Sign in to follow this  
Followers 0
pournstarr

clicking on link goes to different web page, clicking on C drive takes a minute

6 posts in this topic

Hello. I've had a very similar problem before and i received tremendous help from this site, so here i am again. I'm basically having the same symptoms as i had last time with my laptop, only this time, i can't even get kaspersky to start at all. Plus clicking on my C drive takes almost a minute to open, and this is a new computer that i built with a core 2 duo processor... no way it should take that long and it only started recently. Also, when i click on web pages from yahoo or something, the first time i click on it, i'll get redirected to some BS website. then i have to click back and click on the same link again to get the page i was trying to get. Also, i've been getting a lot of BSODs lately... it seems like i have a similar version of the infection i had last time only this one is on steroids. I d/l'ed AVZ since thats the only way i could get the syscure zip. i've attached it here. any help would be appreciated. Thanks.

 

-Jason

virusinfo_syscure.zip

Share this post


Link to post
Share on other sites

Sorry for the double post, but i'm now having issues with my ide channel as well. neither of my optical drives are showing up in "my computer" but they do show up in the bios and in the device manager (however, in DM they both have the yield with exclamation sign, and in properties, it says theres no drivers installed for the specific drives.)

Share this post


Link to post
Share on other sites

1. I suggest you stay away from pirated software as your log suggests you are using some at the moment....it's a surefire way to get such infections.

 

 

2. Follow instructions below:

 

Please execute the following script using AVZ.

Instructions on script execution: http://forum.kaspersky.com/index.php?showt...st&p=678368

Your computer will reboot during script execution.

 

begin
SetAVZGuardStatus(True);
SearchRootkit(true, true);
QuarantineFile('C:\WINDOWS\System32\Drivers\a99eygqq.SYS','');
QuarantineFile('C:\WINDOWS\TEMP\tempo-711093.tmp','');
QuarantineFile('C:\WINDOWS\system32\dll.dll','');
QuarantineFile('\\?\globalroot\systemroot\system32\gxvxcuyqihlqcimspjaufdqoqxrqusnfssiim.dll','');
QuarantineFile('c:\windows\temp\tempo-711093.tmp','');
DeleteFile('c:\windows\temp\tempo-711093.tmp');
DeleteFile('\\?\globalroot\systemroot\system32\gxvxcuyqihlqcimspjaufdqoqxrqusnfssiim.dll');
DeleteFile('C:\WINDOWS\system32\dll.dll');
DeleteFile('C:\WINDOWS\TEMP\tempo-711093.tmp');
BC_ImportDeletedList;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.

 

 

-----

After your computer has rebooted, please do the following:

 

I would like you to run a tool called ComboFix and post the logfile it generates.

 

Download it here: http://download.bleepingcomputer.com/sUBs/ComboFix.exe Before saving the file, rename it to something like 123.exe

 

Now, please make sure no other programs are running, close all other windows and pause Kaspersky if it is running (Choose the option "resume manually" if still active) until after the scanning and removal process has taken place.

 

Please double click on the file you downloaded. Follow the onscreen prompts to start the scan.

Once the scanning process has started please DO NOT click on the Combofix window or attempt to use your computer as this can cause the scanning process to stall. It may take a while to complete scanning and this is normal.

 

You will be disconnected from the internet and your desktop icons/toolbars will disappear during scanning, do not worry, this is normal and it will be restored after scanning has completed.

 

Combofix will create a logfile and display it after your computer has rebooted. Usually located in c:\combofix.txt , please attach it to your next post. Also, please don't forget to resume the Kaspersky that you paused.

 

-----

 

After combofix has finished running, please open AVZ and execute the following script:

 

begin
CreateQurantineArchive('c:\quarantine.zip');
end.

 

A file called quarantine.zip should be created in C:\

 

Please send it to me via private messenger. If you cannot attach it to your message, upload it to a filehosting service like www.rapidshare.com and send me the download link to the file.

Edited by Baz^^

Share this post


Link to post
Share on other sites

message sent with quarantine file. combofix log attached to this message. just curious... what software looks pirated on my system? and how are you able to tell by looking at the log?

ComboFix.txt

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0