Реклама и майнер

Вложений: 1

Реклама и майнер

Реклама в фаерфоксе

Уважаемый(ая) [B]Dimko Kd[/B], спасибо за обращение на наш форум!

Помощь при заражении комьютера на VirusInfo.Info оказывается абсолютно бесплатно. Хелперы, в самое ближайшее время, ответят на Ваш запрос. Для оказания помощи необходимо предоставить логи сканирования утилитой Autologger, подробнее можно прочитать в [URL="http://virusinfo.info/pravila.html"]правилах оформления запроса о помощи[/URL].

[INFORMATION]Если вы хотите получить персональную гарантированную помощь в приоритетном режиме, то воспользуйтесь платным сервисом [URL="http://virusinfo.info/content.php?r=613-sub_pomogite"]Помогите+[/URL].[/INFORMATION]

Если наш сайт окажется полезен Вам и у Вас будет такая возможность - пожалуйста [URL="http://virusinfo.info/content.php?r=113-virusinfo.info-donate"]поддержите проект[/URL].

[B]Здравствуйте![/B]

Вам необходимо:

[B]1.[/B] [URL="http://virusinfo.info/showthread.php?t=7239"]Выполнить[/URL] следующий скрипт в AVZ:
[CODE]
begin
QuarantineFile('F:\autorun.inf','');
QuarantineFile('C:\ProgramData\hdtask\uninstall.exe','');
QuarantineFile('C:\Users\kd\AppData\Local\uninstallro.exe','');
QuarantineFile('C:\Program Files (x86)\Foteingjokiy\neksp.exe','');
QuarantineFile('C:\Users\kd\AppData\Roaming\Eseller\updater.py','');
QuarantineFile('C:\Program Files (x86)\Zerhesy Host\local64spl.dll','');
QuarantineFile('C:\Users\kd\AppData\Roaming\Eseller\python\pythonw.exe','');
QuarantineFile('C:\Users\kd\AppData\Roaming\Eseller\ml.py','');
QuarantineFile('C:\Users\kd\AppData\Local\Temp\MVRXUIHD9E.exe','');
QuarantineFile('C:\Users\kd\AppData\Roaming\WinSnare\WinSnare.dll','');
QuarantineFile('C:\ProgramData\WinSAPSvc\WinSAP.dll','');
QuarantineFile('C:\Program Files (x86)\Foteingjokiy\PlmCache.dll','');
QuarantineFile('C:\ProgramData\Apple\Apple Application Support\ErrorReport.dll','');
QuarantineFile('C:\Program Files (x86)\Gub\GubZL.dll','');
QuarantineFile('C:\Program Files (x86)\WinArcher\Archer.dll','');
QuarantineFile('C:\Program Files (x86)\DPower\1K7724FOTZ.exe','');
QuarantineFile('C:\Users\kd\AppData\Local\Temp\W4L5JANDC9.exe','');
QuarantineFile('C:\Program Files (x86)\DPower\8IY5GPDE0E.exe','');
QuarantineFile('C:\Program Files\H2AK5Q3KIG\H2AK5Q3KI.exe','');
QuarantineFile('C:\Program Files\476GB8ZQWK\476GB8ZQW.exe','');
QuarantineFile('C:\Program Files\H6A8UWV8EA\UVHN2W19D.exe','');
QuarantineFile('C:\Users\kd\AppData\Roaming\HPWombat\HPWombatSrv.exe','');
QuarantineFile('C:\Program Files (x86)\Common Files\Services\iThemes.dll','');
QuarantineFile('C:\Program Files (x86)\amuleCe\ed2k.exe','');
QuarantineFile('C:\Program Files (x86)\f8d113b4-712e-4f72-9400-681814d31f8b1484694293\knsf8d113b4-712e-4f72-9400-681814d31f8b.tmpfs','');
QuarantineFile('C:\Program Files (x86)\Mozilla Firefox\MozillaFirefoxFoteingjokiy.dll','');
QuarantineFile('c:\programdata\apple\apple application support\errorreport.dll','');
QuarantineFile('c:\programdata\winsapsvc\winsap.dll','');
QuarantineFile('c:\program files (x86)\winarcher\archer.dll','');
QuarantineFile('c:\program files (x86)\gub\gubzl.dll','');
QuarantineFile('C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe','');
QuarantineFileF('C:\Program Files (x86)\DPower', '*.exe, *.dll, *.sys, *.bat, *.vbs, *.js*, *.tmp*', true, '', 0 ,0);
QuarantineFileF('C:\Users\kd\AppData\Roaming\Eseller', '*.exe, *.dll, *.sys, *.bat, *.vbs, *.js*, *.tmp*', true, '', 0 ,0);
QuarantineFileF('C:\ProgramData\WinSAPSvc', '*.exe, *.dll, *.sys, *.bat, *.vbs, *.js*, *.tmp*', true, '', 0 ,0);
StopService('gyrudumi');
StopService('HPWombat Service');
StopService('MozillaFirefoxFoteingjokiy');
StopService('iThemes5');
StopService('ed2kidle');
StopService('FirefoxU');
DeleteFile('c:\program files (x86)\gub\gubzl.dll','32');
DeleteFile('c:\program files (x86)\winarcher\archer.dll','32');
DeleteFile('c:\programdata\winsapsvc\winsap.dll','32');
DeleteFile('c:\programdata\apple\apple application support\errorreport.dll','32');
DeleteFile('C:\Program Files (x86)\Mozilla Firefox\MozillaFirefoxFoteingjokiy.dll','32');
DeleteFile('C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe','32');
DeleteFile('C:\Program Files (x86)\amuleCe\ed2k.exe','32');
DeleteFile('C:\Program Files (x86)\Common Files\Services\iThemes.dll','32');
DeleteFile('C:\Program Files (x86)\f8d113b4-712e-4f72-9400-681814d31f8b1484694293\knsf8d113b4-712e-4f72-9400-681814d31f8b.tmpfs','32');
DeleteFile('C:\Users\kd\AppData\Roaming\HPWombat\HPWombatSrv.exe','32');
DeleteFile('C:\Program Files\H6A8UWV8EA\UVHN2W19D.exe','32');
