Hôm trước máy mình dùng CMC IS bị con này, bên CMC dùng hỗ trợ từ xa mới diệt được.
Giờ máy thằng bạn mình dùng CMC AV nhưng không diệt được. Đã quét trong samode netwroking, nhưng vẫn ko diệt được.
Đây là file log nè.
Dài qúa nên gửi file đính kèm, Mong mọi người hướng dẫn cách diệt tân gốc

Mình bị mất mạng gần 2 tiếng, -Dark- đã xem cho bạn rồi, ngày mai -Dark- sẽ gửi hướng dẫn cho bạn.
Nếu bạn cần ngay bây giờ thì cho mình biết nhé .

-Dark- đi học rồi nên mình tạm gửi giùm -Dark- hướng dẫn của bạn ấy trong trường hợp bạn huythanhhoa cần gấp:


Chú ý tắt Realtime của CMC bằng cách
Click chuột phải vào Tray Icon của CMC, bỏ chọn Bật/ Tắt chế độ tự động bảo vệ máy tính

Tải và cài đặt Threat Killer từ link sau:
http://downloads.novirusthanks.org/files/threatkiller_setup.exe
Chạy Threat Killer.
Tạo 1 file text bằng Notepad với nội dung sau (không copy từ "Trích dẫn"):
Save file text này với tên Xuli.txt .
Click nút "...", tìm đến và chọn file script.txt mà bạn đã save => Open => Click nút "Execute!".
Sau khi việc thực thi hoàn tất, bạn hãy gửi nội dung kết quả ở khung Report vào topic này, sau đó khởi động lại máy tính ngay.
Tiếp theo scan lần nữa bằng Hijack Hunter rồi gửi report lên đây nhé.

Tiện thể up 1 mẫu virus FakeUni lên đây cho mình nhé.

Đây là nội dung ở khung report nè
Threat Killer - Scriptable Malware Remover 1.7.2.0
http://www.novirusthanks.org
Log started on 01/09/2010 at 6:49:44 PM
Microsoft Windows XP 5.1 Service Pack 2 32-bit OS

• Script Executer Log:

