-
Китайский вирус
Добрый вечер!
На прошлой неделе вдруг на компьютере появилось стороннее программное обеспечение. Да не одно, а сразу несколько - Все на китайском языке.
Удалить их не получилось.
Пока из видимых проблем только то, что данные программы полностью загружают процессор - на 100% и система ужасно тормозит. Но, видимо, в программы содержат в себе и какие-то трояны.
Хотя установленные антивирусы - касперский, ничего не выдает.
Помогите, пожалуйста, решить данную проблему и удалить этих китайских захватчиков с моего компьютера.
-
Уважаемый(ая) [B]Олег Козлов[/B], спасибо за обращение на наш форум!
Удаление вирусов - абсолютно бесплатная услуга на VirusInfo.Info. Хелперы, в самое ближайшее время, ответят на Ваш запрос. Для оказания помощи необходимо предоставить логи сканирования утилитами АВЗ и HiJackThis, подробнее можно прочитать в [URL="http://virusinfo.info/pravila.html"]правилах оформления запроса о помощи[/URL].
Если наш сайт окажется полезен Вам и у Вас будет такая возможность - пожалуйста [URL="http://virusinfo.info/content.php?r=113-virusinfo.info-donate"]поддержите проект[/URL].
-
Вложений: 2
-
Выполните скрипт в AVZ
[code]begin
BC_DeleteFile('c:\documents and settings\women\appdata\local\baidu\baidu\1.3.1.157\baidu.exe');
BC_DeleteFile('c:\program files\baidu\baiduan\3.0.0.3971\baiduansvc.exe');
BC_DeleteFile('c:\program files\baidu\baiduan\3.0.0.3971\baiduantray.exe');
BC_DeleteFile('c:\program files\common files\baidu\baiduhips\1.1.0.733\baiduhips.exe');
BC_DeleteFile('c:\program files\common files\baidu\baiduprotect1.3\1.3.0.619\baiduprotect.exe');
BC_DeleteFile('c:\program files\baidu\baidusd\2.1.0.3086\baidusdsvc.exe');
BC_DeleteFile('c:\program files\baidu\baidusd\2.1.0.3086\baidusdtray.exe');
BC_DeleteFile('C:\Documents and Settings\Women\AppData\Local\Baidu\Baidu\1.3.1.157\Base.dll');
BC_DeleteFile('C:\Documents and Settings\Women\AppData\Local\Baidu\Baidu\1.3.1.157\BDMSkin.dll');
BC_DeleteFile('C:\Documents and Settings\Women\AppData\Local\Baidu\Baidu\1.3.1.157\BrowserCore.dll');
BC_DeleteFile('C:\Documents and Settings\Women\AppData\Local\Baidu\Baidu\1.3.1.157\BrowserFrame.dll');
BC_DeleteFile('C:\Documents and Settings\Women\AppData\Local\Baidu\Baidu\1.3.1.157\Heartbeat.dll');
BC_DeleteFile('C:\Documents and Settings\Women\AppData\Local\Baidu\Baidu\1.3.1.157\LogicMisc.dll');
BC_DeleteFile('C:\Documents and Settings\Women\AppData\Local\Baidu\Baidu\1.3.1.157\MSVCP100.dll');
BC_DeleteFile('C:\Documents and Settings\Women\AppData\Local\Baidu\Baidu\1.3.1.157\MSVCR100.dll');
BC_DeleteFile('C:\Documents and Settings\Women\AppData\Local\Baidu\Baidu\1.3.1.157\Protocol.dll');
