Помогите устранить этот вирус, а то у меня нод 32 не реагирует на него! Большое спасибо за помощь!
Printable View
Помогите устранить этот вирус, а то у меня нод 32 не реагирует на него! Большое спасибо за помощь!
Уважаемый(ая) [B]joni-fascor[/B], спасибо за обращение на наш форум!
Помощь при заражении комьютера на VirusInfo.Info оказывается абсолютно бесплатно. Хелперы, в самое ближайшее время, ответят на Ваш запрос.
Если наш сайт окажется полезен Вам и у Вас будет такая возможность - пожалуйста [URL="http://virusinfo.info/content.php?r=113-virusinfo.info-donate"]поддержите проект[/URL].
Здравствуйте.
Отключите:
-ПК от интернета
-Все защитные приложения
-Восстановление системы
Выполните скрипт в AVZ:
[CODE]
begin
ExecuteFile('net.exe', 'stop tcpip /y', 0, 90000, false);
SearchRootkit(true, true);
SetAVZGuardStatus(true);
TerminateProcessByName('c:\documents and settings\admin\application data\33e.tmp');
TerminateProcessByName('c:\recycler\s-1-5-21-0243556031-888888379-781863308-1413\syitm.exe');
TerminateProcessByName('c:\windows\aadrive32.exe');
QuarantineFile('c:\documents and settings\admin\application data\33e.tmp','');
QuarantineFile('C:\RECYCLER\S-1-5-21-8391361772-2758742932-494505563-7694\winmap.exe','');
QuarantineFile('C:\RECYCLER\S-1-5-21-4927002144-2631195333-908637965-0246\winmap.exe','');
QuarantineFile('C:\RECYCLER\S-1-5-21-7746968432-8678190541-396200939-6960\winmap.exe','');
QuarantineFile('C:\RECYCLER\S-1-5-21-7450340709-5505409452-714596151-0984\winmap.exe','');
QuarantineFile('C:\RECYCLER\S-1-5-21-1194869700-5872730426-371648314-5370\winmap.exe','');
QuarantineFile('C:\RECYCLER\S-1-5-21-3670715425-5649249049-537953350-7288\winmap.exe','');
QuarantineFile('C:\RECYCLER\S-1-5-21-2699299480-2415389380-014021823-0813\winmap.exe','');
QuarantineFile('C:\RECYCLER\S-1-5-21-3679206468-8500991124-886346999-2414\winmap.exe','');
QuarantineFile('C:\RECYCLER\S-1-5-21-5770626780-4096848824-845280980-5661\winmap.exe','');
QuarantineFile('C:\RECYCLER\S-1-5-21-6658337342-4853492965-650726900-7614\winmap.exe','');
QuarantineFile('C:\RECYCLER\S-1-5-21-9536190793-5993931414-105145307-6154\syscr.exe','');
QuarantineFile('C:\RECYCLER\S-1-5-21-2653977455-8201223916-416502949-2289\syscr.exe','');
QuarantineFile('C:\RECYCLER\S-1-5-21-0076737958-2494948683-903953161-2032\winmap.exe','');
QuarantineFile('C:\RECYCLER\S-1-5-21-8569274520-5698306146-213594308-5283\syscr.exe','');
QuarantineFile('C:\RECYCLER\S-1-5-21-9835946325-2962463445-571923838-4260\winmap.exe','');
QuarantineFile('C:\RECYCLER\S-1-5-21-5214699673-7440564686-616633630-5432\winmap.exe','');
QuarantineFile('C:\Documents and Settings\Admin\Application Data\ltzqai.exe','');
QuarantineFile('C:\RECYCLER\S-1-5-21-9739934181-6994305906-105214917-2039\syscr.exe','');
QuarantineFile('C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psysnew.exe','');
QuarantineFile('C:\RECYCLER\S-1-5-21-8670059292-1365471630-699636571-1566\winmap.exe','');
QuarantineFile('C:\Documents and Settings\Admin\Application Data\oekx.exe','');
QuarantineFile('C:\Documents and Settings\Admin\bnet.exe','');
QuarantineFile('C:\Documents and Settings\Admin\Application Data\9629..exe','');
QuarantineFile('C:\Documents and Settings\Admin\Application Data\9388..exe','');
QuarantineFile('C:\Documents and Settings\Admin\Application Data\889..exe','');
QuarantineFile('C:\Documents and Settings\Admin\Application Data\8354911..exe','');
QuarantineFile('C:\Documents and Settings\Admin\Application Data\7484..exe','');
QuarantineFile('C:\Documents and Settings\Admin\Application Data\715549..exe','');
QuarantineFile('C:\Documents and Settings\Admin\Application Data\6714..exe','');
QuarantineFile('C:\Documents and Settings\Admin\Application Data\6453..exe','');
QuarantineFile('C:\Documents and Settings\Admin\Application Data\6337..exe','');
