Windows security alert, достал, убить!!!
Printable View
Windows security alert, достал, убить!!!
выполните скрипт ....
[code]
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
QuarantineFile('C:\WINDOWS\system32\amvo0.dll','');
DelBHO('{2318C2B1-4965-11d4-9B18-009027A5CD4F}');
DelBHO('{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}');
DelBHO('{AA58ED58-01DD-4d91-8333-CF10577473F7}');
DelBHO('{903AD98D-8A91-4FBB-B5E1-4FFCA9003E6A}');
QuarantineFile('c:\huadio.tmp','');
QuarantineFile('C:\WINDOWS\vbgtorfd.dll','');
QuarantineFile('C:\WINDOWS\system32\sdwjsdit.exe','');
QuarantineFile('C:\WINDOWS\qvdntlmw.dll','');
QuarantineFile('C:\WINDOWS\kdftlboeorn.dll','');
QuarantineFile('C:\WINDOWS\dwnrpofk.dll','');
QuarantineFile('c:\windows\system32\sdwjsdit.exe','');
QuarantineFile('c:\documents and settings\all users\application data\qhojovyh\krghypgx.exe','');
DeleteFile('c:\documents and settings\all users\application data\qhojovyh\krghypgx.exe');
DeleteFile('c:\windows\system32\sdwjsdit.exe');
DeleteFile('C:\WINDOWS\dwnrpofk.dll');
DeleteFile('C:\WINDOWS\kdftlboeorn.dll');
DeleteFile('C:\WINDOWS\qvdntlmw.dll');
DeleteFile('C:\WINDOWS\system32\sdwjsdit.exe');
DeleteFile('C:\WINDOWS\vbgtorfd.dll');
DeleteFile('C:\WINDOWS\system32\amvo0.dll');
DeleteFile('C:\WINDOWS\norlatmx.exe');
ExecuteRepair(1);
ExecuteRepair(11);
ExecuteRepair(6);
ExecuteRepair(8);
ExecuteRepair(9);
ExecuteRepair(16);
BC_ImportDeletedList;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.
[/code]
пришлите карантин согласно приложения 3 правил ....
повторите логи ...
Статистика проведенного лечения:
[LIST][*]Получено карантинов: [B]1[/B][*]Обработано файлов: [B]10[/B][*]В ходе лечения обнаружены вредоносные программы:
[LIST=1][*] c:\\documents and settings\\all users\\application data\\qhojovyh\\krghypgx.exe - [B]Trojan.Win32.Agent.jae[/B] (DrWEB: Trojan.DownLoader.57350)[*] c:\\documents and settings\\user\\local settings\\temporary internet files\\content.ie5\\7ggim3jd\\setup504[1].exe - [B]not-a-virus:FraudTool.Win32.MalWarrior.g[/B] (DrWEB: Trojan.DownLoader.57352)[*] c:\\windows\\dwnrpofk.dll - [B]not-a-virus:AdWare.Win32.Vapsup.dbv[/B] (DrWEB: Trojan.Popuper)[*] c:\\windows\\kdftlboeorn.dll - [B]not-a-virus:AdWare.Win32.Vapsup.dcf[/B] (DrWEB: Adware.Supa.14)[*] c:\\windows\\norlatmx.exe - [B]not-a-virus:AdWare.Win32.Vapsup.dce[/B] (DrWEB: Trojan.Popuper)[*] c:\\windows\\qvdntlmw.dll - [B]not-a-virus:AdWare.Win32.Vapsup.dcd[/B] (DrWEB: Trojan.Popuper)[*] c:\\windows\\system32\\amvo0.dll - [B]Trojan-GameThief.Win32.OnLineGames.vum[/B] (DrWEB: Trojan.PWS.Wsgame.3604)[*] c:\\windows\\system32\\sdwjsdit.exe - [B]Trojan.Win32.Obfuscated.tm[/B] (DrWEB: Trojan.DownLoader.57349)[*] c:\\windows\\vbgtorfd.dll - [B]not-a-virus:AdWare.Win32.Vapsup.dbz[/B] (DrWEB: Trojan.DownLoader.57351)[/LIST][/LIST]