BC_DeleteFile('C:\Documents and Settings\Women\AppData\Local\Baidu\Baidu\1.3.1.157\Report.dll');
BC_DeleteFile('C:\Documents and Settings\Women\AppData\Local\Baidu\Baidu\1.3.1.157\UIHandler.dll');
BC_DeleteFile('C:\Documents and Settings\Women\AppData\Local\Baidu\Baidu\1.3.1.157\Utils.dll');
BC_DeleteFile('C:\Program Files\Baidu\BaiduAn\3.0.0.3971\ad.dll');
BC_DeleteFile('C:\Program Files\Baidu\BaiduAn\3.0.0.3971\BDLogicUtils.dll');
BC_DeleteFile('C:\Program Files\Baidu\BaiduAn\3.0.0.3971\bdmantivirus\BDKitUtils.dll');
BC_DeleteFile('C:\Program Files\Baidu\BaiduAn\3.0.0.3971\bdmantivirus\BDMAVCached.dll');
BC_DeleteFile('C:\Program Files\Baidu\BaiduAn\3.0.0.3971\bdmantivirus\BDMAVEng.dll');
BC_DeleteFile('C:\Program Files\Baidu\BaiduAn\3.0.0.3971\bdmantivirus\bduf.dll');
BC_DeleteFile('C:\Program Files\Baidu\BaiduAn\3.0.0.3971\BDMCommon.dll');
BC_DeleteFile('C:\Program Files\Baidu\BaiduAn\3.0.0.3971\BDMDbSqlite.dll');
BC_DeleteFile('C:\Program Files\Baidu\BaiduAn\3.0.0.3971\BDMDownload.dll');
BC_DeleteFile('C:\Program Files\Baidu\BaiduAn\3.0.0.3971\BDMFrameWork.dll');
BC_DeleteFile('C:\Program Files\Baidu\BaiduAn\3.0.0.3971\BDMNet.dll');
BC_DeleteFile('C:\Program Files\Baidu\BaiduAn\3.0.0.3971\BDMReport.dll');
BC_DeleteFile('C:\Program Files\Baidu\BaiduAn\3.0.0.3971\BDMSkin.dll');
BC_DeleteFile('C:\Program Files\Baidu\BaiduAn\3.0.0.3971\BDMUpdate.dll');
BC_DeleteFile('C:\Program Files\Baidu\BaiduAn\3.0.0.3971\dl.dll');
BC_DeleteFile('C:\Program Files\Baidu\BaiduAn\3.0.0.3971\DriverManager.dll');
BC_DeleteFile('C:\Program Files\Baidu\BaiduAn\3.0.0.3971\EnhanceBoost.dll');
BC_DeleteFile('C:\Program Files\Baidu\BaiduAn\3.0.0.3971\FTSOManager\BDMNetMonMgrDll.dll');
BC_DeleteFile('C:\Program Files\Baidu\BaiduAn\3.0.0.3971\FTSOManager\BDMProcessRunningTime.dll');
BC_DeleteFile('C:\Program Files\Baidu\BaiduAn\3.0.0.3971\FTSOManager\BDMSOLiveAccDataMgr.dll');
BC_DeleteFile('C:\Program Files\Baidu\BaiduAn\3.0.0.3971\FTSOManager\BDMSOLiveAccEngine.dll');
BC_DeleteFile('C:\Program Files\Baidu\BaiduAn\3.0.0.3971\FTSOManager\BDMSOLiveAccStrategyMgr.dll');
BC_DeleteFile('C:\Program Files\Baidu\BaiduAn\3.0.0.3971\FTSOManager\SysAccMgrDll.dll');
BC_DeleteFile('C:\Program Files\Baidu\BaiduAn\3.0.0.3971\libcurl.dll');
BC_DeleteFile('C:\Program Files\Baidu\BaiduAn\3.0.0.3971\LIBEAY32.dll');
BC_DeleteFile('C:\Program Files\Baidu\BaiduAn\3.0.0.3971\Plugins\BDMPatcherPlugins\BDMConnect.dll');
BC_DeleteFile('C:\Program Files\Baidu\BaiduAn\3.0.0.3971\plugins\bdmsusplugins\BDMNetMonSusPlugin.dll');
BC_DeleteFile('C:\Program Files\Baidu\BaiduAn\3.0.0.3971\plugins\bdmsusplugins\BDMSOAccSusPlugin.dll');
BC_DeleteFile('C:\Program Files\Baidu\BaiduAn\3.0.0.3971\Plugins\bdmtrayplugins\BDMAccount.dll');
