AVPTool не справился. Лечит, потом перезагружается, потом опять находит лечит, опять перезагружается и так до бесконечности.
Спасибо за помощь.
AVPTool не справился. Лечит, потом перезагружается, потом опять находит лечит, опять перезагружается и так до бесконечности.
Спасибо за помощь.
Добрый день!
-Отключите восстановление системы!
В AVZ выполните скрипт:
Компьютер перезагрузится.Код:begin SearchRootkit(true, true); SetAVZGuardStatus(True); TerminateProcessByName('c:\windows\system32\roryjotab.exe'); TerminateProcessByName('c:\documents and settings\localservice.nt authority.000\application data\microsoft\pilogoh.exe'); TerminateProcessByName('c:\docume~1\tanya\locals~1\temp\sjlfhflodqhh3e693efe.tmp'); QuarantineFile('C:\Documents and Settings\LocalService.NT AUTHORITY.000\Application Data\Microsoft\locybiry.exe',''); QuarantineFile('c:\documents and settings\localservice.nt authority.000\application data\microsoft\pilogoh.exe',''); QuarantineFile('C:\Program Files\PGXP\Samples\VbWiz\VbWiz.exe',''); QuarantineFile('C:\Documents and Settings\Tanya\Local Settings\Temporary Internet Files\Content.IE5\AOVIJ229\l[1].exe',''); QuarantineFile('C:\Documents and Settings\Tanya\Local Settings\Temp\926.exe',''); QuarantineFile('C:\Documents and Settings\Tanya\Local Settings\Temp\916.exe',''); QuarantineFile('C:\Documents and Settings\Tanya\Local Settings\Temp\902.exe',''); QuarantineFile('C:\Documents and Settings\Tanya\Local Settings\Temp\899.exe',''); QuarantineFile('C:\Documents and Settings\Tanya\Local Settings\Temp\880.exe',''); QuarantineFile('C:\Documents and Settings\Tanya\Local Settings\Temp\861637.exe',''); QuarantineFile('C:\Documents and Settings\Tanya\Local Settings\Temp\8219.exe',''); QuarantineFile('C:\Documents and Settings\Tanya\Local Settings\Temp\798.exe',''); QuarantineFile('C:\Documents and Settings\Tanya\Local Settings\Temp\77849.exe',''); QuarantineFile('C:\Documents and Settings\Tanya\Local Settings\Temp\603.exe',''); QuarantineFile('C:\Documents and Settings\Tanya\Local Settings\Temp\570.exe',''); QuarantineFile('C:\Documents and Settings\Tanya\Local Settings\Temp\566.exe',''); QuarantineFile('C:\Documents and Settings\Tanya\Local Settings\Temp\534.exe',''); QuarantineFile('C:\Documents and Settings\Tanya\Local Settings\Temp\500.exe',''); QuarantineFile('C:\Documents and Settings\Tanya\Local Settings\Temp\447.exe',''); QuarantineFile('C:\Documents and Settings\Tanya\Local Settings\Temp\4307.exe',''); QuarantineFile('C:\Documents and Settings\Tanya\Local Settings\Temp\403.exe',''); QuarantineFile('C:\Documents and Settings\Tanya\Local Settings\Temp\325.exe',''); QuarantineFile('C:\Documents and Settings\Tanya\Local Settings\Temp\258.exe',''); QuarantineFile('C:\Documents and Settings\Tanya\Local Settings\Temp\178.exe',''); QuarantineFile('C:\Documents and Settings\Tanya\Local Settings\Temp\095.exe',''); QuarantineFile('C:\Documents and Settings\Tanya\Local Settings\Temp\059.exe',''); QuarantineFile('C:\Documents and Settings\Tanya\Local Settings\Temp\02980.exe',''); QuarantineFile('C:\Documents and Settings\Tanya\Start Menu\Programs\Startup\vrmhntja.exe',''); QuarantineFile('C:\Documents and Settings\Tanya\Start Menu\Programs\Startup\kv3rs79jfq.exe',''); QuarantineFile('C:\Documents and Settings\Tanya\Start Menu\Programs\Startup\9s1ozvg.exe',''); QuarantineFile('C:\Documents and Settings\Tanya\Start Menu\Programs\Startup\3ezpqlb.exe',''); QuarantineFile('C:\Documents and Settings\LocalService.NT AUTHORITY.000\Application Data\Microsoft\roryjotab.exe',''); QuarantineFile('C:\WINDOWS\system32\symmovune.exe',''); QuarantineFile('c:\docume~1\tanya\locals~1\temp\sjlfhflodqhh3e693efe.tmp',''); QuarantineFile('c:\windows\system32\roryjotab.exe',''); DeleteService('dyat5iakvm'); RegKeyParamDel('HKEY_USERS','.