был вирус блокирующий смену обоев, даунлоадер, скрытые папки досих пор не видит
лечился, drweb, AVZ, outpost firewall
AVZ до сих пор находит перехваты
winXP
Printable View
был вирус блокирующий смену обоев, даунлоадер, скрытые папки досих пор не видит
лечился, drweb, AVZ, outpost firewall
AVZ до сих пор находит перехваты
winXP
Отключите
- ПК от интернета/локалки
- Антивирус и Файрвол.
- Системное восстановление.
-[URL="http://virusinfo.info/showthread.php?t=4491"]Пофиксите[/URL]
[CODE]O20 - Winlogon Notify: sysfldr - C:\WINDOWS\
O20 - Winlogon Notify: WinCtrl32 - WinCtrl32.dll (file missing)
[/CODE]
- [URL="http://virusinfo.info/showthread.php?t=7239"]Выполните скрипт[/URL]
[CODE]begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
QuarantineFile('C:\WINDOWS\System32\WinCtrl32.dll','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Ymx03.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Wyy23.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winym84.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winxu21.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winwy23.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winuq67.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winun36.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winre14.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winpx56.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winpm67.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winpa56.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winos23.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winoc01.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winmr21.sys','');
QuarantineFile('C:\WINDOWS\System32\drivers\Winln08.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winlf23.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winjt36.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winhl47.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winhl25.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winfe36.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Windn78.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Wincs56.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winbl36.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winan25.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Whs12.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Vgu01.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Vbb23.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Rkk23.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Qpp12.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Qkk71.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Qee45.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Pdd80.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Paa56.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Onn01.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Oft12.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Oam17.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Npp21.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Nmx23.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Ibb23.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Hpp21.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Gww78.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Gcc23.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Eww01.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Euu80.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Eoo12.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Eod56.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Dyy14.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Bod80.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\biI78.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Any14.sys','');
DeleteService('Any14');
DeleteService('biI78');
DeleteService('Bod80');
DeleteService('Dyy14');
DeleteService('Eod56');
DeleteService('Eoo12');
DeleteService('Euu80');
DeleteService('Eww01');
DeleteService('Gcc23');
DeleteService('Gww78');
DeleteService('Hpp21');
DeleteService('Ibb23');
DeleteService('Nmx23');
DeleteService('Npp21');
DeleteService('Oam17');
DeleteService('Oft12');
DeleteService('Onn01');
DeleteService('Paa56');
DeleteService('Pdd80');
DeleteService('Qee45');
DeleteService('Qkk71');
DeleteService('Qpp12');
DeleteService('Rkk23');
DeleteService('Vgu01');
DeleteService('Vbb23');
DeleteService('Whs12');
DeleteService('Winan25');
DeleteService('Winbl36');
DeleteService('Wincs56');
DeleteService('Windn78');
DeleteService('Winfe36');
DeleteService('Winhl25');
DeleteService('Winhl47');
DeleteService('Winjt36');
DeleteService('Winlf23');
DeleteService('Winln08');
DeleteService('Winmr21');
DeleteService('Winoc01');
DeleteService('Winos23');
DeleteService('Winpm67');
DeleteService('Winpx56');
DeleteService('Winre14');
DeleteService('Winun36');
DeleteService('Winuq67');
DeleteService('Winwy23');
DeleteService('Winxu21');
DeleteService('Winym84');
DeleteService('Ymx03');
DeleteService('Wyy23');
DeleteFile('C:\WINDOWS\System32\Drivers\Any14.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\biI78.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Bod80.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Dyy14.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Eod56.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Eoo12.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Euu80.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Eww01.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Gcc23.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Gww78.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Hpp21.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Ibb23.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Nmx23.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Npp21.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Oam17.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Oft12.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Onn01.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Paa56.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Pdd80.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Qee45.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Qkk71.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Qpp12.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Rkk23.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Vbb23.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Vgu01.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Whs12.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winan25.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winbl36.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Wincs56.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Windn78.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winfe36.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winhl25.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winhl47.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winjt36.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winlf23.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Winln08.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winmr21.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winoc01.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winos23.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winpa56.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winpm67.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winpx56.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winre14.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winun36.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winuq67.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winwy23.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winxu21.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winym84.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Wyy23.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Ymx03.sys');
DeleteFile('C:\WINDOWS\System32\WinCtrl32.dll');
BC_ImportAll;
ExecuteSysClean;
BC_DeleteSvc('Any14');
BC_DeleteSvc('biI78');
BC_DeleteSvc('Bod80');
BC_DeleteSvc('Dyy14');
BC_DeleteSvc('Eod56');
BC_DeleteSvc('Eoo12');
BC_DeleteSvc('Euu80');
BC_DeleteSvc('Eww01');
BC_DeleteSvc('Gcc23');
BC_DeleteSvc('Gww78');
BC_DeleteSvc('Hpp21');
BC_DeleteSvc('Ibb23');
BC_DeleteSvc('Nmx23');
BC_DeleteSvc('Npp21');
BC_DeleteSvc('Oam17');
BC_DeleteSvc('Oft12');
BC_DeleteSvc('Onn01');
BC_DeleteSvc('Paa56');
BC_DeleteSvc('Pdd80');
BC_DeleteSvc('Qee45');
BC_DeleteSvc('Qkk71');
BC_DeleteSvc('Qpp12');
BC_DeleteSvc('Rkk23');
BC_DeleteSvc('Vgu01');
BC_DeleteSvc('Vbb23');
BC_DeleteSvc('Whs12');
BC_DeleteSvc('Winan25');
BC_DeleteSvc('Winbl36');
BC_DeleteSvc('Wincs56');
BC_DeleteSvc('Windn78');
BC_DeleteSvc('Winfe36');
BC_DeleteSvc('Winhl25');
BC_DeleteSvc('Winhl47');
BC_DeleteSvc('Winjt36');
BC_DeleteSvc('Winlf23');
BC_DeleteSvc('Winln08');
BC_DeleteSvc('Winmr21');
BC_DeleteSvc('Winoc01');
BC_DeleteSvc('Winos23');
BC_DeleteSvc('Winpm67');
BC_DeleteSvc('Winpx56');
BC_DeleteSvc('Winre14');
BC_DeleteSvc('Winun36');
BC_DeleteSvc('Winuq67');
BC_DeleteSvc('Winwy23');
BC_DeleteSvc('Winxu21');
BC_DeleteSvc('Winym84');
BC_DeleteSvc('Ymx03');
BC_DeleteSvc('Wyy23');
BC_Activate;
RebootWindows(true);
end.
[/CODE]
После перезагрузки:
- [url="http://virusinfo.info/showthread.php?t=10025"] Очистите [/url]темп-папки, кэш проводников и корзину.
- Закройте все программы, включая Антивирус и Файрвол, Оставьте запущенным [B]только Internet Explorer[/B]. Если он не запущен - запустите!!!
- Сделайте повторные логи по правилам.
- Включите Антвирус и Файрволл
- Подключите ПК к интернету/локалке
- Закачайте карантин по ссылке [COLOR="Red"][B]Прислать запрошенный карантин[/B][/COLOR] вверху темы (Приложение 3 правил).
- Прикрепите логи к новому сообщению.