DeleteFile('C:\Program Files\476GB8ZQWK\476GB8ZQW.exe','32');
DeleteFile('C:\Program Files\H2AK5Q3KIG\H2AK5Q3KI.exe','32');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','C66TF8XEGS');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','DOFZEK3OEW');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','3SS3CP52LQ');
DeleteFile('C:\Program Files (x86)\DPower\8IY5GPDE0E.exe','32');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','75Q0A0P5YG');
DeleteFile('C:\Users\kd\AppData\Local\Temp\W4L5JANDC9.exe','32');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','ETH85RE8EX');
DeleteFile('C:\Program Files (x86)\DPower\1K7724FOTZ.exe','32');
DeleteFile('C:\Program Files (x86)\WinArcher\Archer.dll','32');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SYSTEM\CurrentControlSet\Services\Archer\Parameters','ServiceDll');
DeleteFile('C:\Program Files (x86)\Gub\GubZL.dll','32');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SYSTEM\CurrentControlSet\Services\GubZL\Parameters','ServiceDll');
DeleteFile('C:\ProgramData\Apple\Apple Application Support\ErrorReport.dll','32');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SYSTEM\CurrentControlSet\Services\MS_TASK_SVR\Parameters','ServiceDll');
DeleteFile('C:\Program Files (x86)\Foteingjokiy\PlmCache.dll','32');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SYSTEM\CurrentControlSet\Services\Phughtfejk\Parameters','ServiceDll');
DeleteFile('C:\ProgramData\WinSAPSvc\WinSAP.dll','32');
DeleteFile('C:\Users\kd\AppData\Roaming\WinSnare\WinSnare.dll','32');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SYSTEM\CurrentControlSet\Services\WinSAPSvc\Parameters','ServiceDll');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SYSTEM\CurrentControlSet\Services\WinSnare\Parameters','ServiceDll');
DeleteFile('C:\Users\kd\AppData\Local\Temp\MVRXUIHD9E.exe','32');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\RunOnce','OMEWPRODUCT_9M9PP');
DeleteFile('C:\Users\kd\AppData\Roaming\Eseller\ml.py','32');
DeleteFile('C:\Users\kd\AppData\Roaming\Eseller\python\pythonw.exe','32');
DeleteFile('C:\Program Files (x86)\Zerhesy Host\local64spl.dll','32');
DeleteFile('C:\Users\kd\AppData\Roaming\Eseller\updater.py','32');
DeleteFile('C:\Program Files (x86)\Foteingjokiy\neksp.exe','32');
DeleteFile('C:\Users\kd\AppData\Local\uninstallro.exe','32');
DeleteFile('C:\ProgramData\hdtask\uninstall.exe','32');
DeleteFileMask('c:\program files (x86)\winarcher', '*', true);
DeleteDirectory('c:\program files (x86)\winarcher');
DeleteFileMask('C:\Program Files (x86)\Foteingjokiy', '*', true);
DeleteDirectory('C:\Program Files (x86)\Foteingjokiy');
DeleteFileMask('C:\Program Files (x86)\DPower', '*', true);
DeleteDirectory('C:\Program Files (x86)\DPower');
DeleteFileMask('C:\Program Files (x86)\Gub', '*', true);
DeleteDirectory('C:\Program Files (x86)\Gub');
DeleteFileMask('C:\Users\kd\AppData\Roaming\Eseller', '*', true);
DeleteDirectory('C:\Users\kd\AppData\Roaming\Eseller');
DeleteFileMask('C:\ProgramData\WinSAPSvc', '*', true);
DeleteDirectory('C:\ProgramData\WinSAPSvc');
DeleteService('HPWombat Service');
DeleteService('gyrudumi');
DeleteService('MozillaFirefoxFoteingjokiy');
DeleteService('iThemes5');
DeleteService('ed2kidle');
DeleteService('FirefoxU');
ExecuteFile('schtasks.exe', '/delete /TN "Eseller" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "Eseller2" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "Milimili" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "Zerhesy Host" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "{49271E79-F331-4387-B7E6-83D3AF99BD0B}" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "{D2A1D9C1-1E7D-4C12-8169-944EDECC10B9}" /F', 0, 15000, true);
ExecuteSysClean;
ExecuteRepair(2);
ExecuteRepair(3);
ExecuteRepair(4);
ExecuteWizard('SCU', 2, 2, true);
CreateQurantineArchive(GetAVZDirectory + 'quarantine.zip');
RebootWindows(true);
end.
[/CODE]

Компьютер будет перезагружен.
Файл quarantine.zip из папки AVZ загрузите по ссылке [B][COLOR="#FF0000"]"Прислать запрошенный карантин"[/COLOR][/B] вверху данной темы.

[B]2.[/B] Перетащите лог Check_Browsers_LNK.log из папки с AutoLogger'ом на [URL="http://virusinfo.info/soft/tool.php?tool=ClearLNK"]утилиту ClearLNK[/URL], как показано [URL="http://dragokas.com/tools/move.gif"]на картинке[/URL].
Лог результата работы программы прикрепите в ответном письме.

[B]3.[/B] Сделайте и пришлите в ответном сообщении [URL="http://virusinfo.info/showthread.php?t=146192"]лог AdwCleaner[/URL] и новые логи AutoLogger'a.