Надоел этот Braviax....Сношу его и в реестре и NOD 32 всё равно перезагружается раз вроде его нет, и через секунд 20 сам перезагружается комп и вот он опять.....
Помогите пожалйста, заранее благодарен!
Надоел этот Braviax....Сношу его и в реестре и NOD 32 всё равно перезагружается раз вроде его нет, и через секунд 20 сам перезагружается комп и вот он опять.....
Помогите пожалйста, заранее благодарен!
скачайте C:\WINDOWS\system32\Drivers\Winlx00.sys - force delete
выполните скрипт ...
пришлите карантин согласно приложения 3 правилКод:begin SetAVZGuardStatus(True); DeleteService('Winyt64'); DeleteService('Winym55'); DeleteService('Winya31'); DeleteService('Winxn67'); DeleteService('Winxl21'); DeleteService('Winxk53'); DeleteService('Winxe35'); DeleteService('Winwy54'); DeleteService('Winwx03'); DeleteService('Winwk23'); DeleteService('Winvx86'); DeleteService('Winuf07'); DeleteService('Winue54'); DeleteService('Wints85'); DeleteService('Wintk58'); DeleteService('Winte57'); DeleteService('Wintc26'); DeleteService('Winsy30'); DeleteService('Winsb53'); DeleteService('Winrt07'); DeleteService('Winrr18'); DeleteService('Winrb26'); DeleteService('Winqw83'); DeleteService('Winqw47'); DeleteService('Winqg87'); DeleteService('Winpu88'); DeleteService('Winpt51'); DeleteService('Winpk07'); DeleteService('Winpe24'); DeleteService('Winom06'); DeleteService('Winob77'); DeleteService('Winnt23'); DeleteService('Winng73'); DeleteService('Winmm67'); DeleteService('Winmh03'); DeleteService('Winmd34'); DeleteService('Winlm83'); DeleteService('Winkd10'); DeleteService('Winkc25'); DeleteService('Winkb23'); DeleteService('Winka65'); DeleteService('Winjm61'); DeleteService('Winiw47'); DeleteService('Winir04'); DeleteService('Winim55'); DeleteService('Winii60'); DeleteService('Winia87'); DeleteService('Winhy62'); DeleteService('Winhv65'); DeleteService('Wingj02'); DeleteService('Winfw31'); DeleteService('Winfs65'); DeleteService('Winfi78'); DeleteService('Winfh12'); DeleteService('Winei61'); DeleteService('Winde10'); DeleteService('Wincr13'); DeleteService('Wincn74'); DeleteService('Winca22'); DeleteService('Winby07'); DeleteService('Winbh16'); DeleteService('Winaw48'); DeleteService('Winaf70'); DeleteService('Winae04'); DeleteService('Winab52'); DeleteService('Winlx00'); DeleteService('wuauservWmiRasAuto'); DeleteService('wuauservRemoteAccess'); DeleteService('WmiRSVP'); DeleteService('WmiRasAuto'); DeleteService('WmiImapiServiceaspnet_stateseclogonDhcpMSIServer'); DeleteService('winmgmtSharedAccess'); DeleteService('WmiImapiService'); DeleteService('WebClientWZCSVC'); DeleteService('W32TimeShellHWDetection'); DeleteService('VSSWZCSVC'); DeleteService('UserGateTermServicehelpsvcSENS'); DeleteService('UserGateSCardSvrTrkWks'); DeleteService('UserGateERSvcseclogonDhcp'); DeleteService('ThemesSCardSvrFirebirdServer'); DeleteService('ThemesTrkWks'); DeleteService('ThemesTrkWksAudioSrv'); DeleteService('TrkWksUserGateSCardSvrTrkWks'); DeleteService('UPSWmiRSVP'); DeleteService('ThemesSCardSvr'); DeleteService('TermServicehelpsvcSENS'); DeleteService('SysmonLogFastUserSwitchingCompatibility'); DeleteService('SharedAccessRasMan'); DeleteService('SharedAccessclr_optimization_v2.0.50727_32'); DeleteService('SENSSysmonLog'); DeleteService('seclogonDhcpNetDDE'); DeleteService('seclogonDhcpMSIServer'); DeleteService('seclogonDhcp'); DeleteService('SamSswinmgmtSharedAccess'); DeleteService('SamSs Syslog Daemon'); DeleteService('RSVPWmdmPmSNseclogon'); DeleteService('RSVPWmdmPmSN'); DeleteService('RSVPSamSs'); DeleteService('RasAutoThemes'); DeleteService('RasAutoRemoteRegistry'); DeleteService('PlugPlayhelpsvcSENS'); DeleteService('NtmsSvcCiSvcWmiRSVPmnmsrvc'); DeleteService('NtmsSvcCiSvcWmiRSVPmnmsrvcNtmsSvcCiSvcWmiRSVP'); DeleteService('NtmsSvcCiSvcWmiRSVPmnmsrvcNtmsSvcCiSvcWmiRSVPPlugPlayhelpsvcSENS'); DeleteService('NtmsSvcCiSvcWmiRSVPWmiRSVP'); DeleteService('NtmsSvcRDSessMgr'); DeleteService('NtmsSvcCiSvcWmiRSVP'); DeleteService('NtmsSvcCiSvc'); DeleteService('Netlogonwuauserv'); DeleteService('napagentRSVP'); DeleteService('napagentAppMgmt'); DeleteService('MessengerFastUserSwitchingCompatibilityRasManSharedAccess'); DeleteService('MessengerFastUserSwitchingCompatibility'); DeleteService('LmHosts Syslog Daemon'); DeleteService('lanmanworkstationPlugPlay'); DeleteService('hkmsvcseclogonDhcpMSIServerVSS'); DeleteService('hkmsvcseclogonDhcpMSIServerhkmsvcseclogonDhcpMSIServer'); DeleteService('hkmsvcseclogonDhcpMSIServer'); DeleteService('HidServWebClientWZCSVC'); DeleteService('HidServlanmanserverERSvcseclogonDhcp'); DeleteService('helpsvcSENSAlerter'); DeleteService('helpsvcSENS'); DeleteService('helpsvcdmadmin'); DeleteService('FLEXnetWZCSVC'); DeleteService('ERSvcupnphost'); DeleteService('ERSvcseclogonDhcp'); DeleteService('FastUserSwitchingCompatibilitynapagentRSVP'); DeleteService('FastUserSwitchingCompatibilityNetDDE'); DeleteService('FastUserSwitchingCompatibilityTlntSvr'); DeleteService('FirebirdServer Syslog Daemon'); DeleteService('FirebirdServerSysmonLog'); DeleteService('DhcpNtLmSsp'); DeleteService('DhcpNtLmSspThemesSCardSvrFirebirdServer'); DeleteService('dmadminRemoteRegistry'); DeleteService('dmadminRemoteRegistryClipSrvW32TimeShellHWDetection'); DeleteService('DnscacheClipSrvW32TimeShellHWDetectionAppMgmt'); DeleteService('aspnet_stateseclogonDhcpMSIServer'); DeleteService('CiSvcclr_optimization_v2.0.50727_32'); DeleteService('ClipSrvW32TimeShellHWDetection'); DeleteService('ClipSrvW32TimeShellHWDetectionAppMgmt'); DeleteService('ClipSrvW32TimeShellHWDetectionhkmsvcseclogonDhcpMSIServerhkmsvcseclogonDhcpMSIServer'); DeleteService('AppMgmtEhttpSrv'); QuarantineFile('srv.exe',''); QuarantineFile('C:\WINDOWS\system32\Drivers\Winlx00.sys',''); QuarantineFile('C:\WINDOWS\system32\WinCtrl32.dll',''); TerminateProcessByName('c:\windows\system32\braviax.exe'); QuarantineFile('c:\windows\system32\braviax.exe',''); DeleteFile('c:\windows\system32\braviax.exe'); DeleteFile('C:\WINDOWS\system32\WinCtrl32.dll'); DeleteFile('srv.exe'); DeleteFile('C:\WINDOWS\System32\Drivers\Winaa56.sys'); DeleteFile('C:\WINDOWS\System32\Drivers\Winab52.sys'); DeleteFile('C:\WINDOWS\System32\Drivers\Winae04.sys'); DeleteFile('C:\WINDOWS\System32\Drivers\Winaf70.sys'); DeleteFile('C:\WINDOWS\System32\Drivers\Winaw48.sys'); DeleteFile('C:\WINDOWS\System32\Drivers\Winbh16.sys'); DeleteFile('C:\WINDOWS\System32\Drivers\Winby07.sys'); DeleteFile('C:\WINDOWS\System32\Drivers\Winca22.sys'); DeleteFile('C:\WINDOWS\System32\Drivers\Wincn74.sys'); DeleteFile('C:\WINDOWS\System32\Drivers\Wincr13.sys'); DeleteFile('C:\WINDOWS\System32\Drivers\Winde10.sys'); DeleteFile('C:\WINDOWS\System32\Drivers\Winei61.sys'); DeleteFile('C:\WINDOWS\System32\Drivers\Winfh12.sys'); DeleteFile('C:\WINDOWS\System32\Drivers\Winfi78.sys'); DeleteFile('C:\WINDOWS\System32\Drivers\Winfs65.sys'); DeleteFile('C:\WINDOWS\System32\Drivers\Winfw31.sys'); DeleteFile('C:\WINDOWS\System32\Drivers\Wingj02.sys'); DeleteFile('C:\WINDOWS\System32\Drivers\Winhv65.sys'); DeleteFile('C:\WINDOWS\System32\Drivers\Winhy62.sys'); DeleteFile('C:\WINDOWS\System32\Drivers\Winii60.sys'); DeleteFile('C:\WINDOWS\System32\drivers\Winim55.sys'); DeleteFile('C:\WINDOWS\System32\Drivers\Winir04.sys'); DeleteFile('C:\WINDOWS\System32\Drivers\Winiw47.sys'); DeleteFile('C:\WINDOWS\System32\Drivers\Winjm61.sys