собно сабж
Printable View
собно сабж
Отключите антивирус и интернет!
[URL="http://mail.ustc.edu.cn/~jfpan/download/IceSword122en.zip"]Скачать[/URL],меню,File,появится аналог проводника,найти:
[CODE]C:\WINDOWS\System32\Drivers\Winci51.sys
C:\WINDOWS\System32\Drivers\Nty05.sys
C:\WINDOWS\system32\WinCtrl32.dll[/CODE]
правая кнопка мыши Force Delete на запрос о перезагрузке ответьте положительно.
[URL="http://virusinfo.info/showthread.php?t=7239"]AVZ, меню "Файл - Выполнить скрипт" -- Скопировать ниже написанный скрипт-- Нажать кнопку "Запустить".[/URL]
[CODE]begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
QuarantineFile('C:\WINDOWS\Temp\30.tmp','');
QuarantineFile('C:\WINDOWS\system32\WinData.cab','');
QuarantineFile('C:\WINDOWS\system32\drivers\lrX85.sys','');
QuarantineFile('kdgwe.exe','');
QuarantineFile('WinCtrl32.dll','');
QuarantineFile('C:\WINDOWS\system32\ntos.exe','');
QuarantineFile('C:\WINDOWS\system32\drivers\spools.exe','');
QuarantineFile('C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\cftmon.exe','');
QuarantineFile('C:\Documents and Settings\Administrator\Desktop\.//..//~tmp1174.exe','');
DeleteService('Vch51');
QuarantineFile('C:\WINDOWS\System32\Drivers\Vch51.sys','');
DeleteService('Taf17');
QuarantineFile('C:\WINDOWS\System32\Drivers\Taf17.sys','');
DeleteService('Rxd51');
QuarantineFile('C:\WINDOWS\System32\Drivers\Rxd51.sys','');
DeleteService('NdisWon');
QuarantineFile('C:\WINDOWS\system32\Drivers\NdisWon.sys','');
DeleteService('Msx51');
QuarantineFile('C:\WINDOWS\System32\Drivers\Msx51.sys','');
DeleteService('lrX85');
DeleteService('Lrw73');
QuarantineFile('C:\WINDOWS\System32\Drivers\lrX85.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Lrw73.sys','');
DeleteService('Jpu27');
DeleteService('ioT63');
DeleteService('Iot28');
QuarantineFile('C:\WINDOWS\System32\Drivers\Jpu27.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\ioT63.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Iot28.sys','');
DeleteService('hipsrv');
QuarantineFile('C:\WINDOWS\system\hipsrv.mm','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Hns63.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Got85.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Gmr41.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Flq30.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Ekp06.sys','');
DeleteService('Djo06');
QuarantineFile('C:\WINDOWS\System32\Drivers\Djo06.sys','');
DeleteService('burito3154-2f3d');
QuarantineFile('C:\WINDOWS\system32\burito3154-2f3d.sys','');
DeleteService('Bhm38');
QuarantineFile('C:\WINDOWS\System32\Drivers\Bhm38.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Nty05.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winci51.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Agl30.sys','');
DeleteService('Agl30');
DeleteService('Winci51');
DeleteService('Nty05');
DeleteService('Microsoft P2P Service');
QuarantineFile('C:\WINDOWS\system32\_svchost.exe','');
QuarantineFile('C:\WINDOWS\system32\WinCtrl32.dll','');
QuarantineFile('c:\windows\system32\sysservice.exe','');
TerminateProcessByName('c:\windows\system32\sysservice.exe');
DeleteFile('c:\windows\system32\sysservice.exe');
DeleteFile('C:\WINDOWS\system32\WinCtrl32.dll');
DeleteFile('C:\WINDOWS\system32\_svchost.exe');
DeleteFile('C:\WINDOWS\System32\Drivers\Nty05.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winci51.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Agl30.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Bhm38.sys');
DeleteFile('C:\WINDOWS\system32\burito3154-2f3d.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Djo06.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Ekp06.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Flq30.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Gmr41.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Got85.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Hns63.sys');
DeleteFile('C:\WINDOWS\system\hipsrv.mm');
DeleteFile('C:\WINDOWS\System32\Drivers\Iot28.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\ioT63.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Jpu27.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Lrw73.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\lrX85.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Msx51.sys');
DeleteFile('C:\WINDOWS\system32\Drivers\NdisWon.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Rxd51.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Taf17.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Vch51.sys');
DeleteFile('C:\Documents and Settings\Administrator\Desktop\.//..//~tmp1174.exe');
DeleteFile('C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\cftmon.exe');
DeleteFile('C:\WINDOWS\system32\drivers\spools.exe');
DeleteFile('C:\WINDOWS\system32\ntos.exe');
DeleteFile('WinCtrl32.dll');
DeleteFile('kdgwe.exe');
DeleteFile('C:\WINDOWS\system32\kdgwe.exe');
DeleteFile('C:\WINDOWS\system32\drivers\lrX85.sys');
DeleteFile('C:\WINDOWS\system32\WinData.cab');
DeleteFile('C:\WINDOWS\Temp\30.tmp');
BC_ImportALL;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.[/CODE]
Пришлите карантин по правилам.
Очистите временные папки,кеш браузера и повторите логи...