После удаления вирусов остались хвосты [not-a-virus:RiskTool.Win32.BitCoinMiner.frk, ]

После удаления вирусов остались хвосты.
Часть я обрезал. Но не уверен, что всё.
Подскажите, остались хвосты от вирусов или вирусы?

Уважаемый(ая) [B]JaneYa[/B], спасибо за обращение на наш форум!

Удаление вирусов - абсолютно бесплатная услуга на VirusInfo.Info. Хелперы, в самое ближайшее время, ответят на Ваш запрос. Для оказания помощи необходимо предоставить логи сканирования утилитами АВЗ и HiJackThis, подробнее можно прочитать в [URL="http://virusinfo.info/pravila.html"]правилах оформления запроса о помощи[/URL].

Если наш сайт окажется полезен Вам и у Вас будет такая возможность - пожалуйста [URL="http://virusinfo.info/content.php?r=113-virusinfo.info-donate"]поддержите проект[/URL].

Выполните скрипт в AVZ
[code]begin
ShowMessage('Внимание! Перед выполнением скрипта AVZ автоматически закроет все сетевые подключения.' + #13#10 + 'После перезагрузки компьютера подключения к сети будут восстановлены в автоматическом режиме.');
ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true);
if not IsWOW64
then
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
end;
QuarantineFile('c:\docume~1\alluse~1\dxnwir.exe','');
QuarantineFile('C:\RECYCLER\webhost.exe','');
QuarantineFile('C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-5826412\absprox.exe','');
QuarantineFile('C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-5681\atnxwa1.exe','');
QuarantineFile('C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-5681478\atnxwa8.exe','');
QuarantineFile('C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-56814789\atnxwa9.exe','');
QuarantineFile('C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-568147819\atnxw1a9.exe','');
QuarantineFile('C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-5681477\atnxwa7.exe','');
QuarantineFile('C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-568146\atnxwa6.exe','');
QuarantineFile('C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-56813\atnxwa3.exe','');
QuarantineFile('C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-56812\atnxwa2.exe','');
QuarantineFile('C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-5618147819\atnxw11a9.exe','');
QuarantineFile('C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-5332112\xyzpro00.exe','');
QuarantineFile('C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-533071\proooxxxy.exe','');
QuarantineFile('C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-518642113\prox12p1.exe','');
QuarantineFile('C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-5181719\enowpea40.exe','');
QuarantineFile('C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-5135689\hbweaaa.exe','');
QuarantineFile('C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-51117819\a111a1a9.exe','');
QuarantineFile('C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-50311241\a361111.exe','');
QuarantineFile('C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-41701\8dqa00.exe','');
QuarantineFile('C:\Documents and Settings\Admin\Application Data\ScreenSaverPro.scr','');
QuarantineFile('C:\Documents and Settings\Admin\Application Data\Microsoft\Vzayat.exe','');
QuarantineFile('C:\Documents and Settings\Admin\Application Data\Microsoft\Uzayas.exe','');
QuarantineFile('C:\Documents and Settings\Admin\Application Data\Microsoft\Tyayar.exe','');
QuarantineFile('C:\Documents and Settings\Admin\Application Data\Microsoft\Syayaq.exe','');
QuarantineFile('C:\Documents and Settings\Admin\Application Data\Microsoft\Rzayap.exe','');
QuarantineFile('C:\Documents and Settings\Admin\Application Data\Microsoft\Ryayap.exe','');
QuarantineFile('C:\Documents and Settings\Admin\Application Data\Microsoft\Pzayan.exe','');
QuarantineFile('C:\Documents and Settings\Admin\Application Data\Microsoft\Gyayae.exe','');
QuarantineFile('C:\Documents and Settings\Admin\Application Data\Microsoft\Czayaa.exe','');
QuarantineFile('C:\Documents and Settings\Admin\Application Data\Microsoft\Cyayaa.exe','');
QuarantineFile('C:\Documents and Settings\Admin\Application Data\MSOCache\winhelp.exe','');
QuarantineFile('C:\Documents and Settings\Admin\Application Data\Identities\aafso\aafso.exe','');
QuarantineFile('C:\DOCUME~1\Admin\LOCALS~1\Temp\Adobe\Reader_sl.exe','');
QuarantineFile('C:\Documents and Settings\Admin\Application Data\Browse\plugins.exe','');
TerminateProcessByName('c:\docume~1\admin\locals~1\temp\ytht.exe');
QuarantineFile('c:\docume~1\admin\locals~1\temp\ytht.exe','');
TerminateProcessByName('c:\docume~1\admin\locals~1\temp\sdfg.exe');
QuarantineFile('c:\docume~1\admin\locals~1\temp\sdfg.exe','');
TerminateProcessByName('c:\documents and settings\admin\application data\minerg.exe');
QuarantineFile('c:\documents and settings\admin\application data\minerg.exe','');
QuarantineFile('c:\docume~1\admin\locals~1\temp\bdie.exe','');
TerminateProcessByName('c:\docume~1\admin\locals~1\temp\bdie.exe');
TerminateProcessByName('c:\docume~1\admin\locals~1\temp\a9.exe');
QuarantineFile('c:\docume~1\admin\locals~1\temp\a9.exe','');
TerminateProcessByName('c:\docume~1\admin\locals~1\temp\a8.exe');
QuarantineFile('c:\docume~1\admin\locals~1\temp\a8.exe','');
TerminateProcessByName('c:\docume~1\admin\locals~1\temp\a7.exe');
QuarantineFile('c:\docume~1\admin\locals~1\temp\a7.exe','');
TerminateProcessByName('c:\docume~1\admin\locals~1\temp\a6.exe');
QuarantineFile('c:\docume~1\admin\locals~1\temp\a6.exe','');
TerminateProcessByName('c:\docume~1\admin\locals~1\temp\a4.exe');
QuarantineFile('c:\docume~1\admin\locals~1\temp\a4.exe','');
TerminateProcessByName('c:\docume~1\admin\locals~1\temp\a3.exe');
QuarantineFile('c:\docume~1\admin\locals~1\temp\a3.exe','');
DeleteFile('c:\docume~1\admin\locals~1\temp\a3.exe','32');
DeleteFile('c:\docume~1\admin\locals~1\temp\a4.exe','32');
DeleteFile('c:\docume~1\admin\locals~1\temp\a6.exe','32');
DeleteFile('c:\docume~1\admin\locals~1\temp\a7.exe','32');
DeleteFile('c:\docume~1\admin\locals~1\temp\a8.exe','32');
DeleteFile('c:\docume~1\admin\locals~1\temp\a9.exe','32');
DeleteFile('c:\docume~1\admin\locals~1\temp\bdie.exe','32');
DeleteFile('c:\documents and settings\admin\application data\minerg.exe','32');
DeleteFile('c:\docume~1\admin\locals~1\temp\sdfg.exe','32');
DeleteFile('c:\docume~1\admin\locals~1\temp\ytht.exe','32');
DeleteFile('C:\Documents and Settings\Admin\Application Data\Browse\plugins.exe','32');
DeleteFile('C:\DOCUME~1\Admin\LOCALS~1\Temp\Adobe\Reader_sl.exe','32');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','Adobe System Incorporated');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','dafsfdsvgfszzz');
DeleteFile('C:\Documents and Settings\Admin\Application Data\Identities\aafso\aafso.exe','32');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run','Windows Update');
DeleteFile('C:\Documents and Settings\Admin\Application Data\MSOCache\winhelp.exe','32');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','pieceofshittycakechikewddcns');
DeleteFile('C:\Documents and Settings\Admin\Application Data\Microsoft\Cyayaa.exe','32');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','Cyayaa');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','Czayaa');
DeleteFile('C:\Documents and Settings\Admin\Application Data\Microsoft\Czayaa.exe','32');
DeleteFile('C:\Documents and Settings\Admin\Application Data\Microsoft\Pzayan.exe','32');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','Pzayan');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','Gyayae');
DeleteFile('C:\Documents and Settings\Admin\Application Data\Microsoft\Ryayap.exe','32');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','Ryayap');
DeleteFile('C:\Documents and Settings\Admin\Application Data\Microsoft\Rzayap.exe','32');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','Rzayap');
DeleteFile('C:\Documents and Settings\Admin\Application Data\Microsoft\Syayaq.exe','32');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','Syayaq');
DeleteFile('C:\Documents and Settings\Admin\Application Data\Microsoft\Tyayar.exe','32');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','Tyayar');
DeleteFile('C:\Documents and Settings\Admin\Application Data\Microsoft\Uzayas.exe','32');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','Uzayas');
