Junior Member
Вес репутации
34
Прошу удалить Baidu.
Здравствуйте. Не могу снести с компа Baidu. CleanMaster не помог - Baida отказывается уходить!
Вложения
Будь в курсе!
Будь в курсе!
Надоело быть жертвой? Стань профи по информационной безопасности, получай самую свежую информацию об угрозах и средствах защиты от ведущего российского аналитического центра Anti-Malware.ru:
Уважаемый(ая) Koks1970 , спасибо за обращение на наш форум!
Удаление вирусов - абсолютно бесплатная услуга на VirusInfo.Info. Хелперы в самое ближайшее время ответят на Ваш запрос. Для оказания помощи необходимо предоставить логи сканирования утилитами АВЗ и HiJackThis, подробнее можно прочитать в правилах оформления запроса о помощи .
Если наш сайт окажется полезен Вам и у Вас будет такая возможность - пожалуйста поддержите проект .
Выполните скрипт в AVZ
Код:
begin
BC_DeleteFile('c:\program files (x86)\common files\baidu\baiduhips\1.2.0.751\baiduhips.exe');
BC_DeleteFile('c:\program files (x86)\common files\baidu\baiduprotect1.3\1.3.0.619\baiduprotect.exe');
BC_DeleteFile('c:\program files (x86)\baidusd3.0\baidusd\3.0.0.4605\baidusdsvc.exe');
BC_DeleteFile('C:\Program Files (x86)\BaiduSd3.0\BaiduSd\3.0.0.4605\ad.dll');
BC_DeleteFile('C:\Program Files (x86)\BaiduSd3.0\BaiduSd\3.0.0.4605\BAV\BavArchive.dll');
BC_DeleteFile('C:\Program Files (x86)\BaiduSd3.0\BaiduSd\3.0.0.4605\BAV\BavCommon.dll');
BC_DeleteFile('C:\Program Files (x86)\BaiduSd3.0\BaiduSd\3.0.0.4605\BAV\BavEngine.dll');
BC_DeleteFile('C:\Program Files (x86)\BaiduSd3.0\BaiduSd\3.0.0.4605\BAV\BavFrame.dll');
BC_DeleteFile('C:\Program Files (x86)\BaiduSd3.0\BaiduSd\3.0.0.4605\BAV\BavOle.dll');
BC_DeleteFile('C:\Program Files (x86)\BaiduSd3.0\BaiduSd\3.0.0.4605\BAV\BavScanH.dll');
BC_DeleteFile('C:\Program Files (x86)\BaiduSd3.0\BaiduSd\3.0.0.4605\BAV\BavScanM.dll');
BC_DeleteFile('C:\Program Files (x86)\BaiduSd3.0\BaiduSd\3.0.0.4605\BAV\BavScanV.dll');
BC_DeleteFile('C:\Program Files (x86)\BaiduSd3.0\BaiduSd\3.0.0.4605\BAV\BavUnpack.dll');
BC_DeleteFile('C:\Program Files (x86)\BaiduSd3.0\BaiduSd\3.0.0.4605\BDLogicUtils.dll');
BC_DeleteFile('C:\Program Files (x86)\BaiduSd3.0\BaiduSd\3.0.0.4605\bdmantivirus\BDKitUtils.dll');
BC_DeleteFile('C:\Program Files (x86)\BaiduSd3.0\BaiduSd\3.0.0.4605\bdmantivirus\BDMAVCached.dll');
BC_DeleteFile('C:\Program Files (x86)\BaiduSd3.0\BaiduSd\3.0.0.4605\bdmantivirus\BDMAVEng.dll');
BC_DeleteFile('C:\Program Files (x86)\BaiduSd3.0\BaiduSd\3.0.0.4605\bdmantivirus\BDMPerfMon.dll');
BC_DeleteFile('C:\Program Files (x86)\BaiduSd3.0\BaiduSd\3.0.0.4605\bdmantivirus\bduf.dll');
BC_DeleteFile('C:\Program Files (x86)\BaiduSd3.0\BaiduSd\3.0.0.4605\bdmantivirus\TrustAndIso.dll');
BC_DeleteFile('C:\Program Files (x86)\BaiduSd3.0\BaiduSd\3.0.0.4605\BDMAVE.dll');
BC_DeleteFile('C:\Program Files (x86)\BaiduSd3.0\BaiduSd\3.0.0.4605\BDMDbSqlite.dll');
BC_DeleteFile('C:\Program Files (x86)\BaiduSd3.0\BaiduSd\3.0.0.4605\BDMFrameWork.dll');
BC_DeleteFile('C:\Program Files (x86)\BaiduSd3.0\BaiduSd\3.0.0.4605\BDMNet.dll');
BC_DeleteFile('C:\Program Files (x86)\BaiduSd3.0\BaiduSd\3.0.0.4605\BDMReport.dll');
BC_DeleteFile('C:\Program Files (x86)\BaiduSd3.0\BaiduSd\3.0.0.4605\DriverManager.dll');
BC_DeleteFile('C:\Program Files (x86)\BaiduSd3.0\BaiduSd\3.0.0.4605\plugins\bdkvrtpplugins\FileMon.dll');
BC_DeleteFile('C:\Program Files (x86)\BaiduSd3.0\BaiduSd\3.0.0.4605\plugins\bdkvrtpplugins\HIPSClient.dll');
BC_DeleteFile('C:\Program Files (x86)\BaiduSd3.0\BaiduSd\3.0.0.4605\plugins\bdkvrtpplugins\PrivacyProtect.dll');
BC_DeleteFile('C:\Program Files (x86)\BaiduSd3.0\BaiduSd\3.0.0.4605\websafe\DllInject.dll');
BC_DeleteFile('C:\Program Files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751\ad.dll');