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run','dyfel'); RegKeyParamDel('HKEY_USERS','S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run','dyfel'); RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','dyfel'); RegKeyParamDel('HKEY_USERS','.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run','tyce'); RegKeyParamDel('HKEY_USERS','S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run','tyce'); RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','tyce'); DeleteFile('c:\documents and settings\localservice.nt authority.000\application data\microsoft\pilogoh.exe'); DeleteFile('C:\Documents and Settings\LocalService.NT AUTHORITY.000\Application Data\Microsoft\locybiry.exe'); DeleteFile('c:\docume~1\tanya\locals~1\temp\sjlfhflodqhh3e693efe.tmp'); DeleteFile('C:\WINDOWS\system32\symmovune.exe'); DeleteFile('C:\Documents and Settings\LocalService.NT AUTHORITY.000\Application Data\Microsoft\roryjotab.exe'); DeleteFile('C:\Documents and Settings\Tanya\Start Menu\Programs\Startup\3ezpqlb.exe'); DeleteFile('C:\Documents and Settings\Tanya\Start Menu\Programs\Startup\9s1ozvg.exe'); DeleteFile('C:\Documents and Settings\Tanya\Start Menu\Programs\Startup\kv3rs79jfq.exe'); DeleteFile('C:\Documents and Settings\Tanya\Start Menu\Programs\Startup\vrmhntja.exe'); DeleteFile('C:\WINDOWS\system32\roryjotab.exe'); DeleteFile('C:\Documents and Settings\Tanya\Local Settings\Temp\02980.exe'); DeleteFile('C:\Documents and Settings\Tanya\Local Settings\Temp\059.exe'); DeleteFile('C:\Documents and Settings\Tanya\Local Settings\Temp\095.exe'); DeleteFile('C:\Documents and Settings\Tanya\Local Settings\Temp\178.exe'); DeleteFile('C:\Documents and Settings\Tanya\Local Settings\Temp\258.exe'); DeleteFile('C:\Documents and Settings\Tanya\Local Settings\Temp\325.exe'); DeleteFile('C:\Documents and Settings\Tanya\Local Settings\Temp\403.exe'); DeleteFile('C:\Documents and Settings\Tanya\Local Settings\Temp\4307.exe'); DeleteFile('C:\Documents and Settings\Tanya\Local Settings\Temp\447.exe'); DeleteFile('C:\Documents and Settings\Tanya\Local Settings\Temp\500.exe'); DeleteFile('C:\Documents and Settings\Tanya\Local Settings\Temp\534.exe'); DeleteFile('C:\Documents and Settings\Tanya\Local Settings\Temp\566.exe'); DeleteFile('C:\Documents and Settings\Tanya\Local Settings\Temp\570.exe'); DeleteFile('C:\Documents and Settings\Tanya\Local Settings\Temp\603.exe'); DeleteFile('C:\Documents and Settings\Tanya\Local Settings\Temp\77849.exe'); DeleteFile('C:\Documents and Settings\Tanya\Local Settings\Temp\798.exe'); DeleteFile('C:\Documents and Settings\Tanya\Local Settings\Temp\8219.exe'); DeleteFile('C:\Documents and Settings\Tanya\Local Settings\Temp\861637.exe'); DeleteFile('C:\Documents and Settings\Tanya\Local Settings\Temp\880.exe'); DeleteFile('C:\Documents and Settings\Tanya\Local Settings\Temp\899.exe'); DeleteFile('C:\Documents and Settings\Tanya\Local Settings\Temp\902.exe'); DeleteFile('C:\Documents and Settings\Tanya\Local Settings\Temp\916.exe'); DeleteFile('C:\Documents and Settings\Tanya\Local Settings\Temp\926.exe'); DeleteFile('C:\Documents and Settings\Tanya\Local Settings\Temporary Internet Files\Content.IE5\AOVIJ229\l[1].exe'); DeleteFileMask('C:\Documents and Settings\Tanya\Local Settings\Temp', '*.*', true); BC_ImportAll; ExecuteSysClean; BC_DeleteSvc('dyat5iakvm'); BC_Activate; RebootWindows(true); end.