QuarantineFile('C:\Documents and Settings\Admin\Application Data\594509..exe','');
QuarantineFile('C:\Documents and Settings\Admin\Application Data\4628..exe','');
QuarantineFile('C:\Documents and Settings\Admin\Application Data\4453..exe','');
QuarantineFile('C:\Documents and Settings\Admin\Application Data\4363636..exe','');
QuarantineFile('C:\Documents and Settings\Admin\Application Data\404..exe','');
QuarantineFile('C:\Documents and Settings\Admin\Application Data\391..exe','');
QuarantineFile('C:\Documents and Settings\Admin\Application Data\378..exe','');
QuarantineFile('C:\Documents and Settings\Admin\Application Data\3523..exe','');
QuarantineFile('C:\Documents and Settings\Admin\Application Data\3193510..exe','');
QuarantineFile('C:\Documents and Settings\Admin\Application Data\2675450..exe','');
QuarantineFile('C:\Documents and Settings\Admin\Application Data\2297093..exe','');
QuarantineFile('C:\Documents and Settings\Admin\Application Data\2215268..exe','');
QuarantineFile('C:\Documents and Settings\Admin\Application Data\1462701..exe','');
QuarantineFile('C:\Documents and Settings\Admin\Application Data\13799..exe','');
QuarantineFile('C:\Documents and Settings\Admin\Application Data\10713..exe','');
QuarantineFile('C:\Documents and Settings\Admin\Application Data\103..exe','');
QuarantineFile('C:\Documents and Settings\Admin\Application Data\101..exe','');
QuarantineFile('C:\Documents and Settings\Admin\Application Data\0480..exe','');
QuarantineFile('C:\Documents and Settings\Admin\Application Data\023..exe','');
QuarantineFile('C:\DDR\Setup.exe','');
QuarantineFile('c:\RECYCLER\R-1-5-21-1482476501-1644491937-682003330-1013\acleaner.exe','');
QuarantineFile('C:\RECYCLER\S-1-5-21-1166406000-5083539741-019500400-6360\csisf.exe','');
QuarantineFile('C:\Documents and Settings\Admin\Application Data\Qofafq.exe','');
QuarantineFile('C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1830\zaberg.exe','');
QuarantineFile('c:\recycler\s-1-5-21-0243556031-888888379-781863308-1413\syitm.exe','');
QuarantineFile('c:\windows\aadrive32.exe','');
DeleteFile('C:\RECYCLER\S-1-5-21-8391361772-2758742932-494505563-7694\winmap.exe');
DeleteFile('C:\RECYCLER\S-1-5-21-4927002144-2631195333-908637965-0246\winmap.exe');
DeleteFile('C:\RECYCLER\S-1-5-21-7746968432-8678190541-396200939-6960\winmap.exe');
DeleteFile('C:\RECYCLER\S-1-5-21-7450340709-5505409452-714596151-0984\winmap.exe');
DeleteFile('C:\RECYCLER\S-1-5-21-1194869700-5872730426-371648314-5370\winmap.exe');
DeleteFile('C:\RECYCLER\S-1-5-21-3670715425-5649249049-537953350-7288\winmap.exe');
DeleteFile('C:\RECYCLER\S-1-5-21-2699299480-2415389380-014021823-0813\winmap.exe');
DeleteFile('C:\RECYCLER\S-1-5-21-3679206468-8500991124-886346999-2414\winmap.exe');
DeleteFile('C:\RECYCLER\S-1-5-21-5770626780-4096848824-845280980-5661\winmap.exe');
DeleteFile('C:\RECYCLER\S-1-5-21-6658337342-4853492965-650726900-7614\winmap.exe');
DeleteFile('C:\RECYCLER\S-1-5-21-9536190793-5993931414-105145307-6154\syscr.exe');
DeleteFile('C:\RECYCLER\S-1-5-21-2653977455-8201223916-416502949-2289\syscr.exe');
DeleteFile('C:\RECYCLER\S-1-5-21-0076737958-2494948683-903953161-2032\winmap.exe');
DeleteFile('C:\RECYCLER\S-1-5-21-8569274520-5698306146-213594308-5283\syscr.exe');
DeleteFile('C:\RECYCLER\S-1-5-21-9835946325-2962463445-571923838-4260\winmap.exe');
DeleteFile('C:\RECYCLER\S-1-5-21-5214699673-7440564686-616633630-5432\winmap.exe');
DeleteFile('C:\Documents and Settings\Admin\Application Data\ltzqai.exe');
DeleteFile('C:\RECYCLER\S-1-5-21-9739934181-6994305906-105214917-2039\syscr.exe');
DeleteFile('C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psysnew.exe');
DeleteFile('C:\RECYCLER\S-1-5-21-8670059292-1365471630-699636571-1566\winmap.exe');
