502 Bad Gateway nginx/1.4.6 [not-a-virus:HEUR:Downloader.Win32.LMN.gen, not-a-virus:AdWare.Win32.DealPly.y ]

Буду признателен за помощь

Уважаемый(ая) [B]craig_dillan[/B], спасибо за обращение на наш форум!

Помощь при заражении комьютера на VirusInfo.Info оказывается абсолютно бесплатно. Хелперы, в самое ближайшее время, ответят на Ваш запрос. Для оказания помощи необходимо предоставить логи сканирования утилитами АВЗ и HiJackThis, подробнее можно прочитать в [URL="http://virusinfo.info/pravila.html"]правилах оформления запроса о помощи[/URL].

Если наш сайт окажется полезен Вам и у Вас будет такая возможность - пожалуйста [URL="http://virusinfo.info/content.php?r=113-virusinfo.info-donate"]поддержите проект[/URL].

[QUOTE]Babylon
DolkaRu
edealspop
gamesrs
iepluginservice
Movies Toolbar
pricemeter
Torntv[/QUOTE]удалите через Установку программ

Выполните скрипт в AVZ
[code]begin
ShowMessage('Внимание! Перед выполнением скрипта AVZ автоматически закроет все сетевые подключения.' + #13#10 + 'После перезагрузки компьютера подключения к сети будут восстановлены в автоматическом режиме.');
ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true);
if not IsWOW64
then
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
end;
QuarantineFile('c:\progra~3\wincert\win32c~1.dll','');
DeleteFile('c:\progra~3\wincert\win32c~1.dll');
QuarantineFile('C:\Users\Димон\appdata\roaming\mediahit\shadow\mediahit.update\mediahit.update.process.exe','');
QuarantineFile('C:\Users\Димон\appdata\roaming\digita~1\update~1\update~1.exe','');
QuarantineFile('C:\Users\BE87~1\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE','');
DelBHO('{F5AC4B34-2AEA-AEE0-B950-53C7D13A7ECE}');
QuarantineFile('C:\Program Files (x86)\Safeweb\Jb34Q.dll','');
DelBHO('{F3998287-2D2B-588E-5155-D1D6922933AC}');
QuarantineFile('C:\ProgramData\NetoiCoupon\VWTRM2.dll','');
DelBHO('{6181A8FA-21C7-AF9A-B6EF-628D59C29A27}');
DelBHO('{7405FC16-939E-2DEE-6EA6-C3B87211DA57}');
DelBHO('{92F2EECF-E359-38CC-B814-FF1C2E7E481E}');
QuarantineFile('C:\Program Files (x86)\safeweb\LU.dll','');
QuarantineFile('C:\ProgramData\JonICoupon\UuqJLR4kQ.dll','');
QuarantineFile('C:\ProgramData\NewSavEER\_qV.dll','');
QuarantineFile('C:\Program Files (x86)\Аудио и видео скачивание\IE\x86\Downloader.dll','');
DelBHO('{3d86a75b-cb6b-4764-885d-ca6336f04ba2}');
QuarantineFile('C:\PROGRA~2\MOVIES~1\Datamngr\SRTOOL~1\IE\searchresultsDx.dll','');
QuarantineFile('C:\ProgramData\50Coupoons\GJ3m.dll','');
DelBHO('{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}');
QuarantineFile('C:\Program Files (x86)\SupTab\SupTab.dll','');
DelBHO('{00e71626-0bef-11dc-8314-0800200c9a66}');
QuarantineFile('C:\Program Files (x86)\DolkaRuIePlugin\TinyBHO.dll','');
QuarantineFile('C:\Program Files\Java\javac.vbs','');
QuarantineFile('C:\Program Files (x86)\Movies Toolbar\Datamngr\x64\apcrtldr.dll','');
QuarantineFile('C:\Program Files (x86)\Movies Toolbar\Datamngr\apcrtldr.dll','');
QuarantineFile('C:\Windows\system32\drivers\befhjzgk.sys','');
QuarantineFile('C:\Windows\system32\drivers\hcoisbjq.sys','');
QuarantineFile('C:\Windows\system32\drivers\lerjzdzn.sys','');
QuarantineFile('C:\Windows\system32\drivers\qejeuxoz.sys','');
DeleteService('qejeuxoz');
DeleteService('lerjzdzn');
DeleteService('hcoisbjq');
DeleteService('befhjzgk');
SetServiceStart('{19854aff-7c07-4859-9831-cd028ac55dd0}w64', 4);
DeleteService('{19854aff-7c07-4859-9831-cd028ac55dd0}w64');
QuarantineFile('C:\Users\Димон\AppData\Local\DebugFinderRuntime\RgFltX64.sys','');
DeleteService('RgFltX64');
SetServiceStart('nethfdrv', 4);
DeleteService('nethfdrv');
DeleteService('pricemeterliveUpdatem');
DeleteService('pricemeterliveUpdate');
QuarantineFile('C:\Users\Димон\AppData\Local\PirritSuggestor\PirritService.exe','');
