Не посмотрите логи?
sptd - это от алкоголя
а вот mssrv32.exe - это что такое? AVZ пишет что имя подозрительное.
Карантин прислал.
Не посмотрите логи?
sptd - это от алкоголя
а вот mssrv32.exe - это что такое? AVZ пишет что имя подозрительное.
Карантин прислал.
Выполните скрипт в АВЗ
Загрузите карантин согласно п.3 правил по ссылке http://virusinfo.info/upload_virus.php?tid=17211Код:begin SearchRootkit(true, true); SetAVZGuardStatus(True); QuarantineFile('C:\WINDOWS\system32\qgzx.dll',''); QuarantineFile('C:\DOCUME~1\6133~1.RIV\LOCALS~1\Temp\F7C87_0.DLL',''); QuarantineFile('C:\DOCUME~1\6133~1.RIV\LOCALS~1\Temp\F7A10_0.DLL',''); QuarantineFile('C:\DOCUME~1\6133~1.RIV\LOCALS~1\Temp\DF1A0_0.DLL',''); QuarantineFile('C:\DOCUME~1\6133~1.RIV\LOCALS~1\Temp\4168B_0.DLL',''); QuarantineFile('C:\DOCUME~1\6133~1.RIV\LOCALS~1\Temp\40F94_0.DLL',''); QuarantineFile('C:\DOCUME~1\6133~1.RIV\LOCALS~1\Temp\2D358_0.DLL',''); QuarantineFile('C:\DOCUME~1\6133~1.RIV\LOCALS~1\Temp\2871FD_0.DLL',''); QuarantineFile('C:\DOCUME~1\6133~1.RIV\LOCALS~1\Temp\25A31_0.DLL',''); QuarantineFile('C:\DOCUME~1\6133~1.RIV\LOCALS~1\Temp\24D3E_0.DLL',''); QuarantineFile('C:\DOCUME~1\6133~1.RIV\LOCALS~1\Temp\22B86_0.DLL',''); QuarantineFile('C:\DOCUME~1\6133~1.RIV\LOCALS~1\Temp\2137B6_0.DLL',''); QuarantineFile('C:\DOCUME~1\6133~1.RIV\LOCALS~1\Temp\21361B_0.DLL',''); QuarantineFile('C:\DOCUME~1\6133~1.RIV\LOCALS~1\Temp\21348B_0.DLL',''); QuarantineFile('C:\DOCUME~1\6133~1.RIV\LOCALS~1\Temp\2132E6_0.DLL',''); QuarantineFile('C:\DOCUME~1\6133~1.RIV\LOCALS~1\Temp\213123_0.DLL',''); QuarantineFile('C:\DOCUME~1\6133~1.RIV\LOCALS~1\Temp\212D12_0.DLL',''); QuarantineFile('C:\DOCUME~1\6133~1.RIV\LOCALS~1\Temp\212B09_0.DLL',''); QuarantineFile('C:\DOCUME~1\6133~1.RIV\LOCALS~1\Temp\21295B_0.DLL',''); QuarantineFile('C:\DOCUME~1\6133~1.RIV\LOCALS~1\Temp\2127CA_0.DLL',''); QuarantineFile('C:\DOCUME~1\6133~1.RIV\LOCALS~1\Temp\2124E5_0.DLL',''); QuarantineFile('C:\DOCUME~1\6133~1.RIV\LOCALS~1\Temp\212354_0.DLL',''); QuarantineFile('C:\DOCUME~1\6133~1.RIV\LOCALS~1\Temp\2121BA_0.DLL',''); QuarantineFile('C:\DOCUME~1\6133~1.RIV\LOCALS~1\Temp\211FCF_0.DLL',''); QuarantineFile('C:\DOCUME~1\6133~1.RIV\LOCALS~1\Temp\211E3E_0.DLL',''); QuarantineFile('C:\DOCUME~1\6133~1.RIV\LOCALS~1\Temp\211B59_0.DLL',''); QuarantineFile('C:\DOCUME~1\6133~1.RIV\LOCALS~1\Temp\211979_0.DLL',''); QuarantineFile('C:\DOCUME~1\6133~1.RIV\LOCALS~1\Temp\211658_0.DLL',''); QuarantineFile('C:\DOCUME~1\6133~1.RIV\LOCALS~1\Temp\2114D1_0.DLL',''); QuarantineFile('C:\DOCUME~