA-5798FEDF3AA6}');
QuarantineFile('C:\DOKUME~1\Uli\LOKALE~1\Temp\dm36.dll','');
DelBHO('{2670000A-7350-4f3c-8081-5663EE0C6C49}');
DelBHO('{0124123D-61B4-456f-AF86-78C53A0790C5}');
DelBHO('{8C3887BA-3367-4297-B288-13472BD407E4}');
DelBHO('{5AB6D722-229E-4B57-AE35-3749924C41D5}');
QuarantineFile('c:\windows\system32\jskwpke.dll','');
QuarantineFile('C:\WINDOWS\system32\drivers\ypacahbf.sys','');
StopService('ypacahbf');
DeleteService('ypacahbf');
QuarantineFile('C:\WINDOWS\system32\Drivers\ypacahbf.sys','');
DeleteFile('C:\WINDOWS\system32\Drivers\ypacahbf.sys');
DeleteFile('C:\WINDOWS\system32\drivers\ypacahbf.sys');
DeleteFile('c:\windows\system32\jskwpke.dll');
DeleteFile('C:\DOKUME~1\Uli\LOKALE~1\Temp\dm36.dll');
BC_ImportDeletedList;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.

und mache einen erneuten scan

Buschi1

26.07.2009 09:55

Super, das war's, vielen Dank!

Helios_07

29.07.2009 12:26

QUOTE

und mache einen erneuten scan

joker33

1.08.2009 17:49

Hallo hier auch meine AVZ logClick to view attachment

Lucian Bara

2.08.2009 12:45

hallo
script ausfuhren:

CODE

begin
SetAVZGuardStatus(True);
SearchRootkit(true, true);
DelBHO('{92780B25-18CC-41C8-B9BE-3C9C571A8263}');
DelBHO('{2670000A-7350-4f3c-8081-5663EE0C6C49}');
DelBHO('{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}');
DelBHO('{D34C2E5A-9D61-47B6-A156-02695D7C5965}');
DelBHO('{598F4775-6FB6-477B-9842-E0426824E077}');
QuarantineFile('c:\windows\system32\gfvvrmr.dll','');
QuarantineFile('gfvvrmr.dll','');
StopService('plppzwee');
DeleteService('plppzwee');
QuarantineFile('C:\WINDOWS\system32\drivers\plppzwee.sys','');
QuarantineFile('C:\WINDOWS\system32\Drivers\plppzwee.sys','');
DeleteFile('C:\WINDOWS\system32\Drivers\plppzwee.sys');
DeleteFile('C:\WINDOWS\system32\drivers\plppzwee.sys');
DeleteFile('gfvvrmr.dll');
DeleteFile('c:\windows\system32\gfvvrmr.dll');
BC_ImportDeletedList;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.

und noch einen scan machen

This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.