DeleteFile('C:\Documents and Settings\Admin\Application Data\Microsoft\Vzayat.exe','32');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','Vzayat');
DeleteFile('C:\Documents and Settings\Admin\Application Data\ScreenSaverPro.scr','32');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','Screen Saver Pro 3.1');
DeleteFile('C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-41701\8dqa00.exe','32');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','8dqa00');
DeleteFile('C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-50311241\a361111.exe','32');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','a361111');
DeleteFile('C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-51117819\a111a1a9.exe','32');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','a111411r9');
DeleteFile('C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-5135689\hbweaaa.exe','32');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','hbweaaa');
DeleteFile('C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-5181719\enowpea40.exe','32');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','enowpea4');
DeleteFile('C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-518642113\prox12p1.exe','32');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','prox12p1');
DeleteFile('C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-533071\proooxxxy.exe','32');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','proooxxxy');
DeleteFile('C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-5332112\xyzpro00.exe','32');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','xyzpro00');
DeleteFile('C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-5618147819\atnxw11a9.exe','32');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','antaw411r9');
DeleteFile('C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-56812\atnxwa2.exe','32');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','antaw4r2');
DeleteFile('C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-56813\atnxwa3.exe','32');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','antaw4r3');
DeleteFile('C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-568146\atnxwa6.exe','32');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','antaw4r6');
DeleteFile('C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-5681477\atnxwa7.exe','32');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','antaw4r7');
DeleteFile('C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-568147819\atnxw1a9.exe','32');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','antaw41r9');
DeleteFile('C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-56814789\atnxwa9.exe','32');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','antaw4r9');
DeleteFile('C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-5681478\atnxwa8.exe','32');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','antaw4r8');
DeleteFile('C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-5681\atnxwa1.exe','32');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','antaw4r19');
DeleteFile('C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-5826412\absprox.exe','32');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','absprox');
DeleteFile('C:\RECYCLER\webhost.exe','32');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','Windows Firewall TCP Manager');
DeleteFile('c:\docume~1\alluse~1\dxnwir.exe','32');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run','52447');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows NT\CurrentVersion\Winlogon','Taskman');
RebootWindows(false);
end.[/code]Компьютер перезагрузится.

Пришлите карантин согласно [B]Приложения 2[/B] правил по красной ссылке [COLOR="Red"][U][B]Прислать запрошенный карантин[/B][/U][/COLOR] вверху темы

Сделайте новые логи

Сделал.

Плохого не увидел

Благодарю!!!

Статистика проведенного лечения:
[LIST][*]Получено карантинов: [B]1[/B][*]Обработано файлов: [B]91[/B][*]В ходе лечения обнаружены вредоносные программы:
[LIST=1][*] c:\documents and settings\admin\application data\minerg.exe - [B]not-a-virus:RiskTool.Win32.BitCoinMiner.frk[/B] ( DrWEB: Tool.BtcMine.130, BitDefender: Application.BitCoinMiner.BK )[/LIST][/LIST]