I am getting a Alarm while running the virus removal tool that the object "C:\WINDOWS\assembly\GAC_MSIL\Desktop.ini"" contains the Trojan program "Backdoor.win32.ZAccess.anq" and another virus "Backdoor.Win32.ZAccess.ob" and it asks for special disinfection procedure. But after finishing the auto procedure, it starts to scan again and dsplay the same alarm from time to time.
I was running a licensed version of KAV2011 in my system and once this virus infected it was corrupted and I was not able to access the KAV exe anymore. Also I was not able to repair it either. So I removed the components and reinstalled it. But still the KAV is not accessible. I am attaching the sysinfo gathered using Virus removal tool.
Could you please help me to resolve the issue.
Welcome. Please post the GetSystemInfo report link that is requested in the first Important topic.
Uninstall Kaspersky Virus Removal Tool, reboot, then please attach the AVZ .zip log that is also requested.
Thanks for your reply.
I am attaching the required files as you mentioned.
Please make TDSSkiller's report http://support.kaspersky.com/faq/?qid=208283363
and attach it to message
Thanks for your help.
I run the TDSSKiller program and attaching the report here.
Please make new TDSSkiller's report after reboot
I am attaching the TDSSkillers Report after reboot.
Is you problem solved now?
If problem not solved make this report http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Thanks for your help.
I run the combofix program since still I was not able to open the KAV . I am attaching the log along with this.
I tried to access the KAV after running combofix program but the issue was still there, The message showing was
"Windows cannot access the specified device,path, or file. You may not have the appropriate permissions to access the item".
And then I tried to repair KAV with the option available and it showed an error in between installation. the error was "Error 1321. The Setup Wizard has insufficient privileges to modify the file "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe"".
If my laptop is completely cure, should I uninstall KAV and then install it again?
1. Please delete manually folder c:\documents and settings\Raj\Local Settings\Application Data\545a7f9a (it is hidden and system)
2. Change all password which you use
3. Try reinstall antivirus
I had deleted the specified folder manually as you mentioned.
After that I uninstall KAV and then again installed it and it is working fine at last.
Thanks for your extensive support and patience.
Before closing this post, I had one more question. I believe that , Autorun.inf is infected in my couple of USP drives as well from this system. How can I disinfect it permanently? Earlier I tried to disinfect using my KAV, but it normally will not be disinfected completely.
You can manually delete autorun.inf file in your USB drives
Please delete ComboFix
Start button - Run - type ComboFix /Uninstall - press OK
Thanks for your help,
I had uninstalled combofix.
I will try to remove it manually.
I am having another infected machine. that is my Desktop(which had another licensed version of KAV10). I will post the issue after couple of days.
Thanks for all your help so far. And thanks for cleaning up my Laptop.
Remember: you need to create new topic for your Desktop computer
Thanks for your info:)
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here