BC_DeleteFile('C:\Program Files\Baidu\BaiduAn\3.0.0.3971\Plugins\bdmtrayplugins\BDMSOAccTrayPlugin.dll');
BC_DeleteFile('C:\Program Files\Baidu\BaiduAn\3.0.0.3971\Plugins\bdmtrayplugins\BDMSOCleanerTrayPlugin.dll');
BC_DeleteFile('C:\Program Files\Baidu\BaiduAn\3.0.0.3971\Plugins\BDMTrayPlugins\BDMSusPlugin.dll');
BC_DeleteFile('C:\Program Files\Baidu\BaiduAn\3.0.0.3971\Plugins\bdmtrayplugins\BDMTrayTipsPlugin.dll');
BC_DeleteFile('C:\Program Files\Baidu\BaiduAn\3.0.0.3971\plugins\RTPPlugins\BDMSOAccServicePlugin.dll');
BC_DeleteFile('C:\Program Files\Baidu\BaiduAn\3.0.0.3971\plugins\RTPPlugins\HipsClient.dll');
BC_DeleteFile('C:\Program Files\Baidu\BaiduSd\2.1.0.3086\ad.dll');
BC_DeleteFile('C:\Program Files\Baidu\BaiduSd\2.1.0.3086\BDConfig.dll');
BC_DeleteFile('C:\Program Files\Baidu\BaiduSd\2.1.0.3086\BDKVDeskBand.dll');
BC_DeleteFile('C:\Program Files\Baidu\BaiduSd\2.1.0.3086\BDLogicUtils.dll');
BC_DeleteFile('C:\Program Files\Baidu\BaiduSd\2.1.0.3086\bdmantivirus\BDKitUtils.dll');
BC_DeleteFile('C:\Program Files\Baidu\BaiduSd\2.1.0.3086\bdmantivirus\BDMAVCached.dll');
BC_DeleteFile('C:\Program Files\Baidu\BaiduSd\2.1.0.3086\bdmantivirus\BDMAVEng.dll');
BC_DeleteFile('C:\Program Files\Baidu\BaiduSd\2.1.0.3086\bdmantivirus\BDMPerfMon.dll');
BC_DeleteFile('C:\Program Files\Baidu\BaiduSd\2.1.0.3086\bdmantivirus\BDUDiskGuard.dll');
BC_DeleteFile('C:\Program Files\Baidu\BaiduSd\2.1.0.3086\bdmantivirus\bduf.dll');
BC_DeleteFile('C:\Program Files\Baidu\BaiduSd\2.1.0.3086\bdmantivirus\TrustAndIso.dll');
BC_DeleteFile('C:\Program Files\Baidu\BaiduSd\2.1.0.3086\BDMAVE.dll');
BC_DeleteFile('C:\Program Files\Baidu\BaiduSd\2.1.0.3086\BDMDbSqlite.dll');
BC_DeleteFile('C:\Program Files\Baidu\BaiduSd\2.1.0.3086\plugins\bdkvrtpplugins\PrivacyProtect.dll');
BC_DeleteFile('C:\Program Files\Baidu\BaiduSd\2.1.0.3086\plugins\bdkvrtpplugins\HIPSClient.dll');
BC_DeleteFile('C:\Program Files\Baidu\BaiduSd\2.1.0.3086\plugins\bdkvrtpplugins\FileMon.dll');
BC_DeleteFile('C:\Program Files\Baidu\BaiduSd\2.1.0.3086\DriverManager.dll');
BC_DeleteFile('C:\Program Files\Baidu\BaiduSd\2.1.0.3086\Plugins\bdkvtrayplugins\BDDownLoadProtectPlugin.dll');
BC_DeleteFile('C:\Program Files\Baidu\BaiduSd\2.1.0.3086\Plugins\bdkvtrayplugins\BDKVRmvDevPlugin.dll');
BC_DeleteFile('C:\Program Files\Baidu\BaiduSd\2.1.0.3086\Plugins\bdkvtrayplugins\BDKVTrayTipsPlugin.dll');
BC_DeleteFile('C:\Program Files\Common Files\Baidu\BaiduHips\1.1.0.733\BDMStringUtils.dll');
BC_DeleteFile('C:\Program Files\Common Files\Baidu\BaiduHips\1.1.0.733\BDMReport.dll');
BC_DeleteFile('C:\Program Files\Common Files\Baidu\BaiduHips\1.1.0.733\BDMNet.dll');
