на ноуте стали вылетать ошибки, типа память не может быть read, посмотрел вирусы нашел только W32.Gammima.AG, посмотрите логи может еще что есть...
Printable View
на ноуте стали вылетать ошибки, типа память не может быть read, посмотрел вирусы нашел только W32.Gammima.AG, посмотрите логи может еще что есть...
Отключите антивирус!
[URL="http://virusinfo.info/showthread.php?t=7239"]AVZ, меню "Файл - Выполнить скрипт" -- Скопировать ниже написанный скрипт-- Нажать кнопку "Запустить".[/URL]
[CODE]begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
QuarantineFile('E:\xqf.com','');
QuarantineFile('E:\autorun.inf','');
QuarantineFile('D:\xqf.com','');
QuarantineFile('D:\autorun.inf','');
QuarantineFile('C:\autorun.inf','');
QuarantineFile('C:\xqf.com','');
QuarantineFile('C:\w3dn9f.bat','');
QuarantineFile('C:\vt6e.cmd','');
QuarantineFile('C:\vmhr.bat','');
QuarantineFile('C:\uqb0julr.bat','');
QuarantineFile('C:\u.cmd','');
QuarantineFile('C:\tgtighg.cmd','');
QuarantineFile('C:\qpe6.com','');
QuarantineFile('C:\op.bat','');
QuarantineFile('C:\n6j6pc0.com','');
QuarantineFile('C:\mka.bat','');
QuarantineFile('C:\ka1nk.bat','');
QuarantineFile('C:\k2.cmd','');
QuarantineFile('C:\k.com','');
QuarantineFile('C:\hgu.bat','');
QuarantineFile('C:\h8i.com','');
QuarantineFile('C:\h2.com','');
QuarantineFile('C:\g2pfnid.com','');
QuarantineFile('C:\fi.cmd','');
QuarantineFile('C:\ffojc.com','');
QuarantineFile('C:\copetttt.com','');
QuarantineFile('C:\bqk.bat','');
QuarantineFile('C:\6qe.com','');
QuarantineFile('C:\6.bat','');
QuarantineFile('C:\3g08.bat','');
QuarantineFile('C:\2jqj.bat','');
QuarantineFile('C:\1rfw8hjr.com','');
QuarantineFile('C:\WINDOWS\system32\kavo.exe','');
QuarantineFile('C:\WINDOWS\system32\ckvo.exe','');
QuarantineFile('C:\WINDOWS\system32\LxrJD31s.exe','');
QuarantineFile('C:\WINDOWS\system32\kavo0.dll','');
QuarantineFile('C:\WINDOWS\system32\ckvo0.dll','');
DeleteFile('C:\WINDOWS\system32\ckvo0.dll');
DeleteFile('C:\WINDOWS\system32\kavo0.dll');
DeleteFile('C:\WINDOWS\system32\ckvo.exe');
DeleteFile('C:\WINDOWS\system32\kavo.exe');
DeleteFile('C:\1rfw8hjr.com');
DeleteFile('C:\2jqj.bat');
DeleteFile('C:\3g08.bat');
DeleteFile('C:\6.bat');
DeleteFile('C:\6qe.com');
DeleteFile('C:\bqk.bat');
DeleteFile('C:\copetttt.com');
DeleteFile('C:\ffojc.com');
DeleteFile('C:\fi.cmd');
DeleteFile('C:\g2pfnid.com');
DeleteFile('C:\h2.com');
DeleteFile('C:\h8i.com');
DeleteFile('C:\hgu.bat');
DeleteFile('C:\k.com');
DeleteFile('C:\k2.cmd');
DeleteFile('C:\ka1nk.bat');
DeleteFile('C:\mka.bat');
DeleteFile('C:\n6j6pc0.com');
DeleteFile('C:\op.bat');
DeleteFile('C:\qpe6.com');
DeleteFile('C:\tgtighg.cmd');
DeleteFile('C:\u.cmd');
DeleteFile('C:\uqb0julr.bat');
DeleteFile('C:\vmhr.bat');
DeleteFile('C:\vt6e.cmd');
DeleteFile('C:\w3dn9f.bat');
DeleteFile('C:\xqf.com');
DeleteFile('C:\autorun.inf');
DeleteFile('D:\autorun.inf');
DeleteFile('D:\xqf.com');
DeleteFile('E:\autorun.inf');
DeleteFile('E:\xqf.com');
BC_ImportALL;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.[/CODE]
Пришлите карантин по правилам и повторите логи...
