Win32.Zafi.b - The 'It' Virus of the Day Apparently

Hmm, did you enter that script properly?
I don't know if OTMoveIt has moved them.

here's what i entered, i'll double check to make sure the avenger.txt file is located there

:processes
explorer.exe

:services
ALSysIO

:files
c:\documents and settings\amk\application data\google\*.*
C:\avenger
C:\avenger.txt

:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"realtekg"=-

:commands
[purity]
[emptytemp]
[start explorer]
[reboot]

Hmmm.
Try again, and if you get the same result, we can use something else.

Sorry to be of so much trouble and thanks again for helping me, I ran it again, took out some spaces that were put in before each command and here's what i got:


========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
Service ALSysIO stopped successfully.
Service ALSysIO deleted successfully.
========== FILES ==========
c:\documents and settings\amk\application data\google\djvlg2072387.exe moved successfully.
DllUnregisterServer procedure not found in c:\documents and settings\amk\application data\google\lrpfwl.dll
c:\documents and settings\amk\application data\google\lrpfwl.dll NOT unregistered.
c:\documents and settings\amk\application data\google\lrpfwl.dll moved successfully.
C:\Avenger moved successfully.
C:\avenger.txt moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\realtekg deleted successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\AMK\LOCALS~1\Temp\hsperfdata_AMK\3184 scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\JET800D.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_2ec.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_410.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01162009_182932

That looks better, it ran properly this time.
What problems remain?

I've got it rebooting right now, I'll do the java and restore in a little bit, is there any other diagnostic tools to run to make sure it was successfully removed besides spyware and antivirus tools? Otherwise I think I'm good. I'll report back if I am having problems, again, thank you so much for helping me out.

Since this issue is resolved, this topic is closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter.

Everyone else, please open a new topic for your questions.

Since this issue is resolved, this topic is closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter.

Everyone else, please open a new topic for your questions.