После инфицирования не устанавливается Касперский, не работал IE 7, утекал трафик. Установил отдельно WIN XP и проверил старую ОС. Нашел целую кучу вирусов, Трафик не уходит, ИЕ заработал, но касперский не устанавливается
Printable View
После инфицирования не устанавливается Касперский, не работал IE 7, утекал трафик. Установил отдельно WIN XP и проверил старую ОС. Нашел целую кучу вирусов, Трафик не уходит, ИЕ заработал, но касперский не устанавливается
Скачайте AVPTool (ссылка в подписи), просканьте систему, потом повторите логи.
Все сделал
1. Пуск/Выполнить... набрать [B]msconfig[/B], нажать клавишу [B]ВВОД[/B].
2. В карточке Автозапуск - Все отключить
3. Перегрузить систему.
Отключите
- ПК от интернета/локалки
- Антивирус и Файрвол.
- Системное восстановление.
- [URL="http://virusinfo.info/showthread.php?t=7239"]Выполните скрипт[/URL]
[CODE]begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
QuarantineFile('C:\System Volume Information\_restore{FC3CC26B-5D1D-410C-B218-38242D773270}\RP2\A0000067.sys','');
QuarantineFile('C:\System Volume Information\_restore{FC3CC26B-5D1D-410C-B218-38242D773270}\RP2\A0000066.sys','');
QuarantineFile('C:\System Volume Information\_restore{FC3CC26B-5D1D-410C-B218-38242D773270}\RP2\A0000064.sys','');
QuarantineFile('C:\System Volume Information\_restore{FC3CC26B-5D1D-410C-B218-38242D773270}\RP2\A0000062.sys','');
QuarantineFile('C:\System Volume Information\_restore{FC3CC26B-5D1D-410C-B218-38242D773270}\RP2\A0000060.sys','');
QuarantineFile('E:\xn1i9x.com','');
QuarantineFile('E:\autorun.inf','');
DelBHO('{6D7B211A-88EA-490c-BAB9-3600D8D7C503}');
QuarantineFile('C:\WINDOWS\superproxy.exe','');
QuarantineFile('C:\WINDOWS\System32\KernelDrv.exe','');
QuarantineFile('C:\WINDOWS\System32\lanmanwrk.exe','');
QuarantineFile('C:\WINDOWS\System32\drivers\Winyd48.sys','');
QuarantineFile('C:\WINDOWS\System32\drivers\Winwc83.sys','');
QuarantineFile('C:\WINDOWS\System32\drivers\Winva61.sys','');
QuarantineFile('C:\WINDOWS\System32\drivers\Wintx83.sys','');
QuarantineFile('C:\WINDOWS\System32\drivers\Winko50.sys','');
QuarantineFile('C:\DOCUME~1\s\LOCALS~1\Temp\dnlsvc.exe','');
QuarantineFile('C:\WINDOWS\System32\drivers\tcpsr.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Lpt26.sys','');
DeleteService('Bonjour Service');
DeleteService('Winyd48');
DeleteService('Winwc83');
DeleteService('Winva61');
DeleteService('Wintx83');
DeleteService('Winko50');
DeleteService('tcpsr');
DeleteService('Lpt26');
DeleteService('WmiApSrvBITS');
DeleteService('WmdmPmSNSchedule');
DeleteService('winmgmtSharedAccessAvg7UpdSvc');
DeleteService('W32TimeMSDTC');
DeleteService('UMWdfNtmsSvcSysmonLog');
DeleteService('UMWdfNtmsSvc');
DeleteService('TapiSrvWebClient');
DeleteService('TapiSrvPavPrSrv');
DeleteService('stisvcWmiApSrv');
DeleteService('stisvcSharedAccess');
DeleteService('stisvcNlahkmsvc');
DeleteService('stisvcNla');
DeleteService('srserviceShellHWDetectionSchedule');
DeleteService('srserviceShellHWDetection');
DeleteService('SpoolerSSDPSRV');
DeleteService('SLServiceDhcpSSDPSRV');
DeleteService('SharedAccessAvg7UpdSvc');