BC_DeleteFile('C:\Program Files\Common Files\Baidu\BaiduHips\1.1.0.733\BDMFrameWork.dll');
BC_DeleteFile('C:\Program Files\Common Files\Baidu\BaiduHips\1.1.0.733\BDMBase.dll');
BC_DeleteFile('C:\Program Files\Common Files\Baidu\BaiduHips\1.1.0.733\BDMAVEng.dll');
BC_DeleteFile('C:\Program Files\Common Files\Baidu\BaiduHips\1.1.0.733\BDMAVCached.dll');
BC_DeleteFile('C:\Program Files\Common Files\Baidu\BaiduProtect1.3\1.3.0.619\plugins\HIPS.dll');
BC_DeleteFile('C:\Program Files\Common Files\Baidu\BaiduProtect1.3\1.3.0.619\plugins\BaiduRepair.dll');
BC_DeleteFile('C:\Program Files\Common Files\Baidu\BaiduProtect1.3\1.3.0.619\dynplugins\HostPlugin.dll');
BC_DeleteFile('C:\Program Files\Common Files\Baidu\BaiduProtect1.3\1.3.0.619\dynplugins\FixSePlugin.dll');
BC_DeleteFile('C:\Program Files\Common Files\Baidu\BaiduProtect1.3\1.3.0.619\dynplugins\FileUpdatePlugin.dll');
BC_DeleteFile('C:\Program Files\Common Files\Baidu\BaiduProtect1.3\1.3.0.619\dynplugins\BaiduAgentPlugin.dll');
BC_DeleteFile('C:\Program Files\Common Files\Baidu\BaiduProtect1.3\1.3.0.619\dynplugins\AssistReportPlugin.dll');
BC_DeleteFile('C:\WINDOWS\system32\DRIVERS\bd0001.sys');
BC_DeleteFile('C:\WINDOWS\system32\DRIVERS\bd0002.sys');
BC_DeleteFile('C:\WINDOWS\system32\DRIVERS\bd0003.sys');
BC_DeleteFile('C:\WINDOWS\system32\DRIVERS\bd0004.sys');
BC_DeleteFile('C:\WINDOWS\system32\DRIVERS\BDArKit.sys');
BC_DeleteFile('C:\WINDOWS\system32\drivers\BDDefense.sys');
BC_DeleteFile('C:\WINDOWS\system32\DRIVERS\BDMWrench.sys');
BC_DeleteFile('C:\WINDOWS\system32\DRIVERS\BDSafeBrowser.sys');
BC_DeleteSvc('BaiduHips');
BC_DeleteSvc('BDKVRTP');
BC_DeleteSvc('BDMRTP');
BC_DeleteSvc('bd0001');
BC_DeleteSvc('bd0002');
BC_DeleteSvc('bd0003');
BC_DeleteSvc('bd0004');
BC_DeleteSvc('BDArKit');
BC_DeleteSvc('BDMWrench');
BC_DeleteSvc('BDSafeBrowser');
BC_DeleteFile('C:\Program Files\Baidu\BaiduSd\2.1.0.3086\websafe\WebMonBHO.dll');
BC_DeleteFile('C:\Program Files\Baidu\BaiduAn\3.0.0.3971\BDSWShellExt.dll');
BC_DeleteFile('C:\Program Files\Baidu\BaiduSd\2.1.0.3086\BDShellExt.dll');
BC_DeleteFile('C:\Program Files\Baidu\BaiduSd\2.1.0.3086\websafe\DllInject.dll');
BC_Activate;
RebootWindows(false);
end.[/code]Компьютер перезагрузится.
Сделайте новые логи
Сделайте лог [url="http://virusinfo.info/showpost.php?p=493610&postcount=1"]ComboFix[/url]
-
Вложений: 2
вот заново лог
[COLOR="silver"]- - - - -Добавлено - - - - -[/COLOR]
не запускается ComboFix
[COLOR="silver"]- - - - -Добавлено - - - - -[/COLOR]
Вот лог HijackThis
-
[quote="Олег Козлов;1192951"]не запускается ComboFix[/quote]Пробуйте в безопасном режиме
Page generated in 0.00656 seconds with 10 queries