Помигите плиз
Printable View
Помигите плиз
выполните скрипт ...
[code]
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
QuarantineFile('C:\Documents and Settings\Александр\Local Settings\Temp\winB097rm5toq.exe','');
QuarantineFile('C:\Documents and Settings\Александр\Local Settings\Temp\wineedrVPt.exe','');
QuarantineFile('C:\Documents and Settings\Александр\Local Settings\Temp\winlICAj.exe','');
QuarantineFile('C:\Documents and Settings\Александр\Local Settings\Temp\winMKkwLHU5uc.exe','');
QuarantineFile('C:\Documents and Settings\Александр\Local Settings\Temporary Internet Files\Content.IE5\KLGLQ3KX\load[1].exe','');
BC_DeleteSvc('Peprvcbvwch');
QuarantineFile('Peprvcbvwch.sys','');
BC_DeleteSvc('gsplittm');
QuarantineFile('C:\DOCUME~1\05A2~1\LOCALS~1\Temp\gsplittm.sys','');
QuarantineFile('C:\WINDOWS\system32\WinCtrl32.dll','');
DeleteFile('C:\WINDOWS\system32\WinCtrl32.dll');
DeleteFile('C:\DOCUME~1\05A2~1\LOCALS~1\Temp\gsplittm.sys');
DeleteFile('Peprvcbvwch.sys');
DeleteFile('C:\DOCUME~1\05A2~1\LOCALS~1\Temp\winMKkwLHU5uc.exe');
DeleteFile('WinCtrl32.dll');
DeleteFile('C:\Documents and Settings\Александр\Local Settings\Temporary Internet Files\Content.IE5\KLGLQ3KX\load[1].exe');
DeleteFile('C:\Documents and Settings\Александр\Local Settings\Temp\winMKkwLHU5uc.exe');
DeleteFile('C:\Documents and Settings\Александр\Local Settings\Temp\winlICAj.exe');
DeleteFile('C:\Documents and Settings\Александр\Local Settings\Temp\wineedrVPt.exe');
DeleteFile('C:\Documents and Settings\Александр\Local Settings\Temp\winB097rm5toq.exe');
BC_ImportDeletedList;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.
[/code]
пришлите карантин согласно приложения 3 правил ...
повторите логи ....
Вроде помогло
выполните скрипт ...
[code]
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
QuarantineFile('C:\WINDOWS\System32\Drivers\Winye04.sys','');
BC_DeleteSvc('Winye04');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winmr61.sys','');
BC_DeleteSvc('Winmr61');
BC_DeleteSvc('Winbg84');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winbg84.sys','');
DeleteFile('C:\WINDOWS\System32\Drivers\Winbg84.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winmr61.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winye04.sys');
BC_ImportDeletedList;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.
[/code]
пришлите карантин согласно приложения 3 правил ...
повторите логи ....
Скрипт выполнился без ошибок, но карантин пустой.
Высылаю логи.
Чисто,жалобы есть?
Жалоб нет!:)