Êîìïüþòåðíûé ôîðóì OSzone.net  

Êîìïüþòåðíûé ôîðóì OSzone.net (http://forum.oszone.net/index.php)
-   Ëå÷åíèå ñèñòåì îò âðåäîíîñíûõ ïðîãðàìì (http://forum.oszone.net/forumdisplay.php?f=87)
-   -   Ïîñòîÿííî îòêðûâàåòñÿ áðàóçåð ñ ðåêëàìîé (http://forum.oszone.net/showthread.php?t=302301)

berkut_174 11-07-2015 18:08 2527766
Ïîñòîÿííî îòêðûâàåòñÿ áðàóçåð ñ ðåêëàìîé
 
Âñåì ïðèâåò!

Ïîæàëóéñòà, ïîìîãèòå îáåçâðåäèòü çàðàçó.

berkut_174 11-07-2015 19:26 2527790
Âëîæåíèé: 1
Íîâûé ëîã.
Óäàëèë âñ¸ ïîäîçðèòåëüíîå ÷åðåç CCleaner è ïðîø¸ëñÿ HiJackThis.
Ïîìîãèòå óáðàòü îñòàòêè, çàðàíåå ñïàñèáî.

iskander-k 11-07-2015 22:39 2527855
Ñêðèïò AVZ.
Âûïîëíèòå ñêðèïò AVZ. Ìåíþ Ôàéë - Âûïîëíèòü ñêðèïò, âñòàâëÿåì íàïèñàíûé ñêðèïò - êíîïêà Çàïóñòèòü, ïîñëå âûïîëíåíèÿ êîìïüþòåð ïåðåçàãðóçèòñÿ.
Êîä:

begin
SetAVZGuardStatus(True);
SearchRootkit(true, true);
 SetServiceStart('byjisogy', 4);
 SetServiceStart('nethfdrv', 4);
 SetServiceStart('IHProtect Service', 4);
 SetServiceStart('BDSGRTP', 4);
 SetServiceStart('vicoqudu', 4);
 SetServiceStart('NetHttpService', 4);
 SetServiceStart('gopibeko', 4);
 StopService('byjisogy');
 StopService('nethfdrv');
 StopService('gopibeko');
StopService('NetHttpService');
 StopService('IHProtect Service');
 StopService('vicoqudu');
 StopService('ServiceUpdater');
 QuarantineFile('C:\Program Files\miuitab\protectservice.exe','');
 QuarantineFile('C:\Program Files\miuitab\iewatchdog.dll','');
 QuarantineFile('C:\Program Files\miuitab\hpnotify.exe','');
 QuarantineFile('C:\Program Files\miuitab\cmdshell.exe','');
 QuarantineFile('C:\Program Files\miuitab\browerwatchch.dll','');
 QuarantineFile('C:\Program Files\AnyProtectEx\AnyProtect.exe','');
 QuarantineFile('C:\Documents and Settings\ß!\Local Settings\Application Data\SmartWeb\SmartWebHelper.exe','');
 QuarantineFile('C:\Documents and Settings\ß!\Local Settings\Application Data\Mail.Ru\MailRuUpdater.exe','');
 QuarantineFile('C:\Documents and Settings\All Users\Application','');
 QuarantineFile('C:\DOCUME~1\!12F2~1\LOCALS~1\Temp\463656.exe','');
 QuarantineFile('C:\Program Files\MiuiTab\ProtectService.exe','');
 QuarantineFile('C:\Program Files\Common Files\Baidu\BaiduProtect1.3\1.3.0.645\BaiduProtect.exe','');
 QuarantineFile('C:\Documents and Settings\ß!\Application Data\364EE69C-1436024293-9CB1-2111-705AB6FEF245\hnstEA.tmp','');
 QuarantineFile('C:\WINDOWS\system32\nethtsrv.exe','');
 QuarantineFile('C:\Documents and Settings\ß!\Local Settings\Application Data\364EE69C-1436046085-9CB1-2111-705AB6FEF245\snsv12C.tmp','');
 QuarantineFile('C:\Documents and Settings\ß!\Application Data\364EE69C-1436024293-9CB1-2111-705AB6FEF245\knsb35D.tmp','');
 QuarantineFile('C:\WINDOWS\system32\drivers\nethfdrv.sys','');
 QuarantineFile('C:\WINDOWS\system32\DRIVERS\BDSafeBrowser.sys','');
 QuarantineFile('C:\WINDOWS\system32\Drivers\BDMWrench.sys','');
 QuarantineFile('C:\WINDOWS\system32\DRIVERS\BDArKit.sys','');
 QuarantineFile('C:\WINDOWS\system32\DRIVERS\bd0004.sys','');
 QuarantineFile('C:\WINDOWS\system32\DRIVERS\bd0001.sys','');
 QuarantineFile('C:\WINDOWS\system32\hfpapi.dll','');
 QuarantineFile('C:\WINDOWS\system32\hfnapi.dll','');
 QuarantineFile('C:\Documents and Settings\ß!\Local Settings\Application Data\SmartWeb\swhk.dll','');
 QuarantineFile('c:\documents and settings\ß!\local settings\application data\364ee69c-1436046085-9cb1-2111-705ab6fef245\snsv12c.tmp','');
 QuarantineFile('c:\documents and settings\ß!\local settings\application data\smartweb\smartwebhelper.exe','');
 QuarantineFile('c:\documents and settings\ß!\local settings\application data\smartweb\smartwebapp.exe','');
 QuarantineFile('c:\windows\system32\netupdsrv.exe','');
 QuarantineFile('c:\windows\system32\nethtsrv.exe','');
 QuarantineFile('c:\documents and settings\ß!\application data\364ee69c-1436024293-9cb1-2111-705ab6fef245\knsb35d.tmp','');
 QuarantineFile('c:\documents and settings\ß!\application data\364ee69c-1436024293-9cb1-2111-705ab6fef245\jnsude.tmp','');
 QuarantineFile('c:\documents and settings\ß!\application data\364ee69c-1436024293-9cb1-2111-705ab6fef245\hnstea.tmp','');
 DeleteFile('c:\documents and settings\ß!\application data\364ee69c-1436024293-9cb1-2111-705ab6fef245\hnstea.tmp','32');
 DeleteFile('c:\documents and settings\ß!\application data\364ee69c-1436024293-9cb1-2111-705ab6fef245\jnsude.tmp','32');
 DeleteFile('c:\documents and settings\ß!\application data\364ee69c-1436024293-9cb1-2111-705ab6fef245\knsb35d.tmp','32');
 DeleteFile('c:\windows\system32\nethtsrv.exe','32');
 DeleteFile('c:\windows\system32\netupdsrv.exe','32');
 DeleteFile('c:\documents and settings\ß!\local settings\application data\smartweb\smartwebapp.exe','32');
 DeleteFile('c:\documents and settings\ß!\local settings\application data\smartweb\smartwebhelper.exe','32');
 DeleteFile('c:\documents and settings\ß!\local settings\application data\364ee69c-1436046085-9cb1-2111-705ab6fef245\snsv12c.tmp','32');
 DeleteFile('C:\Documents and Settings\ß!\Local Settings\Application Data\SmartWeb\swhk.dll','32');
 DeleteFile('C:\WINDOWS\system32\hfnapi.dll','32');
 DeleteFile('C:\WINDOWS\system32\hfpapi.dll','32');
 DeleteFile('C:\WINDOWS\system32\DRIVERS\bd0001.sys','32');
 DeleteFile('C:\WINDOWS\system32\DRIVERS\bd0004.sys','32');
 DeleteFile('C:\WINDOWS\system32\DRIVERS\BDArKit.sys','32');
 DeleteFile('C:\WINDOWS\system32\Drivers\BDMWrench.sys','32');
 DeleteFile('C:\WINDOWS\system32\DRIVERS\BDSafeBrowser.sys','32');
 DeleteFile('C:\WINDOWS\system32\drivers\nethfdrv.sys','32');
 DeleteFile('C:\Documents and Settings\ß!\Application Data\364EE69C-1436024293-9CB1-2111-705AB6FEF245\knsb35D.tmp','32');
 DeleteFile('C:\Documents and Settings\ß!\Local Settings\Application Data\364EE69C-1436046085-9CB1-2111-705AB6FEF245\snsv12C.tmp','32');
 DeleteFile('C:\WINDOWS\system32\nethtsrv.exe','32');
 DeleteFile('C:\WINDOWS\system32\netupdsrv.exe','32');
 DeleteFile('C:\Documents and Settings\ß!\Application Data\364EE69C-1436024293-9CB1-2111-705AB6FEF245\hnstEA.tmp','32');
 DeleteFile('C:\Program Files\Common Files\Baidu\BaiduProtect1.3\1.3.0.645\BaiduProtect.exe','32');
 DeleteFile('C:\Program Files\MiuiTab\ProtectService.exe','32');
 DeleteFile('C:\DOCUME~1\!12F2~1\LOCALS~1\Temp\463656.exe','32');
 DeleteFile('C:\Documents and Settings\ß!\Local Settings\Application Data\SmartWeb\SmartWebHelper.exe','32');
 DeleteFile('C:\Program Files\AnyProtectEx\AnyProtect.exe','32');
 DeleteFile('C:\WINDOWS\Tasks\APSnotifierPP1.job','32');
 DeleteFile('C:\WINDOWS\Tasks\APSnotifierPP2.job','32');
 DeleteFile('C:\WINDOWS\Tasks\APSnotifierPP3.job','32');
 DeleteFile('C:\WINDOWS\Tasks\SmartWeb Upgrade Trigger Task.job','32');
 DeleteFile('C:\Program Files\miuitab\browerwatchch.dll','32');
 DeleteFile('C:\Program Files\miuitab\cmdshell.exe','32');
 DeleteFile('C:\Program Files\miuitab\hpnotify.exe','32');
 DeleteFile('C:\Program Files\miuitab\iewatchdog.dll','32');
 DeleteFile('C:\Program Files\miuitab\protectservice.exe','32');
 DeleteService('nethfdrv');
 DeleteService('IHProtect Service');
 DeleteService('BDSGRTP');
 DeleteService('vicoqudu');
 DeleteService('ServiceUpdater');
 DeleteService('NetHttpService');
  DeleteService('gopibeko');
 DeleteService('byjisogy');
BC_ImportAll;
ExecuteSysClean;
ExecuteWizard('TSW',2,3,true);
BC_Activate;
RebootWindows(true);
end.
Ïîñëå âñåõ ïðîöåäóð âûïîëíèòå ñêðèïò
Êîä:
begin
 CreateQurantineArchive(GetAVZDirectory+'quarantine.zip');
end.