Загрузите карантин согласно приложению 3 правил помощи.
Повторите логи AVZ и HiJackThis + лог MBAM
Последний раз редактировалось Nexus; 26.03.2011 в 11:02.
Сделал.
Сначала сканировал MBAM, а потом AVZ и HiJackThis (если порядок важен)
-Отключите все защитное ПО
В AVZ выполните скрипт:
Компьютер перезагрузится.Код:begin SearchRootkit(true, true); SetAVZGuardStatus(True); DeleteFileMask(GetAVZDirectory + 'Quarantine', '*.*', true); TerminateProcessByName('c:\documents and settings\localservice.nt authority.000\application data\microsoft\vykoufapo.exe'); TerminateProcessByName('c:\windows\temp\sjlfhflodqhh3e693efe.tmp'); StopService('zx1hyyooai7a5'); QuarantineFile('c:\WINDOWS\system32\ftp.exe',''); BC_DeleteFile('c:\windows\temp\sjlfhflodqhh3e693efe.tmp'); BC_DeleteFile('C:\Documents and Settings\LocalService.NT AUTHORITY.000\Application Data\Microsoft\vykoufapo.exe'); BC_DeleteFile('C:\Documents and Settings\LocalService.NT AUTHORITY.000\Application Data\Microsoft\roryjotab.exe'); RegKeyParamDel('HKEY_USERS','.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run','tyce'); RegKeyParamDel('HKEY_USERS','S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run','tyce'); DeleteFileMask('c:\windows\temp', '*.*', true); ExecuteSysClean; BC_DeleteSvc('zx1hyyooai7a5'); BC_Activate; SetAVZPMStatus(true); RebootWindows(true); end.
Загрузите карантин согласно приложению 3 правил помощи.
Удалите в MBAM
Внимание! Официальная поддержка (и выпуск обновлений) для Windows XP SP2 прекращенаКод:Заражённые папки: c:\RESTORE\k-1-3542-4232123213-7676767-8888886 (Trojan.Agent) -> No action taken. Заражённые файлы: c:\documents and settings\localservice.nt authority.000\local settings\temporary internet files\Content.IE5\BCB0LST2\test1[1].gif (Extension.Mismatch) -> No action taken. c:\documents and settings\localservice.nt authority.000\local settings\temporary internet files\Content.IE5\ERD9TBQT\test1[1].gif (Extension.Mismatch) -> No action taken. c:\documents and settings\localservice.nt authority.000\local settings\temporary internet files\Content.IE5\ERD9TBQT\test1[2].gif (Extension.Mismatch) -> No action taken. c:\documents and settings\localservice.nt authority.000\local settings\temporary internet files\Content.IE5\JO5NTIL8\test1[1].gif (Extension.Mismatch) -> No action taken. c:\documents and settings\Tanya\Desktop\avz4\quarantine\2011-03-26\avz00003.dta (Trojan.Dropper) -> No action taken. c:\documents and settings\Tanya\Desktop\avz4\quarantine\2011-03-26\avz00004.dta (Trojan.Dropper) -> No action taken. c:\documents and settings\Tanya\Desktop\avz4\quarantine\2011-03-26\avz00005.dta (Trojan.Dropper) -> No action taken. c:\documents and settings\Tanya\Desktop\avz4\quarantine\2011-03-26\avz00006.dta (Trojan.Dropper) -> No action taken. c:\documents and settings\Tanya\Desktop\avz4\quarantine\2011-03-26\avz00007.dta (Trojan.Dropper) -> No action taken. c:\documents and settings\Tanya\Desktop\avz4\quarantine\2011-03-26\avz00008.dta (Trojan.Dropper) -> No action taken. c:\documents and