all about computer information and technology
RSS icon Email icon Home icon
  • Virus Cleaning - olhrwef.exe

    Posted on May 5th, 2009 admin No comments

    Run this script with kaspersky AVZ, instructions linked in pinned topics at top of this forum page, PC will reboot:

    CODE

    ===================

    begin
    SetAVZGuardStatus(True);
    SearchRootkit(true, true);
    QuarantineFile(’C:\WINDOWS\system32\olhrwef.exe’,”);
    QuarantineFile(’C:\WINDOWS\system32\nmdfgds0.dll’,”);
    QuarantineFile(’C:\autorun.inf’,”);
    QuarantineFile(’C:\j60osk9.cmd’,”);
    QuarantineFile(’D:\autorun.inf’,”);
    QuarantineFile(’D:\j60osk9.cmd’,”);
    DeleteFile(’D:\j60osk9.cmd’);
    DeleteFile(’D:\autorun.inf’);
    DeleteFile(’C:\j60osk9.cmd’);
    DeleteFile(’C:\autorun.inf’);
    DeleteFile(’C:\WINDOWS\system32\nmdfgds0.dll’);
    DeleteFile(’C:\WINDOWS\system32\olhrwef.exe’);
    BC_ImportDeletedList;
    ExecuteSysClean;
    BC_Activate;
    RebootWindows(true);
    end.

    =====================================
    After run script, attach a Combofix log, please review and follow these instructions carefully.

    Download it here -> http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    Before saving it to Desktop, please rename it to something like 123.exe to stop malware from disabling it.

    Now, please make sure no other programs are running, close all other windows until after the scanning and removal process has taken place.

    Please double click on the file you downloaded. Follow the onscreen prompts to start the scan.
    Once the scanning process has started please DO NOT click on the Combofix window or attempt to use your computer as this can cause the scanning process to stall. It may take a while to complete
    scanning and this is normal.

    You will be disconnected from the internet and your desktop icons/toolbars will disappear during scanning, do not worry, this is normal and it will be restored after scanning has completed.

    Combofix will create a logfile and display it after your computer has rebooted. Usually located in c:\combofix.txt , please attach it to your next post, along with any older Combofix log that you may have.

    Comments are closed.