DeleteService('sfrem01RDSessMgr');
DeleteService('sfrem01AppMgmt');
DeleteService('SENSUMWdf');
DeleteService('seclogonPolicyAgent');
DeleteService('RpcSsNetDDE');
DeleteService('RasManWZCSVC');
DeleteService('RasManSwPrv');
DeleteService('RasManBrowserRDSessMgr');
DeleteService('RasAutoAvgCoreSvc');
DeleteService('PlugPlaySENS');
DeleteService('PavPrSrv');
DeleteService('NwSapAgentNetman');
DeleteService('NtLmSspNla');
DeleteService('NetmanSysmonLogRasManBrowserRDSessMgr');
DeleteService('NetmanSysmonLog');
DeleteService('NetDDEwscsvc');
DeleteService('mnmsrvc Media Library Service');
DeleteService('MDMRasAuto');
DeleteService('LmHostsNtmsSvcdmadminsfrem01RDSessMgr');
DeleteService('LmHostsNtmsSvc');
DeleteService('Irmonwuauserv');
DeleteService('ImapiServiceDhcp');
DeleteService('ImapiServiceALG');
DeleteService('ERSvcShellHWDetection');
DeleteService('ERSvcSamSs');
DeleteService('dnlsvc');
DeleteService('dmadminsrserviceShellHWDetection');
DeleteService('dmadminsfrem01RDSessMgr');
DeleteService('DhcpSSDPSRVNtmsSvc');
DeleteService('DhcpSSDPSRVNetDDEwscsvc');
DeleteService('Dhcp Media Library Service');
DeleteService('DcomLaunchDhcpSSDPSRVNetDDEwscsvc');
DeleteService('CyberLinkSchedule');
DeleteService('CiSvcBITS');
DeleteService('BrowserRDSessMgr');
DeleteService('BrowserMSIServerEventSystemNtmsSvc');
DeleteService('BrowserMSIServerEventSystemgusvc');
DeleteService('BrowserMSIServerEventSystem');
DeleteService('BrowserMSIServer');
DeleteService('BrowserLmHostsNtmsSvcSENS');
DeleteService('BrowserLmHostsNtmsSvc');
DeleteService('AvgCoreSvcThemes');
DeleteService('AudioSrvMSDTC');
DeleteService('AppMgmtEventSystem');
DeleteFile('C:\DOCUME~1\s\LOCALS~1\Temp\dnlsvc.exe');
DeleteFile('C:\WINDOWS\System32\Drivers\Lpt26.sys');
DeleteFile('C:\WINDOWS\System32\drivers\tcpsr.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Winko50.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Wintx83.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Winva61.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Winwc83.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Winyd48.sys');
DeleteFile('C:\WINDOWS\System32\lanmanwrk.exe');
DeleteFile('C:\WINDOWS\System32\KernelDrv.exe');
DeleteFile('C:\WINDOWS\superproxy.exe');
DeleteFile('C:\Program Files\ConnectionServices\ConnectionServices.dll');
DeleteFile('c:\program files\bonjour\mdnsresponder.exe');
DeleteFile('E:\autorun.inf');
DeleteFile('E:\xn1i9x.com');
DeleteFile('C:\System Volume Information\_restore{FC3CC26B-5D1D-410C-B218-38242D773270}\RP2\A0000060.sys');
DeleteFile('C:\System Volume Information\_restore{FC3CC26B-5D1D-410C-B218-38242D773270}\RP2\A0000062.sys');
DeleteFile('C:\System Volume Information\_restore{FC3CC26B-5D1D-410C-B218-38242D773270}\RP2\A0000063.sys');
DeleteFile('C:\System Volume Information\_restore{FC3CC26B-5D1D-410C-B218-38242D773270}\RP2\A0000064.sys');
DeleteFile('C:\System Volume Information\_restore{FC3CC26B-5D1D-410C-B218-38242D773270}\RP2\A0000065.sys');
DeleteFile('C:\System Volume Information\_restore{FC3CC26B-5D1D-410C-B218-38242D773270}\RP2\A0000066.sys');
