Trojan.Spambot.origin & Win32.Sector.4

Printable View

22.02.2008, 18:04
air777

Вложений: 1

Trojan.Spambot.origin & Win32.Sector.4

Такие вирусники нашел др.Веб. В списке задач куча непонятных процессов. Удаление зараженных файлов ничего не дало.
Логи прилагаются. Помогите плз.
22.02.2008, 18:12
Bratez

[b]Отключите восстановление системы![/b]
Выполните скрипт в AVZ:
[code]
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
QuarantineFile('C:\WINDOWS\system32\win8439.dll','');
QuarantineFile('C:\WINDOWS\system32\win74ea.dll','');
QuarantineFile('C:\WINDOWS\system32\win2d71.dll','');
QuarantineFile('C:\WINDOWS\system32\ot-12659.dll','');
QuarantineFile('C:\WINDOWS\system32\nt-12659.dll','');
QuarantineFile('C:\WINDOWS\system32\bw663436.dll','');
QuarantineFile('C:\DOCUME~1\t4v-buh3\LOCALS~1\Temp\8\wintwvkrm.exe','');
QuarantineFile('C:\DOCUME~1\t4v-buh3\LOCALS~1\Temp\8\winsknd.exe','');
QuarantineFile('C:\DOCUME~1\t4v-buh3\LOCALS~1\Temp\8\winrequpv.exe','');
QuarantineFile('C:\DOCUME~1\t4-Uchet\LOCALS~1\Temp\a\winvsauod.exe','');
QuarantineFile('C:\DOCUME~1\t4-Uchet\LOCALS~1\Temp\a\wintvliq.exe','');
QuarantineFile('C:\DOCUME~1\t4-Uchet\LOCALS~1\Temp\a\wincedji.exe','');
QuarantineFile('C:\DOCUME~1\t4-sec\LOCALS~1\Temp\6\winnufs.exe','');
QuarantineFile('C:\DOCUME~1\t4-sec\LOCALS~1\Temp\6\winlijlt.exe','');
QuarantineFile('C:\DOCUME~1\t4-sec\LOCALS~1\Temp\6\winfyqucq.exe','');
QuarantineFile('C:\DOCUME~1\T4-SAL~2\LOCALS~1\Temp\5\winpavaar.exe','');
QuarantineFile('C:\DOCUME~1\T4-SAL~2\LOCALS~1\Temp\5\winoxmxny.exe','');
QuarantineFile('C:\DOCUME~1\T4-SAL~2\LOCALS~1\Temp\5\wincxeaua.exe','');
QuarantineFile('C:\DOCUME~1\t4-kasss\LOCALS~1\Temp\b\winqdptd.exe','');
QuarantineFile('C:\DOCUME~1\t4-kasss\LOCALS~1\Temp\b\wineurhk.exe','');
QuarantineFile('C:\DOCUME~1\t4-kasss\LOCALS~1\Temp\b\winbesdp.exe','');
QuarantineFile('C:\DOCUME~1\T4-Kass3\LOCALS~1\Temp\9\winwkte.exe','');
QuarantineFile('C:\DOCUME~1\T4-Kass3\LOCALS~1\Temp\9\winnavdo.exe','');
QuarantineFile('C:\DOCUME~1\T4-Kass3\LOCALS~1\Temp\9\winhcmoh.exe','');
QuarantineFile('C:\DOCUME~1\T4-BUH3\LOCALS~1\Temp\4\wintmqk.exe','');
QuarantineFile('C:\DOCUME~1\T4-BUH3\LOCALS~1\Temp\4\wintegc.exe','');
QuarantineFile('C:\DOCUME~1\T4-BUH3\LOCALS~1\Temp\4\winklqnt.exe','');
QuarantineFile('C:\DOCUME~1\oleg\LOCALS~1\Temp\2\winxxax.exe','');
QuarantineFile('C:\DOCUME~1\oleg\LOCALS~1\Temp\2\wineuje.exe','');
QuarantineFile('C:\DOCUME~1\console\LOCALS~1\Temp\winxxax.exe','');
QuarantineFile('C:\DOCUME~1\console\LOCALS~1\Temp\winpidn.exe','');