settings\Tanya\Desktop\avz4\quarantine\2011-03-26\avz00009.dta (Trojan.Dropper) -> No action taken. c:\documents and settings\Tanya\Desktop\avz4\quarantine\2011-03-26\avz00010.dta (Trojan.Dropper) -> No action taken. c:\documents and settings\Tanya\Desktop\avz4\quarantine\2011-03-26\avz00011.dta (Trojan.Dropper) -> No action taken. c:\documents and settings\Tanya\Desktop\avz4\quarantine\2011-03-26\avz00012.dta (Trojan.Dropper) -> No action taken. c:\documents and settings\Tanya\Desktop\avz4\quarantine\2011-03-26\avz00013.dta (Trojan.Dropper) -> No action taken. c:\documents and settings\Tanya\Desktop\avz4\quarantine\2011-03-26\avz00014.dta (Trojan.Dropper) -> No action taken. c:\documents and settings\Tanya\Desktop\avz4\quarantine\2011-03-26\avz00015.dta (Trojan.Dropper) -> No action taken. c:\documents and settings\Tanya\Desktop\avz4\quarantine\2011-03-26\avz00016.dta (Trojan.Dropper) -> No action taken. c:\documents and settings\Tanya\Desktop\avz4\quarantine\2011-03-26\avz00017.dta (Trojan.Dropper) -> No action taken. c:\documents and settings\Tanya\Desktop\avz4\quarantine\2011-03-26\avz00018.dta (Trojan.Dropper) -> No action taken. c:\documents and settings\Tanya\Desktop\avz4\quarantine\2011-03-26\avz00019.dta (Trojan.Dropper) -> No action taken. c:\documents and settings\Tanya\Desktop\avz4\quarantine\2011-03-26\avz00020.dta (Trojan.Dropper) -> No action taken. c:\documents and settings\Tanya\Desktop\avz4\quarantine\2011-03-26\avz00021.dta (Trojan.Dropper) -> No action taken. c:\documents and settings\Tanya\Desktop\avz4\quarantine\2011-03-26\avz00022.dta (Trojan.Dropper) -> No action taken. c:\documents and settings\Tanya\Desktop\avz4\quarantine\2011-03-26\avz00023.dta (Trojan.Dropper) -> No action taken. c:\documents and settings\Tanya\Desktop\avz4\quarantine\2011-03-26\avz00024.dta (Trojan.Dropper) -> No action taken. c:\documents and settings\Tanya\Desktop\avz4\quarantine\2011-03-26\avz00025.dta (Trojan.Dropper) -> No action taken. c:\documents and settings\Tanya\Desktop\avz4\quarantine\2011-03-26\avz00026.dta (Trojan.Dropper) -> No action taken. c:\documents and settings\Tanya\Desktop\avz4\quarantine\2011-03-26\avz00027.dta (Trojan.Dropper) -> No action taken. c:\documents and settings\Tanya\Desktop\avz4\quarantine\2011-03-26\avz00028.dta (Trojan.Dropper) -> No action taken. c:\documents and settings\Tanya\Desktop\avz4\quarantine\2011-03-26\avz00029.dta (Trojan.Dropper) -> No action taken. c:\documents and settings\Tanya\Desktop\avz4\quarantine\2011-03-26\avz00030.dta (Trojan.Dropper) -> No action taken. c:\documents and settings\Tanya\local settings\temporary internet files\Content.IE5\AOVIJ229\malin[1].exe (Trojan.FakeAlert) -> No action taken. c:\documents and settings\Tanya\local settings\temporary internet files\Content.IE5\AOVIJ229\zu[1].exe (Trojan.Refroso) -> No action taken. c:\documents and settings\Tanya\local settings\temporary internet files\Content.IE5\G5KQXR7G\server1[1].exe (Trojan.Agent) -> No action taken. c:\RESTORE\k-1-3542-4232123213-7676767-8888886\Desktop.ini (Trojan.Agent) -> No action taken.