DeleteFile('C:\System Volume Information\_restore{FC3CC26B-5D1D-410C-B218-38242D773270}\RP2\A0000067.sys');
BC_ImportAll;
ExecuteSysClean;
BC_DeleteSvc('Winyd48');
BC_DeleteSvc('Winwc83');
BC_DeleteSvc('Winva61');
BC_DeleteSvc('Wintx83');
BC_DeleteSvc('Winko50');
BC_DeleteSvc('tcpsr');
BC_DeleteSvc('Lpt26');
BC_DeleteSvc('WmiApSrvBITS');
BC_DeleteSvc('WmdmPmSNSchedule');
BC_DeleteSvc('winmgmtSharedAccessAvg7UpdSvc');
BC_DeleteSvc('W32TimeMSDTC');
BC_DeleteSvc('UMWdfNtmsSvcSysmonLog');
BC_DeleteSvc('UMWdfNtmsSvc');
BC_DeleteSvc('TapiSrvWebClient');
BC_DeleteSvc('TapiSrvPavPrSrv');
BC_DeleteSvc('stisvcWmiApSrv');
BC_DeleteSvc('stisvcSharedAccess');
BC_DeleteSvc('stisvcNlahkmsvc');
BC_DeleteSvc('stisvcNla');
BC_DeleteSvc('srserviceShellHWDetectionSchedule');
BC_DeleteSvc('srserviceShellHWDetection');
BC_DeleteSvc('SpoolerSSDPSRV');
BC_DeleteSvc('SLServiceDhcpSSDPSRV');
BC_DeleteSvc('SharedAccessAvg7UpdSvc');
BC_DeleteSvc('sfrem01RDSessMgr');
BC_DeleteSvc('sfrem01AppMgmt');
BC_DeleteSvc('SENSUMWdf');
BC_DeleteSvc('seclogonPolicyAgent');
BC_DeleteSvc('RpcSsNetDDE');
BC_DeleteSvc('RasManWZCSVC');
BC_DeleteSvc('RasManSwPrv');
BC_DeleteSvc('RasManBrowserRDSessMgr');
BC_DeleteSvc('RasAutoAvgCoreSvc');
BC_DeleteSvc('PlugPlaySENS');
BC_DeleteSvc('PavPrSrv');
BC_DeleteSvc('NwSapAgentNetman');
BC_DeleteSvc('NtLmSspNla');
BC_DeleteSvc('NetmanSysmonLogRasManBrowserRDSessMgr');
BC_DeleteSvc('NetmanSysmonLog');
BC_DeleteSvc('NetDDEwscsvc');
BC_DeleteSvc('mnmsrvc Media Library Service');
BC_DeleteSvc('MDMRasAuto');
BC_DeleteSvc('LmHostsNtmsSvcdmadminsfrem01RDSessMgr');
BC_DeleteSvc('LmHostsNtmsSvc');
BC_DeleteSvc('Irmonwuauserv');
BC_DeleteSvc('ImapiServiceDhcp');
BC_DeleteSvc('ImapiServiceALG');
BC_DeleteSvc('ERSvcShellHWDetection');
BC_DeleteSvc('ERSvcSamSs');
BC_DeleteSvc('dnlsvc');
BC_DeleteSvc('dmadminsrserviceShellHWDetection');
BC_DeleteSvc('dmadminsfrem01RDSessMgr');
BC_DeleteSvc('DhcpSSDPSRVNtmsSvc');
BC_DeleteSvc('DhcpSSDPSRVNetDDEwscsvc');
BC_DeleteSvc('Dhcp Media Library Service');
BC_DeleteSvc('DcomLaunchDhcpSSDPSRVNetDDEwscsvc');
BC_DeleteSvc('CyberLinkSchedule');
BC_DeleteSvc('CiSvcBITS');
BC_DeleteSvc('BrowserRDSessMgr');
BC_DeleteSvc('BrowserMSIServerEventSystemNtmsSvc');
BC_DeleteSvc('BrowserMSIServerEventSystemgusvc');
BC_DeleteSvc('BrowserMSIServerEventSystem');
BC_DeleteSvc('BrowserMSIServer');
BC_DeleteSvc('BrowserLmHostsNtmsSvcSENS');
BC_DeleteSvc('BrowserLmHostsNtmsSvc');
BC_DeleteSvc('AvgCoreSvcThemes');
BC_DeleteSvc('AudioSrvMSDTC');
BC_DeleteSvc('AppMgmtEventSystem');
BC_Activate;
RebootWindows(true);
end.
[/CODE]
После перезагрузки:
- [url="http://virusinfo.info/showthread.php?t=10025"] Очистите [/url]темп-папки, кэш проводников и корзину.
- Закройте все программы, включая Антивирус и Файрвол, Оставьте запущенным [B]только Internet Explorer[/B]. Если он не запущен - запустите!!!
- Сделайте повторные логи по правилам.
- Включите Антвирус и Файрволл
- Подключите ПК к интернету/локалке
- Закачайте карантин по ссылке [COLOR="Red"][B]Прислать запрошенный карантин[/B][/COLOR] вверху темы (Приложение 3 правил).
- Прикрепите логи к новому сообщению.