Вирусы есть и это видно но НОД ваще не помогает...
Заранее благодарен!)))
Вирусы есть и это видно но НОД ваще не помогает...
Заранее благодарен!)))
Скачайте IceSword , поищите и скопируйте файлы:
Скопированные с помощью IceSword файлы сохраните в карантине (Приложение 2 правил).Код:C:\WINDOWS\System32\Drivers\Winru34.sys
Потом удалите их с помощью force delete
Если Вы какие-то файлы не обнаружите - переходите к следующему шагу.
Закройте все открытые приложения, кроме АVZ и Internet Explorer.
Отключите
- ПК от интернета/локалки
- Антивирус и Файрвол.
- Системное восстановление.
- Выполните скрипт
После перезагрузки:Код:begin SearchRootkit(true, true); SetAVZGuardStatus(True); QuarantineFile('C:\WINDOWS\System32\Drivers\Winar80.sys',''); QuarantineFile('C:\WINDOWS\System32\Drivers\Winbs62.sys',''); QuarantineFile('C:\WINDOWS\System32\Drivers\Winct06.sys',''); QuarantineFile('C:\WINDOWS\System32\Drivers\Wincw06.sys',''); QuarantineFile('C:\WINDOWS\System32\Drivers\Winem01.sys',''); QuarantineFile('C:\WINDOWS\System32\Drivers\Winey40.sys',''); QuarantineFile('C:\WINDOWS\System32\Drivers\Winfk35.sys',''); QuarantineFile('C:\WINDOWS\System32\Drivers\Winfs41.sys',''); QuarantineFile('C:\WINDOWS\System32\Drivers\Winfu18.sys',''); QuarantineFile('C:\WINDOWS\System32\Drivers\Winfu62.sys',''); QuarantineFile('C:\WINDOWS\System32\Drivers\Winge14.sys',''); QuarantineFile('C:\WINDOWS\System32\Drivers\Wingv60.sys',''); QuarantineFile('C:\WINDOWS\System32\Drivers\Winib14.sys',''); QuarantineFile('C:\WINDOWS\System32\Drivers\Winin42.sys',''); QuarantineFile('C:\WINDOWS\System32\Drivers\Winjg43.sys',''); QuarantineFile('C:\WINDOWS\System32\Drivers\Winjh60.sys',''); QuarantineFile('C:\WINDOWS\System32\Drivers\Winjo24.sys',''); QuarantineFile('C:\WINDOWS\System32\Drivers\Winjo46.sys',''); QuarantineFile('C:\WINDOWS\System32\Drivers\Winjt22.sys',''); QuarantineFile('C:\WINDOWS\System32\Drivers\Winkp77.sys',''); QuarantineFile('C:\WINDOWS\System32\Drivers\Winkx23.sys',''); QuarantineFile('C:\WINDOWS\System32\Drivers\Winlb46.sys',''); QuarantineFile('C:\WINDOWS\System32\Drivers\Winlt06.sys',''); QuarantineFile('C:\WINDOWS\System32\Drivers\Winlx10.sys',''); QuarantineFile('C:\WINDOWS\System32\Drivers\Winmh77.sys',''); QuarantineFile('C:\WINDOWS\System32\Drivers\Winmr58.sys',''); QuarantineFile('C:\WINDOWS\System32\Drivers\Winnf48.sys',''); QuarantineFile('C:\WINDOWS\System32\Drivers\Winnn85.sys',''); QuarantineFile('C:\WINDOWS\System32\Drivers\Winoh11.sys',''); QuarantineFile('C:\WINDOWS\System32\Drivers\Winom18.sys',''); QuarantineFile('C:\WINDOWS\System32\Drivers\Winoo61.sys',''); QuarantineFile('C:\WINDOWS\System32\Drivers\Winpd66.sys',''); QuarantineFile('C:\WINDOWS\System32\Drivers\Winpn11.sys',''); QuarantineFile('C:\WINDOWS\System32\Drivers\Winpn73.sys',''); QuarantineFile('C:\WINDOWS\System32\Drivers\Winqv07.sys',''); QuarantineFile('C:\WINDOWS\System32\Drivers\Winrw10.sys',''); QuarantineFile('C:\WINDOWS\System32\Drivers\Winsl52.sys',''); QuarantineFile('C:\WINDOWS\System32\Drivers\Winsn42.sys',''); QuarantineFile('C:\WINDOWS\System32\Drivers\