Open
NOTEPAD.exe and copy/paste the text in the quotebox below into it:
Code:
@echo off
attrib -h -r -s -a "C:\DOCUME~1\MELODY~1\STARTM~1\PROGRAMS\STARTUP\*.exe"
move /y "C:\DOCUME~1\MELODY~1\STARTM~1\PROGRAMS\STARTUP\*.exe" "C:\Documents and Settings\Melody Li\Desktop\Submit.zip"
nircmd killprocess oblipto.exe
if exist "%temp%\log.txt" del "%temp%\log.txt"
for %%g in (
"D:\oblipto.exe"
"D:\autorun.inf"
"C:\WINDOWS\system32\MSLEO.INF"
) do (
del /a/f %%g >nul 2>&1
if exist %%g echo.%%~g>>"%temp%\log.txt"
)
for %%g in (
"%systemdrive%\VundoFix Backups"
%systemdrive%\Deckard
%systemdrive%\Qoobox
) do (
rd /s/q %%g >nul 2>&1
if exist %%g echo.%%~g>>"%temp%\log.txt"
)
if exist "%temp%\log.txt" ( start notepad "%temp%\log.txt"
) else echo.Deleted Successfully !!
echo.GetObject("winmgmts:" ^& "{impersonationLevel=impersonate}!\\" ^& "." ^& "\root\default").Get("SystemRestore").Disable("")>SR.vbs
echo.GetObject("winmgmts:" ^& "{impersonationLevel=impersonate}!\\" ^& "." ^& "\root\default").Get("SystemRestore").Enable("")>>SR.vbs
wscript SR.vbs
(
echo.REGEDIT4&echo.
echo.[hkey_current_user\software\microsoft\windows\currentversion\explorer\advanced]
echo."hidden"=dword:00000002
echo."hidefileext"=dword:00000001
echo."showsuperhidden"=dword:00000000
)>rehide.reg
regedit /s rehide.reg
del rehide.reg SR.vbs
nircmd wait 7000
del %0
Save this as
fix.bat Choose to "Save type as - All Files"
It should look like this:
Double click on fix.bat & allow it to run
Post back to tell me what it says
Additonally, it will generate a zipped file on your Desktop, called Submit.zip
Please submit this file to
http://www.bleepingcomputer.com/subm....php?channel=4