DeleteService('PirritDesktop');
DeleteService('FreewareNativePrivacy.exe');
QuarantineFile('C:\Users\Димон\AppData\Local\FreewareNativePrivacy\FreewareNativePrivacy.exe','');
QuarantineFile('C:\Users\Димон\AppData\Local\DefaultKernelSyntax\DefaultKernelSyntax.exe','');
DeleteService('DefaultKernelSyntax.exe');
QuarantineFile('C:\Program Files (x86)\Movies Toolbar\Datamngr\DatamngrCoordinator.exe','');
DeleteService('DatamngrCoordinator');
DeleteService('DaemonScreenshotScript.exe');
DeleteService('bd60c5fdf4e7e49.exe');
DeleteService('CopySambaWYSIWYG.exe');
QuarantineFile('C:\Users\Димон\AppData\Local\CopySambaWYSIWYG\CopySambaWYSIWYG.exe','');
QuarantineFile('C:\Users\Димон\AppData\Local\58e9ac5e0ded24bb54ca7e3dc63da550\bd60c5fdf4e7e49.exe','');
QuarantineFile('C:\Users\Димон\AppData\Local\aa45bfdf441bade957e9f6c0b1790550\a6987c126fc40e8.exe','');
QuarantineFile('C:\Users\Димон\AppData\Local\BackupFirmwareOS\BackupFirmwareOS.exe','');
DeleteService('BackupFirmwareOS.exe');
DeleteService('a6987c126fc40e8.exe');
SetServiceStart('ServiceUpdater', 4);
SetServiceStart('NetHttpService', 4);
SetServiceStart('IePluginService', 4);
SetServiceStart('GamesRS', 4);
SetServiceStart('DebugFinderRuntime.exe', 4);
SetServiceStart('9728438e027c063.exe', 4);
DeleteService('ServiceUpdater');
DeleteService('NetHttpService');
DeleteService('IePluginService');
DeleteService('GamesRS');
DeleteService('DebugFinderRuntime.exe');
DeleteService('9728438e027c063.exe');
QuarantineFile('C:\Windows\system32\drivers\{19854aff-7c07-4859-9831-cd028ac55dd0}w64.sys','');
QuarantineFile('C:\Windows\system32\drivers\nethfdrv.sys','');
QuarantineFile('C:\Windows\SysWOW64\hfpapi.dll','');
QuarantineFile('C:\Windows\SysWOW64\hfnapi.dll','');
TerminateProcessByName('C:\ext\updatepl.exe');
QuarantineFile('C:\ext\updatepl.exe','');
TerminateProcessByName('c:\programdata\iepluginservice\pluginservice.exe');
QuarantineFile('c:\programdata\iepluginservice\pluginservice.exe','');
TerminateProcessByName('c:\windows\syswow64\netupdsrv.exe');
QuarantineFile('c:\windows\syswow64\netupdsrv.exe','');
TerminateProcessByName('c:\windows\syswow64\nethtsrv.exe');
QuarantineFile('c:\windows\syswow64\nethtsrv.exe','');
TerminateProcessByName('c:\users\Димон\appdata\local\debugfinderruntime\interactivejavaraw.exe');
QuarantineFile('c:\users\Димон\appdata\local\debugfinderruntime\interactivejavaraw.exe','');
TerminateProcessByName('c:\program files (x86)\gamesrs\gupdater.exe');
QuarantineFile('c:\program files (x86)\gamesrs\gupdater.exe','');
QuarantineFile('c:\program files (x86)\edealspop\edealspop.exe','');
TerminateProcessByName('c:\users\Димон\appdata\local\debugfinderruntime\debugfinderruntime.exe');
QuarantineFile('c:\users\Димон\appdata\local\debugfinderruntime\debugfinderruntime.exe','');
TerminateProcessByName('c:\users\Димон\appdata\local\9a63cf2d1defa5ec3f197a662347e03f\9728438e027c063.exe');
QuarantineFile('c:\users\Димон\appdata\local\9a63cf2d1defa5ec3f197a662347e03f\9728438e027c063.exe','');
DeleteFile('c:\users\Димон\appdata\local\9a63cf2d1defa5ec3f197a662347e03f\9728438e027c063.exe','32');
DeleteFile('c:\users\Димон\appdata\local\debugfinderruntime\debugfinderruntime.exe','32');
DeleteFile('c:\program files (x86)\edealspop\edealspop.exe','32');
DeleteFile('c:\program files (x86)\gamesrs\gupdater.exe','32');
DeleteFile('c:\users\Димон\appdata\local\debugfinderruntime\interactivejavaraw.exe','32');
DeleteFile('c:\windows\syswow64\netupdsrv.exe','32');
DeleteFile('c:\programdata\iepluginservice\pluginservice.exe','32');
DeleteFile('C:\ext\updatepl.exe','32');
DeleteFile('C:\Windows\SysWOW64\hfnapi.dll','32');
DeleteFile('C:\Windows\SysWOW64\hfpapi.dll','32');
DeleteFile('C:\Windows\system32\drivers\nethfdrv.sys','32');