Winsp12.sys',''); QuarantineFile('C:\WINDOWS\System32\Drivers\Winss42.sys',''); QuarantineFile('C:\WINDOWS\System32\Drivers\Wintl38.sys',''); QuarantineFile('C:\WINDOWS\System32\Drivers\Winua61.sys',''); QuarantineFile('C:\WINDOWS\System32\Drivers\Winui15.sys',''); QuarantineFile('C:\WINDOWS\System32\Drivers\Winvl11.sys',''); QuarantineFile('C:\WINDOWS\System32\Drivers\Winxp47.sys',''); QuarantineFile('C:\WINDOWS\System32\Drivers\Winye30.sys',''); QuarantineFile('C:\WINDOWS\System32\Drivers\Winyh72.sys',''); QuarantineFile('C:\WINDOWS\System32\Drivers\Winyj52.sys',''); QuarantineFile('C:\WINDOWS\System32\Drivers\Winru34.sys',''); QuarantineFile('C:\WINDOWS\system32\blphctw0j0ep7c.scr',''); QuarantineFile('C:\WINDOWS\system32\braviax.exe',''); QuarantineFile('C:\WINDOWS\system32\lphctw0j0ep7c.exe',''); QuarantineFile('WinCtrl32.dll',''); DeleteService('Winyj52'); DeleteService('Winye30'); DeleteService('Winxp47'); DeleteService('Winvl11'); DeleteService('Winui15'); DeleteService('Winua61'); DeleteService('Wintl38'); DeleteService('Winss42'); DeleteService('Winsp12'); DeleteService('Winsn42'); DeleteService('Winsl52'); DeleteService('Winrw10'); DeleteService('Winrr88'); DeleteService('Winrk01'); DeleteService('Winqy43'); DeleteService('Winqv07'); DeleteService('Winpn73'); DeleteService('Winpn11'); DeleteService('Winpd66'); DeleteService('Winoo61'); DeleteService('Winom18'); DeleteService('Winoh11'); DeleteService('Winnn85'); DeleteService('Winnk77'); DeleteService('Winnf48'); DeleteService('Winmr58'); DeleteService('Winmh77'); DeleteService('Winlx10'); DeleteService('Winlt06'); DeleteService('Winkx23'); DeleteService('Winkp77'); DeleteService('Winjt22'); DeleteService('Winjo24'); DeleteService('Winjh60'); DeleteService('Winjg43'); DeleteService('Winin42'); DeleteService('Winib14'); DeleteService('Wingv60'); DeleteService('Winge14'); DeleteService('Winfu62'); DeleteService('Winfu18'); DeleteService('Winfs41'); DeleteService('Winfk35'); DeleteService('Winey40'); DeleteService('Winem01'); DeleteService('Winds47'); DeleteService('Wincw06'); DeleteService('Winct06'); DeleteService('Winbs62'); DeleteService('Winar80'); DeleteService('ALGRpcSs'); DeleteService('ALGseclogonVSS'); DeleteService('BrowserImapiServiceSSDPSRVsrserviceUPS'); DeleteService('CiSvcPolicyAgent'); DeleteService('CryptSvcUPS'); DeleteService('CryptSvcUPSDhcpEventSystemAudioSrv'); DeleteService('CryptSvcUPSseclogonBrowser'); DeleteService('CryptSvcUPSseclogonBrowserDhcp'); DeleteService('CryptSvcUPSseclogonBrowserWMPNetworkSvc'); DeleteService('DhcpEventSystemAudioSrv'); DeleteService('EhttpSrvoseProtectedStorageDnscache'); DeleteService('EhttpSrvoseProtectedStorageDnscacheTapiSrvLmHosts'); DeleteService('EhttpSrvoseProtectedStorageDnscacheWmi'); DeleteService('ekrnRasAuto'); DeleteService('ERSvcAlerter'); DeleteService('ERSvcSwPrv'); DeleteService('EventSystemAudioSrv'); DeleteService('EventSystemwinmgmt'); DeleteService('helpsvcERSvcAlerter'); DeleteService('HidServWZCSVCALGCiSvc'); DeleteService('ImapiServiceSSDPSRV'); DeleteService('ImapiServiceSSDPSRVsrserviceUPS'