BC_DeleteFile('C:\Program Files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751\BaiduHipsBusiness.dll');
BC_DeleteFile('C:\Program Files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751\BaiduHipsCore.dll');
BC_DeleteFile('C:\Program Files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751\BaiduPrevUIn.dll');
BC_DeleteFile('C:\Program Files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751\BDConfig.dll');
BC_DeleteFile('C:\Program Files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751\BDLogicUtils.dll');
BC_DeleteFile('C:\Program Files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751\bdmantivirus\BDKitUtils.dll');
BC_DeleteFile('C:\Program Files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751\BDMAVCached.dll');
BC_DeleteFile('C:\Program Files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751\BDMAVEng.dll');
BC_DeleteFile('C:\Program Files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751\BDMBase.dll');
BC_DeleteFile('C:\Program Files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751\BDMFrameWork.dll');
BC_DeleteFile('C:\Program Files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751\BDMNet.dll');
BC_DeleteFile('C:\Program Files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751\BDMReport.dll');
BC_DeleteFile('C:\Program Files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751\BDMStringUtils.dll');
BC_DeleteFile('C:\Program Files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751\BDMTinyXml.dll');
BC_DeleteFile('C:\Program Files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751\DriverManager.dll');
BC_DeleteFile('C:\Program Files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751\TrustAndIso.dll');
BC_DeleteFile('C:\Program Files (x86)\Common Files\Baidu\BaiduProtect1.3\1.3.0.619\ad.dll');
BC_DeleteFile('C:\Program Files (x86)\Common Files\Baidu\BaiduProtect1.3\1.3.0.619\BDKitUtils.dll');
BC_DeleteFile('C:\Program Files (x86)\Common Files\Baidu\BaiduProtect1.3\1.3.0.619\BDLogicUtils.dll');
BC_DeleteFile('C:\Program Files (x86)\Common Files\Baidu\BaiduProtect1.3\1.3.0.619\BDMNet.dll');
BC_DeleteFile('C:\Program Files (x86)\Common Files\Baidu\BaiduProtect1.3\1.3.0.619\BDMReport.dll');
BC_DeleteFile('C:\Program Files (x86)\Common Files\Baidu\BaiduProtect1.3\1.3.0.619\DriverManager.dll');
BC_DeleteFile('C:\Program Files (x86)\Common Files\Baidu\BaiduProtect1.3\1.3.0.619\plugins\BaiduRepair.dll');
BC_DeleteFile('C:\Program Files (x86)\Common Files\Baidu\BaiduProtect1.3\1.3.0.619\plugins\HIPS.dll');
BC_DeleteFile('C:\Program Files (x86)\Common Files\Baidu\BaiduProtect1.3\1.3.0.619\SafeBrowserDll.dll');
BC_DeleteFile('C:\Windows\system32\DRIVERS\bd0002.sys');
BC_DeleteFile('C:\Windows\system32\DRIVERS\bd0003.sys');
BC_DeleteFile('C:\Windows\system32\DRIVERS\BDArKit.sys');
BC_DeleteFile('C:\Windows\system32\drivers\BDDefense.sys');
BC_DeleteFile('C:\Windows\system32\DRIVERS\BDMWrench.sys');
BC_DeleteFile('C:\Program Files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751\BaiduHips.exe');
BC_DeleteFile('C:\Program Files (x86)\BaiduSd3.0\BaiduSd\3.0.0.4605\BaiduSdSvc.exe');
BC_DeleteFile('C:\Program Files (x86)\Common Files\Baidu\BaiduProtect1.3\1.3.0.619\BaiduProtect.exe');
BC_DeleteFile('C:\Program Files (x86)\BaiduAn3.0\BaiduAn\3.0.0.3971\BaiduAnSvc.exe');
BC_DeleteSvc('BaiduHips');
BC_DeleteSvc('BDKVRTP');
BC_DeleteSvc('BDSGRTP');
BC_DeleteSvc('BDMRTP');
BC_DeleteSvc('bd0002');
BC_DeleteSvc('bd0003');
BC_DeleteSvc('BDArKit');
BC_DeleteSvc('BDDefense');
BC_DeleteSvc('BDMWrench');
BC_DeleteSvc('BDFileDefend');
BC_DeleteSvc('BDMNetMon');
BC_DeleteSvc('BDMWrench_x64');
BC_DeleteSvc('BdSandBox');
BC_DeleteFile('C:\Program Files (x86)\BaiduSd3.0\BaiduSd\3.0.0.4605\BDShellExt64.dll');
