Äîáðûé äåíü!
Ïîôèêñèòü â HijackThis ñëåäóþùèå ñòðî÷êè:
Êîä:
R3 - URLSearchHook: (no name) - {95289393-33EA-4F8D-B952-483415B9C955} - (no file)
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe,c:\windows\system32\f49d5333.exe,c:\windows\system32\c1116e1.exe,c:\windows\system32\ca55e40d.exe,c:\windows\system32\630f15aa.exe,c:\windows\system32\1c6665be.exe,c:\windows\system32\ba8b9f75.exe,c:\windows\system32\534b4ad4.exe,c:\windows\system32\f29907fc.exe,c:\windows\system32\8111b436.exe,c:\windows\system32\2f17cbb2.exe,c:\windows\system32\cdf7454d.exe,c:\windows\system32\66cf2508.exe,c:\windows\system32\7e51d1.exe,c:\windows\system32\c17409cb.exe,c:\windows\system32\772c23f1.exe,c:\windows\system32\aef5877.exe,c:\windows\system32\caec132c.exe,c:\windows\system32\62a08d1a.exe,c:\windows\system32\269fa0d.exe,c:\windows\system32\d0015831.exe,c:\windows\system32\60cdf9b6.exe,c:\windows\system32\14ef47c5.exe,c:\windows\system32\ff64565c.exe,c:\windows\system32\c66c9d30.exe,c:\windows\system32\65ceb708.exe,c:\windows\system32\f7412.exe,c:\windows\system32\a33f686b.exe,c:\windows\system32\49ce80ef.exe,c:\windows\system32\f26c28be.exe,c:\windows\s
O4 - HKLM\..\RunServices: [csrcs] C:\Windows\system32\csrcs.exe
O4 - HKLM\..\Policies\Explorer\Run: [csrcs] C:\Windows\system32\csrcs.exe
AVZ, ìåíþ "Ôàéë - Âûïîëíèòü ñêðèïò" -- Ñêîïèðîâàòü íèæå íàïèñàííûé ñêðèïò-- Íàæàòü êíîïêó "Çàïóñòèòü".
Êîä:
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
QuarantineFile('c:\windows\system32\csrcs.exe','');
QuarantineFile('c:\windows\system32\14ef47c5.exe','');
QuarantineFile('c:\windows\system32\1c6665be.exe','');
QuarantineFile('c:\windows\system32\20f13a3e.exe','');
QuarantineFile('c:\windows\system32\218504f0.exe','');
QuarantineFile('c:\windows\system32\269fa0d.exe','');
QuarantineFile('c:\windows\system32\2f17cbb2.exe','');
QuarantineFile('c:\windows\system32\30d49b0c.exe','');
QuarantineFile('c:\windows\system32\32f8ceef.exe','');
QuarantineFile('c:\windows\system32\3a0c8863.exe','');
QuarantineFile('c:\windows\system32\45296466.exe','');
QuarantineFile('c:\windows\system32\4915816a.exe','');
QuarantineFile('c:\windows\system32\49ce80ef.exe','');
QuarantineFile('c:\windows\system32\50078ba4.exe','');
QuarantineFile('c:\windows\system32\534b4ad4.exe','');
QuarantineFile('c:\windows\system32\547739f5.exe','');
QuarantineFile('c:\windows\system32\556ed81d.exe','');
QuarantineFile('c:\windows\system32\60cdf9b6.exe','');
QuarantineFile('c:\windows\system32\612d0b70.exe','');
QuarantineFile('c:\windows\system32\620a32c.exe','');
QuarantineFile('c:\windows\system32\62a08d1a.exe','');
QuarantineFile('c:\windows\system32\630f15aa.exe','');
QuarantineFile('c:\windows\system32\65ceb708.exe','');
QuarantineFile('c:\windows\system32\66cf2508.exe','');
QuarantineFile('c:\windows\system32\7483cf53.exe','');
QuarantineFile('c:\windows\system32\7620579d.exe','');
QuarantineFile('c:\windows\system32\772c23f1.exe','');
QuarantineFile('c:\windows\system32\774677d.exe','');
QuarantineFile('c:\windows\system32\7e51d1.exe','');
QuarantineFile('c:\windows\system32\7fb98d36.exe','');
QuarantineFile('c:\windows\system32\8111b436.exe','');
QuarantineFile('c:\windows\system32\91644eca.exe','');
QuarantineFile('c:\windows\system32\939f28e5.exe','');
QuarantineFile('c:\windows\system32\962716f5.exe','');
QuarantineFile('c:\windows\system32\9a947b7d.exe','');
QuarantineFile('c:\windows\system32\9c0efea0.exe','');
QuarantineFile('c:\windows\system32\9cad618e.exe','');
QuarantineFile('c:\windows\system32\a11ad1d7.exe','');
QuarantineFile('c:\windows\system32\a33f686b.exe','');
QuarantineFile('c:\windows\system32\aef5877.exe','');
QuarantineFile('c:\windows\system32\b466e2df.exe','');
QuarantineFile('c:\windows\system32\ba08ceb6.exe','');
QuarantineFile('c:\windows\system32\ba8b9f75.exe','');
QuarantineFile('c:\windows\system32\c1116e1.exe','');
QuarantineFile('c:\windows\system32\c17409cb.exe','');
QuarantineFile('c:\windows\system32\c66c9d30.exe','');
QuarantineFile('c:\windows\system32\c79ad649.exe','');
QuarantineFile('c:\windows\system32\c9ebd2e3.exe','');
QuarantineFile('c:\windows\system32\ca55e40d.exe','');
QuarantineFile('c:\windows\system32\caec132c.exe','');
QuarantineFile('c:\windows\system32\cdf7454d.exe','');
QuarantineFile('c:\windows\system32\d0015831.exe','');
QuarantineFile('c:\windows\system32\d098bfae.exe','');
QuarantineFile('c:\windows\system32\d4275237.exe','');
QuarantineFile('c:\windows\system32\dddeaaee.exe','');
QuarantineFile('c:\windows\system32\e0700112.exe','');
QuarantineFile('c:\windows\system32\efab7656.exe','');
QuarantineFile('c:\windows\system32\f26c28be.exe','');
QuarantineFile('c:\windows\system32\f29907fc.exe','');
QuarantineFile('c:\windows\system32\f2befd54.exe','');
QuarantineFile('c:\windows\system32\f49d5333.exe','');
QuarantineFile('c:\windows\system32\f7412.exe','');
QuarantineFile('c:\windows\system32\fbdf4ac6.exe','');
QuarantineFile('c:\windows\system32\fd70f9b8.exe','');
QuarantineFile('c:\windows\system32\ff64565c.exe','');
DeleteFile('c:\windows\system32\csrcs.exe');
DeleteFile('c:\windows\system32\14ef47c5.exe');
DeleteFile('c:\windows\system32\1c6665be.exe');
DeleteFile('c:\windows\system32\20f13a3e.exe');
DeleteFile('c:\windows\system32\218504f0.exe');
DeleteFile('c:\windows\system32\269fa0d.exe');
DeleteFile('c:\windows\system32\2f17cbb2.exe');
DeleteFile('c:\windows\system32\30d49b0c.exe');
DeleteFile('c:\windows\system32\32f8ceef.exe');
DeleteFile('c:\windows\system32\3a0c8863.exe');
DeleteFile('c:\windows\system32\45296466.exe');
DeleteFile('c:\windows\system32\4915816a.exe');
DeleteFile('c:\windows\system32\49ce80ef.exe');
DeleteFile('c:\windows\system32\50078ba4.exe');
DeleteFile('c:\windows\system32\534b4ad4.exe');
DeleteFile('c:\windows\system32\547739f5.exe');
DeleteFile('c:\windows\system32\556ed81d.exe');
DeleteFile('c:\windows\system32\60cdf9b6.exe');
DeleteFile('c:\windows\system32\612d0b70.exe');
DeleteFile('c:\windows\system32\620a32c.exe');
DeleteFile('c:\windows\system32\62a08d1a.exe');
DeleteFile('c:\windows\system32\630f15aa.exe');
DeleteFile('c:\windows\system32\65ceb708.exe');
DeleteFile('c:\windows\system32\66cf2508.exe');
DeleteFile('c:\windows\system32\7483cf53.exe');
DeleteFile('c:\windows\system32\7620579d.exe');
DeleteFile('c:\windows\system32\772c23f1.exe');
DeleteFile('c:\windows\system32\774677d.exe');
DeleteFile('c:\windows\system32\7e51d1.exe');
DeleteFile('c:\windows\system32\7fb98d36.exe');
DeleteFile('c:\windows\system32\8111b436.exe');
DeleteFile('c:\windows\system32\91644eca.exe');
DeleteFile('c:\windows\system32\939f28e5.exe');
DeleteFile('c:\windows\system32\962716f5.exe');
DeleteFile('c:\windows\system32\9a947b7d.exe');
DeleteFile('c:\windows\system32\9c0efea0.exe');
DeleteFile('c:\windows\system32\9cad618e.exe');
DeleteFile('c:\windows\system32\a11ad1d7.exe');
DeleteFile('c:\windows\system32\a33f686b.exe');
DeleteFile('c:\windows\system32\aef5877.exe');
DeleteFile('c:\windows\system32\b466e2df.exe');
DeleteFile('c:\windows\system32\ba08ceb6.exe');
DeleteFile('c:\windows\system32\ba8b9f75.exe');
DeleteFile('c:\windows\system32\c1116e1.exe');
DeleteFile('c:\windows\system32\c17409cb.exe');
DeleteFile('c:\windows\system32\c66c9d30.exe');
DeleteFile('c:\windows\system32\c79ad649.exe');
DeleteFile('c:\windows\system32\c9ebd2e3.exe');
DeleteFile('c:\windows\system32\ca55e40d.exe');
DeleteFile('c:\windows\system32\caec132c.exe');
DeleteFile('c:\windows\system32\cdf7454d.exe');
DeleteFile('c:\windows\system32\d0015831.exe');
DeleteFile('c:\windows\system32\d098bfae.exe');
DeleteFile('c:\windows\system32\d4275237.exe');
DeleteFile('c:\windows\system32\dddeaaee.exe');
DeleteFile('c:\windows\system32\e0700112.exe');
DeleteFile('c:\windows\system32\efab7656.exe');
DeleteFile('c:\windows\system32\f26c28be.exe');
DeleteFile('c:\windows\system32\f29907fc.exe');
DeleteFile('c:\windows\system32\f2befd54.exe');
DeleteFile('c:\windows\system32\f49d5333.exe');
DeleteFile('c:\windows\system32\f7412.exe');
DeleteFile('c:\windows\system32\fbdf4ac6.exe');
DeleteFile('c:\windows\system32\fd70f9b8.exe');
DeleteFile('c:\windows\system32\ff64565c.exe');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\RunServices','csrcs');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run','csrcs');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.
Ïîñëå âûïîëíåíèÿ ñêðèïòà êîìïüþòåð ïåðåçàãðóçèòñÿ.
Ïîñëå ïåðåçàãðóçêè âûïîëíèòü âòîðîé ñêðèïò:
Êîä:
begin
CreateQurantineArchive(GetAVZDirectory+'quarantine .zip');
end.
 ðåçóëüòàòå âûïîëíåíèÿ ñêðèïòà áóäåò ñôîðìèðîâàí êàðàíòèí quarantine.zip. Îòïðàâüòå ïîëó÷åííûé ôàéë quarantine.zip èç ïàïêè AVZ ÷åðåç äàííóþ ôîðìó.  ñòðîêå "Ïîäðîáíîå îïèñàíèå âîçíèêøåé ñèòóàöèè:", íàïèøèòå ïàðîëü íà àðõèâ " virus" (áåç êàâû÷åê), â ñòðîêå "Ýëåêòðîííûé àäðåñ:" óêàæèòå ñâîé ýëåêòðîííûé àäðåñ. Ïîëó÷åííûé îòâåò ñîîáùèòå çäåñü.
Î÷èñòèòå âðåìåííûå ôàéëû ÷åðåç Ïóñê-Ïðîãðàììû-Ñòàíäàðòíûå-Ñëóæåáíûå-Î÷èñòêà äèñêà èëè c
ïîìîùüþ ATF Cleaner
- ñêà÷àéòå ATF Cleaner , çàïóñòèòå, ïîñòàâüòå ãàëî÷êó íàïðîòèâ Select All è íàæìèòå Empty Selected.
- åñëè âû èñïîëüçóåòå Firefox, íàæìèòå Firefox - Select All - Empty Selected
- íàæìèòå No, åñëè âû õîòèòå îñòàâèòü âàøè ñîõðàíåííûå ïàðîëè
- åñëè âû èñïîëüçóåòå Opera, íàæìèòå Opera - Select All - Empty Selected
- íàæìèòå No, åñëè âû õîòèòå îñòàâèòü âàøè ñîõðàíåííûå ïàðîëè
Ñêà÷àéòå Malwarebytes' Anti-Malware èëè ñ çåðêàëà, óñòàíîâèòå, îáíîâèòå áàçû, âûáåðèòå " Perform Full Scan", íàæìèòå " Scan", ïîñëå ñêàíèðîâàíèÿ - Ok - Show Results (ïîêàçàòü ðåçóëüòàòû) - íàæìèòå " Remove Selected" (óäàëèòü âûäåëåííûå.... ñìîòðèòå, ÷òî óäàëÿåòå). Îòêðîéòå ëîã è ñêîïèðóéòå â ñîîáùåíèå.
Åñëè áàçû MBAM â àâòîìàòè÷åñêîì ðåæèìå îáíîâèòü íå óäàëîñü, îáíîâèòå èõ îòäåëüíî. Çàãðóçèòü îáíîâëåíèå MBAM.
Ïîæàëóéñòà îáíîâèòå áàç AVZ
íàæìèòå Ôàéë => Îáíîâëåíèå áàç => Ïóñê
Ñîçäàòü íîâûé ëîã ïî ïðàâèëàì! |
