- Выполните скрипт в AVZ
Код:
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
DeleteFileMask(GetAVZDirectory + 'Quarantine', '*.*', true);
QuarantineFile('C:\Downloads\Архивы\Devine.zip','');
QuarantineFile('c:\windows\cwdrive32.exe','');
TerminateProcessByName('c:\windows\cwdrive32.exe');
DeleteFile('c:\windows\cwdrive32.exe');
QuarantineFile('C:\Documents and Settings\Пашка.BATA\Local Settings\Temporary Internet Files\Content.IE5\0123S5UV\isvs[1]._ ','');
QuarantineFile('C:\Documents and Settings\Пашка\Local Settings\Temporary Internet Files\Content.IE5\KMOCPMQN\serv6[1].exe','');
QuarantineFile('C:\Documents and Settings\NetworkService.NT AUTHORITY.002\Local Settings\Temporary Internet Files\Content.IE5\IBG7MV0V\m000[1].exe ','');
QuarantineFile('C:\Documents and Settings\Пашка\Local Settings\Temporary Internet Files\Content.IE5\KMOCPMQN\serv6[1].exe','');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','Microsoft Driver Setup');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run','Microsoft Driver Setup');
DeleteFileMask('C:\Documents and Settings\NetworkService.NT AUTHORITY.002\Local Settings\Temporary Internet Files\Content.IE5', '*.*', true);
DeleteFileMask('C:\Documents and Settings\Пашка\Local Settings\Temporary Internet Files\Content.IE5', '*.*', true);
DeleteFileMask('C:\Documents and Settings\NetworkService.NT AUTHORITY.003\Local Settings\Temporary Internet Files\Content.IE5', '*.*', true);
DeleteFileMask('C:\Documents and Settings\Пашка.BATA\Local Settings\Temporary Internet Files\Content.IE5', '*.*', true);
BC_ImportAll;
ExecuteSysClean;
ExecuteWizard('TSW', 2, 2, true);
ExecuteWizard('SCU', 2, 2, true);
BC_Activate;
RebootWindows(true);
end.
После перезагрузки:
- выполните такой скрипт
Код:
begin
CreateQurantineArchive(GetAVZDirectory+'quarantine.zip');
end.
- Файл quarantine.zip из папки AVZ загрузите по ссылке Прислать запрошенный карантин вверху темы
- удалите в MBAM оставшееся из этого
Код:
Зараженные параметры в реестре:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\microsoft driver setup (Worm.Palevo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\microsoft driver setup (Worm.Palevo) -> No action taken.
Зараженные файлы:
C:\Documents and Settings\NetworkService.NT AUTHORITY.002\Local Settings\Temporary Internet Files\Content.IE5\IBG7MV0V\m000[1].exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\NetworkService.NT AUTHORITY.002\Local Settings\Temporary Internet Files\Content.IE5\IBG7MV0V\ngrpysd[1].bmp (Worm.Conficker) -> No action taken.
C:\Documents and Settings\NetworkService.NT AUTHORITY.002\Local Settings\Temporary Internet Files\Content.IE5\AUXB5BRX\eetlm[1].gif (Worm.Conficker) -> No action taken.
C:\Documents and Settings\NetworkService.NT AUTHORITY.002\Local Settings\Temporary Internet Files\Content.IE5\AUXB5BRX\bllss[1].exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Пашка\Local Settings\Temporary Internet Files\Content.IE5\C9RLHR2D\schewj[1]._ (Trojan.Dropper) -> No action taken.
C:\Documents and Settings\Пашка\Local Settings\Temporary Internet Files\Content.IE5\C9RLHR2D\isjwb[1]._ (Backdoor.Bot) -> No action taken.
C:\Documents and Settings\Пашка\Local Settings\Temporary Internet Files\Content.IE5\J6GWQKW6\bfiuefwg[1]._ (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Пашка\Local Settings\Temporary Internet Files\Content.IE5\J6GWQKW6\95dshb[1]._ (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Пашка\Local Settings\Temporary Internet Files\Content.IE5\KMOCPMQN\serv6[1].exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Пашка\Application Data\ltzqai.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\NetworkService.NT AUTHORITY.003\Local Settings\Temporary Internet Files\Content.IE5\KT0L6L6T\m0bis[1].exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\NetworkService.NT AUTHORITY.003\Local Settings\Temporary Internet Files\Content.IE5\TW7FR2C9\bsjemhv[1].jpg (Worm.Downadup) -> No action taken.
C:\Documents and Settings\Пашка.BATA\Local Settings\Temporary Internet Files\Content.IE5\0123S5UV\isvs[1]._ (Backdoor.Bot) -> No action taken.
C:\Documents and Settings\Пашка.BATA\Local Settings\Temporary Internet Files\Content.IE5\0123S5UV\schewj[1]._ (Trojan.Dropper) -> No action taken.
C:\Documents and Settings\Пашка.BATA\Local Settings\Temporary Internet Files\Content.IE5\NI7TC45L\schewj[1]._ (Trojan.Dropper) -> No action taken.
C:\Documents and Settings\Пашка.BATA\Local Settings\Temporary Internet Files\Content.IE5\FNJF6NZY\schewj[1]._ (Trojan.Dropper) -> No action taken.
C:\System Volume Information\_restore{ECD26E21-811B-4141-9C14-C17814B8FB68}\RP1\A0000025.exe (Backdoor.Bot) -> No action taken.
C:\FOUND.035\FILE0130.CHK (Trojan.Agent) -> No action taken.
C:\FOUND.035\FILE0287.CHK (Trojan.Agent) -> No action taken.
C:\FOUND.035\FILE0288.CHK (Trojan.Agent) -> No action taken.
C:\FOUND.035\FILE0410.CHK (Backdoor.Bot) -> No action taken.
C:\FOUND.035\FILE0411.CHK (Backdoor.Bot) -> No action taken.
C:\FOUND.035\FILE0444.CHK (Trojan.Agent) -> No action taken.
C:\FOUND.035\FILE0462.CHK (Trojan.Agent) -> No action taken.
C:\FOUND.035\FILE0463.CHK (Trojan.Agent) -> No action taken.
C:\FOUND.035\FILE0464.CHK (Trojan.Agent) -> No action taken.
C:\FOUND.035\FILE0481.CHK (Backdoor.Bot) -> No action taken.
C:\WINDOWS\cwdrive32.exe (Worm.Palevo) -> No action taken.
- Сделайте повторный лог virusinfo_syscheck.zip;
- Сделайте лог MBAM