Junior Member
Вес репутации
63
Trojan.Win32.Dialer
Никак не могу выличиться от Dialer(a). Через пару минут после подключения к сети вылезает непонятная иконка и сеть отрубается. При последующих подключениях все повторяется. После 5-го подключения комп перезагружается. WEВ и Касперский его не находят.
Вложения
Будь в курсе!
Будь в курсе!
Надоело быть жертвой? Стань профи по информационной безопасности, получай самую свежую информацию об угрозах и средствах защиты от ведущего российского аналитического центра Anti-Malware.ru:
Выполните скрипт в AVZ
Код:
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
QuarantineFile('reg add HKLM\software\Microsoft\Internet Explorer\Main','');
QuarantineFile('reg add HKCU\software\Microsoft\Internet Explorer\Main','');
QuarantineFile('C:\WINNT\system32\svshost.dll','');
QuarantineFile('c:\winnt\smss.exe','');
DeleteFile('c:\winnt\smss.exe');
DeleteFile('C:\WINNT\system32\svshost.dll');
DeleteFile('reg add HKCU\software\Microsoft\Internet Explorer\Main');
DeleteFile('reg add HKLM\software\Microsoft\Internet Explorer\Main');
BC_ImportALL;
ExecuteSysClean;
ExecuteRepair(2);
BC_LogFile(GetAVZDirectory + 'boot_clr.log');
BC_Activate;
RebootWindows(true);
end.
После перезагрузки "пофиксите" в HijackThis
Код:
O4 - HKLM\..\Run: [msmsg] reg add "HKCU\software\Microsoft\Internet Explorer\Main" /v "Start Page" /t REG_SZ /d http://start.traffer.ru/ /f
O4 - HKLM\..\Run: [msn] reg add "HKLM\software\Microsoft\Internet Explorer\Main" /v "First Home Page" /t REG_SZ /d http://start.traffer.ru/first/ /f
O16 - DPF: {33331111-1111-1111-1111-611111193423 codeBase=http://www.www2.p0rt2.com/files/777.cab id=i} -
O16 - DPF: {33331111-1111-1111-1111-611111193423} - http://www.www2.p0rt2.com/files/777.cab
O16 - DPF: {33331111-1111-1111-1111-611111193429 codeBase=http://www.www2.p0rt2.com/files/_ipsec_.cab id=i} -
O16 - DPF: {33331111-1111-1111-1111-611111193429} - http://www.www2.p0rt2.com/files/_ipsec_.cab
O16 - DPF: {33331111-1111-1111-1111-615111193427 codeBase=http://www.www2.p0rt2.com/files/epl165bf2.cab id=e} -
O16 - DPF: {33331111-1111-1111-1111-615111193427} - http://www.www2.p0rt2.com/files/epl165bf2.cab
O16 - DPF: {CT classid=clsid:33331111-1111-1111-1111-615111193427 codeBase=http://www.www2.p0rt2.com/files/epl165bf2.cab id=e} -
O21 - SSODL: SysRun - {D5FFE783-5276-41D1-887B-00267810A9C7} - C:\WINNT\system32\svshost.dll (file missing)
O23 - Service: Windows NT-Session Manager - Unknown owner - C:\WINNT\smss.exe
Пришлите файлы карантина по правилам раздела "Помогите".
Повторите логи, а также добавьте файл boot_clr.log из папки AVZ.
А что вот это такое?
Код:
O23 - Service: 01326 - Unknown owner - \\172.16.11.169\Admin$\eraseme_77305.exe (file missing)
O23 - Service: 02434 - Unknown owner - \\172.16.11.169\Admin$\eraseme_80671.exe (file missing)
O23 - Service: 02458 - Unknown owner - \\172.16.11.169\Admin$\eraseme_55268.exe (file missing)
O23 - Service: 02460 - Unknown owner - \\172.16.11.169\Admin$\eraseme_70336.exe (file missing)
O23 - Service: 03581 - Unknown owner - \\172.16.11.169\Admin$\eraseme_84713.exe (file missing)
O23 - Service: 04628 - Unknown owner - \\172.16.11.169\Admin$\eraseme_05701.exe (file missing)
O23 - Service: 05065 - Unknown owner - \\172.16.11.169\Admin$\eraseme_75564.exe (file missing)
O23 - Service: 07200 - Unknown owner - \\172.16.11.169\Admin$\eraseme_76066.exe (file missing)
O23 - Service: 07260 - Unknown owner - \\172.16.11.169\Admin$\eraseme_27887.exe (file missing)
O23 - Service: 11137 - Unknown owner - \\172.16.11.169\Admin$\eraseme_10027.exe (file missing)
O23 - Service: 13382 - Unknown owner - \\172.16.11.169\Admin$\eraseme_77205.exe (file missing)
O23 - Service: 13705 - Unknown owner - \\172.16.11.169\Admin$\eraseme_31851.exe (file missing)
O23 - Service: 14103 - Unknown owner - \\172.16.11.169\Admin$\eraseme_35073.exe (file missing)
O23 - Service: 15488 - Unknown owner - \\172.16.11.169\Admin$\eraseme_81478.exe (file missing)
O23 - Service: 17681 - Unknown owner - \\172.16.11.169\Admin$\eraseme_44216.exe (file missing)
O23 - Service: 20340 - Unknown owner - \\172.16.11.169\Admin$\eraseme_88671.exe (file missing)
O23 - Service: 22811 - Unknown owner - \\172.16.11.169\Admin$\eraseme_18530.exe (file missing)
O23 - Service: 24063 - Unknown owner - \\172.16.11.169\Admin$\eraseme_04600.exe (file missing)