'); DeleteFile('C:\WINDOWS\System32\Drivers\Winka65.sys'); DeleteFile('C:\WINDOWS\System32\Drivers\Winkb23.sys'); DeleteFile('C:\WINDOWS\System32\Drivers\Winkc25.sys'); DeleteFile('C:\WINDOWS\System32\Drivers\Winkd10.sys'); DeleteFile('C:\WINDOWS\System32\Drivers\Winlm83.sys'); DeleteFile('C:\WINDOWS\System32\Drivers\Winmd34.sys'); DeleteFile('C:\WINDOWS\System32\Drivers\Winmh03.sys'); DeleteFile('C:\WINDOWS\System32\Drivers\Winmm67.sys'); DeleteFile('C:\WINDOWS\System32\Drivers\Winng73.sys'); DeleteFile('C:\WINDOWS\System32\Drivers\Winnt23.sys'); DeleteFile('C:\WINDOWS\System32\Drivers\Winob77.sys'); DeleteFile('C:\WINDOWS\System32\Drivers\Winom06.sys'); DeleteFile('C:\WINDOWS\System32\Drivers\Winpe24.sys'); DeleteFile('C:\WINDOWS\System32\Drivers\Winpk07.sys'); DeleteFile('C:\WINDOWS\System32\Drivers\Winpt51.sys'); DeleteFile('C:\WINDOWS\System32\Drivers\Winpu88.sys'); DeleteFile('C:\WINDOWS\System32\Drivers\Winqg87.sys'); DeleteFile('C:\WINDOWS\System32\Drivers\Winqw83.sys'); DeleteFile('C:\WINDOWS\System32\Drivers\Winrb26.sys'); DeleteFile('C:\WINDOWS\System32\Drivers\Winrr18.sys'); DeleteFile('C:\WINDOWS\System32\Drivers\Winsb53.sys'); DeleteFile('C:\WINDOWS\System32\Drivers\Winsy30.sys'); DeleteFile('C:\WINDOWS\System32\Drivers\Wintc26.sys'); DeleteFile('C:\WINDOWS\System32\Drivers\Winte57.sys'); DeleteFile('C:\WINDOWS\System32\Drivers\Wintk58.sys'); DeleteFile('C:\WINDOWS\System32\Drivers\Wints85.sys'); DeleteFile('C:\WINDOWS\System32\Drivers\Winue54.sys'); DeleteFile('C:\WINDOWS\System32\drivers\Winuf07.sys'); DeleteFile('C:\WINDOWS\System32\Drivers\Winvc22.sys'); DeleteFile('C:\WINDOWS\System32\Drivers\Winvx86.sys'); DeleteFile('C:\WINDOWS\System32\Drivers\Winwk23.sys'); DeleteFile('C:\WINDOWS\System32\Drivers\Winwx03.sys'); DeleteFile('C:\WINDOWS\System32\Drivers\Winxe35.sys'); DeleteFile('C:\WINDOWS\System32\Drivers\Winxk53.sys'); DeleteFile('C:\WINDOWS\System32\Drivers\Winxl21.sys'); DeleteFile('C:\WINDOWS\System32\Drivers\Winxn67.sys'); DeleteFile('C:\WINDOWS\System32\Drivers\Winya31.sys'); DeleteFile('C:\WINDOWS\System32\Drivers\Winym55.sys'); DeleteFile('C:\WINDOWS\System32\Drivers\Winyt64.sys'); DeleteFile('C:\WINDOWS\system32\braviax.exe'); DeleteFile('WinCtrl32.dll'); BC_ImportDeletedList; ExecuteSysClean; BC_Activate; RebootWindows(true); end.
повторите логи
http://www.majorgeeks.com/downloadge...daac78f0c6a417
Ничё не качает с этой ссылке......(((
значит качаем IceSword отсюда http://www.antirootkit.com/software/IceSword.htm
и выполняем все(!) рекомендации из поста 2
Скачайте отсюда http://www.pcworld.com/downloads/fil...scription.html . Не делайте следующих шагов, пока не закончили с предыдущими - это бессмысленно.
Спасибо большое!!!!!
Статистика проведенного лечения:
- Получено карантинов: 2
- Обработано файлов: 26
- В ходе лечения обнаружены вредоносные программы:
- c:\\windows\\system32\\braviax.exe - not-a-virus:FraudTool.Win32.XPSecurityCenter.ai (DrWEB: Trojan.Packed.612)
- c:\\windows\\system32\\drivers\\beep.sys - Backdoor.Win32.UltimateDefender.a (DrWEB: Trojan.Fakealert.45
- c:\\windows\\system32\\winctrl32.dll - Trojan-Downloader.Win32.Mutant.bhl (DrWEB: BackDoor.Bulknet.23
Уважаемый(ая) arkannnsk, наши специалисты оказали Вам всю возможную помощь по вашему обращению.
В целях поддержания безопасности вашего компьютера настоятельно рекомендуем:
Чтобы всегда быть в курсе актуальных угроз в области информационной безопасности и сохранять свой компьютер защищенным, рекомендуем следить за последними новостями ИТ-сферы портала Anti-Malware.ru:
Надеемся больше никогда не увидеть ваш компьютер зараженным!
Если Вас не затруднит, пополните пожалуйста нашу базу безопасных файлов.