DeleteFile('C:\Documents and Settings\Admin\Application Data\oekx.exe');
DeleteFile('c:\windows\aadrive32.exe');
DeleteFile('C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1413\syitm.exe');
DeleteFile('C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1830\zaberg.exe');
DeleteFile('C:\Documents and Settings\Admin\Application Data\Qofafq.exe');
DeleteFile('C:\RECYCLER\S-1-5-21-1166406000-5083539741-019500400-6360\csisf.exe');
DeleteFile('c:\RECYCLER\R-1-5-21-1482476501-1644491937-682003330-1013\acleaner.exe');
DeleteFile('C:\Documents and Settings\Admin\Application Data\023..exe');
DeleteFile('C:\Documents and Settings\Admin\Application Data\0480..exe');
DeleteFile('C:\Documents and Settings\Admin\Application Data\101..exe');
DeleteFile('C:\Documents and Settings\Admin\Application Data\103..exe');
DeleteFile('C:\Documents and Settings\Admin\Application Data\10713..exe');
DeleteFile('C:\Documents and Settings\Admin\Application Data\13799..exe');
DeleteFile('C:\Documents and Settings\Admin\Application Data\1462701..exe');
DeleteFile('C:\Documents and Settings\Admin\Application Data\2215268..exe');
DeleteFile('C:\Documents and Settings\Admin\Application Data\2297093..exe');
DeleteFile('C:\Documents and Settings\Admin\Application Data\2675450..exe');
DeleteFile('C:\Documents and Settings\Admin\Application Data\3193510..exe');
DeleteFile('C:\Documents and Settings\Admin\Application Data\3523..exe');
DeleteFile('C:\Documents and Settings\Admin\Application Data\378..exe');
DeleteFile('C:\Documents and Settings\Admin\Application Data\391..exe');
DeleteFile('C:\Documents and Settings\Admin\Application Data\404..exe');
DeleteFile('C:\Documents and Settings\Admin\Application Data\4363636..exe');
DeleteFile('C:\Documents and Settings\Admin\Application Data\4453..exe');
DeleteFile('C:\Documents and Settings\Admin\Application Data\4628..exe');
DeleteFile('C:\Documents and Settings\Admin\Application Data\594509..exe');
DeleteFile('C:\Documents and Settings\Admin\Application Data\6337..exe');
DeleteFile('C:\Documents and Settings\Admin\Application Data\6453..exe');
DeleteFile('C:\Documents and Settings\Admin\Application Data\6714..exe');
DeleteFile('C:\Documents and Settings\Admin\Application Data\715549..exe');
DeleteFile('C:\Documents and Settings\Admin\Application Data\7484..exe');
DeleteFile('C:\Documents and Settings\Admin\Application Data\8354911..exe');
DeleteFile('C:\Documents and Settings\Admin\Application Data\889..exe');
DeleteFile('C:\Documents and Settings\Admin\Application Data\9388..exe');
DeleteFile('C:\Documents and Settings\Admin\Application Data\9629..exe');
DeleteFile('C:\Documents and Settings\Admin\bnet.exe');
DeleteFile('c:\documents and settings\admin\application data\33e.tmp');
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'Software\Microsoft\Windows NT\CurrentVersion\Winlogon', 'Taskman');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','Tnaww');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','zaber0');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','Qofafq');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','Taskman');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','Microsoft Driver Setup');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run','Microsoft Driver Setup');
BC_ImportAll;
ExecuteSysClean;
ExecuteRepair(16);
ExecuteWizard('TSW',2,3,true);
BC_Activate;
RebootWindows(true);
end.
[/CODE]
Компьютер перезагрузится.
Затем выполните ещё один скрипт:
[CODE]begin
CreateQurantineArchive(GetAVZDirectory+'quarantine.zip');
end.[/CODE]
И пришлите quarantine.zip из папки AVZ согласно правилам (через красную ссылку "[B][COLOR="Red"][U]Прислать запрошенный карантин[/U][/COLOR][/B]" наверху темы).
Сделайте повторные логи.
Сделайте [URL="http://virusinfo.info/showthread.php?t=53070"]лог MBAM[/URL].