[BriTrumpet]

I was afraid you were going to say that I really appreciate all of your help, thank you for all of your time. Is it o.k. to create the cd's on another computer? I will go ahead and get started and let you know what I find out.

[Advertisements]

Yes it would be preferable to do it on another computer then we know that Dr Web starts off clean

[Essexboy]

Yes it would be preferable to do it on another computer then we know that Dr Web starts off clean

[BriTrumpet]

I don't know if I am doing something wrong here. I put Dr. Web on the Cd and a put it in the infected computer. I am able to load it using the cd and I am in Dr. Web. The only place I can find the option to scan is in the Dr. Web Control Center, when I select Dr. Web scanner it doesn't do anything. Is there something else I need to do? I entered via the default mode.

[Essexboy]

When the system is loaded, check the disks or folders you want to scan, and click on “Start

You should have something like this select the drive and click start

[BriTrumpet]

The white and gray box is not appearing. The only thing I am getting is the green background with icons. Thank you!

[Essexboy]

I do not have a copy of this at the moment - I will download one asap

But meanwhile is there a Dr Web icon on the desktop to start the AV scanner ?

[BriTrumpet]

There is but when I click on it the screen briefly turns white and then it flashes back to normal. It doesn't do anything after that. I tried reloading Dr. Web on another cd and I am getting the same results.

[Essexboy]

Bear with me please I will need to check this out

[BriTrumpet]

Thank you so much. It is also comes up as a split screen. 2/3 of it is on the right and the other 1/3 is on the left. Not sure if that matters or not.

[BriTrumpet]

Do I need to disable my antivirus software before I use this software?? Could that be my problem?

[Essexboy]

No it will not be a problem as you are working outside of windows

This is intriguing as on my system it worked as per specs

Lets try something different but this time from normal windows

Download AVPTool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan
On the first tab select all elements down to Computer and then select start scan
Once it has finished select report and post that.



Do not close AVPTool or it will self uninstall, if it does uninstall - then just rerun the setup file on your desktop

Now an analysis scan
Select the Manual Disinfection tab
Press the Gather System Information button
Once done Open the last report saved folder then attach the zip file to your next post zip
The file is located at C:\Users\your name\Desktop\Virus Removal Tool\setup_9.0.0.722_05.01.2011_20-34\LOG\avptool_sysinfo.zip

[BriTrumpet]

I ran Kapersky and here are my reports:

Autoscan log:

Autoscan: completed 2 minutes ago (events: 2, objects: 895484, time: 03:33:37)

I also attached the zip file from the analysis scan.

So strange that I wasn't able to do the Dr. Web scan, I was really hoping that would work.

Have a great night and thank you once again for all of your help.

Attached Files

•  avptool_sysinfo.zip   59.53KB   444 downloads

[Essexboy]

There is something hooking your system files - lets remove the element I can see with AVP. Then we will re-use aswMBR but this time ask for a virus scan as well

• Re-run AVPTool
• Select the Manual Disinfection tab
• Where it states Step 3 paste in the following disinfection script and press execute
  
  

  begin
  SetAVZPMStatus(True);
  SetAVZGuardStatus(True);
  SearchRootkit(true, true);
   BC_DeleteFile('C:\ProgramData\COyGyyOCixJCfhR.exe');
   DeleteFile('C:\ProgramData\COyGyyOCixJCfhR.exe');
   RegKeyParamDel('HKEY_USERS','S-1-5-21-4285699095-1866031089-4141344599-1001\Software\Microsoft\Windows\CurrentVersion\Run','COyGyyOCixJCfhR');
  BC_ImportDeletedList;
  ExecuteSysClean;
  BC_Activate;
  RebootWindows(true);
  end.

  
  
• Your system will reboot on completion, if it does not please do so yourself
• On completion please run another analysis scan and attach the zip file

THEN

Download aswMBR.exe ( 1.8mb ) to your desktop.

Double click the aswMBR.exe to run it

Place a tick in the AV engine box
In the dropdown next to it select
C:\
Click the "Scan" button to start scan


On completion of the scan click save log, save it to your desktop and post in your next reply

[BriTrumpet]

O.k. attached are the results of the Kapersky scan after I put the script into the manual disinfection screen.

When I went to run the aswMBR scan I ran into a problem. As soon as I pressed the scan bottom my computer shut down saying that it is has encountered a problem that could cause potential damage to the computer - system service protection. Here is what was listed as the cause when it reloaded:

Problem signature:
Problem Event Name: BlueScreen
OS Version: 6.1.7600.2.0.0.768.3
Locale ID: 1033

Additional information about the problem:
BCCode: 3b
BCP1: 00000000C0000005
BCP2: FFFFF800034982BD
BCP3: FFFFF88007FF3380
BCP4: 0000000000000000
OS Version: 6_1_7600
Service Pack: 0_0
Product: 768_1

Files that help describe the problem:
C:\Windows\Minidump\062911-16738-01.dmp
C:\Users\Cathy\AppData\Local\Temp\WER-48797-0.sysdata.xml

Read our privacy statement online:
http://go.microsoft....88&clcid=0x0409

If the online privacy statement is not available, please read our privacy statement offline:
C:\Windows\system32\en-US\erofflps.txt

Thank you again for all of your help. This is one nasty virus......

Attached Files

•  avptool_sysinfo.zip   58.92KB   394 downloads

[Essexboy]

OK if you are prepared to continue I will try to kill this little beast

First we will get windows to check your files

From the Start menu, select all programmes, accessories
then right click the command prompt and run as administrator
In the Open field, type sfc /scannow (Note: There is a space between sfc and /scannow)
Select the OK button.
Follow the prompts throughout the System File Checker process.
Reboot the computer when System File Checker completes.

THEN

Download the GMER Rootkit Scanner. Unzip it to your Desktop. If necessary this can be run from safe mode

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised!

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.

• Click NO
• In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.
• Now click the Scan button.
  Once the scan is complete, you may receive another notice about rootkit activity.
• Click OK.
• GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
• Save it where you can easily find it, such as your desktop.

Post the contents of GMER.txt in your next reply.