- To ask for help you should open a new thread.
- Logs should be attached to the message (and not posted separately in the thread).
- Do not send Logs orqueries directly to a helper, a moderator or an administrator as a private message or an e-mail. Use a separate thread every time.
- Please see Appendix 1 to find out how to turn off System restore.
- Please follow the directions in Appendix 3 to create an attachment.
- Please check the FAQ section on our website for answers to the most commonly asked questions.
- To expedite the processing of yourquery please follow the regulations.
1. If you have an antivirus installed, please, update its databases and scan your PC.
2. Before the analysis please download the DrWeb - CureIT! utility (about 5 mb) and perform the system scan in Safe Mode.After that you should reboot the computer normaly ( Normal Mode).
* Note: If you use DrWeb antivirus, please skip this step)
3. Download the AVZ Antiviral Toolkit. Even if you have once downloaded AVZ, you should still download it again, because the new diagnostics options for the malware programs are being regularly updated. (About 2 mb)
* The utility offers a wide range of options for a system scan besides the malicious software neutralization: please read the help file of the Toolkit.
4. Extract it from the archive to its own folder.
* Start AVZ and update its databases ("File" => "On-line automatic update "). Close AVZ.
5. Download the last version of HijackThis.
* Even if you have once downloaded HijackThis, download it again to make sure you have the latest version. (About 200kb)
6. Extract HijackThis from the archive to its own folder.
7. Turn off System restore (Windows Me/XP).
*Follow the instructions in Appendix 1.
8. Start AVZ. Choose from the menu "File" => "Standard scripts " and mark the "Healing/Quarantine and Advanced System Investigation" check box. Click on the "Execute selected scripts".
Automatic scanning, healing and system check will be executed. A logfile (avz_sysinfo.htm) will be created and saved in the LOG folder in the AVZ directory as virusinfo_syscure.zip.
9. It is necessary to reboot your machine, because AVZ might disturb some program operations (like antiviruses and firewall) during the system scan. All applications will work properly after the system restart.
10. Start AVZ. Choose from the menu "File" => "Standard scripts " and mark the "Advanced System Investigation" check box. Click on the "Execute selected scripts".
A system check will be automatically performed, and the created logfile (avz_sysinfo.htm) will be saved in the LOG folder in the AVZ directory as virusinfo_syscheck.zip.
11. Start HijackThis. If the program malfunctions or stops working right after the start, download the renamed file of HijackThis here and use it in the following instructions.
12. Click on the "Do a system scan and save a logfile ".
13. Save the logfile. The logfile will be saved in the program folder as hijackthis.log by default.
14. Create a new thread in the "Help Me" section only. The header should contain a brief description of the problem and the body should provide the details. Attach the logfiles created at steps 8 (AVZ - virusinfo_syscure.zip), 10 (AVZ - virusinfo_syscheck.zip) and 13 (HJT - hijackthis.log) to the message. There should be 3 logs in general. We will do our best to help you.
Also please do not attach any other logs, except HijackThis and AVZ logs,
unless specifically asked.
Appendix 1. How to turn off System restore.
1. "System restore" (Windows Me/XP)
Windows protects the system restore folders from all external programs. When viruses get into PC, Windows can also keep them in the system restore folders. Antiviruses and utilities cannot delete viruses from these folders. It is necessary to turn off System restore for healing. After healing it is necessary to turn it back on.
Windows Me:
1.Right-click My Computer, and then click Properties.
2. On the Performance tab, click File System, or press ALT+F.
3.On the Troubleshooting tab, click to select the Disable System Restore check box.4.Click OK twice, and then click Yes when you are prompted to restart the computer.
5. To re-enable System Restore, follow steps 1-3, but in step 3, click to clear the Disable System Restore check box.
Windows XP:
1.Click Start, right-click My Computer, and then click Properties.
2. In the System Properties dialog box, click the System Restore tab.
3. Click to select the Turn off System Restore check box. Or, click to select the Turn off System Restore on all drives check box.
4. Click OK.
5. When you receive the following message, click Yes to confirm that you want to turn off System Restore: You have chosen to turn off System Restore. If you continue, all existing restore points will be deleted, and you will not be able to track or undo changes to your computer. Do you want to turn off System Restore? After a few moments, the System Properties dialog box closes.
2. Correct cleaning of the system restore folders.
It is not recommended to turn off System restore at once if you keep any valuable information on the PC.
You should be absolutely sure that the system restore folders are infected. If there are clean copies, they should be used for restorating clean files.
Appendix 2. Searching files on disk with AVZ.
1. Click "File" - "Add to quarantine by list ".
2. Enter the list of files which were asked to send in the top window.
3. Press "Start" and wait until "File addition process - complete" notification appears at the bottom of the window.
4. Close current window "Add to quarantine by list ".
5. Choose from the menu "File"-> "Quarantine folder viewer ".
6. Mark files in the list which should be sent.
7. Click "Archive" and specify a place on the disk where the archive should be kept.
8. Upload the archive using the upload link (Upload quarantined files) at the top of your thread (the "thread link" field will be filled automatically), or use this link: http://virusinfo.info/upload_virus_eng.php , where you need to fill the "thread link" field manually. (It should look like httр: // virusinfo.info/showthread.php?t=ХХХХ).
Appendix 3. How to send us requested files.
1. Start AVZ, choose from the menu "File"-> "Quarantine folder viewer ".
2. Mark files in the list which should be sent.
3. Click "Archive" and specify a place on the disk where the archive should be kept.
4. Upload the archive using the upload link (Upload quarantined files) at the top of your thread (the "thread link" field will be filled automatically), or use this link: http://virusinfo.info/upload_virus_eng.php , where you need to fill the "thread link" field manually. (It should look like httр: // virusinfo.info/showthread.php?t=ХХХХ).
http://virusinfo.info/showthread.php?t=9184
No comments:
Post a Comment