hello
run this script:
CODE
begin
SetAVZGuardStatus(True);
SearchRootkit(true, true);
StopService('bcwiffywxoi');
DeleteService('bcwiffywxoi');
QuarantineFile('C:\WINDOWS\system32\drivers\kgyiaec.sys','');
QuarantineFile('C:\WINDOWS\system32\drivers\duireilh.sys','');
StopService('duireilh');
DeleteService('duireilh');
QuarantineFile('C:\WINDOWS\system32\Drivers\duireilh.sys','');
QuarantineFile('C:\DOCUME~1\nik\LOCALS~1\Temp\uxtdrkob.sys','');
DeleteFile('C:\DOCUME~1\nik\LOCALS~1\Temp\uxtdrkob.sys');
DeleteFile('C:\WINDOWS\system32\Drivers\duireilh.sys');
DeleteFile('C:\WINDOWS\system32\drivers\duireilh.sys');
DeleteFile('C:\WINDOWS\system32\drivers\kgyiaec.sys');
BC_ImportDeletedList;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.
instructions:
http://forum.kaspersky.com/index.php?showt...st&p=678328----------
afterwards post a combofix log:
Download it here ->
http://download.bleepingcomputer.com/sUBs/ComboFix.exe . Save the file to your desktop.
Now, please make sure no other programs are running, close all other windows and pause Kaspersky (Choose the option "resume manually" if still active) until after the scanning and removal process has taken place.
Please double click on the file you downloaded. Follow the onscreen prompts to start the scan.
Once the scanning process has started please DO NOT click on the Combofix window or attempt to use your computer as this can cause the scanning process to stall. It may take a while to complete scanning and this is normal.
You will be disconnected from the internet and your desktop icons/toolbars will disappear during scanning, do not worry, this is normal and it will be restored after scanning has completed.
Combofix will create a logfile and display it after your computer has rebooted. Usually located in c:\combofix.txt , please attach it to your next post. Also, please don't forget to resume the Kaspersky that you paused.