DeleteFile('C:\Windows\system32\drivers\{19854aff-7c07-4859-9831-cd028ac55dd0}w64.sys','32');
DeleteFile('C:\Users\Димон\AppData\Local\BackupFirmwareOS\BackupFirmwareOS.exe','32');
DeleteFile('C:\Users\Димон\AppData\Local\aa45bfdf441bade957e9f6c0b1790550\a6987c126fc40e8.exe','32');
DeleteFile('C:\Users\Димон\AppData\Local\58e9ac5e0ded24bb54ca7e3dc63da550\bd60c5fdf4e7e49.exe','32');
DeleteFile('C:\Program Files (x86)\Movies Toolbar\Datamngr\DatamngrCoordinator.exe','32');
DeleteFile('C:\Users\Димон\AppData\Local\DefaultKernelSyntax\DefaultKernelSyntax.exe','32');
DeleteFile('C:\Users\Димон\AppData\Local\FreewareNativePrivacy\FreewareNativePrivacy.exe','32');
DeleteFile('C:\Users\Димон\AppData\Local\PirritSuggestor\PirritService.exe','32');
DeleteFile('C:\Users\Димон\AppData\Local\DebugFinderRuntime\RgFltX64.sys','32');
DeleteFile('C:\Windows\system32\drivers\qejeuxoz.sys','32');
DeleteFile('C:\Windows\system32\drivers\lerjzdzn.sys','32');
DeleteFile('C:\Windows\system32\drivers\hcoisbjq.sys','32');
DeleteFile('C:\Windows\system32\drivers\befhjzgk.sys','32');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\mobilegeni daemon','command');
DeleteFile('C:\Program Files (x86)\Movies Toolbar\Datamngr\apcrtldr.dll','32');
RegKeyParamDel('HKEY_LOCAL_MACHINE','System\CurrentControlSet\Control\Session Manager\AppCertDlls','x86');
RegKeyParamDel('HKEY_LOCAL_MACHINE','System\CurrentControlSet\Control\Session Manager\AppCertDlls','x64');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','eDealsPop');
DeleteFile('C:\Program Files (x86)\SupTab\SupTab.dll','32');
DeleteFile('C:\Program Files (x86)\DolkaRuIePlugin\TinyBHO.dll','32');
DeleteFile('C:\ProgramData\50Coupoons\GJ3m.dll','32');
DeleteFile('C:\PROGRA~2\MOVIES~1\Datamngr\SRTOOL~1\IE\searchresultsDx.dll','32');
DeleteFile('C:\ProgramData\NewSavEER\_qV.dll','32');
DeleteFile('C:\ProgramData\JonICoupon\UuqJLR4kQ.dll','32');
DeleteFile('C:\Program Files (x86)\safeweb\LU.dll','32');
DeleteFile('C:\ProgramData\NetoiCoupon\VWTRM2.dll','32');
DeleteFile('C:\Program Files (x86)\Safeweb\Jb34Q.dll','32');
DeleteFile('C:\Users\BE87~1\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE','32');
DeleteFile('C:\Windows\Tasks\Digital Sites.job','64');
DeleteFile('C:\Windows\Tasks\e2778b28-928c-4697-894d-65311608041e-1.job','64');
DeleteFile('C:\Windows\Tasks\e2778b28-928c-4697-894d-65311608041e-2.job','64');
DeleteFile('C:\Windows\Tasks\e2778b28-928c-4697-894d-65311608041e-3.job','64');
DeleteFile('C:\Windows\Tasks\e2778b28-928c-4697-894d-65311608041e-4.job','64');
DeleteFile('C:\Windows\Tasks\e2778b28-928c-4697-894d-65311608041e-5.job','64');
DeleteFile('C:\Windows\Tasks\PriceMeterLiveUpdateUpdateTaskMachineCore.job','64');
DeleteFile('C:\Windows\Tasks\PriceMeterLiveUpdateUpdateTaskMachineUA.job','64');
DeleteFile('C:\Windows\Tasks\PriceMeterUpdater.job','64');
DeleteFile('C:\Windows\system32\Tasks\Digital Sites','64');
DeleteFile('C:\Windows\system32\Tasks\e2778b28-928c-4697-894d-65311608041e-1','64');
DeleteFile('C:\Windows\system32\Tasks\e2778b28-928c-4697-894d-65311608041e-2','64');
DeleteFile('C:\Windows\system32\Tasks\e2778b28-928c-4697-894d-65311608041e-3','64');
DeleteFile('C:\Windows\system32\Tasks\e2778b28-928c-4697-894d-65311608041e-4','64');
DeleteFile('C:\Windows\system32\Tasks\e2778b28-928c-4697-894d-65311608041e-5','64');
DeleteFile('C:\Windows\system32\Tasks\PriceMeterLiveUpdateUpdateTaskMachineCore','64');
DeleteFile('C:\Windows\system32\Tasks\PriceMeterLiveUpdateUpdateTaskMachineUA','64');
DeleteFile('C:\Windows\system32\Tasks\pricemetertask','64');
DeleteFile('C:\Windows\system32\Tasks\PriceMeterUpdater','64');
DeleteFile('C:\Windows\system32\Tasks\pricemeterwatcher','64');
DeleteFile('C:\Users\Димон\appdata\roaming\digita~1\update~1\update~1.exe','32');

