win32/Adware.Virtmonde
win32/PrivacyRemover.M64
Printable View
win32/Adware.Virtmonde
win32/PrivacyRemover.M64
выполните скрипт ....
[code]
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
QuarantineFile('C:\Documents and Settings\Artem\Local Settings\Temp\loader.exe','');
QuarantineFile('C:\WINDOWS\system32\lphcjmwj0e973.exe','');
DeleteService('Winxr85');
DeleteService('Winrg84');
DeleteService('Winjh57');
DeleteService('Wingi17');
DeleteService('WmiApSrvNtmsSvc');
DeleteService('upnphostUPS');
DeleteService('ScheduleAudioSrv');
DeleteService('SamSsCiSvc');
DeleteService('RemoteAccessNla');
DeleteService('IDriverTIrmon');
QuarantineFile('srv.exe','');
QuarantineFile('C:\WINDOWS\System32\drivers\Winjm04.sys','');
QuarantineFile('C:\WINDOWS\system32\WinCtrl32.dll','');
DeleteFile('C:\WINDOWS\system32\WinCtrl32.dll');
DeleteFile('C:\WINDOWS\System32\drivers\Winjm04.sys');
DeleteFile('srv.exe');
DeleteFile('C:\WINDOWS\System32\Drivers\Wingi17.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winjh57.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winrg84.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winxr85.sys');
DeleteFile('C:\WINDOWS\system32\lphcjmwj0e973.exe');
DeleteFile('WinCtrl32.dll');
DeleteFile('C:\Documents and Settings\Artem\Local Settings\Temp\loader.exe');
BC_ImportDeletedList;
ExecuteSysClean;
ExecuteRepair(5);
ExecuteRepair(6);
ExecuteRepair(8);
BC_Activate;
RebootWindows(true);
end.
[/code]
пришлите карантин согласно приложения 3 правил ...
повторите логи ...
логи
выполните скрипт ...
[code]
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
QuarantineFile('h:\41c4c0493c62591e324e\update\update.exe','');
QuarantineFile('h:\43f07cc37ea408e3183407d2\update\xmllitesetup.exe','');
BC_DeleteSvc('Winjm04');
BC_DeleteSvc('upnphostUPSFastUserSwitchingCompatibility');
BC_DeleteSvc('HTTPFilterSCardSvr');
DeleteFile('srv.exe');
DeleteFile('C:\WINDOWS\System32\Drivers\Winjm04.sys');
DeleteFile('C:\WINDOWS\system32\blphcjmwj0e973.scr');
BC_ImportDeletedList;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.
[/code]
пришлите карантин согласно приложения 3 правил ...
повторите логи ...
логи
пофиксите ...
[code]
20 - Winlogon Notify: WinCtrl32 - C:\WINDOWS\
[/code]
больше ничего плохого ...
Статистика проведенного лечения:
[LIST][*]Получено карантинов: [B]1[/B][*]Обработано файлов: [B]82[/B][*]В ходе лечения обнаружены вредоносные программы:
[LIST=1][*] c:\\documents and settings\\artem\\local settings\\temp\\loader.exe - [B]Trojan-Downloader.Win32.Agent.abrt[/B] (DrWEB: Trojan.DownLoad.2077)[*] c:\\windows\\system32\\winctrl32.dll - [B]Trojan-Downloader.Win32.Mutant.ayn[/B] (DrWEB: Trojan.Packed.573)[/LIST][/LIST]