Установите SP3 (может потребоваться активация) + все новые обновления для Windows
затем,
Повторите логи AVZ + лог MBAM
Последний раз редактировалось Nexus; 26.03.2011 в 15:27.
Готово.
Спасибо за оперативную помощь.
- Отключите все защитное ПО
В AVZ выполните скрипт:
Компьютер перезагрузится.Код:begin SearchRootkit(true, true); SetAVZGuardStatus(True); StopService('dyat5iakvm'); DeleteService('dyat5iakvm'); DeleteFile('C:\Documents and Settings\LocalService.NT AUTHORITY.000\Application Data\Microsoft\symmovune.exe'); DeleteFile('C:\RECYCLER\S-1-5-21-1292428093-2139871995-839522115-1003\Dc746.htm'); DeleteFile('C:\RECYCLER\S-1-5-21-1292428093-2139871995-839522115-1003\Dc753\urchin.js'); BC_ImportAll; ExecuteSysClean; BC_DeleteSvc('dyat5iakvm'); BC_DeleteFile('C:\Documents and Settings\LocalService.NT AUTHORITY.000\Application Data\Microsoft\symmovune.exe'); BC_Activate; RebootWindows(true); end.
Повторите логи AVZ + лог MBAM (полное сканирование!)
Уже вроде бы чисто.
MBAM удалил последний вирус, бэкап которого сделал устаовщик SP3.
А карантин почему в прошлый раз не загрузили?
Удалите в MBAM
Далее зайдите в AVZ - пункт AVZPM - Удалить и выгрузить драйвер расширенного монитора процессов.Код:Заражённые файлы: c:\WINDOWS\$ntservicepackuninstall$\ftp.exe (Trojan.Agent.Gen) -> No action taken.
В логе более зловредов не наблюдается.
Статистика проведенного лечения:
- Получено карантинов: 2
- Обработано файлов: 35
- В ходе лечения обнаружены вредоносные программы:
- c:\\documents and settings\\localservice.nt authority.000\\application data\\microsoft\\locybiry.exe - IM-Worm.Win32.Yahos.aht ( DrWEB: Trojan.DownLoader2.24522, BitDefender: Worm.Generic.321395, NOD32: Win32/Agent.ONH trojan, AVAST4: Win32:Malware-gen )
- c:\\documents and settings\\localservice.nt authority.000\\application data\\microsoft\\roryjotab.exe - IM-Worm.Win32.Yahos.aht ( DrWEB: Trojan.DownLoader2.24522, BitDefender: Worm.Generic.321395, NOD32: Win32/Agent.ONH trojan, AVAST4: Win32:Malware-gen )
- c:\\documents and settings\\tanya\\local settings\\temporary internet files\\content.ie5\\aovij229\\l[1].exe - Trojan.Win32.Refroso.deft ( DrWEB: Trojan.DownLoader1.37726, BitDefender: Trojan.Generic.5724534, AVAST4: Win32:Inject-AFM [Trj] )
- c:\\documents and settings\\tanya\\local settings\\temp\\02980.exe - Trojan.Win32.Refroso.deft ( DrWEB: Trojan.DownLoader1.37726, BitDefender: Trojan.Generic.5724534, AVAST4: Win32:Inject-AFM [Trj] )
- c:\\documents and settings\\tanya\\local settings\\temp\\059.exe - Trojan.Win32.Ddox.afi ( DrWEB: Win32.HLLW.Lime.18, BitDefender: Gen:Variant.Graftor.13584, AVAST4: Win32:Malware-gen )
- c:\\documents and settings\\tanya\\local settings\\temp\\095.exe - Trojan.Win32.Ddox.afj ( DrWEB: Win32.HLLW.Lime.18, BitDefender: Gen:Variant.Graftor.13584, AVAST4: Win32:Malware-gen )
