Junior Member
Вес репутации
58
Утекает трафик, забивает сеть
При лечении Касперским 7 вылезали вирусы Trojan.Win32.Agent.ady и Trojan-Dowmloader.Win32.Mutant.aim До прогона AVZ не удалялись постоянно вылезали в окне предупреждения.
После AVZ вроде перестали мелькать, но глюки остались:
какие-то подключения, на F8 при загрузке не реагирует.
moderated:::карантин загружать по красной ссылке вверху страницы.
Вложения
Последний раз редактировалось Rene-gad; 28.07.2008 в 12:08 .
Будь в курсе!
Будь в курсе!
Надоело быть жертвой? Стань профи по информационной безопасности, получай самую свежую информацию об угрозах и средствах защиты от ведущего российского аналитического центра Anti-Malware.ru:
Карантин из темы уберите...
Отключите антивирус и интернет!
AVZ, меню "Файл - Выполнить скрипт" -- Скопировать ниже написанный скрипт-- Нажать кнопку "Запустить".
Код:
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
QuarantineFile('WinCtrl32.dll','');
QuarantineFile('C:\WINDOWS\system32\ntos.exe','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winvb73.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winvb16.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winua62.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winua50.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winua38.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winty62.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winqv83.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winns48.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winmr73.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winlq84.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winkp40.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winkp05.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winjo38.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winin83.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winin73.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winhm40.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Wingl62.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winfk38.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winfk26.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winej62.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winbg72.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winbg37.sys','');
QuarantineFile('C:\WINDOWS\System32\drivers\tcpsr.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Rwb72.sys','');
QuarantineFile('srv.exe','');
QuarantineFile('C:\WINDOWS\system32\WinCtrl32.dll','');
DeleteService('Winvb73');
DeleteService('Winvb16');
DeleteService('Winua62');
DeleteService('Winua50');
DeleteService('Winua38');
DeleteService('Winty62');
DeleteService('Winqv83');
DeleteService('Winns48');
DeleteService('Winmr73');
DeleteService('Winlq84');
DeleteService('Winkp40');
DeleteService('Winkp05');
DeleteService('Winjo38');
DeleteService('Winin83');
DeleteService('Winin73');
DeleteService('Winhm40');
DeleteService('Wingl62');
DeleteService('Winfk38');
DeleteService('Winfk26');
DeleteService('Winej62');
DeleteService('Winbg72');
DeleteService('Winbg37');
DeleteService('WmiRpcSsClipSrv');
DeleteService('WmiRpcSs');
DeleteService('WmiApSrvRDSessMgrupnphostSchedule');
DeleteService('WmiApSrvRDSessMgrupnphost');
DeleteService('WmiApSrvRDSessMgr');
DeleteService('WmiApSrvNtmsSvcTapiSrv');
DeleteService('WmiApSrvNtmsSvc');
DeleteService('WmdmPmSNAlerter');
DeleteService('W32TimeBITS');
DeleteService('W32TimeAudioSrv');
DeleteService('upnphostNetDDE');
DeleteService('TermServicegusvc');
DeleteService('SwPrvScheduleERSvcW32TimeAudioSrv');
DeleteService('SwPrvScheduleERSvc');
DeleteService('ScheduleERSvc');
DeleteService('SCardSvrClipSrv');
DeleteService('RpcSsUPS');
DeleteService('RDSessMgrDnscache');
DeleteService('RasAutoCOMSysAppAcrSch2Svc');
DeleteService('PolicyAgentWmiApSrvWmiRpcSs');
DeleteService('PolicyAgentWmiApSrvTrkWks');
DeleteService('PolicyAgentWmiApSrv');
DeleteService('NtmsSvcMSDTC');
DeleteService('NtLmSspmnmsrvcAVPRpcLocator');
DeleteService('NtLmSspmnmsrvcAVPmnmsrvcAVPDhcpsrservice');
DeleteService('NtLmSspmnmsrvcAVPmnmsrvcAVP');
DeleteService('NtLmSspmnmsrvcAVP');
DeleteService('NetDDEdsdmTermService');
DeleteService('NetDDEdsdmdmadmin');
DeleteService('mnmsrvcSENSPolicyAgentWmiApSrvWmiRpcSsUPS');
DeleteService('mnmsrvcSENSPolicyAgentWmiApSrvWmiRpcSs');
DeleteService('mnmsrvcSENS');
DeleteService('mnmsrvcAVP');
DeleteService('MDMRemoteRegistry');
DeleteService('MDMNtLmSspmnmsrvcAVPRpcLocator');
DeleteService('ImapiServiceNtLmSsp');
DeleteService('EventSystemMDM');
DeleteService('dmserverCryptSvcdmserver');
DeleteService('dmserverCryptSvc');
DeleteService('dmadminstisvc');
DeleteService('Dhcpsrservice');
DeleteService('DhcpSCardSvr');
DeleteService('DhcpNetlogon');
DeleteService('COMSysAppAcrSch2Svc');
DeleteService('ClipSrvSharedAccessProtectedStorage');
DeleteService('ClipSrvSharedAccess');
DeleteService('ClipSrvNetman');
DeleteService('CiSvcAVPW32Time');
DeleteService('Rwb72');
DeleteService('tcpsr');
DeleteService('CiSvcAVP');
DeleteService('CiSvcAlerter');
DeleteService('BrowserdmserverCryptSvc');
DeleteService('AVPRemoteRegistry');
DeleteService('AcrSch2SvcPlugPlay');
DeleteFile('C:\WINDOWS\system32\WinCtrl32.dll');
DeleteFile('srv.exe');
DeleteFile('C:\WINDOWS\System32\Drivers\Rwb72.sys');
DeleteFile('C:\WINDOWS\System32\drivers\tcpsr.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winbg37.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winbg72.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winej62.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winfk26.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winfk38.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Wingl62.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winhm40.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winin73.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winin83.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winjo38.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winkp05.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winkp40.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winlq84.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winmr73.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winns48.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winqv83.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winty62.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winua38.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winua50.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winua62.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winvb16.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winvb73.sys');
DeleteFile('C:\WINDOWS\system32\ntos.exe');
DeleteFile('WinCtrl32.dll');
BC_ImportALL;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.
Пришлите карантин по правилам и повторите логи...