BC_DeleteFile('C:\Program Files (x86)\BaiduSd3.0\BaiduSd\3.0.0.4605\BaiduSdTray.exe');
BC_DeleteFile('C:\Program Files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751.bak\BDLogicUtils.dll.bak');
BC_DeleteFile('C:\Program Files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751.bak\BDMBase.dll.bak');
BC_DeleteFile('C:\Program Files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751.bak\BDMFrameWork.dll.bak');
BC_DeleteFile('C:\Program Files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751.bak\BDMNet.dll.bak');
BC_DeleteFile('C:\Program Files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751.bak\BDMReport.dll.bak');
BC_DeleteFile('C:\Program Files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751.bak\BDMStringUtils.dll.bak');
BC_DeleteFile('C:\Program Files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751.bak\BDMTinyXml.dll.bak');
BC_DeleteFile('C:\Program Files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751.bak\BDDriverFixer.dll.bak');
BC_DeleteFile('C:\Program Files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751.bak\BDConfig.dll.bak');
BC_DeleteFile('C:\Program Files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751.bak\BaiduHipsIU.dll.bak');
BC_DeleteFile('C:\Program Files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751.bak\BaiduHips.exe.bak');BC_Activate;
RebootWindows(false);
end.
Компьютер перезагрузится.
Сделайте новые логи
Сделайте лог ComboFix
Microsoft MVP 2012-2016 Consumer Security
Microsoft MVP 2016 Reconnect
Junior Member
Вес репутации
34
Сделал логи и ComboFix. Как прикрепить к письму - не пойму. Baidu не удалилась.
Ну в первом же сообщении сумели. Технология не изменилась
Microsoft MVP 2012-2016 Consumer Security
Microsoft MVP 2016 Reconnect
Junior Member
Вес репутации
34
Новые логи.
Вложения
Скопируйте текст ниже в Блокнот и сохраните как файл с названием CFScript.txt в корень диска С.
Код:
KillAll::
File::
c:\windows\SysWow64\drivers\bd0002.sys
c:\windows\system32\drivers\BDDefense.sys
c:\windows\system32\drivers\bd0002.sys
c:\windows\system32\drivers\bd0003.sys
c:\windows\system32\drivers\BDMWrench_x64.sys
c:\windows\system32\drivers\BDArKit.sys
c:\windows\system32\drivers\bd0001.sys
c:\windows\system32\bd64_x86.dll
c:\windows\system32\bd64_x64.dll
c:\windows\SysWow64\drivers\BDArKit.sys
Driver::
BDFileDefend
BDMWrench_x64
BdSandBox
BDMNetMon
BDMRTP
bd0001
bd0002
bd0003
bd0004
BDMWrench
BDSafeBrowser
BaiduHips
BDArKit
BDDefense
BDKVRTP
BDSGRTP
Folder::
c:\users\Слава\AppData\Local\Baidu
c:\program files (x86)\BaiduSd3.0
c:\program files (x86)\Common Files\Baidu
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"baidusdTray"=-
FileLook::
DirLook::
После сохранения переместите CFScript.txt на пиктограмму ComboFix.exe.
Когда сохранится новый отчет ComboFix.txt , прикрепите его к сообщению.
Microsoft MVP 2012-2016 Consumer Security
Microsoft MVP 2016 Reconnect
Junior Member
Вес репутации
34
Отчет.
Вложения
c:\windows\SysWow64\drivers\bd0002.sys
c:\windows\system32\drivers\BDDefense.sys
c:\windows\system32\drivers\bd0002.sys
c:\windows\system32\drivers\bd0003.sys
c:\windows\system32\drivers\BDMWrench_x64.sys
c:\windows\system32\drivers\BDArKit.sys
c:\windows\system32\drivers\bd0001.sys
c:\windows\system32\bd64_x86.dll
c:\windows\system32\bd64_x64.dll
c:\windows\SysWow64\drivers\BDArKit.sys
c:\windows\system32\drivers\BDMWrench.sys
удалите вручную
Что с проблемой?
Microsoft MVP 2012-2016 Consumer Security
Microsoft MVP 2016 Reconnect
Junior Member
Вес репутации
34
Решение.
Вроде, все исчезло.
И в таком случае - СПАСИБО!
Последний раз редактировалось Koks1970; 28.12.2014 в 22:01 .
Причина: НЕПОЛНЫЙ ОТВЕТ.
Microsoft MVP 2012-2016 Consumer Security
Microsoft MVP 2016 Reconnect