- c:\\documents and settings\\tanya\\local settings\\temp\\178.exe - Trojan.Win32.Ddox.afj ( DrWEB: Win32.HLLW.Lime.18, BitDefender: Gen:Variant.Graftor.13584, AVAST4: Win32:Malware-gen )
- c:\\documents and settings\\tanya\\local settings\\temp\\258.exe - Trojan.Win32.Inject.bcmu ( DrWEB: Win32.HLLW.Lime.18, BitDefender: Gen:Variant.Graftor.13584, AVAST4: Win32:Malware-gen )
- c:\\documents and settings\\tanya\\local settings\\temp\\325.exe - Trojan.Win32.Ddox.afj ( DrWEB: Win32.HLLW.Lime.18, BitDefender: Gen:Variant.Graftor.13584, AVAST4: Win32:Malware-gen )
- c:\\documents and settings\\tanya\\local settings\\temp\\403.exe - Trojan.Win32.Inject.bcmu ( DrWEB: Win32.HLLW.Lime.18, BitDefender: Gen:Variant.Graftor.13584, AVAST4: Win32:Malware-gen )
- c:\\documents and settings\\tanya\\local settings\\temp\\4307.exe - Trojan.Win32.Refroso.deft ( DrWEB: Trojan.DownLoader1.37726, BitDefender: Trojan.Generic.5724534, AVAST4: Win32:Inject-AFM [Trj] )
- c:\\documents and settings\\tanya\\local settings\\temp\\447.exe - Trojan.Win32.Inject.bcmu ( DrWEB: Win32.HLLW.Lime.18, BitDefender: Gen:Variant.Graftor.13584, AVAST4: Win32:Malware-gen )
- c:\\documents and settings\\tanya\\local settings\\temp\\500.exe - Trojan.Win32.Ddox.afj ( DrWEB: Win32.HLLW.Lime.18, BitDefender: Gen:Variant.Graftor.13584, AVAST4: Win32:Malware-gen )
- c:\\documents and settings\\tanya\\local settings\\temp\\534.exe - Trojan.Win32.Inject.bcmu ( DrWEB: Win32.HLLW.Lime.18, BitDefender: Gen:Variant.Graftor.13584, AVAST4: Win32:Malware-gen )
- c:\\documents and settings\\tanya\\local settings\\temp\\566.exe - Trojan.Win32.Inject.bcmu ( DrWEB: Win32.HLLW.Lime.18, BitDefender: Gen:Variant.Graftor.13584, AVAST4: Win32:Malware-gen )
- c:\\documents and settings\\tanya\\local settings\\temp\\570.exe - Trojan.Win32.Ddox.afj ( DrWEB: Win32.HLLW.Lime.18, BitDefender: Gen:Variant.Graftor.13584, AVAST4: Win32:Malware-gen )
- c:\\documents and settings\\tanya\\local settings\\temp\\603.exe - Trojan.Win32.Ddox.afi ( DrWEB: Win32.HLLW.Lime.18, BitDefender: Gen:Variant.Graftor.13584, AVAST4: Win32:Malware-gen )
- c:\\documents and settings\\tanya\\local settings\\temp\\77849.exe - Trojan.Win32.Refroso.deft ( DrWEB: Trojan.DownLoader1.37726, BitDefender: Trojan.Generic.5724534, AVAST4: Win32:Inject-AFM [Trj] )
- c:\\documents and settings\\tanya\\local settings\\temp\\798.exe - Trojan.Win32.Inject.bcmu ( DrWEB: Win32.HLLW.Lime.18, BitDefender: Gen:Variant.Graftor.13584, AVAST4: Win32:Malware-gen )
- c:\\documents and settings\\tanya\\local settings\\temp\\8219.exe - Trojan.Win32.Refroso.deft ( DrWEB: Trojan.DownLoader1.37726, BitDefender: Trojan.Generic.5724534, AVAST4: Win32:Inject-AFM [Trj] )
- c:\\documents and settings\\tanya\\local settings\\temp\\861637.exe - Trojan.Win32.Refroso.deft ( DrWEB: Trojan.DownLoader1.37726, BitDefender: Trojan.Generic.5724534, AVAST4: Win32:Inject-AFM [Trj] )