); DeleteService('ImapiServiceSSDPSRVsrserviceUPSNetDDEsrserviceUPS'); DeleteService('lanmanworkstationWmiApSrv'); DeleteService('mnmsrvcLmHosts'); DeleteService('mnmsrvcTermServiceAppMgmt'); DeleteService('NetDDESchedule'); DeleteService('NetDDEsrserviceUPS'); DeleteService('NetmanoseProtectedStorageDnscache'); DeleteService('NtLmSspCryptSvcUPSseclogonBrowserDhcp'); DeleteService('oseProtectedStorage'); DeleteService('oseProtectedStorageDnscache'); DeleteService('ProtectedStoragemnmsrvc'); DeleteService('RemoteAccessdmserver'); DeleteService('RpcSsdmadmin'); DeleteService('RpcSsstisvc'); DeleteService('seclogonBrowser'); DeleteService('seclogonEventSystem'); DeleteService('seclogonRDSessMgr'); DeleteService('seclogonVSS'); DeleteService('SharedAccesswuauserv'); DeleteService('SpoolerWMPNetworkSvc'); DeleteService('srserviceUPS'); DeleteService('SwPrvWZCSVCALGCiSvc'); DeleteService('TapiSrvLmHosts'); DeleteService('TermServiceAppMgmt'); DeleteService('TermServiceSwPrv'); DeleteService('TlntSvrWudfSvc'); DeleteService('TlntSvrWudfSvcImapiServiceSSDPSRVsrserviceUPS'); DeleteService('TrkWksFastUserSwitchingCompatibility'); DeleteService('WebClientPlugPlay'); DeleteService('WmdmPmSNWMPNetworkSvc'); DeleteService('WmiNetDDEsrserviceUPS'); DeleteService('WMPNetworkSvcWZCSVC'); DeleteService('wscsvcseclogonBrowser'); DeleteService('WZCSVCALG'); DeleteService('WZCSVCALGCiSvc'); DeleteService('Winru34'); DeleteFile('WinCtrl32.dll'); DeleteFile('C:\WINDOWS\system32\lphctw0j0ep7c.exe'); DeleteFile('C:\WINDOWS\system32\braviax.exe'); DeleteFile('C:\WINDOWS\system32\blphctw0j0ep7c.scr'); DeleteFile('C:\WINDOWS\System32\Drivers\Winru34.sys'); DeleteFile('C:\WINDOWS\System32\Drivers\Winyj52.sys'); DeleteFile('C:\WINDOWS\System32\Drivers\Winyh72.sys'); DeleteFile('C:\WINDOWS\System32\Drivers\Winye30.sys'); DeleteFile('C:\WINDOWS\System32\Drivers\Winxp47.sys'); DeleteFile('C:\WINDOWS\System32\Drivers\Winvl11.sys'); DeleteFile('C:\WINDOWS\System32\Drivers\Winui15.sys'); DeleteFile('C:\WINDOWS\System32\Drivers\Winua61.sys'); DeleteFile('C:\WINDOWS\System32\Drivers\Wintl38.sys'); DeleteFile('C:\WINDOWS\System32\Drivers\Winss42.sys'); DeleteFile('C:\WINDOWS\System32\Drivers\Winsp12.sys'); DeleteFile('C:\WINDOWS\System32\Drivers\Winsn42.sys'); DeleteFile('C:\WINDOWS\System32\Drivers\Winsl52.sys'); DeleteFile('C:\WINDOWS\System32\Drivers\Winrw10.sys'); DeleteFile('C:\WINDOWS\System32\Drivers\Winrr88.sys'); DeleteFile('C:\WINDOWS\System32\Drivers\Winrk01.sys'); DeleteFile('C:\WINDOWS\System32\Drivers\Winqy43.sys'); DeleteFile('C:\WINDOWS\System32\Drivers\Winqv07.sys'); DeleteFile('C:\WINDOWS\System32\Drivers\Winpn11.sys'); DeleteFile('C:\WINDOWS\System32\Drivers\Winpd66.sys'); DeleteFile('C:\WINDOWS\System32\Drivers\Winoo61.sys'); DeleteFile('C:\WINDOWS\System32\Drivers\Winom18.sys'); DeleteFile('C:\WINDOWS\System32\Drivers\Winoh11.sys'); DeleteFile('C:\WINDOWS\System32\Drivers\Winnn85.sys'); DeleteFile('C:\WINDOWS\System32\Drivers\Winnk77.sys'); DeleteFile('C:\WINDOWS\System32\Drivers\Winnf48.sys'); DeleteFile('C:\WINDOWS\System32\Drivers\Winmr58.sys'