O23 - Service: 25210 - Unknown owner - \\192.168.11.169\Admin$\eraseme_36480.exe (file missing)
O23 - Service: 30580 - Unknown owner - \\172.16.11.169\Admin$\eraseme_56582.exe (file missing)
O23 - Service: 32233 - Unknown owner - \\172.16.11.169\Admin$\eraseme_11048.exe (file missing)
O23 - Service: 32814 - Unknown owner - \\172.16.11.169\Admin$\eraseme_07171.exe (file missing)
O23 - Service: 36021 - Unknown owner - \\172.16.11.169\Admin$\eraseme_65863.exe (file missing)
O23 - Service: 36268 - Unknown owner - \\172.16.11.169\Admin$\eraseme_84307.exe (file missing)
O23 - Service: 36551 - Unknown owner - \\172.16.11.169\Admin$\eraseme_62378.exe (file missing)
O23 - Service: 36728 - Unknown owner - \\172.16.11.169\Admin$\eraseme_14418.exe (file missing)
O23 - Service: 41523 - Unknown owner - \\172.16.11.169\Admin$\eraseme_25611.exe (file missing)
O23 - Service: 42677 - Unknown owner - \\172.16.11.169\Admin$\eraseme_74385.exe (file missing)
O23 - Service: 44150 - Unknown owner - \\172.16.11.169\Admin$\eraseme_76726.exe (file missing)
O23 - Service: 44702 - Unknown owner - \\172.16.11.169\Admin$\eraseme_57201.exe (file missing)
O23 - Service: 46638 - Unknown owner - \\172.16.11.169\Admin$\eraseme_42332.exe (file missing)
O23 - Service: 47317 - Unknown owner - \\172.16.11.169\Admin$\eraseme_85372.exe (file missing)
O23 - Service: 50446 - Unknown owner - \\172.16.11.169\Admin$\eraseme_20073.exe (file missing)
O23 - Service: 51437 - Unknown owner - \\172.16.11.169\Admin$\eraseme_52322.exe (file missing)
O23 - Service: 51442 - Unknown owner - \\172.16.11.169\Admin$\eraseme_72855.exe (file missing)
O23 - Service: 53167 - Unknown owner - \\172.16.11.169\Admin$\eraseme_58217.exe (file missing)
O23 - Service: 54330 - Unknown owner - \\172.16.11.169\Admin$\eraseme_01815.exe (file missing)
O23 - Service: 56327 - Unknown owner - \\172.16.11.169\Admin$\eraseme_32478.exe (file missing)
O23 - Service: 57530 - Unknown owner - \\172.16.11.169\Admin$\eraseme_01628.exe (file missing)
O23 - Service: 57615 - Unknown owner - \\172.16.11.169\Admin$\eraseme_35547.exe (file missing)
O23 - Service: 58037 - Unknown owner - \\172.16.11.169\Admin$\eraseme_58253.exe (file missing)
O23 - Service: 58513 - Unknown owner - \\172.16.11.169\Admin$\eraseme_26424.exe (file missing)
O23 - Service: 58570 - Unknown owner - \\172.16.11.169\Admin$\eraseme_88211.exe (file missing)
O23 - Service: 58786 - Unknown owner - \\172.16.11.169\Admin$\eraseme_15375.exe (file missing)
O23 - Service: 61460 - Unknown owner - \\172.16.11.169\Admin$\eraseme_13441.exe (file missing)
O23 - Service: 61522 - Unknown owner - \\172.16.11.169\d$\winnt\system32\eraseme_48420.exe (file missing)
O23 - Service: 62881 - Unknown owner - \\172.16.11.169\Admin$\eraseme_15307.exe (file missing)
O23 - Service: 64276 - Unknown owner - \\172.16.11.169\Admin$\eraseme_38812.exe (file missing)
O23 - Service: 70500 - Unknown owner - \\172.16.11.169\Admin$\eraseme_43727.exe (file missing)
O23 - Service: 72602 - Unknown owner - \\172.16.11.169\Admin$\eraseme_08368.exe (file missing)
O23 - Service: 73411 - Unknown owner - \\172.16.11.169\Admin$\eraseme_21103.exe (file missing)
O23 - Service: 73736 - Unknown owner - \\172.16.11.169\Admin$\eraseme_76757.exe (file missing)
O23 - Service: 73811 - Unknown owner - \\172.16.11.169\Admin$\eraseme_67745.exe (file missing)
O23 - Service: 76480 - Unknown owner - \\172.16.11.169\Admin$\eraseme_60543.exe (file missing)
O23 - Service: 77663 - Unknown owner - \\172.16.11.169\Admin$\eraseme_07677.exe (file missing)
O23 - Service: 78224 - Unknown owner - \\172.16.11.169\Admin$\eraseme_80624.exe (file missing)
O23 - Service: 80682 - Unknown owner - \\172.16.11.169\Admin$\eraseme_44825.exe (file missing)
O23 - Service: 82863 - Unknown owner - \\172.16.11.169\Admin$\eraseme_10385.exe (file missing)
O23 - Service: 84677 - Unknown owner - \\172.16.11.169\Admin$\eraseme_07871.exe (file missing)
O23 - Service: 84684 - Unknown owner - \\172.16.11.169\Admin$\eraseme_08678.exe (file missing)
O23 - Service: 86823 - Unknown owner - \\172.16.11.169\Admin$\eraseme_17260.exe (file missing)
O23 - Service: 88862 - Unknown owner - \\172.16.11.169\Admin$\eraseme_30841.exe (file missing)
Последний раз редактировалось Макcим; 11.04.2007 в 22:34 .
Самое интересное - чьи это адреса?
192.168.11.169 и 172.16.11.169 - зверьё точно пришло (и продолжает, видимо, приходить) оттуда.