карантин оправил, вот только дошел ли, ен знаю. держите логи
вашего карантина нет ...
выполните скрипт ...
[code]
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
QuarantineFile('NA.exe','');
QuarantineFile('c:\windows\system32\lxrjd31s.exe','');
QuarantineFile('C:\Documents and Settings\admin\Local Settings\Temp\2.dll','');
QuarantineFile('C:\Documents and Settings\admin\Local Settings\Temp\4.dll','');
QuarantineFile('C:\Documents and Settings\admin\Local Settings\Temp\48d.dll','');
QuarantineFile('C:\Documents and Settings\admin\Local Settings\Temp\4z5zdceq.dll','');
QuarantineFile('C:\Documents and Settings\admin\Local Settings\Temp\5.dll','');
QuarantineFile('C:\Documents and Settings\admin\Local Settings\Temp\75b5uhxa.dll','');
QuarantineFile('C:\Documents and Settings\admin\Local Settings\Temp\8a.dll','');
QuarantineFile('C:\Documents and Settings\admin\Local Settings\Temp\8d9y8cfy.dll','');
QuarantineFile('C:\Documents and Settings\admin\Local Settings\Temp\8xts.dll','');
QuarantineFile('C:\Documents and Settings\admin\Local Settings\Temp\b2kgiog.dll','');
QuarantineFile('C:\Documents and Settings\admin\Local Settings\Temp\bzzwx.dll','');
QuarantineFile('C:\Documents and Settings\admin\Local Settings\Temp\cr9wdn.dll','');
QuarantineFile('C:\Documents and Settings\admin\Local Settings\Temp\ee2m.dll','');
QuarantineFile('C:\Documents and Settings\admin\Local Settings\Temp\esmbf2s.dll','');
QuarantineFile('C:\Documents and Settings\admin\Local Settings\Temp\ht.dll','');
QuarantineFile('C:\Documents and Settings\admin\Local Settings\Temp\iilov9vn.dll','');
QuarantineFile('C:\Documents and Settings\admin\Local Settings\Temp\l87.dll','');
QuarantineFile('C:\Documents and Settings\admin\Local Settings\Temp\lg.dll','');
QuarantineFile('C:\Documents and Settings\admin\Local Settings\Temp\nfx.dll','');
QuarantineFile('C:\Documents and Settings\admin\Local Settings\Temp\nznvibno.dll','');
QuarantineFile('C:\Documents and Settings\admin\Local Settings\Temp\o.dll','');
QuarantineFile('C:\Documents and Settings\admin\Local Settings\Temp\r44s4.dll','');
QuarantineFile('C:\Documents and Settings\admin\Local Settings\Temp\rcu.dll','');
QuarantineFile('C:\Documents and Settings\admin\Local Settings\Temp\rzmex94.dll','');
QuarantineFile('C:\Documents and Settings\admin\Local Settings\Temp\sg.dll','');
QuarantineFile('C:\Documents and Settings\admin\Local Settings\Temp\tqx4.dll','');
QuarantineFile('C:\Documents and Settings\admin\Local Settings\Temp\uhvhpu7.dll','');
QuarantineFile('C:\Documents and Settings\admin\Local Settings\Temp\uwm.dll','');
QuarantineFile('C:\Documents and Settings\admin\Local Settings\Temp\v2gsw2z4.dll','');
QuarantineFile('C:\Documents and Settings\admin\Local Settings\Temp\vnktiqv.dll','');
QuarantineFile('C:\Documents and Settings\admin\Local Settings\Temp\ytmu.dll','');
QuarantineFile('C:\Documents and Settings\admin\Local Settings\Temp\z5l.dll','');
QuarantineFile('C:\Documents and Settings\admin\Local Settings\Temp\zvhs.dll','');
QuarantineFile('C:\Documents and Settings\admin\Local Settings\Temp\zzru.dll','');
DeleteFile('NA.exe');
DeleteFile('C:\Documents and Settings\admin\Local Settings\Temp\2.dll');
DeleteFile('C:\Documents and Settings\admin\Local Settings\Temp\4.dll');
DeleteFile('C:\Documents and Settings\admin\Local Settings\Temp\48d.dll');
