

Cannot run any .exe to get rid of virus
Started by
p.ave
, Aug 09 2011 11:31 AM
#16
Posted 11 August 2011 - 01:14 PM

#17
Posted 11 August 2011 - 01:19 PM

It appears to be legitimate but, with the browsers opening it is still suspect, what is the make of your system ? i.e. Dell, HP or whatever
Download AVPTool from Here to your desktop
Run the programme you have just downloaded to your desktop (it will be randomly named )
First we will run a virus scan
Click the cog in the upper right
Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
Allow AVP to delete all infections found
Once it has finished select report tab (last tab)
Select Automatic Scan report from the left and press Save button
Save it to your desktop and attach to your next post
Now the Analysis
Rerun AVP and select the Manual Disinfection tab and press Start Gathering System Information
On completion click the link to locate the zip file to upload and attach to your next post
Download AVPTool from Here to your desktop
Run the programme you have just downloaded to your desktop (it will be randomly named )
First we will run a virus scan
Click the cog in the upper right

Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan

Allow AVP to delete all infections found
Once it has finished select report tab (last tab)
Select Automatic Scan report from the left and press Save button
Save it to your desktop and attach to your next post
Now the Analysis
Rerun AVP and select the Manual Disinfection tab and press Start Gathering System Information

On completion click the link to locate the zip file to upload and attach to your next post

#18
Posted 11 August 2011 - 01:40 PM

the computer is an hp that is currently running slow. Kasp virus scan running.
#19
Posted 11 August 2011 - 01:45 PM

OK that may explain the unknown MBR part - but the lack of access is concerning
#20
Posted 12 August 2011 - 05:55 AM

Tried to run Kasp twice, it finds things but then gets bogged down and stuck. Had to restart computer.
#21
Posted 12 August 2011 - 05:59 AM

Fake security protection is back...
#22
Posted 12 August 2011 - 11:24 AM

OK lets replace the MBR and run another check
Re-Run aswMBR
Click Scan
On completion of the scan
Click the FIXMBR Button

Save the log as before and post in your next reply
THEN
Re-run Combofix and allow it to update, posting the log on completion
Re-Run aswMBR
Click Scan
On completion of the scan
Click the FIXMBR Button

Save the log as before and post in your next reply
THEN
Re-run Combofix and allow it to update, posting the log on completion
#23
Posted 12 August 2011 - 11:29 AM

I actually had restarted kasp. (its about 50% complete, but has taken 5+ hours) it detected 6 threats. Should i stop that to run MBR?
#24
Posted 12 August 2011 - 11:31 AM

No continue with the AVP run and if possible run the analysis scan as well
If AVP finds the MBR infected and cleans it then there is no requirement for aswMBR. However, if AVP does not do anything to the MBR then run aswMBR
If AVP finds the MBR infected and cleans it then there is no requirement for aswMBR. However, if AVP does not do anything to the MBR then run aswMBR
#25
Posted 12 August 2011 - 12:57 PM

Here is the AVP manual scan results. I zipped the auto scan results but it wouldn't attach.
Attached Files
#26
Posted 12 August 2011 - 12:59 PM

I'm guessing that its too big even zipped (~5 MB)
#27
Posted 12 August 2011 - 01:18 PM

OK could you open AVP and on the manual disinfection tab click the link to avptool sysinfo.zip as that will be small enough to attach and contains the analysis run that I wil need to look at
#28
Posted 12 August 2011 - 01:25 PM

Here is the zip
Attached Files
#29
Posted 12 August 2011 - 01:32 PM

OK I can now see the name of the driver, but not yet the location
THEN
Re-run Combofix, allowing it to update if it asks
- Re-run AVPTool
- Select the Manual Disinfection tab and press Script execution
- Where it states Insert text script in the following box copy the below script and press Run script
Copy from Begin until End
begin SetAVZPMStatus(True); SetAVZGuardStatus(True); SearchRootkit(true, true); DeleteFile('C:\Documents and Settings\TEST\Local Settings\Temp\_uninst_43665347.bat'); BC_DeleteFile('C:\Documents and Settings\TEST\Local Settings\Temp\_uninst_43665347.bat'); DeleteFile('C:\WINDOWS\TEMP\12.tmp'); BC_DeleteFile('C:\WINDOWS\TEMP\12.tmp'); DeleteFile('C:\WINDOWS\TEMP\20.tmp'); BC_DeleteFile('C:\WINDOWS\TEMP\20.tmp'); BC_ImportDeletedList; BC_ImportAll; ExecuteSysClean; BC_Activate; RebootWindows(true); end.
- Your system will reboot on completion, if it does not please do so yourself
- On completion please run another analysis scan and attach the zip file
THEN
Re-run Combofix, allowing it to update if it asks
#30
Posted 12 August 2011 - 01:55 PM

here's the updated avp
Attached Files
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:






