

Widows 7 repair Virus Pc Analysis report
Started by
BriTrumpet
, Jun 24 2011 04:52 PM
#16
Posted 27 June 2011 - 10:52 AM


#17
Posted 27 June 2011 - 11:02 AM

Yes it would be preferable to do it on another computer then we know that Dr Web starts off clean
#18
Posted 27 June 2011 - 02:21 PM

I don't know if I am doing something wrong here. I put Dr. Web on the Cd and a put it in the infected computer. I am able to load it using the cd and I am in Dr. Web. The only place I can find the option to scan is in the Dr. Web Control Center, when I select Dr. Web scanner it doesn't do anything. Is there something else I need to do? I entered via the default mode.
#19
Posted 27 June 2011 - 03:05 PM

When the system is loaded, check the disks or folders you want to scan, and click on Start
You should have something like this select the drive and click start
You should have something like this select the drive and click start
#20
Posted 27 June 2011 - 03:30 PM

The white and gray box is not appearing. The only thing I am getting is the green background with icons. Thank you!
#21
Posted 27 June 2011 - 03:52 PM

I do not have a copy of this at the moment - I will download one asap
But meanwhile is there a Dr Web icon on the desktop to start the AV scanner ?
But meanwhile is there a Dr Web icon on the desktop to start the AV scanner ?
#22
Posted 27 June 2011 - 03:54 PM

There is but when I click on it the screen briefly turns white and then it flashes back to normal. It doesn't do anything after that. I tried reloading Dr. Web on another cd and I am getting the same results.
#23
Posted 27 June 2011 - 04:02 PM

Bear with me please I will need to check this out
#24
Posted 27 June 2011 - 04:27 PM

Thank you so much. It is also comes up as a split screen. 2/3 of it is on the right and the other 1/3 is on the left. Not sure if that matters or not.
#25
Posted 27 June 2011 - 04:42 PM

Do I need to disable my antivirus software before I use this software?? Could that be my problem?
#26
Posted 28 June 2011 - 10:32 AM

No it will not be a problem as you are working outside of windows
This is intriguing as on my system it worked as per specs
Lets try something different but this time from normal windows
Download AVPTool from Here to your desktop
Run the programme you have just downloaded to your desktop (it will be randomly named )
First we will run a virus scan
On the first tab select all elements down to Computer and then select start scan
Once it has finished select report and post that.

Do not close AVPTool or it will self uninstall, if it does uninstall - then just rerun the setup file on your desktop
Now an analysis scan
Select the Manual Disinfection tab
Press the Gather System Information button
Once done Open the last report saved folder then attach the zip file to your next post zip
The file is located at C:\Users\your name\Desktop\Virus Removal Tool\setup_9.0.0.722_05.01.2011_20-34\LOG\avptool_sysinfo.zip
This is intriguing as on my system it worked as per specs
Lets try something different but this time from normal windows
Download AVPTool from Here to your desktop
Run the programme you have just downloaded to your desktop (it will be randomly named )
First we will run a virus scan
On the first tab select all elements down to Computer and then select start scan
Once it has finished select report and post that.

Do not close AVPTool or it will self uninstall, if it does uninstall - then just rerun the setup file on your desktop
Now an analysis scan
Select the Manual Disinfection tab
Press the Gather System Information button
Once done Open the last report saved folder then attach the zip file to your next post zip
The file is located at C:\Users\your name\Desktop\Virus Removal Tool\setup_9.0.0.722_05.01.2011_20-34\LOG\avptool_sysinfo.zip

#27
Posted 28 June 2011 - 07:57 PM

I ran Kapersky and here are my reports:
Autoscan log:
Autoscan: completed 2 minutes ago (events: 2, objects: 895484, time: 03:33:37)
I also attached the zip file from the analysis scan.
So strange that I wasn't able to do the Dr. Web scan, I was really hoping that would work.
Have a great night and thank you once again for all of your help.
Autoscan log:
Autoscan: completed 2 minutes ago (events: 2, objects: 895484, time: 03:33:37)
I also attached the zip file from the analysis scan.
So strange that I wasn't able to do the Dr. Web scan, I was really hoping that would work.
Have a great night and thank you once again for all of your help.
Attached Files
#28
Posted 29 June 2011 - 10:53 AM

There is something hooking your system files - lets remove the element I can see with AVP. Then we will re-use aswMBR but this time ask for a virus scan as well