DeleteFileMask('C:\Users\Димон\appdata\roaming\digita~1', '*', true);
DeleteDirectory('C:\Users\Димон\appdata\roaming\digita~1');
DeleteFileMask('C:\Program Files (x86)\Safeweb', '*', true);
DeleteDirectory('C:\Program Files (x86)\Safeweb');
DeleteFileMask('C:\ProgramData\NetoiCoupon', '*', true);
DeleteDirectory('C:\ProgramData\NetoiCoupon');
DeleteFileMask('C:\ProgramData\JonICoupon', '*', true);
DeleteDirectory('C:\ProgramData\JonICoupon');
DeleteFileMask('C:\ProgramData\NewSavEER', '*', true);
DeleteDirectory('C:\ProgramData\NewSavEER');
DeleteFileMask('C:\ProgramData\50Coupoons', '*', true);
DeleteDirectory('C:\ProgramData\50Coupoons');
DeleteFileMask('C:\Program Files (x86)\SupTab', '*', true);
DeleteDirectory('C:\Program Files (x86)\SupTab');
DeleteFileMask('C:\Program Files (x86)\DolkaRuIePlugin', '*', true);
DeleteDirectory('C:\Program Files (x86)\DolkaRuIePlugin');
DeleteFileMask('C:\Program Files (x86)\Movies Toolbar', '*', true);
DeleteDirectory('C:\Program Files (x86)\Movies Toolbar');
DeleteFileMask('C:\Users\Димон\AppData\Local\CopySambaWYSIWYG', '*', true);
DeleteDirectory('C:\Users\Димон\AppData\Local\CopySambaWYSIWYG');
DeleteFileMask('C:\Users\Димон\AppData\Local\58e9ac5e0ded24bb54ca7e3dc63da550', '*', true);
DeleteDirectory('C:\Users\Димон\AppData\Local\58e9ac5e0ded24bb54ca7e3dc63da550');
DeleteFileMask('C:\Users\Димон\AppData\Local\aa45bfdf441bade957e9f6c0b1790550', '*', true);
DeleteDirectory('C:\Users\Димон\AppData\Local\aa45bfdf441bade957e9f6c0b1790550');
DeleteFileMask('C:\Users\Димон\AppData\Local\BackupFirmwareOS', '*', true);
DeleteDirectory('C:\Users\Димон\AppData\Local\BackupFirmwareOS');
DeleteFileMask('C:\ext', '*', true);
DeleteDirectory('C:\ext');
DeleteFileMask('c:\programdata\iepluginservice', '*', true);
DeleteDirectory('c:\programdata\iepluginservice');
DeleteFileMask('c:\users\Димон\appdata\local\debugfinderruntime', '*', true);
DeleteDirectory('c:\users\Димон\appdata\local\debugfinderruntime');
DeleteFileMask('c:\program files (x86)\gamesrs', '*', true);
DeleteDirectory('c:\program files (x86)\gamesrs');
DeleteFileMask('c:\program files (x86)\edealspop', '*', true);
DeleteDirectory('c:\program files (x86)\edealspop');
DeleteFileMask('C:\Users\Димон\AppData\Local\PirritSuggestor', '*', true);
DeleteDirectory('C:\Users\Димон\AppData\Local\PirritSuggestor');
DeleteFileMask('C:\Users\Димон\AppData\Local\PriceMeter', '*', true);
DeleteDirectory('C:\Users\Димон\AppData\Local\PriceMeter');
DeleteFileMask('C:\Program Files (x86)\Torntv V9.0', '*', true);
DeleteDirectory('C:\Program Files (x86)\Torntv V9.0');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
ExecuteREpair(9);
RebootWindows(false);
end.[/code]Компьютер перезагрузится.