QuarantineFile('C:\DOCUME~1\console\LOCALS~1\Temp\wineuje.exe','');
QuarantineFile('C:\DOCUME~1\console\LOCALS~1\Temp\3\winxxax.exe','');
QuarantineFile('C:\DOCUME~1\console\LOCALS~1\Temp\3\winpidn.exe','');
DeleteFile('C:\DOCUME~1\console\LOCALS~1\Temp\3\winpidn.exe');
DeleteFile('C:\DOCUME~1\console\LOCALS~1\Temp\3\winxxax.exe');
DeleteFile('C:\DOCUME~1\console\LOCALS~1\Temp\wineuje.exe');
DeleteFile('C:\DOCUME~1\console\LOCALS~1\Temp\winpidn.exe');
DeleteFile('C:\DOCUME~1\console\LOCALS~1\Temp\winxxax.exe');
DeleteFile('C:\DOCUME~1\oleg\LOCALS~1\Temp\2\wineuje.exe');
DeleteFile('C:\DOCUME~1\oleg\LOCALS~1\Temp\2\winxxax.exe');
DeleteFile('C:\DOCUME~1\T4-BUH3\LOCALS~1\Temp\4\winklqnt.exe');
DeleteFile('C:\DOCUME~1\T4-BUH3\LOCALS~1\Temp\4\wintegc.exe');
DeleteFile('C:\DOCUME~1\T4-BUH3\LOCALS~1\Temp\4\wintmqk.exe');
DeleteFile('C:\DOCUME~1\T4-Kass3\LOCALS~1\Temp\9\winhcmoh.exe');
DeleteFile('C:\DOCUME~1\T4-Kass3\LOCALS~1\Temp\9\winnavdo.exe');
DeleteFile('C:\DOCUME~1\T4-Kass3\LOCALS~1\Temp\9\winwkte.exe');
DeleteFile('C:\DOCUME~1\t4-kasss\LOCALS~1\Temp\b\winbesdp.exe');
DeleteFile('C:\DOCUME~1\t4-kasss\LOCALS~1\Temp\b\wineurhk.exe');
DeleteFile('C:\DOCUME~1\t4-kasss\LOCALS~1\Temp\b\winqdptd.exe');
DeleteFile('C:\DOCUME~1\T4-SAL~2\LOCALS~1\Temp\5\wincxeaua.exe');
DeleteFile('C:\DOCUME~1\T4-SAL~2\LOCALS~1\Temp\5\winoxmxny.exe');
DeleteFile('C:\DOCUME~1\T4-SAL~2\LOCALS~1\Temp\5\winpavaar.exe');
DeleteFile('C:\DOCUME~1\t4-sec\LOCALS~1\Temp\6\winfyqucq.exe');
DeleteFile('C:\DOCUME~1\t4-sec\LOCALS~1\Temp\6\winlijlt.exe');
DeleteFile('C:\DOCUME~1\t4-sec\LOCALS~1\Temp\6\winnufs.exe');
DeleteFile('C:\DOCUME~1\t4-Uchet\LOCALS~1\Temp\a\wincedji.exe');
DeleteFile('C:\DOCUME~1\t4-Uchet\LOCALS~1\Temp\a\wintvliq.exe');
DeleteFile('C:\DOCUME~1\t4-Uchet\LOCALS~1\Temp\a\winvsauod.exe');
DeleteFile('C:\DOCUME~1\t4v-buh3\LOCALS~1\Temp\8\winrequpv.exe');
DeleteFile('C:\DOCUME~1\t4v-buh3\LOCALS~1\Temp\8\winsknd.exe');
DeleteFile('C:\DOCUME~1\t4v-buh3\LOCALS~1\Temp\8\wintwvkrm.exe');
DeleteFile('C:\WINDOWS\system32\nt-12659.dll');
DeleteFile('C:\WINDOWS\system32\ot-12659.dll');
DeleteFile('C:\WINDOWS\system32\win2d71.dll');
DeleteFile('C:\WINDOWS\system32\win74ea.dll');
DeleteFile('C:\WINDOWS\system32\win8439.dll');
BC_ImportDeletedList;
ExecuteSysClean;
ExecuteRepair(16);
BC_Activate;
RebootWindows(true);
end.[/code]
Компьютер перезагрузится.
Пришлите карантин согласно приложению 3 правил
(загружать тут: [url]http://virusinfo.info/upload_virus.php?tid=18483[/url]).
Сделайте новые логи.
22.02.2008, 18:37
air777