- c:\\documents and settings\\tanya\\local settings\\temp\\880.exe - Trojan.Win32.Refroso.deft ( DrWEB: Trojan.DownLoader1.37726, BitDefender: Trojan.Generic.5724534, AVAST4: Win32:Inject-AFM [Trj] )
- c:\\documents and settings\\tanya\\local settings\\temp\\899.exe - Trojan.Win32.Ddox.afj ( DrWEB: Win32.HLLW.Lime.18, BitDefender: Gen:Variant.Graftor.13584, AVAST4: Win32:Malware-gen )
- c:\\documents and settings\\tanya\\local settings\\temp\\902.exe - Trojan.Win32.Inject.bcmu ( DrWEB: Win32.HLLW.Lime.18, BitDefender: Gen:Variant.Graftor.13584, AVAST4: Win32:Malware-gen )
- c:\\documents and settings\\tanya\\local settings\\temp\\916.exe - Trojan.Win32.Ddox.afj ( DrWEB: Win32.HLLW.Lime.18, BitDefender: Gen:Variant.Graftor.13584, AVAST4: Win32:Malware-gen )
- c:\\documents and settings\\tanya\\local settings\\temp\\926.exe - Trojan.Win32.Ddox.afj ( DrWEB: Win32.HLLW.Lime.18, BitDefender: Gen:Variant.Graftor.13584, AVAST4: Win32:Malware-gen )
- c:\\documents and settings\\tanya\\start menu\\programs\\startup\\kv3rs79jfq.exe - Trojan.Win32.Menti.hyq ( DrWEB: Trojan.MulDrop2.17500, BitDefender: Trojan.Generic.6119965, AVAST4: Win32:Inject-AFM [Trj] )
- c:\\documents and settings\\tanya\\start menu\\programs\\startup\\vrmhntja.exe - Trojan.Win32.Menti.hyq ( DrWEB: Trojan.MulDrop2.17500, BitDefender: Trojan.Generic.6119965, AVAST4: Win32:Inject-AFM [Trj] )
- c:\\documents and settings\\tanya\\start menu\\programs\\startup\\3ezpqlb.exe - Trojan.Win32.Menti.hyq ( DrWEB: Trojan.MulDrop2.17500, BitDefender: Trojan.Generic.6119965, AVAST4: Win32:Inject-AFM [Trj] )
- c:\\documents and settings\\tanya\\start menu\\programs\\startup\\9s1ozvg.exe - Trojan.Win32.Menti.hyq ( DrWEB: Trojan.MulDrop2.17500, BitDefender: Trojan.Generic.6119965, AVAST4: Win32:Inject-AFM [Trj] )
- c:\\docume~1\\tanya\\locals~1\\temp\\sjlfhflodqhh3 e693efe.tmp - Trojan-Downloader.Win32.Agent.gblp ( DrWEB: Trojan.Spambot.9958, BitDefender: Backdoor.Generic.610880, AVAST4: Win32:Malware-gen )
- c:\\windows\\system32\\roryjotab.exe - IM-Worm.Win32.Yahos.aht ( DrWEB: Trojan.DownLoader2.24522, BitDefender: Worm.Generic.321395, NOD32: Win32/Agent.ONH trojan, AVAST4: Win32:Malware-gen )
- c:\\windows\\system32\\symmovune.exe - IM-Worm.Win32.Yahos.aht ( DrWEB: Trojan.DownLoader2.24522, BitDefender: Worm.Generic.321395, NOD32: Win32/Agent.ONH trojan, AVAST4: Win32:Malware-gen )
Уважаемый(ая) xanep, наши специалисты оказали Вам всю возможную помощь по вашему обращению.
В целях поддержания безопасности вашего компьютера настоятельно рекомендуем:
Чтобы всегда быть в курсе актуальных угроз в области информационной безопасности и сохранять свой компьютер защищенным, рекомендуем следить за последними новостями ИТ-сферы портала Anti-Malware.ru:
Надеемся больше никогда не увидеть ваш компьютер зараженным!
Если Вас не затруднит, пополните пожалуйста нашу базу безопасных файлов.