(kill process) c:\windows\system32\explorer.exe -> Error: Process does not exist
(kill process) c:\windows\svchost.exe -> Terminated
(kill process) C:\WINDOWS\spoolsv.exe -> Error: Process does not exist
(kill process) C:\Documents and Settings\MANUTD\Local Settings\Application Data\mrsys.exe -> Error: Process does not exist
(unregister dlls) C:\Program Files\Ask.com\GenericAskToolbar.dll -> Unregistered
Backup of C:\Windows\2clksys1.ptn completed. -> 2clksys1.ptn_01-09-2010_6_49_44 PM_09c3088499091526f51bc328d0387bec
(delete files) C:\Windows\2clksys1.ptn -> Deleted
Backup of C:\Windows\2clksys2.ptn completed. -> 2clksys2.ptn_01-09-2010_6_49_44 PM_f69063203a3c092524b3f43777f7b2cf
(delete files) C:\Windows\2clksys2.ptn -> Deleted
Backup of C:\Windows\2clksys3.ptn completed. -> 2clksys3.ptn_01-09-2010_6_49_44 PM_f0b8bc0bf5eb71960b6d7df6eaad8799
(delete files) C:\Windows\2clksys3.ptn -> Deleted
Backup of C:\Windows\2clksys4.ptn completed. -> 2clksys4.ptn_01-09-2010_6_49_44 PM_f6d55685e09a5e206e04a555818de9ae
(delete files) C:\Windows\2clksys4.ptn -> Deleted
Backup of C:\Windows\2dclsys1.ptn completed. -> 2dclsys1.ptn_01-09-2010_6_49_44 PM_09c3088499091526f51bc328d0387bec
(delete files) C:\Windows\2dclsys1.ptn -> Deleted
Backup of C:\Windows\2entsys1.ptn completed. -> 2entsys1.ptn_01-09-2010_6_49_44 PM_09c3088499091526f51bc328d0387bec
(delete files) C:\Windows\2entsys1.ptn -> Deleted
Backup of C:\Windows\2entsys2.ptn completed. -> 2entsys2.ptn_01-09-2010_6_49_44 PM_f69063203a3c092524b3f43777f7b2cf
(delete files) C:\Windows\2entsys2.ptn -> Deleted
Backup of C:\Windows\2picsys.cpn completed. -> 2picsys.cpn_01-09-2010_6_49_44 PM_3a4d6dc8fedb3237060282eee9dee23a
(delete files) C:\Windows\2picsys.cpn -> Deleted
Backup of C:\Windows\3clksys1.ptn completed. -> 3clksys1.ptn_01-09-2010_6_49_44 PM_46b271582f7e9b088b9b41e1a82ce58c
(delete files) C:\Windows\3clksys1.ptn -> Deleted
Backup of C:\Windows\3clksys2.ptn completed. -> 3clksys2.ptn_01-09-2010_6_49_44 PM_7a39b9a7db7aea3cef0b7dc0166e39b4
(delete files) C:\Windows\3clksys2.ptn -> Deleted
Backup of C:\Windows\3clksys3.ptn completed. -> 3clksys3.ptn_01-09-2010_6_49_44 PM_7197ddf68f7433b484f1ecb4a63d9f1b
(delete files) C:\Windows\3clksys3.ptn -> Deleted
Backup of C:\Windows\3clksys4.ptn completed. -> 3clksys4.ptn_01-09-2010_6_49_44 PM_4c4dbdcd9db2ebfd09f349c7f6a09968
(delete files) C:\Windows\3clksys4.ptn -> Deleted
Backup of C:\Windows\3dclsys1.ptn completed. -> 3dclsys1.ptn_01-09-2010_6_49_44 PM_46b271582f7e9b088b9b41e1a82ce58c
(delete files) C:\Windows\3dclsys1.ptn -> Deleted
Backup of C:\Windows\3entsys1.ptn completed. -> 3entsys1.ptn_01-09-2010_6_49_44 PM_46b271582f7e9b088b9b41e1a82ce58c
(delete files) C:\Windows\3entsys1.ptn -> Deleted
Backup of C:\Windows\3entsys2.ptn completed. -> 3entsys2.ptn_01-09-2010_6_49_44 PM_7a39b9a7db7aea3cef0b7dc0166e39b4
(delete files) C:\Windows\3entsys2.ptn -> Deleted
Backup of C:\Windows\3picsys.cpn completed. -> 3picsys.cpn_01-09-2010_6_49_44 PM_3607ddfca3157990cb23dbd793bb3ae1
(delete files) C:\Windows\3picsys.cpn -> Deleted
Backup of C:\Windows\blsys.bln failed.
(delete files) C:\Windows\blsys.bln -> Error: The system cannot find the file specified
Backup of C:\Windows\spoolsv.exe failed.
(delete files) C:\Windows\spoolsv.exe -> Deleted
Backup of C:\Windows\svchost.exe failed.
(delete files) C:\Windows\svchost.exe -> Deleted
Backup of C:\Windows\System32\blsys.bln failed.
(delete files) C:\Windows\System32\blsys.bln -> Error: The system cannot find the file specified
Backup of C:\Windows\System32\cmsys.cmn completed. -> cmsys.cmn_01-09-2010_6_49_44 PM_07e34a3bc03b0f5c6652e65b1f93ee23
(delete files) C:\Windows\System32\cmsys.cmn -> Deleted
Backup of C:\Windows\System32\explorer.exe completed. -> explorer.exe_01-09-2010_6_49_44 PM_39b1ffb03c2296323832acbae50d2aff
(delete files) C:\Windows\System32\explorer.exe -> Deleted
Backup of C:\WINDOWS\Tasks\At1.job completed. -> At1.job_01-09-2010_6_49_44 PM_c3450d37a64b0e6038b38bf13ea3e45c