); DeleteFile('C:\WINDOWS\System32\Drivers\Winmh77.sys'); DeleteFile('C:\WINDOWS\System32\Drivers\Winlx10.sys'); DeleteFile('C:\WINDOWS\System32\Drivers\Winlt06.sys'); DeleteFile('C:\WINDOWS\System32\Drivers\Winlb46.sys'); DeleteFile('C:\WINDOWS\System32\Drivers\Winkx23.sys'); DeleteFile('C:\WINDOWS\System32\Drivers\Winkp77.sys'); DeleteFile('C:\WINDOWS\System32\Drivers\Winjt22.sys'); DeleteFile('C:\WINDOWS\System32\Drivers\Winjo46.sys'); DeleteFile('C:\WINDOWS\System32\Drivers\Winjo24.sys'); DeleteFile('C:\WINDOWS\System32\Drivers\Winjh60.sys'); DeleteFile('C:\WINDOWS\System32\Drivers\Winjg43.sys'); DeleteFile('C:\WINDOWS\System32\Drivers\Winin42.sys'); DeleteFile('C:\WINDOWS\System32\Drivers\Winib14.sys'); DeleteFile('C:\WINDOWS\System32\Drivers\Wingv60.sys'); DeleteFile('C:\WINDOWS\System32\Drivers\Winge14.sys'); DeleteFile('C:\WINDOWS\System32\Drivers\Winfu62.sys'); DeleteFile('C:\WINDOWS\System32\Drivers\Winfu18.sys'); DeleteFile('C:\WINDOWS\System32\Drivers\Winfs41.sys'); DeleteFile('C:\WINDOWS\System32\Drivers\Winfk35.sys'); DeleteFile('C:\WINDOWS\System32\Drivers\Winey40.sys'); DeleteFile('C:\WINDOWS\System32\Drivers\Winem01.sys'); DeleteFile('C:\WINDOWS\System32\Drivers\Winds47.sys'); DeleteFile('C:\WINDOWS\System32\Drivers\Wincw06.sys'); DeleteFile('C:\WINDOWS\System32\Drivers\Winct06.sys'); DeleteFile('C:\WINDOWS\System32\Drivers\Winbs62.sys'); DeleteFile('C:\WINDOWS\System32\Drivers\Winar80.sys'); BC_ImportAll; ExecuteSysClean; BC_DeleteSvc('Winyj52'); BC_DeleteSvc('Winye30'); BC_DeleteSvc('Winxp47'); BC_DeleteSvc('Winvl11'); BC_DeleteSvc('Winui15'); BC_DeleteSvc('Winua61'); BC_DeleteSvc('Wintl38'); BC_DeleteSvc('Winss42'); BC_DeleteSvc('Winsp12'); BC_DeleteSvc('Winsn42'); BC_DeleteSvc('Winsl52'); BC_DeleteSvc('Winrw10'); BC_DeleteSvc('Winrr88'); BC_DeleteSvc('Winrk01'); BC_DeleteSvc('Winqy43'); BC_DeleteSvc('Winqv07'); BC_DeleteSvc('Winpn73'); BC_DeleteSvc('Winpn11'); BC_DeleteSvc('Winpd66'); BC_DeleteSvc('Winoo61'); BC_DeleteSvc('Winom18'); BC_DeleteSvc('Winoh11'); BC_DeleteSvc('Winnn85'); BC_DeleteSvc('Winnk77'); BC_DeleteSvc('Winnf48'); BC_DeleteSvc('Winmr58'); BC_DeleteSvc('Winmh77'); BC_DeleteSvc('Winlx10'); BC_DeleteSvc('Winlt06'); BC_DeleteSvc('Winkx23'); BC_DeleteSvc('Winkp77'); BC_DeleteSvc('Winjt22'); BC_DeleteSvc('Winjo24'); BC_DeleteSvc('Winjh60'); BC_DeleteSvc('Winjg43'); BC_DeleteSvc('Winin42'); BC_DeleteSvc('Winib14'); BC_DeleteSvc('Wingv60'); BC_DeleteSvc('Winge14'); BC_DeleteSvc('Winfu62'); BC_DeleteSvc('Winfu18'); BC_DeleteSvc('Winfs41'); BC_DeleteSvc('Winfk35'); BC_DeleteSvc('Winey40'); BC_DeleteSvc('Winem01'); BC_DeleteSvc('Winds47'); BC_DeleteSvc('Wincw06'); BC_DeleteSvc('Winct06'); BC_DeleteSvc('Winbs62'); BC_DeleteSvc('Winar80'); BC_DeleteSvc('ALGRpcSs'); BC_DeleteSvc('ALGseclogonVSS'); BC_DeleteSvc('BrowserImapiServiceSSDPSRVsrserviceUPS'); BC_DeleteSvc('CiSvcPolicyAgent'); BC_DeleteSvc('CryptSvcUPS'); BC_DeleteSvc('CryptSvcUPSDhcpEventSystemAudioSrv'); BC_DeleteSvc('CryptSvcUPSseclogonBrowser'); BC_DeleteSvc('CryptSvcUPSseclogonBrowserDhcp'); BC_DeleteSvc('CryptSvcUPSseclogonBrowserWMPNetworkSvc'); BC_DeleteSvc('DhcpEventSystemAudioSrv'); BC_DeleteSvc('EhttpSrvoseProtectedStorageDnscache'); BC_DeleteSvc('EhttpSrvoseProtectedStorageDnscacheTapiSrvLmHosts'); BC_DeleteSvc('EhttpSrvoseProtectedStorageDnscacheWmi'); BC_DeleteSvc('ekrnRasAuto'); BC_DeleteSvc('ERSvcAlerter'); BC_DeleteSvc('ERSvcSwPrv'); BC_DeleteSvc('EventSystemAudioSrv'); BC_DeleteSvc('EventSystemwinmgmt'); BC_DeleteSvc('helpsvcERSvcAlerter'); BC_DeleteSvc('HidServWZCSVCALGCiSvc'); BC_DeleteSvc('ImapiServiceSSDPSRV'); BC_DeleteSvc('ImapiServiceSSDPSRVsrserviceUPS'); BC_DeleteSvc('ImapiServiceSSDPSRVsrserviceUPSNetDDEsrserviceUPS'); BC_DeleteSvc('lanmanworkstationWmiApSrv'); BC_DeleteSvc('mnmsrvcLmHosts'); BC_DeleteSvc('mnmsrvcTermServiceAppMgmt'); BC_DeleteSvc('NetDDESchedule'); BC_DeleteSvc('NetDDEsrserviceUPS'); BC_DeleteSvc('NetmanoseProtectedStorageDnscache'); BC_DeleteSvc('NtLmSspCryptSvcUPSseclogonBrowserDhcp'); BC_DeleteSvc('oseProtectedStorage'); BC_DeleteSvc('oseProtectedStorageDnscache'); BC_DeleteSvc('ProtectedStoragemnmsrvc'); BC_DeleteSvc('RemoteAccessdmserver'); BC_DeleteSvc('RpcSsdmadmin'); BC_DeleteSvc('RpcSsstisvc'); BC_DeleteSvc('seclogonBrowser'); BC_DeleteSvc('seclogonEventSystem'); BC_DeleteSvc('seclogonRDSessMgr'); BC_DeleteSvc('seclogonVSS'); BC_DeleteSvc('SharedAccesswuauserv'); BC_DeleteSvc('SpoolerWMPNetworkSvc'); BC_DeleteSvc('srserviceUPS'); BC_DeleteSvc('SwPrvWZCSVCALGCiSvc'); BC_DeleteSvc('TapiSrvLmHosts'); BC_DeleteSvc('TermServiceAppMgmt'); BC_DeleteSvc('TermServiceSwPrv'); BC_DeleteSvc('TlntSvrWudfSvc'); BC_DeleteSvc('TlntSvrWudfSvcImapiServiceSSDPSRVsrserviceUPS'); BC_DeleteSvc('TrkWksFastUserSwitchingCompatibility'); BC_DeleteSvc('WebClientPlugPlay'); BC_DeleteSvc('WmdmPmSNWMPNetworkSvc'); BC_DeleteSvc('WmiNetDDEsrserviceUPS'); BC_DeleteSvc('WMPNetworkSvcWZCSVC'); BC_DeleteSvc('wscsvcseclogonBrowser'); BC_DeleteSvc('WZCSVCALG'); BC_DeleteSvc('WZCSVCALGCiSvc'); BC_DeleteSvc('Winru34'); BC_Activate; RebootWindows(true); end.
- Очистите темп-папки, кэш проводников и корзину.
- Закройте все программы, включая Антивирус и Файрвол, Оставьте запущенным только Internet Explorer. Если он не запущен - запустите!!!
- Сделайте повторные логи по правилам.
- Включите Антвирус и Файрволл
- Подключите ПК к интернету/локалке
- Закачайте карантин по ссылке Прислать запрошенный карантин вверху темы.
- Прикрепите логи к новому сообщению.
Статистика проведенного лечения:
- Получено карантинов: 1
- Обработано файлов: 19
- В ходе лечения обнаружены вредоносные программы:
- c:\\program files\\lingobit localizer\\localizer.com - Trojan.Win32.Rabbit.a
Уважаемый(ая) arkannnsk, наши специалисты оказали Вам всю возможную помощь по вашему обращению.
В целях поддержания безопасности вашего компьютера настоятельно рекомендуем:
Чтобы всегда быть в курсе актуальных угроз в области информационной безопасности и сохранять свой компьютер защищенным, рекомендуем следить за последними новостями ИТ-сферы портала Anti-Malware.ru:
Надеемся больше никогда не увидеть ваш компьютер зараженным!
Если Вас не затруднит, пополните пожалуйста нашу базу безопасных файлов.