THEN
Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it
Place a tick in the AV engine box
In the dropdown next to it select
C:\
Click the "Scan" button to start scan
On completion of the scan click save log, save it to your desktop and post in your next reply
- Re-run AVPTool
- Select the Manual Disinfection tab
- Where it states Step 3 paste in the following disinfection script and press execute
begin SetAVZPMStatus(True); SetAVZGuardStatus(True); SearchRootkit(true, true); BC_DeleteFile('C:\ProgramData\COyGyyOCixJCfhR.exe'); DeleteFile('C:\ProgramData\COyGyyOCixJCfhR.exe'); RegKeyParamDel('HKEY_USERS','S-1-5-21-4285699095-1866031089-4141344599-1001\Software\Microsoft\Windows\CurrentVersion\Run','COyGyyOCixJCfhR'); BC_ImportDeletedList; ExecuteSysClean; BC_Activate; RebootWindows(true); end.
- Your system will reboot on completion, if it does not please do so yourself
- On completion please run another analysis scan and attach the zip file

THEN
Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it
Place a tick in the AV engine box
In the dropdown next to it select
C:\
Click the "Scan" button to start scan
On completion of the scan click save log, save it to your desktop and post in your next reply

#29
Posted 29 June 2011 - 04:16 PM

O.k. attached are the results of the Kapersky scan after I put the script into the manual disinfection screen.
When I went to run the aswMBR scan I ran into a problem. As soon as I pressed the scan bottom my computer shut down saying that it is has encountered a problem that could cause potential damage to the computer - system service protection. Here is what was listed as the cause when it reloaded:
Problem signature:
Problem Event Name: BlueScreen
OS Version: 6.1.7600.2.0.0.768.3
Locale ID: 1033
Additional information about the problem:
BCCode: 3b
BCP1: 00000000C0000005
BCP2: FFFFF800034982BD
BCP3: FFFFF88007FF3380
BCP4: 0000000000000000
OS Version: 6_1_7600
Service Pack: 0_0
Product: 768_1
Files that help describe the problem:
C:\Windows\Minidump\062911-16738-01.dmp
C:\Users\Cathy\AppData\Local\Temp\WER-48797-0.sysdata.xml
Read our privacy statement online:
http://go.microsoft....88&clcid=0x0409
If the online privacy statement is not available, please read our privacy statement offline:
C:\Windows\system32\en-US\erofflps.txt
Thank you again for all of your help. This is one nasty virus......
When I went to run the aswMBR scan I ran into a problem. As soon as I pressed the scan bottom my computer shut down saying that it is has encountered a problem that could cause potential damage to the computer - system service protection. Here is what was listed as the cause when it reloaded:
Problem signature:
Problem Event Name: BlueScreen
OS Version: 6.1.7600.2.0.0.768.3
Locale ID: 1033
Additional information about the problem:
BCCode: 3b
BCP1: 00000000C0000005
BCP2: FFFFF800034982BD
BCP3: FFFFF88007FF3380
BCP4: 0000000000000000
OS Version: 6_1_7600
Service Pack: 0_0
Product: 768_1
Files that help describe the problem:
C:\Windows\Minidump\062911-16738-01.dmp
C:\Users\Cathy\AppData\Local\Temp\WER-48797-0.sysdata.xml
Read our privacy statement online:
http://go.microsoft....88&clcid=0x0409
If the online privacy statement is not available, please read our privacy statement offline:
C:\Windows\system32\en-US\erofflps.txt
Thank you again for all of your help. This is one nasty virus......
Attached Files
#30
Posted 30 June 2011 - 10:17 AM

OK if you are prepared to continue I will try to kill this little beast
First we will get windows to check your files
From the Start menu, select all programmes, accessories
then right click the command prompt and run as administrator
In the Open field, type sfc /scannow (Note: There is a space between sfc and /scannow)
Select the OK button.
Follow the prompts throughout the System File Checker process.
Reboot the computer when System File Checker completes.
THEN
Download the GMER Rootkit Scanner. Unzip it to your Desktop. If necessary this can be run from safe mode
Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.
Double-click gmer.exe. The program will begin to run.
**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised!
If possible rootkit activity is found, you will be asked if you would like to perform a full scan.
First we will get windows to check your files
From the Start menu, select all programmes, accessories
then right click the command prompt and run as administrator
In the Open field, type sfc /scannow (Note: There is a space between sfc and /scannow)
Select the OK button.
Follow the prompts throughout the System File Checker process.
Reboot the computer when System File Checker completes.
THEN
Download the GMER Rootkit Scanner. Unzip it to your Desktop. If necessary this can be run from safe mode
Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.
Double-click gmer.exe. The program will begin to run.
**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised!
If possible rootkit activity is found, you will be asked if you would like to perform a full scan.
- Click NO
- In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.
- Now click the Scan button.
Once the scan is complete, you may receive another notice about rootkit activity. - Click OK.
- GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
- Save it where you can easily find it, such as your desktop.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:






