Çàêðîéòå âñå ïðîãðàììû, âûãðóçèòå àíòèâèðóñ, ôàéðâîëë è ïðî÷åå çàùèòíîå ÏÎ.
Âûïîëíèòå ñêðèïò â ÀÂÇ (Ôàéë - Âûïîëíèòü ñêðèïò):
Êîä:
begin
ShowMessage('Âíèìàíèå! Ïåðåä âûïîëíåíèåì ñêðèïòà AVZ àâòîìàòè÷åñêè çàêðîåò âñå ñåòåâûå ïîäêëþ÷åíèÿ.'+#13#10+'Ïîñëå ïåðåçàãðóçêè êîìïüþòåðà ïîäêëþ÷åíèÿ ê ñåòè áóäóò âîññòàíîâëåíû â àâòîìàòè÷åñêîì ðåæèìå.');
ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true);
SetAVZGuardStatus(True);
QuarantineFile('C:\ProgramData\Norton\Norton2009Reset.exe','');
QuarantineFile('C:\Windows\system32\nctvype.dll','');
QuarantineFile('C:\Users\âïà\AppData\Roaming\E0FD.exe','');
QuarantineFile('C:\Users\âïà\AppData\Roaming\9B2F.exe','');
QuarantineFile('C:\Users\âïà\AppData\Roaming\6E57.exe','');
QuarantineFile('C:\Users\âïà\AppData\Roaming\522F.exe','');
QuarantineFile('C:\Users\âïà\AppData\Roaming\D4FD.exe','');
QuarantineFile('C:\Users\âïà\AppData\Roaming\8990.exe','');
QuarantineFile('C:\Users\âïà\AppData\Roaming\8067.exe','');
QuarantineFile('C:\Users\âïà\AppData\Roaming\8F14.exe','');
QuarantineFile('C:\Users\âïà\AppData\Roaming\7172.exe','');
QuarantineFile('C:\Users\âïà\AppData\Roaming\8C94.exe','');
QuarantineFile('C:\Users\âïà\AppData\Roaming\84E2.exe','');
QuarantineFile('C:\Users\âïà\AppData\Roaming\86E2.exe','');
QuarantineFile('C:\Users\âïà\AppData\Roaming\7F40.exe','');
QuarantineFile('C:\Users\âïà\AppData\Roaming\9246.exe','');
QuarantineFile('C:\Users\âïà\AppData\Roaming\B471.exe','');
QuarantineFile('C:\Users\âïà\AppData\Roaming\A489.exe','');
QuarantineFile('C:\Users\âïà\AppData\Roaming\6153.exe','');
QuarantineFile('C:\Users\âïà\AppData\Roaming\59C0.exe','');
QuarantineFile('C:\Users\âïà\AppData\Roaming\3CB9.exe','');
QuarantineFile('C:\Users\âïà\AppData\Roaming\3527.exe','');
QuarantineFile('C:\Users\âïà\AppData\Roaming\B64F.exe','');
QuarantineFile('C:\Users\âïà\AppData\Roaming\AE9D.exe','');
QuarantineFile('C:\Users\âïà\AppData\Roaming\B9C6.exe','');
QuarantineFile('C:\Users\âïà\AppData\Roaming\A757.exe','');
QuarantineFile('C:\Users\âïà\AppData\Roaming\6B5C.exe','');
QuarantineFile('C:\Users\âïà\AppData\Roaming\5784.exe','');
QuarantineFile('C:\Users\âïà\AppData\Roaming\26D0.exe','');
QuarantineFile('C:\Users\âïà\AppData\Roaming\BBE2.exe','');
QuarantineFile('C:\Users\âïà\AppData\Roaming\E5F3.exe','');
QuarantineFile('C:\Users\âïà\AppData\Roaming\7995.exe','');
QuarantineFile('C:\Users\âïà\AppData\Roaming\4BBF.exe','');
QuarantineFile('C:\Users\âïà\AppData\Roaming\D109.exe','');
QuarantineFile('C:\Users\âïà\AppData\Roaming\4A64.exe','');
QuarantineFile('C:\Users\âïà\AppData\Roaming\F4FA.exe','');
QuarantineFile('C:\Users\âïà\AppData\Roaming\61C3.exe','');
QuarantineFile('C:\Users\âïà\AppData\Roaming\74C5.exe','');
QuarantineFile('C:\Windows\system32\ezGOSvcApp.exe','');
QuarantineFile('C:\Windows\system32\ezGOSvc.dll','');
QuarantineFile('C:\Windows\system32\C406.tmp','');
DeleteFile('C:\Windows\system32\nctvype.dll');
DeleteFile('C:\Windows\system32\C406.tmp');
DeleteFile('C:\Users\âïà\AppData\Roaming\E0FD.exe');
DeleteFile('C:\Users\âïà\AppData\Roaming\9B2F.exe');
DeleteFile('C:\Users\âïà\AppData\Roaming\6E57.exe');
DeleteFile('C:\Users\âïà\AppData\Roaming\522F.exe');
DeleteFile('C:\Users\âïà\AppData\Roaming\D4FD.exe');
DeleteFile('C:\Users\âïà\AppData\Roaming\8990.exe');
DeleteFile('C:\Users\âïà\AppData\Roaming\8067.exe');
DeleteFile('C:\Users\âïà\AppData\Roaming\8F14.exe');
DeleteFile('C:\Users\âïà\AppData\Roaming\7172.exe');
DeleteFile('C:\Users\âïà\AppData\Roaming\8C94.exe');
DeleteFile('C:\Users\âïà\AppData\Roaming\84E2.exe');
DeleteFile('C:\Users\âïà\AppData\Roaming\86E2.exe');
DeleteFile('C:\Users\âïà\AppData\Roaming\7F40.exe');
DeleteFile('C:\Users\âïà\AppData\Roaming\9246.exe');
DeleteFile('C:\Users\âïà\AppData\Roaming\B471.exe');
DeleteFile('C:\Users\âïà\AppData\Roaming\A489.exe');
DeleteFile('C:\Users\âïà\AppData\Roaming\6153.exe');
DeleteFile('C:\Users\âïà\AppData\Roaming\59C0.exe');
DeleteFile('C:\Users\âïà\AppData\Roaming\3CB9.exe');
DeleteFile('C:\Users\âïà\AppData\Roaming\3527.exe');
DeleteFile('C:\Users\âïà\AppData\Roaming\B64F.exe');
DeleteFile('C:\Users\âïà\AppData\Roaming\AE9D.exe');
DeleteFile('C:\Users\âïà\AppData\Roaming\B9C6.exe');
DeleteFile('C:\Users\âïà\AppData\Roaming\A757.exe');
DeleteFile('C:\Users\âïà\AppData\Roaming\6B5C.exe');
DeleteFile('C:\Users\âïà\AppData\Roaming\5784.exe');
DeleteFile('C:\Users\âïà\AppData\Roaming\26D0.exe');
DeleteFile('C:\Users\âïà\AppData\Roaming\BBE2.exe');
DeleteFile('C:\Users\âïà\AppData\Roaming\E5F3.exe');
DeleteFile('C:\Users\âïà\AppData\Roaming\7995.exe');
DeleteFile('C:\Users\âïà\AppData\Roaming\4BBF.exe');
DeleteFile('C:\Users\âïà\AppData\Roaming\D109.exe');
DeleteFile('C:\Users\âïà\AppData\Roaming\4A64.exe');
DeleteFile('C:\Users\âïà\AppData\Roaming\F4FA.exe');
DeleteFile('C:\Users\âïà\AppData\Roaming\61C3.exe');
DeleteFile('C:\Users\âïà\AppData\Roaming\74C5.exe');
DeleteFile('C:\Windows\system32\ezGOSvcApp.exe');
DeleteFile('C:\Windows\system32\ezGOSvc.dll');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
ExecuteWizard('SCU',2,3,true);
RebootWindows(true);
end.
Êîìïüþòåð ïåðåçàãðóçèòñÿ, Ïîñëå ïåðåçàãðóçêè:
- âûïîëíèòå òàêîé ñêðèïò
Êîä:
begin
CreateQurantineArchive(GetAVZDirectory+'quarantine.zip');
end.
Ïîëó÷åííûé àðõèâ îòïðàâüòå ñ ïîìîùüþ ýòîé ôîðìû ñ óêàçàíèåì ññûëêè íà òåìó â òåìå (çàãîëîâêå) ñîîáùåíèÿ. ñ óêàçàíèåì ïàðîëÿ: virus â òåëå ïèñüìà.
Ïîôèêñèòå â HJT:
Êîä:
O20 - AppInit_DLLs: C:\Windows\system32\nctvype.dll
Ñêà÷àéòå Malwarebytes' Anti-Malware èëè ñ çåðêàëà, óñòàíîâèòå, îáíîâèòå áàçû, âûáåðèòå " Perform Full Scan", íàæìèòå " Scan", ïîñëå ñêàíèðîâàíèÿ - Ok - Show Results (ïîêàçàòü ðåçóëüòàòû) - Îòêðîéòå ëîã è ñêîïèðóéòå â áëîêíîò è ïðèêðåïèòå åãî ê ñëåäóþùåìó ïîñòó. |
