Before one month ago i meet a same problem with Virus Alert in Desktop toolbar and showing the military timing, and the same Virus Alert in System Properties so on...
Here i am giving a step by step solution for this problem.
Step 1.
Download a Kaspersky Internet Security from http://www.kaspersky.com/trials. After installing this and the script which i got from Kaspersky lab and this is a script
----------------------------------------------------------------
begin
SetAVZGuardStatus(True);
SearchRootkit(true, true);
QuarantineFile('C:\WINDOWS\system32\MicroAV.cpl','');
QuarantineFile('C:\Windows\system32\YUR124.exe','');
QuarantineFile('C:\Windows\system32\YURC.exe','');
QuarantineFile('C:\Windows\system32\YURB.exe','');
QuarantineFile('C:\Windows\system32\YUR9.exe','');
QuarantineFile('C:\Windows\system32\YUR8.exe','');
QuarantineFile('C:\Windows\system32\YUR5.exe','');
QuarantineFile('C:\Windows\system32\YUR19E.exe','');
QuarantineFile('C:\Windows\system32\YUR18.exe','');
QuarantineFile('C:\Windows\system32\YUR17.exe','');
QuarantineFile('C:\Windows\system32\YUR16.exe','');
QuarantineFile('C:\Windows\system32\YUR15.exe','');
QuarantineFile('C:\Windows\system32\YUR12A.exe','');
QuarantineFile('C:\Windows\system32\YUR123.exe','');
QuarantineFile('C:\Windows\system32\YUR122.exe','');
QuarantineFile('C:\Windows\system32\YUR121.exe','');
QuarantineFile('C:\Windows\system32\YUR1.exe','');
QuarantineFile('C:\Program Files\MicroAV\MicroAV.exe','');
DeleteFile('C:\Program Files\MicroAV\MicroAV.exe');
DeleteFile('C:\Windows\system32\YUR1.exe');
DeleteFile('C:\Windows\system32\YUR121.exe');
DeleteFile('C:\Windows\system32\YUR122.exe');
DeleteFile('C:\Windows\system32\YUR123.exe');
DeleteFile('C:\Windows\system32\YUR124.exe');
DeleteFile('C:\Windows\system32\YUR12A.exe');
DeleteFile('C:\Windows\system32\YUR15.exe');
DeleteFile('C:\Windows\system32\YUR16.exe');
DeleteFile('C:\Windows\system32\YUR17.exe');
DeleteFile('C:\Windows\system32\YUR18.exe');
DeleteFile('C:\Windows\system32\YUR19E.exe');
DeleteFile('C:\Windows\system32\YUR5.exe');
DeleteFile('C:\Windows\system32\YUR8.exe');
DeleteFile('C:\Windows\system32\YUR9.exe');
DeleteFile('C:\Windows\system32\YURB.exe');
DeleteFile('C:\Windows\system32\YURC.exe');
DeleteFile('C:\WINDOWS\system32\MicroAV.cpl');
DeleteFile('C:\Program Files\MicroAV\*.*');
DeleteDirectory('C:\Program Files\MicroAV\');
BC_ImportDeletedList;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.
------------------------------------------------------------
Step 2.
Copy this script and right open the kaspersky software and you can see the SUPPORT under license, a new window will open under that there is a support tools, again new window will open on that their is a Execute AVZ script on that paste this script and executive.
Step 3.
Then post a combofix log:
Download it here -> http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Now, please make sure no other programs are running, close all other windows and pause Kaspersky (if still active) until after the scanning and removal process has taken place.
Now, please double click on the file you downloaded. Follow the onscreen prompts to start the scan.
Once the scanning process has started please DO NOT click on the combofix window or attempt to use your computer as this can cause the scanning process to stall. It may take a while to complete scanning and this is normal.
You will be disconnected from the internet and your desktop icons/toolbars will disappear during scanning, do not worry, this is normal and it will be restored after scanning has completed.
Step 4.
now this one in kaspersky under Executive code
CODE
----------------------------------------------
begin
QuarantineFile('C:\WINDOWS\fbxrqtwn.exe','');
DeleteFile('C:\WINDOWS\fbxrqtwn.exe');
end.
----------------------------------------------
then go into start>run and type in combofix /u and press ok, to uninstall combofix.
I think the problem has solved mostly except the Virus Vault in System Properties you can solve this by typing regedit on that choose the HKEY_LOCAL_MACHINE -> SOFTWARE -> Microsoft -> Windows NT -> Current Version -> on selecting this you can PRODUCT ID on the right side and it will be named as Virus Alert rename this and then the problem has solved completely.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment