Thread: Need help with trojans
View Single Post
  #26 (permalink)   Top
Old 5th July 2009, 06:12 AM
evilfantasy's Avatar
evilfantasy evilfantasy is offline evilfantasy has a Profile Picture
Security Team
  
Join Date: Dec 2007, 2,555 posts.
Location: Tulsa, OK
Reputation: evilfantasy will become famous soon enoughevilfantasy will become famous soon enough
Well this is a sticky bugger!

Download The Avenger by Swandog46 and save it to your desktop.

* Extract avenger.exe from the Zip file and save it to your Desktop
* Run avenger.exe by double-clicking on it.
* Do not change any check box options!!
* Copy everything in the Code box below, and paste it into the Input script here window:

Code:
Comment:

Drivers to delete:
drvdrv

Registry values to delete:
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost | drv
* Now click the Execute button.
* Click Yes to the prompt to confirm you want to execute.
* Click Yes to the "Reboot now?" question that will appear when Avenger finishes running.
* Your PC should reboot, if not, reboot it yourself.
* A log file from Avenger will be produced at C:\avenger.txt and it will pop-up for you to view when you login after reboot.

* Add the Avenger log in your next post.

----------

Delete these files/folders, as follows:

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

Code:
KillAll::

Driver::
pavboot
drvdrv

Folder::
c:\program files\drv
 
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
 
[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9420:TCP"=-
"5000:UDP"=-
"8085:TCP"=-
3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!



ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze
__________________
.

ƃolq s’ʎsɐʇuɐɟlıʌǝ
Reply With Quote