1. Отключите восстановление системы и антивирус.
2. Выполните скрипт в AVZ:
Код:
begin
ClearHostsFile;
ClearQuarantine;
SetAVZGuardStatus(True);
RegKeyIntParamWrite('HKLM','SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer','NoDriveTypeAutoRun', 221);
QuarantineFile('E:\autorun.exe','');
QuarantineFile('H:\autorun.inf','');
QuarantineFile('C:\Windows\System32\zxdOjW.dll','');
QuarantineFile('C:\Windows\System32\xHitqM.dll','');
QuarantineFile('C:\Windows\System32\VuSFlo.dll','');
QuarantineFile('C:\Windows\System32\vrodsQ.dll','');
QuarantineFile('C:\Windows\System32\vaTBbZ.dll','');
QuarantineFile('C:\Windows\System32\UZQQwO.dll','');
QuarantineFile('C:\Windows\System32\UyQHyz.dll','');
QuarantineFile('C:\Windows\System32\tDRjJV.dll','');
QuarantineFile('C:\Windows\System32\SaftVd.dll','');
QuarantineFile('C:\Windows\System32\qNamOc.dll','');
QuarantineFile('C:\Windows\System32\QhUSEF.dll','');
QuarantineFile('C:\Windows\System32\PsxwlM.dll','');
QuarantineFile('C:\Windows\System32\paAZfl.dll','');
QuarantineFile('C:\Windows\System32\nVRmAh.dll','');
QuarantineFile('C:\Windows\System32\mZbKAa.dll','');
QuarantineFile('C:\Windows\System32\jZcELF.dll','');
QuarantineFile('C:\Windows\System32\jReFaj.dll','');
QuarantineFile('C:\Windows\System32\ighbEe.dll','');
QuarantineFile('C:\Windows\System32\HyXQER.dll','');
QuarantineFile('C:\Windows\System32\FdLMTf.dll','');
QuarantineFile('C:\Windows\System32\EQocwc.dll','');
QuarantineFile('C:\Windows\System32\eGAAIE.dll','');
QuarantineFile('C:\Windows\System32\efInFH.dll','');
QuarantineFile('C:\Windows\System32\dgibvJ.dll','');
QuarantineFile('C:\Windows\System32\bVBOTs.dll','');
QuarantineFile('C:\Windows\Installer\82fc8.msi','');
QuarantineFile('C:\Windows\system32\cryptsrv.dll','');
QuarantineFile('C:\RECYCLER\S-1-5-21-4960028462-8825371427-661096211-8607\hdav.exe','');
DeleteFile('C:\RECYCLER\S-1-5-21-4960028462-8825371427-661096211-8607\hdav.exe');
DeleteFile('C:\Windows\Installer\82fc8.msi');
DeleteFile('C:\Windows\System32\bVBOTs.dll');
DeleteFile('C:\Windows\System32\dgibvJ.dll');
DeleteFile('C:\Windows\System32\efInFH.dll');
DeleteFile('C:\Windows\System32\eGAAIE.dll');
DeleteFile('C:\Windows\System32\EQocwc.dll');
DeleteFile('C:\Windows\System32\FdLMTf.dll');
DeleteFile('C:\Windows\System32\HyXQER.dll');
DeleteFile('C:\Windows\System32\ighbEe.dll');
DeleteFile('C:\Windows\System32\jReFaj.dll');
DeleteFile('C:\Windows\System32\jZcELF.dll');
DeleteFile('C:\Windows\System32\mZbKAa.dll');
DeleteFile('C:\Windows\System32\nVRmAh.dll');
DeleteFile('C:\Windows\System32\paAZfl.dll');
DeleteFile('C:\Windows\System32\PsxwlM.dll');
DeleteFile('C:\Windows\System32\QhUSEF.dll');
DeleteFile('C:\Windows\System32\qNamOc.dll');
DeleteFile('C:\Windows\System32\SaftVd.dll');
DeleteFile('C:\Windows\System32\tDRjJV.dll');
DeleteFile('C:\Windows\System32\UyQHyz.dll');
DeleteFile('C:\Windows\System32\UZQQwO.dll');
DeleteFile('C:\Windows\System32\vaTBbZ.dll');
DeleteFile('C:\Windows\System32\vrodsQ.dll');
DeleteFile('C:\Windows\System32\VuSFlo.dll');
DeleteFile('C:\Windows\System32\xHitqM.dll');
DeleteFile('C:\Windows\System32\zxdOjW.dll');
DeleteFile('H:\autorun.inf');
DeleteFile('E:\autorun.exe');
BC_ImportDeletedList;
ExecuteSysClean;
ExecuteWizard('TSW', 3, 3, true);
BC_Activate;
RebootWindows(true);
end.
После выполнения скрипта компьютер перезагрузится!
Пришлите карантин согласно приложению 3 правил.
Загружать по ссылке: http://virusinfo.info/upload_virus.php?tid=52125
3. Пробуем сделать логи в обычном режиме.