EWIDO
Please configure Ewido as follows. The speech I posted is now different because the version of Ewido has recently been updated. Because of this, the infected files weren't dealt with properly.
- Double-click the icon on Desktop to launch Ewido
You will need to update Ewido to the latest definition files.
- On the top of the main screen click Shield
- Click the word active to change it to inactive
- On the top of the main screen click Update.
- Then click on Start Update. The update will start and a progress bar will show the updates being installed.
- I also recommend changing the "Update interval" to something more reasonable like 12 hours.
If you are having problems with the updater, you can use this link to
manually update Ewido
When you have finished updating,
EXIT Ewido.
------------------------
REGFIX
Download the attached file. Unzip it and double-click the reg file inside it. When asked whether you would like to merge with the registry, say
Yes.
------------------------
SAFE MODE
Reboot into Safe Mode as described earlier.
-----------------------
FILE DELETIONS
Delete the following file:
C:\WINDOWS\system32\qz.sys
-------------------------
EWIDO
Run
Ewido with it's updated definitions:(...it's important that all windows must be closed)
- Click Scanner
- Click on the Scan tab
- Click Complete System Scan to begin scanning.
- When the scan is complete click Recommended Action and change it to Quarantine
- Then click Apply all actions
Once finished, click the
Save report button, then click
Save Report As and save it to your desktop.
Reboot into
Normal mode.
-------------------------
REGSEARCH
Run RegSearch again as you have done previously and post the logs produced for sertgs and sertgm.
-------------------------
Post
Ewido's log, a new
HJT log and the
RegSearch logs.