The below steps are done while in safe mode w/networking.
Please don't reboot in
Safe Mode with Networking unless necessary.. The reason is, while the computer is on that mode, it has no protection at all while you're online..
Ok.. I'm not sure how you're gonna do this.. But here's the plan..
Reboot into Normal Mode, Download
Dr.Web CureIt to the Desktop, but don't do anything with it yet... We will need it later..
I need you to upload some files.. Tell me whether you successfully upload the file or not.. Please zip it first before sending it to the upload channel..
Please
show hidden files and foldersPlease visit this site and upload below file.. At the comment section, just say "fenzodahl512 asked to upload the file"
C:\47aaaf6d92c8ebd89214fdb63e98a321.zip
C:\WINDOWS\system32\47aaaf6d92c8ebd89214fdb63e98a321.sys
C:\WINDOWS\System32\dataclen32.dllWhether you find them or not, then please do below step..
Please
download The Avenger by Swandog46 and unzip it to your
DesktopPlease open
The Avenger. Then, please copy/paste the script inside the codebox into the
Input script here: box..
Begin copying here:
Drivers to disable:
47aaaf6d92c8ebd89214fdb63e98a321
Drivers to delete:
47aaaf6d92c8ebd89214fdb63e98a321
Files to delete:
C:\47aaaf6d92c8ebd89214fdb63e98a321.zip
C:\WINDOWS\system32\47aaaf6d92c8ebd89214fdb63e98a321.sys
C:\WINDOWS\system32\nezogeju.dll
C:\WINDOWS\System32\dataclen32.dll
C:\WINDOWS\System32\sqkmlx.dll
C:\WINDOWS\System32\owekvkop.dll
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.- Now, click on Execute. Just say Yes at every prompted
The Avenger will automatically do the following:
- It will Restart your computer. ( In cases where the code to execute contains "Drivers to Delete", The Avenger will actually restart your system twice.)
- On reboot, it will briefly open a black command window on your desktop, this is normal.
- After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
- The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
Please
copy/paste the content of
c:\avenger.txt into your reply.
Post the Avenger log here.. Then reboot your computer with the
UBCD boot cd.. After you get into Desktop, run
Dr.Web CureIt while you're in UBCD mode.. Do a full scan and set it as usual.. Follow the instruction below if you forget how
Double-click the
launch.exe or
cureit.exe file and Allow to run the express scan
- This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
- Once the short scan has finished, please do a re-scan.. This time, choose Complete Scan
- Click the green arrow button at the right, and the scan will start.
- After the scan finished, click Select all
- Click on Cure and choose Move incurable
- When the scan has finished, in the menu, click File and choose Save report list
- Save the report to your Desktop. The report will be called DrWeb.csv
- Close Dr.Web Cureit. Reboot your PC in Normal Mode, and post DrWeb.csv in your next reply (Open it as Notepad)
Then post the log here...
Reboot your Computer into Normal Mode, and then run Dr.Web again.. and in full scan again.. We want to make sure no Virut survived after rebooting
Post these logs in your next reply..
1. The Avenger
2. Dr.Web (in UBCD mode)
3. Dr.Web (in Normal Mode)...