Win32/Heur [Closed]
Started by
jamesrides
, Feb 07 2009 01:06 AM
#1
Posted 07 February 2009 - 01:06 AM
#2
Posted 07 February 2009 - 08:18 AM
Hi there do you have access to another computer where you can download some programmes to and either save to CD or USB stick ?
If so I will need you to download and save the following three programmes do not run any on the infected system yet
1. Dr. Web
2. Sality_off
3. AVZ
If you can do that let me know when you are ready for the next stage
If so I will need you to download and save the following three programmes do not run any on the infected system yet
1. Dr. Web
2. Sality_off
3. AVZ
If you can do that let me know when you are ready for the next stage
#3
Posted 07 February 2009 - 04:10 PM
I will have access to another computer tomorrow. I will download the 3 programs you mentioned and contact you again once I have them.
#4
Posted 07 February 2009 - 05:09 PM
In case you are ready before I get on line, here follow the destructions
Copy this post to a text file for reference as I will require you to be disconnected from the internet throughout this procedure
OK we will begin by running Dr. Web from the flash drive (do not move it to the infected computer)
Stage 1 Dr Web
As soon as Dr. Web has run look at the report and if you see the following go to Stage 2 any file with this after it Win32.Sector.5
if you do not see that then go to Stage 3
Stage 2 Sality Off
Step 1.
Unpack the file Sality_off.rar
Run the file Sality_off.exe with the key -m
To do this select run from the start menu.
Select browse and locate sality_off.exe click once.
The file will now appear in the run box.
Using the mouse double left click in the box and the cursor will then appear after the .exe part. now press the spacebar and type in -m then select OK
Step 2. Signs of a disinfected/ clean computer
when restarted, the utility sality_off.exe –m does not detect any signs of infection (the line "infected thread terminated" is missing)
Stage 3 AVZ
When restarted
Attach both zip files to your next post
To attach a file, do the following:
Logs required : Dr Web and both AVZ zip files
Copy this post to a text file for reference as I will require you to be disconnected from the internet throughout this procedure
OK we will begin by running Dr. Web from the flash drive (do not move it to the infected computer)
Stage 1 Dr Web
- Doubleclick the drweb-cureit.exe file and Allow to run the express scan
- This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
- Once the short scan has finished, mark the drives that you want to scan.
- Select all drives. A red dot shows which drives have been chosen.
- Click the green arrow at the right, and the scan will start.
- Click 'Yes to all' if it asks if you want to cure/move the file.
- When the scan has finished, in the menu, click file and choose save report list
- Save the report to your desktop. The report will be called DrWeb.csv
- Close Dr.Web Cureit.
As soon as Dr. Web has run look at the report and if you see the following go to Stage 2 any file with this after it Win32.Sector.5
if you do not see that then go to Stage 3
Stage 2 Sality Off
Step 1.
Unpack the file Sality_off.rar
Run the file Sality_off.exe with the key -m
To do this select run from the start menu.
Select browse and locate sality_off.exe click once.
The file will now appear in the run box.
Using the mouse double left click in the box and the cursor will then appear after the .exe part. now press the spacebar and type in -m then select OK
Step 2. Signs of a disinfected/ clean computer
when restarted, the utility sality_off.exe –m does not detect any signs of infection (the line "infected thread terminated" is missing)
Stage 3 AVZ
- Unzip it to your desktop to a folder named avz4
- Double click on AVZ.exe to run it.
- Run an update by clicking the Auto Update button on the Right of the Log window:
- Click Start to begin the update
- Start AVZ.
- Choose from the menu "File" => "Standard scripts " and mark the "Healing/Quarantine and Advanced System Investigation" check box.
- Click on the “Execute selected scripts”.
- Automatic scanning, healing and system check will be executed.
- A logfile (avz_sysinfo.htm) will be created and saved in the LOG folder in the AVZ directory as virusinfo_syscure.zip.
- It is necessary to reboot your machine, because AVZ might disturb some program operations (like antiviruses and firewall) during the system scan.
- All applications will work properly after the system restart.
When restarted
- Start AVZ.
- Choose from the menu "File" => "Standard scripts " and mark the “Advanced System Investigation" check box.
- Click on the "Execute selected scripts".
- A system check will be automatically performed, and the created logfile (avz_sysinfo.htm) will be saved in the LOG folder in the AVZ directory as virusinfo_syscheck.zip.
Attach both zip files to your next post
To attach a file, do the following:
- Click Add Reply
- Under the reply panel is the Attachments Panel
- Browse for the attachment file you want to upload, then click the green Upload button
- Once it has uploaded, click the Manage Current Attachments drop down box
- Click on to insert the attachment into your post
Logs required : Dr Web and both AVZ zip files
#5
Posted 12 February 2009 - 04:54 PM
Due to lack of feedback, this topic has been closed.
If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users