Author Topic: please help ! (Read 26568 times)

essexboy · « **Reply #30 on:** April 11, 2010, 12:56:53 AM »

OK looking at it as fast as we remove it - it is respawning

Do you use a router ?

Download avz4.zip from HERE

Unzip it to your desktop to a folder named avz4
Double click on AVZ.exe to run it.
Run an update by clicking the Auto Update button on the Right of the Log window:
Click Start to begin the update

Note: If you recieve an error message, chose a different source, then click Start again

Start AVZ.
Choose from the menu "File" => "Standard scripts " and mark the "Advanced System Analysis with malware removal mode enabled" check box.

Click on the “Execute selected scripts”.
Automatic scanning, healing and system check will be executed.
A logfile (avz_sysinfo.htm) will be created and saved in the LOG folder in the AVZ directory as virusinfo_syscure.zip.
It is necessary to reboot your machine, because AVZ might disturb some program operations (like antiviruses and firewall) during the system scan.
All applications will work properly after the system restart.

When restarted

Start AVZ.
Choose from the menu "File" => "Standard scripts " and mark the “Advanced System Analysis" check box.

Click on the "Execute selected scripts".
A system check will be automatically performed, and the created logfile (avz_sysinfo.htm) will be saved in the LOG folder in the AVZ directory as virusinfo_syscheck.zip.

Attach both virusinfo_syscure.zip and virusinfo_syscheck.zip to your next post

carlwt2007 · « **Reply #31 on:** April 11, 2010, 01:58:00 AM »

tried to attach them but it said that i cant attach those file types

Jtaylor83 · « **Reply #32 on:** April 11, 2010, 02:27:47 AM »

Try uploading the zip files to MediaFire.

carlwt2007 · « **Reply #33 on:** April 11, 2010, 02:41:46 AM »

ok i hope this is right lol

http://www.mediafire.com/?sharekey=218492f4572d4bfc4c17ca8801618ef7e0661c7ba375ae65daada8390b259c5f

carlwt2007 · « **Reply #34 on:** April 11, 2010, 03:02:25 AM »

http://www.mediafire.com/file/oldoilixlnq/virusinfo_syscure.zip
http://www.mediafire.com/file/qnydzlxiyig/virusinfo_syscheck.zip

essexboy · « **Reply #35 on:** April 11, 2010, 04:25:22 PM »

OK got it

AVZ FIX

Double click on AVZ.exe
Click File > Custom scripts
Copy & paste the contents of the following codebox in the box in the program (start with begin and end with end )

Code: [Select]

begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
SetAVZPMStatus(True);
 QuarantineFile('splz.sys','');
 DeleteFile('splz.sys');
 BC_DeleteFile('splz.sys');
 BC_DeleteFile('-.exe');
 DeleteFile('-.exe');
 RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows NT\CurrentVersion\Drivers32','vidc.ffds');
BC_ImportDeletedList;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.

Note: When you run the script, your PC will be restarted
Click Run
Restart your PC if it doesn't do it automatically.

Once this has completed then re-run Combofix, if it asks to update allow it

carlwt2007 · « **Reply #36 on:** April 11, 2010, 07:24:53 PM »

ok i did the last thing you told me. here is the combo fix log!!

by the way thank you so much for all the help!!

carlwt2007 · « **Reply #37 on:** April 11, 2010, 07:30:27 PM »

happen to know how i stop avast from starting up when i re-boot?

essexboy · « **Reply #38 on:** April 11, 2010, 07:34:04 PM »

Why do you wish Avast to stop starting when you boot - as it is designed to be resident ?

OK no new files have been created - which is good - two data files have now been revealed

1. Please open Notepad

Click Start , then Run
Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code: [Select]

File::
c:\windows\Xgafasule.bin
c:\windows\Gtutacaxoza.dat

3. Then in the text file go to FILE > SAVE AS and in the dropdown box select SAVE AS TYPE to ALL FILES

4. Save the above as CFScript.txt

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

Combofix.txt .

carlwt2007 · « **Reply #39 on:** April 11, 2010, 07:46:46 PM »

combo is asking me to disable avast but i already have it disabled ?

carlwt2007 · « **Reply #40 on:** April 11, 2010, 07:52:02 PM »

got a warning that combo will run at my own risk?

essexboy · « **Reply #41 on:** April 11, 2010, 08:00:51 PM »

You should get the warning every time - it is a get out clause. Did combofix update ?

Ignore about Avast

carlwt2007 · « **Reply #42 on:** April 11, 2010, 08:04:02 PM »

not this time it did not !

essexboy · « **Reply #43 on:** April 11, 2010, 08:12:50 PM »

Those should be the last two files - after AVZ found the hidden ones for me

carlwt2007 · « **Reply #44 on:** April 11, 2010, 08:16:48 PM »

combofix txt

Author Topic: please help ! (Read 26568 times)

essexboy

Re: please help !

carlwt2007

Re: please help !

Jtaylor83

Re: please help !

carlwt2007

Re: please help !

carlwt2007

Re: please help !

essexboy

Re: please help !

carlwt2007

Re: please help !

carlwt2007

Re: please help !

essexboy

Re: please help !

carlwt2007

Re: please help !

carlwt2007

Re: please help !

essexboy

Re: please help !

carlwt2007

Re: please help !

essexboy

Re: please help !

carlwt2007

Re: please help !