сделал
22.02.2008, 18:46
air777

Вложений: 1

новый лог
22.02.2008, 19:21
air777

вроде помогло. Спасибо!
AVZ сильная вещь!
22.02.2009, 04:06
CyberHelper

Итог лечения

Статистика проведенного лечения:
[LIST][*]Получено карантинов: [B]1[/B][*]Обработано файлов: [B]17[/B][*]В ходе лечения обнаружены вредоносные программы:
[LIST=1][*] c:\\docume~1\\console\\locals~1\\temp\\wineuje.exe - [B]Trojan-Downloader.Win32.Agent.jgt[/B] (DrWEB: Trojan.DownLoader.38520)[*] c:\\docume~1\\console\\locals~1\\temp\\winpidn.exe - [B]Trojan.Win32.VB.bkr[/B] (DrWEB: Trojan.Captcha)[*] c:\\docume~1\\console\\locals~1\\temp\\winxxax.exe - [B]Trojan-Downloader.Win32.Agent.iyq[/B] (DrWEB: Trojan.Spambot.3004)[*] c:\\docume~1\\console\\locals~1\\temp\\3\\winpidn.exe - [B]Trojan.Win32.VB.bkr[/B] (DrWEB: Trojan.Captcha)[*] c:\\docume~1\\console\\locals~1\\temp\\3\\winxxax.exe - [B]Trojan-Downloader.Win32.Agent.iyq[/B] (DrWEB: Trojan.Spambot.3004)[*] c:\\docume~1\\oleg\\locals~1\\temp\\2\\wineuje.exe - [B]Trojan-Downloader.Win32.Agent.jgt[/B] (DrWEB: Trojan.DownLoader.38520)[*] c:\\docume~1\\oleg\\locals~1\\temp\\2\\winxxax.exe - [B]Trojan-Downloader.Win32.Agent.iyq[/B] (DrWEB: Trojan.Spambot.3004)[*] c:\\docume~1\\t4-kass3\\locals~1\\temp\\9\\winhcmoh.exe - [B]Trojan.Win32.VB.bkr[/B] (DrWEB: Trojan.Captcha)[*] c:\\docume~1\\t4-kass3\\locals~1\\temp\\9\\winnavdo.exe - [B]Trojan-Downloader.Win32.Agent.iyq[/B] (DrWEB: Trojan.Spambot.3004)[*] c:\\docume~1\\t4-kass3\\locals~1\\temp\\9\\winwkte.exe - [B]Trojan-Downloader.Win32.Agent.jgt[/B] (DrWEB: Trojan.DownLoader.38520)[*] c:\\windows\\system32\\bw663436.dll - [B]Trojan.Win32.KillAV.nh[/B] (DrWEB: Win32.Sector.4)[*] c:\\windows\\system32\\nt-12659.dll - [B]Trojan.Win32.KillAV.nh[/B] (DrWEB: Win32.Sector.4)[*] c:\\windows\\system32\\ot-12659.dll - [B]Trojan.Win32.KillAV.nh[/B] (DrWEB: Win32.Sector.4)[*] c:\\windows\\system32\\win2d71.dll - [B]Trojan-Proxy.Win32.Agent.xz[/B] (DrWEB: Trojan.Proxy.2798)[*] c:\\windows\\system32\\win74ea.dll - [B]Trojan-Proxy.Win32.Agent.xz[/B] (DrWEB: Trojan.Proxy.2798)[*] c:\\windows\\system32\\win8439.dll - [B]Trojan-Proxy.Win32.Agent.xz[/B] (DrWEB: Trojan.Proxy.2798)[*] c:\\windows\\system32\\82861.dll - [B]Trojan-Downloader.Win32.Agent.jhm[/B] (DrWEB: Trojan.DownLoader.49154)[/LIST][/LIST]