DeleteFile('C:\Documents and Settings\admin\Local Settings\Temp\4z5zdceq.dll');
DeleteFile('C:\Documents and Settings\admin\Local Settings\Temp\5.dll');
DeleteFile('C:\Documents and Settings\admin\Local Settings\Temp\75b5uhxa.dll');
DeleteFile('C:\Documents and Settings\admin\Local Settings\Temp\8a.dll');
DeleteFile('C:\Documents and Settings\admin\Local Settings\Temp\8d9y8cfy.dll');
DeleteFile('C:\Documents and Settings\admin\Local Settings\Temp\8xts.dll');
DeleteFile('C:\Documents and Settings\admin\Local Settings\Temp\b2kgiog.dll');
DeleteFile('C:\Documents and Settings\admin\Local Settings\Temp\bzzwx.dll');
DeleteFile('C:\Documents and Settings\admin\Local Settings\Temp\cr9wdn.dll');
DeleteFile('C:\Documents and Settings\admin\Local Settings\Temp\ee2m.dll');
DeleteFile('C:\Documents and Settings\admin\Local Settings\Temp\esmbf2s.dll');
DeleteFile('C:\Documents and Settings\admin\Local Settings\Temp\ht.dll');
DeleteFile('C:\Documents and Settings\admin\Local Settings\Temp\iilov9vn.dll');
DeleteFile('C:\Documents and Settings\admin\Local Settings\Temp\l87.dll');
DeleteFile('C:\Documents and Settings\admin\Local Settings\Temp\lg.dll');
DeleteFile('C:\Documents and Settings\admin\Local Settings\Temp\nfx.dll');
DeleteFile('C:\Documents and Settings\admin\Local Settings\Temp\nznvibno.dll');
DeleteFile('C:\Documents and Settings\admin\Local Settings\Temp\o.dll');
DeleteFile('C:\Documents and Settings\admin\Local Settings\Temp\r44s4.dll');
DeleteFile('C:\Documents and Settings\admin\Local Settings\Temp\rcu.dll');
DeleteFile('C:\Documents and Settings\admin\Local Settings\Temp\rzmex94.dll');
DeleteFile('C:\Documents and Settings\admin\Local Settings\Temp\sg.dll');
DeleteFile('C:\Documents and Settings\admin\Local Settings\Temp\tqx4.dll');
DeleteFile('C:\Documents and Settings\admin\Local Settings\Temp\uhvhpu7.dll');
DeleteFile('C:\Documents and Settings\admin\Local Settings\Temp\uwm.dll');
DeleteFile('C:\Documents and Settings\admin\Local Settings\Temp\v2gsw2z4.dll');
DeleteFile('C:\Documents and Settings\admin\Local Settings\Temp\vnktiqv.dll');
DeleteFile('C:\Documents and Settings\admin\Local Settings\Temp\ytmu.dll');
DeleteFile('C:\Documents and Settings\admin\Local Settings\Temp\z5l.dll');
DeleteFile('C:\Documents and Settings\admin\Local Settings\Temp\zvhs.dll');
DeleteFile('C:\Documents and Settings\admin\Local Settings\Temp\zzru.dll');
BC_ImportDeletedList;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.
[/code]
пришлите карантин согласно приложения 3 правил ...
повторите логи ...
логи
в логах ничего плохого .... какие -то проблемы остались ?
да все еще заблокированные скрытые файлы это kavo его так и не вылечели.... щас попробую реестр может что и получиться
вылечели, и каво и чего ... и весь остальной зооцирк ...
выполните скрипт ...
[code]
begin
ExecuteRepair(6);
ExecuteRepair(8);
RebootWindows(true);
end.
[/code]
ну если все вылечили, не скажите что это за зверье такое ? :)
[QUOTE=micl;263496]ну если все вылечили, не скажите что это за зверье такое ? :)[/QUOTE]
Несистемные диски не входят в компетенцию АВЗ. Их нужно проверять штатным антивирусом.
тогда все предельно ясно... спасибо и на этом
Вы можете этот гадючничек нам прислать. Читайте тут: [url]http://virusinfo.info/showthread.php?t=23078[/url] :)
Спасибо.