(delete files) C:\WINDOWS\Tasks\At1.job -> Deleted
Backup of C:\Documents and Settings\MANUTD\Local Settings\Application Data\mrsys.exe failed.
(delete files) C:\Documents and Settings\MANUTD\Local Settings\Application Data\mrsys.exe -> Error: The system cannot find the file specified
Backup of C:\Program Files\Ask.com\GenericAskToolbar.dll failed.
(delete files) C:\Program Files\Ask.com\GenericAskToolbar.dll -> Error: The system cannot find the path specified
Backup of C:\Documents and Settings\MANUTD\Local Settings\Temporary Internet Files\Content.IE5\4H67CTM7\3picsys[1].gif failed.
(delete files) C:\Documents and Settings\MANUTD\Local Settings\Temporary Internet Files\Content.IE5\4H67CTM7\3picsys[1].gif -> Error: The system cannot find the path specified
Backup of C:\Documents and Settings\MANUTD\Local Settings\Temporary Internet Files\Content.IE5\GTYN8HUZ\cmsys[1].gif failed.
(delete files) C:\Documents and Settings\MANUTD\Local Settings\Temporary Internet Files\Content.IE5\GTYN8HUZ\cmsys[1].gif -> Error: The system cannot find the path specified
Backup of C:\Documents and Settings\MANUTD\Local Settings\Temporary Internet Files\Content.IE5\W9UNG1MR\2picsys[1].gif failed.
(delete files) C:\Documents and Settings\MANUTD\Local Settings\Temporary Internet Files\Content.IE5\W9UNG1MR\2picsys[1].gif -> Error: The system cannot find the path specified
Backup of C:\Documents and Settings\MANUTD\Application Data\stsys.exe failed.
(delete files) C:\Documents and Settings\MANUTD\Application Data\stsys.exe -> Error: The system cannot find the file specified
Backup of C:\Windows\2clksys1.ptn failed.
(force delete files) C:\Windows\2clksys1.ptn -> Deleted (Need Reboot)
Backup of C:\Windows\2clksys2.ptn failed.
(force delete files) C:\Windows\2clksys2.ptn -> Deleted (Need Reboot)
Backup of C:\Windows\2clksys3.ptn failed.
(force delete files) C:\Windows\2clksys3.ptn -> Deleted (Need Reboot)
Backup of C:\Windows\2clksys4.ptn failed.
(force delete files) C:\Windows\2clksys4.ptn -> Deleted (Need Reboot)
Backup of C:\Windows\2dclsys1.ptn failed.
(force delete files) C:\Windows\2dclsys1.ptn -> Deleted (Need Reboot)
Backup of C:\Windows\2entsys1.ptn failed.
(force delete files) C:\Windows\2entsys1.ptn -> Deleted (Need Reboot)
Backup of C:\Windows\2entsys2.ptn failed.
(force delete files) C:\Windows\2entsys2.ptn -> Deleted (Need Reboot)
Backup of C:\Windows\2picsys.cpn failed.
(force delete files) C:\Windows\2picsys.cpn -> Deleted (Need Reboot)
Backup of C:\Windows\3clksys1.ptn failed.
(force delete files) C:\Windows\3clksys1.ptn -> Deleted (Need Reboot)
Backup of C:\Windows\3clksys2.ptn failed.
(force delete files) C:\Windows\3clksys2.ptn -> Deleted (Need Reboot)
Backup of C:\Windows\3clksys3.ptn failed.
(force delete files) C:\Windows\3clksys3.ptn -> Deleted (Need Reboot)
Backup of C:\Windows\3clksys4.ptn failed.
(force delete files) C:\Windows\3clksys4.ptn -> Deleted (Need Reboot)
Backup of C:\Windows\3dclsys1.ptn failed.
(force delete files) C:\Windows\3dclsys1.ptn -> Deleted (Need Reboot)
Backup of C:\Windows\3entsys1.ptn failed.
(force delete files) C:\Windows\3entsys1.ptn -> Deleted (Need Reboot)
Backup of C:\Windows\3entsys2.ptn failed.
(force delete files) C:\Windows\3entsys2.ptn -> Deleted (Need Reboot)
Backup of C:\Windows\3picsys.cpn failed.
(force delete files) C:\Windows\3picsys.cpn -> Deleted (Need Reboot)
Backup of C:\Windows\blsys.bln failed.
(force delete files) C:\Windows\blsys.bln -> Deleted (Need Reboot)
Backup of C:\Windows\spoolsv.exe failed.
(force delete files) C:\Windows\spoolsv.exe -> Deleted (Need Reboot)
Backup of C:\Windows\svchost.exe failed.
(force delete files) C:\Windows\svchost.exe -> Deleted (Need Reboot)
Backup of C:\Windows\System32\blsys.bln failed.
(force delete files) C:\Windows\System32\blsys.bln -> Deleted (Need Reboot)
Backup of C:\Windows\System32\cmsys.cmn failed.
(force delete files) C:\Windows\System32\cmsys.cmn -> Deleted (Need Reboot)
Backup of C:\Windows\System32\explorer.exe failed.