- Ïåðåòàùèòå ëîã Check_Browsers_LNK.log íà óòèëèòó ClearLNK. Îò÷¸ò î ðàáîòå ïðèêðåïèòå.

Sandor 13-07-2015 10:35 2528224
+
  • Ñêà÷àéòå AdwCleaner (by Xplode) è ñîõðàíèòå åãî íà Ðàáî÷åì ñòîëå.
  • Çàïóñòèòå åãî (â ÎÑ Windows Vista/Seven íåîáõîäèìî çàïóñêàòü ÷åðåç ïðàâóþ êí. ìûøè îò èìåíè àäìèíèñòðàòîðà), íàæìèòå êíîïêó "Scan" ("Ñêàíèðîâàòü") è äîæäèòåñü îêîí÷àíèÿ ñêàíèðîâàíèÿ.
  • Êîãäà ñêàíèðîâàíèå áóäåò çàâåðøåíî, îò÷åò áóäåò ñîõðàíåí â ñëåäóþùåì ðàñïîëîæåíèè: C:\AdwCleaner\AdwCleaner[R0].txt.
  • Ïðèêðåïèòå îò÷åò ê ñâîåìó ñëåäóþùåìó ñîîáùåíèþ.

Ïîäðîáíåå ÷èòàéòå â ýòîì ðóêîâîäñòâå.


Âðåìÿ: 21:38.

Âðåìÿ: 21:38.
© OSzone.net 2001-