Пришлите карантин согласно [B]Приложения 2[/B] правил по красной ссылке [COLOR="Red"][U][B]Прислать запрошенный карантин[/B][/U][/COLOR] вверху темы

Пофиксите в HiJack
[CODE]R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://webalta.ru/search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.gboxapp.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://webalta.ru/search
O2 - BHO: Визуальные закладки - {D5FEC983-01DB-414a-9456-AF95AC9ED7B5} - (no file)
O3 - Toolbar: Поиск WebAlta - {fe704bf8-384b-44e1-8cf2-8dbeb3637a8a} - mscoree.dll (file missing)
[/CODE]
Обновите базы AVZ

Сделайте новые логи

Сделайте лог [url="http://virusinfo.info/showthread.php?t=53070&p=1104657&viewfull=1#post1104657"]полного сканирования МВАМ[/url]
Сделайте логи [url="http://virusinfo.info/showthread.php?t=115256"]RSIT[/url]

Статистика проведенного лечения:
[LIST][*]Получено карантинов: [B]1[/B][*]Обработано файлов: [B]4[/B][*]В ходе лечения обнаружены вредоносные программы:
[LIST=1][*] c:\users\димон\appdata\roaming\digita~1\update~1\update~1.exe - [B]not-a-virus:AdWare.Win32.DealPly.y[/B] ( DrWEB: Adware.Shopper.391, AVAST4: Win32:Rotbrow-B [Trj] )[*] c:\users\димон\appdata\roaming\mediahit\shadow\mediahit.update\mediahit.update.process.exe - [B]not-a-virus:HEUR:Downloader.Win32.LMN.gen[/B] ( BitDefender: Adware.Generic.669314 )[/LIST][/LIST]