(force delete files) C:\Windows\System32\explorer.exe -> Deleted (Need Reboot)
Backup of C:\WINDOWS\Tasks\At1.job failed.
(force delete files) C:\WINDOWS\Tasks\At1.job -> Deleted (Need Reboot)
Backup of C:\Documents and Settings\MANUTD\Local Settings\Application Data\mrsys.exe failed.
(force delete files) C:\Documents and Settings\MANUTD\Local Settings\Application Data\mrsys.exe -> Deleted (Need Reboot)
Backup of C:\Program Files\Ask.com\GenericAskToolbar.dll failed.
(force delete files) C:\Program Files\Ask.com\GenericAskToolbar.dll -> Deleted (Need Reboot)
Backup of C:\Documents and Settings\MANUTD\Local Settings\Temporary Internet Files\Content.IE5\4H67CTM7\3picsys[1].gif failed.
(force delete files) C:\Documents and Settings\MANUTD\Local Settings\Temporary Internet Files\Content.IE5\4H67CTM7\3picsys[1].gif -> Deleted (Need Reboot)
Backup of C:\Documents and Settings\MANUTD\Local Settings\Temporary Internet Files\Content.IE5\GTYN8HUZ\cmsys[1].gif failed.
(force delete files) C:\Documents and Settings\MANUTD\Local Settings\Temporary Internet Files\Content.IE5\GTYN8HUZ\cmsys[1].gif -> Deleted (Need Reboot)
Backup of C:\Documents and Settings\MANUTD\Local Settings\Temporary Internet Files\Content.IE5\W9UNG1MR\2picsys[1].gif failed.
(force delete files) C:\Documents and Settings\MANUTD\Local Settings\Temporary Internet Files\Content.IE5\W9UNG1MR\2picsys[1].gif -> Deleted (Need Reboot)
Backup of C:\Documents and Settings\MANUTD\Application Data\stsys.exe failed.
(force delete files) C:\Documents and Settings\MANUTD\Application Data\stsys.exe -> Deleted (Need Reboot)
(delete folders recursive) C:\Program Files\Ask.com\ -> Error: Folder does not exists
(delete reg value) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ Explorer -> Error: Value does not exists
(delete reg value) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ Svchost -> Error: Value does not exists
Backup of HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce completed. -> registry_value_3.reg
(delete reg value) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\Explorer -> Deleted
(delete reg value) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\ Svchost -> Error: Value does not exists
(delete reg key) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Schedule\NextAtJobId: 0x00000001 -> Error: Key or value does not exist
(delete reg key) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Schedule\NextAtJobId: 0x00000002 -> Error: Key or value does not exist
(delete reg key) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{Y479C6D0-OTRW-U5GH-S1EE-E0AC10B4E666} -> Error: Key or value does not exist
Backup of HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{F146C9B1-VMVQ-A9RC-NUFL-D0BA00B4E999} failed.
(delete reg key) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{F146C9B1-VMVQ-A9RC-NUFL-D0BA00B4E999} -> Deleted
Backup of HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440} failed.
(delete reg key) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440} -> Deleted
(set reg value) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon -> Shell -> Value set successfully
(empty reg value) HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page -> Value is now empty
(empty folders) %TEMP% -> Error: Folder does not exists

End.

Bạn huythanhhoa vẫn chưa thực hiện xong các hướng dẫn, mọi người đang chờ bạn đấy .

Đây là file log cua Hijack Hunter

Đây là file explorer trong máy. CMC AV liên tục báo file này bị virut

File này không phải virus, có lẽ CMCAV ở máy đó chưa được cập nhật đầy đủ, bạn hãy cập nhật đầy đủ cho CMCAV ở máy đó nhé.
CMCiS bản quyền ở máy mình không thông báo file explorer bạn đính kèm là virus.
Log Hijack Hunter ở máy đó đã ổn .

Có vẻ ổn rồi. Cảm ơn các bạn
Đây là file backups hi vọng lần sau CMC sẽ diệt trực tiếp được

Edited by bolzano_1989:
File đính kèm đã được tiếp nhận. Cảm ơn bạn huythanhhoa.

Bạn huythanhhoa có mẫu virus gốc không, nếu có thì gửi tin nhắn riêng cho mình nhé .

Để mình kiểm tra lại nhé