1\6133~1.RIV\LOCALS~1\Temp\21117E_0.DLL',''); QuarantineFile('C:\DOCUME~1\6133~1.RIV\LOCALS~1\Temp\210EAD_0.DLL',''); QuarantineFile('C:\DOCUME~1\6133~1.RIV\LOCALS~1\Temp\210CB8_0.DLL',''); QuarantineFile('C:\DOCUME~1\6133~1.RIV\LOCALS~1\Temp\210BAA_0.DLL',''); QuarantineFile('C:\DOCUME~1\6133~1.RIV\LOCALS~1\Temp\210A2D_0.DLL',''); QuarantineFile('C:\DOCUME~1\6133~1.RIV\LOCALS~1\Temp\21075C_0.DLL',''); QuarantineFile('C:\DOCUME~1\6133~1.RIV\LOCALS~1\Temp\2105B7_0.DLL',''); QuarantineFile('C:\DOCUME~1\6133~1.RIV\LOCALS~1\Temp\210413_0.DLL',''); QuarantineFile('C:\DOCUME~1\6133~1.RIV\LOCALS~1\Temp\20FE5D_0.DLL',''); QuarantineFile('C:\DOCUME~1\6133~1.RIV\LOCALS~1\Temp\20F6EE_0.DLL',''); QuarantineFile('C:\WINDOWS\system32\KB_963491.exe',''); QuarantineFile('C:\WINDOWS\system32\necsort.sys',''); QuarantineFile('C:\WINDOWS\system32\mssrv32.exe',''); QuarantineFile('C:\DOCUME~1\6133~1.RIV\LOCALS~1\Temp\20F63A_0.DLL',''); QuarantineFile('C:\DOCUME~1\6133~1.RIV\LOCALS~1\Temp\206B14_0.DLL',''); QuarantineFile('C:\DOCUME~1\6133~1.RIV\LOCALS~1\Temp\206A60_0.DLL',''); QuarantineFile('C:\DOCUME~1\6133~1.RIV\LOCALS~1\Temp\206998_0.DLL',''); QuarantineFile('C:\DOCUME~1\6133~1.RIV\LOCALS~1\Temp\206894_0.DLL',''); QuarantineFile('C:\DOCUME~1\6133~1.RIV\LOCALS~1\Temp\20673F_0.DLL',''); QuarantineFile('C:\DOCUME~1\6133~1.RIV\LOCALS~1\Temp\20664F_0.DLL',''); QuarantineFile('C:\DOCUME~1\6133~1.RIV\LOCALS~1\Temp\206540_0.DLL',''); QuarantineFile('C:\DOCUME~1\6133~1.RIV\LOCALS~1\Temp\206428_0.DLL',''); QuarantineFile('C:\DOCUME~1\6133~1.RIV\LOCALS~1\Temp\206283_0.DLL',''); QuarantineFile('C:\DOCUME~1\6133~1.RIV\LOCALS~1\Temp\20612F_0.DLL',''); QuarantineFile('C:\DOCUME~1\6133~1.RIV\LOCALS~1\Temp\20600C_0.DLL',''); QuarantineFile('C:\DOCUME~1\6133~1.RIV\LOCALS~1\Temp\205D95_0.DLL',''); QuarantineFile('C:\DOCUME~1\6133~1.RIV\LOCALS~1\Temp\183CFA_0.DLL',''); QuarantineFile('C:\DOCUME~1\6133~1.RIV\LOCALS~1\Temp\183472_0.DLL',''); DeleteFile('C:\DOCUME~1\6133~1.RIV\LOCALS~1\Temp\183472_0.DLL'); DeleteFile('C:\DOCUME~1\6133~1.RIV\LOCALS~1\Temp\183CFA_0.DLL'); DeleteFile('C:\DOCUME~1\6133~1.RIV\LOCALS~1\Temp\205D95_0.DLL'); DeleteFile('C:\DOCUME~1\6133~1.RIV\LOCALS~1\Temp\20600C_0.DLL'); DeleteFile('C:\DOCUME~1\6133~1.RIV\LOCALS~1\Temp\20612F_0.DLL'); DeleteFile('C:\DOCUME~1\6133~1.RIV\LOCALS~1\Temp\206283_0.DLL'); DeleteFile('C:\DOCUME~1\6133~1.RIV\LOCALS~1\Temp\206428_0.DLL'); DeleteFile('C:\DOCUME~1\6133~1.RIV\LOCALS~1\Temp\206540_0.DLL'); DeleteFile('C:\DOCUME~1\6133~1.RIV\LOCALS~1\Temp\20664F_0.DLL'); DeleteFile('C:\DOCUME~1\6133~1.RIV\LOCALS~1\Temp\20673F_0.DLL'); DeleteFile('C:\DOCUME~1\6133~1.RIV\LOCALS~1\Temp\206894_0.DLL'); DeleteFile('C:\DOCUME~1\6133~1.RIV\LOCALS~1\Temp\206998_0.DLL'); DeleteFile('C:\DOCUME~1\6133~1.RIV\LOCALS~1\Temp\206A60_0.DLL'); DeleteFile('C:\DOCUME~1\6133~1.RIV\LOCALS~1\Temp\206B14_0.DLL'); DeleteFile('C:\DOCUME~1\6133~1.RIV\LOCALS~1\Temp\20F63A_0.DLL'); DeleteFile('C:\WINDOWS\system32\mssrv32.exe'); DeleteFile('C:\WINDOWS\system32\necsort.sys'); DeleteFile('C:\WINDOWS\system32\KB_963491.exe'); DeleteFile('C:\DOCUME~1\6133~1.RIV\LOCALS~1\Temp\20F6EE_0.DLL'); DeleteFile('C:\DOCUME~1\6133~1.RIV\LOCALS~1\Temp\20FE5D_0.DLL'); DeleteFile('C:\DOCUME~1\6133~1.RIV\LOCALS~1\Temp\210413_0.DLL'); DeleteFile('C:\DOCUME~1\6133~1.RIV\LOCALS~1\Temp\2105B7_0.DLL'); DeleteFile('C:\DOCUME~1\6133~1.RIV\LOCALS~1\Temp\21075C_0.DLL'); DeleteFile('C:\DOCUME~1\6133~1.RIV\LOCALS~1\Temp\210A2D_0.DLL'); DeleteFile('C:\DOCUME~1\6133~1.RIV\LOCALS~1\Temp\210BAA_0.DLL'); DeleteFile('C:\DOCUME~1\6133~1.RIV\LOCALS~1\Temp\210CB8_0.DLL'); DeleteFile('C:\DOCUME~1\6133~1.RIV\LOCALS~1\Temp\210EAD_0.DLL'); DeleteFile('C:\DOCUME~1\6133~1.RIV\LOCALS~1\Temp\21117E_0.DLL'); DeleteFile('C:\DOCUME~1\6133~1.RIV\LOCALS~1\Temp\2114D1_0.DLL'); DeleteFile('C:\DOCUME~1\6133~1.RIV\LOCALS~1\Temp\211658_0.DLL'); DeleteFile('C:\DOCUME~1\6133~1.RIV\LOCALS~1\Temp\211979_0.DLL'); DeleteFile('C:\DOCUME~1\6133~1.RIV\LOCALS~1\Temp\211B59_0.DLL'); DeleteFile('C:\DOCUME~1\6133~1.RIV\LOCALS~1\Temp\211E3E_0.DLL'); DeleteFile('C:\DOCUME~1\6133~1.RIV\LOCALS~1\Temp\211FCF_0.DLL'); DeleteFile('C:\DOCUME~1\6133~1.RIV\LOCALS~1\Temp\2121BA_0.DLL'); DeleteFile('C:\DOCUME~1\6133~1.RIV\LOCALS~1\Temp\212354_0.DLL'); DeleteFile('C:\DOCUME~1\6133~1.RIV\LOCALS~1\Temp\2124E5_0.DLL'); DeleteFile('C:\DOCUME~1\6133~1.RIV\LOCALS~1\Temp\2127CA_0.DLL'); DeleteFile('C:\DOCUME~1\6133~1.RIV\LOCALS~1\Temp\21295B_0.DLL'); DeleteFile('C:\DOCUME~1\6133~1.RIV\LOCALS~1\Temp\212B09_0.DLL'); DeleteFile('C:\DOCUME~1\6133~1.RIV\LOCALS~1\Temp\212D12_0.DLL'); DeleteFile('C:\DOCUME~1\6133~1.RIV\LOCALS~1\Temp\213123_0.DLL'); DeleteFile('C:\DOCUME~1\6133~1.RIV\LOCALS~1\Temp\2132E6_0.DLL'); DeleteFile('C:\DOCUME~1\6133~1.RIV\LOCALS~1\Temp\21348B_0.DLL'); DeleteFile('C:\DOCUME~1\6133~1.RIV\LOCALS~1\Temp\21361B_0.DLL'); DeleteFile('C:\DOCUME~1\6133~1.RIV\LOCALS~1\Temp\2137B6_0.DLL'); DeleteFile('C:\DOCUME~1\6133~1.RIV\LOCALS~1\Temp\22B86_0.DLL'); DeleteFile('C:\DOCUME~1\6133~1.RIV\LOCALS~1\Temp\24D3E_0.DLL'); DeleteFile('C:\DOCUME~1\6133~1.RIV\LOCALS~1\Temp\25A31_0.DLL'); DeleteFile('C:\DOCUME~1\6133~1.RIV\LOCALS~1\Temp\2871FD_0.DLL'); DeleteFile('C:\DOCUME~1\6133~1.RIV\LOCALS~1\Temp\2D358_0.DLL'); DeleteFile('C:\DOCUME~1\6133~1.RIV\LOCALS~1\Temp\40F94_0.DLL'); DeleteFile('C:\DOCUME~1\6133~1.RIV\LOCALS~1\Temp\4168B_0.DLL'); DeleteFile('C:\DOCUME~1\6133~1.RIV\LOCALS~1\Temp\DF1A0_0.DLL'); DeleteFile('C:\DOCUME~1\6133~1.RIV\LOCALS~1\Temp\F7A10_0.DLL'); DeleteFile('C:\DOCUME~1\6133~1.RIV\LOCALS~1\Temp\F7C87_0.DLL'); BC_ImportAll; ExecuteSysClean; BC_Activate; RebootWindows(true); end.
Последний раз редактировалось wise-wistful; 30.01.2008 в 12:30.
и еще ...
выполните скрипт ...
пришлите карантин согласно приложения 3 правил ...Код:begin SearchRootkit(true, true); SetAVZGuardStatus(True); QuarantineFile('F:\DOWNLO~1\KillCopy\kcresume.exe',''); QuarantineFile('c:\program files\180solutions\sais.exe',''); QuarantineFile('C:\WINDOWS\system32\qgzx.dll',''); DeleteFile('C:\WINDOWS\system32\qgzx.dll'); BC_ImportDeletedList; ExecuteSysClean; BC_Activate; RebootWindows(true); end.
повторите логи ...
Добавлено через 47 минут
в карантине ...
C:\WINDOWS\system32\necsort.sys Rootkit.Win32.Agent.vl
C:\WINDOWS\system32\mssrv32.exe Trojan-Downloader.Win32.Small.hzt
Последний раз редактировалось V_Bond; 30.01.2008 в 12:43. Причина: Добавлено
Скрипты выполнил.
этих фалов в системе не было видимо только ключики в реестре остались:
c:\program files\180solutions\sais.exe
C:\WINDOWS\system32\qgzx.dll
C:\WINDOWS\system32\KB_963491.exe
карантин выслал с файлами, помещенными по результатам последней проверки
Статистика проведенного лечения:
- Получено карантинов: 2
- Обработано файлов: 64
- В ходе лечения обнаружены вредоносные программы:
- c:\\documents and settings\\админ.rivex-1\\doctorweb\\quarantine\\a0118928.exe - not-a-virus:AdWare.Win32.EZula.z (DrWEB: Adware.Ezula)
- c:\\windows\\system32\\mssrv32.exe - Trojan-Downloader.Win32.Small.hzt (DrWEB: Trojan.DownLoader.35134)
- c:\\windows\\system32\\necsort.sys - Rootkit.Win32.Agent.vl (DrWEB: Trojan.NtRootKit.767)
Уважаемый(ая) reviver, наши специалисты оказали Вам всю возможную помощь по вашему обращению.
В целях поддержания безопасности вашего компьютера настоятельно рекомендуем:
Чтобы всегда быть в курсе актуальных угроз в области информационной безопасности и сохранять свой компьютер защищенным, рекомендуем следить за последними новостями ИТ-сферы портала Anti-Malware.ru:
Надеемся больше никогда не увидеть ваш компьютер зараженным!
Если Вас не затруднит, пополните пожалуйста нашу базу безопасных файлов.