Добрый день.
Nod32 определяет вирус, но не лечит.
Что делать?
Заранее спасибо.
Printable View
Добрый день.
Nod32 определяет вирус, но не лечит.
Что делать?
Заранее спасибо.
выполните скрипт ...
[code]
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
QuarantineFile('H:\Program Files\Microsoft Common\wuauclt.exe','');
QuarantineFile('H:\WINDOWS\system32\winsys2.exe','');
DeleteService('Winyy60');
DeleteService('Winyx14');
DeleteService('Winxj82');
DeleteService('Winut71');
DeleteService('Winuf25');
DeleteService('Winss47');
DeleteService('Winsr77');
DeleteService('Winsr60');
DeleteService('Winsf00');
DeleteService('Winrp88');
DeleteService('Winrg73');
DeleteService('Winrf82');
DeleteService('Winon41');
DeleteService('Winml03');
DeleteService('Winlw03');
DeleteService('Winkv33');
DeleteService('Winin36');
DeleteService('Winig58');
DeleteService('Winhg60');
DeleteService('Wingr14');
DeleteService('Windc71');
DeleteService('Winbn17');
DeleteService('Winbk36');
DeleteService('Winay82');
DeleteService('wuauservBrowser');
DeleteService('WmiApSrvWZCSVC');
DeleteService('WmdmPmSNBrowserSSDPSRV');
DeleteService('WmdmPmSNBrowser');
DeleteService('winmgmtNetman');
DeleteService('VSSstisvc');
DeleteService('upnphostVSS');
DeleteService('TrkWksnSvcLogRemoteAccess');
DeleteService('TrkWksnSvcLog');
DeleteService('SwPrvTrkWks');
DeleteService('ShellHWDetectionSwPrvTrkWks');
DeleteService('ScheduleBITSWmdmPmSNBrowser');
DeleteService('ScheduleBITS');
DeleteService('rpcapdW32Time');
DeleteService('RasManRDSessMgr');
DeleteService('NtmsSvc Intelligent Application Manager (IAM)');
DeleteService('nSvcLogsrservice');
DeleteService('NOD32krnPlugPlayNetDDE');
DeleteService('NOD32krnPlugPlay');
DeleteService('MSDTCSpooler');
DeleteService('BrowserUPS Intelligent Application Manager (IAM)');
DeleteService('BrowserUPS');
DeleteService('BITSFastUserSwitchingCompatibility');
DeleteService('AudioSrvImapiService');
DeleteService('AudioSrvAlerterSCardSvr');
DeleteService('AudioSrvAlerter');
QuarantineFile('srv.exe','');
QuarantineFile('H:\WINDOWS\system32\WinCtrl32.dll','');
TerminateProcessByName('h:\docume~1\_296e8~1\locals~1\temp\loader.exe');
QuarantineFile('h:\docume~1\_296e8~1\locals~1\temp\loader.exe','');
TerminateProcessByName('h:\windows\system32\braviax.exe');
QuarantineFile('h:\windows\system32\braviax.exe','');
DeleteFile('h:\windows\system32\braviax.exe');
DeleteFile('h:\docume~1\_296e8~1\locals~1\temp\loader.exe');
DeleteFile('H:\Program Files\Internet Explorer\SETUPAPI.dll');
DeleteFile('H:\WINDOWS\system32\WinCtrl32.dll');
DeleteFile('srv.exe');
DeleteFile('H:\WINDOWS\System32\Drivers\Winay82.sys');
DeleteFile('H:\WINDOWS\System32\Drivers\Winbk36.sys');
DeleteFile('H:\WINDOWS\System32\Drivers\Winbn17.sys');
DeleteFile('H:\WINDOWS\System32\Drivers\Windc71.sys');
DeleteFile('H:\WINDOWS\System32\Drivers\Wingr14.sys');
DeleteFile('H:\WINDOWS\System32\Drivers\Winhg60.sys');
DeleteFile('H:\WINDOWS\System32\Drivers\Winig58.sys');
DeleteFile('H:\WINDOWS\System32\Drivers\Winin36.sys');
DeleteFile('H:\WINDOWS\System32\Drivers\Winkv33.sys');
DeleteFile('H:\WINDOWS\System32\Drivers\Winlw03.sys');
DeleteFile('H:\WINDOWS\System32\Drivers\Winml03.sys');
DeleteFile('H:\WINDOWS\System32\Drivers\Winon41.sys');
DeleteFile('H:\WINDOWS\System32\Drivers\Winqq60.sys');
DeleteFile('H:\WINDOWS\System32\Drivers\Winrf82.sys');
DeleteFile('H:\WINDOWS\System32\Drivers\Winrg73.sys');
DeleteFile('H:\WINDOWS\System32\Drivers\Winrp88.sys');
DeleteFile('H:\WINDOWS\System32\Drivers\Winsf00.sys');
DeleteFile('H:\WINDOWS\System32\Drivers\Winsr77.sys');
DeleteFile('H:\WINDOWS\System32\Drivers\Winss47.sys');
DeleteFile('H:\WINDOWS\System32\Drivers\Winuf25.sys');
DeleteFile('H:\WINDOWS\System32\Drivers\Winut71.sys');
DeleteFile('H:\WINDOWS\System32\Drivers\Winwi03.sys');
DeleteFile('H:\WINDOWS\System32\Drivers\Winxj82.sys');
DeleteFile('H:\WINDOWS\System32\Drivers\Winyx14.sys');
DeleteFile('H:\WINDOWS\System32\Drivers\Winyy60.sys');
DeleteFile('H:\WINDOWS\system32\winsys2.exe');
DeleteFile('H:\Program Files\Microsoft Common\wuauclt.exe');
BC_ImportDeletedList;
ExecuteSysClean;
ExecuteRepair(9);
BC_Activate;
RebootWindows(true);
end.
[/code]
пришлите карантин согласно приложения 3 правил ....
повторите логи ...
Спасибо.
Похоже, что враг побежден.
выполните скрипт ...
[code]
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
DeleteService('Winyx71');
DeleteService('Winth74');
DeleteService('Wintg71');
DeleteService('Winsr60');
DeleteService('Winre17');
DeleteService('Winqc03');
DeleteService('Winpo14');
DeleteService('Winpc36');
DeleteService('Winoo25');
DeleteService('Winny58');
DeleteService('Winkv30');
DeleteService('Winjv44');
DeleteService('Winit63');
DeleteService('Wined82');
DeleteService('Windc88');
DeleteService('Winco82');
DeleteService('Wincb63');
DeleteService('Winca41');
DeleteService('Winba25');
DeleteService('Winap60');
DeleteService('Winam60');
DeleteService('Winam43');
DeleteService('NtLmSspBrowser');
DeleteFile('srv.exe');
DeleteFile('H:\WINDOWS\System32\Drivers\Winam43.sys');
DeleteFile('H:\WINDOWS\System32\Drivers\Winam60.sys');
DeleteFile('H:\WINDOWS\System32\Drivers\Winap60.sys');
DeleteFile('H:\WINDOWS\System32\Drivers\Winba25.sys');
DeleteFile('H:\WINDOWS\System32\Drivers\Winca41.sys');
DeleteFile('H:\WINDOWS\System32\Drivers\Winco82.sys');
DeleteFile('H:\WINDOWS\System32\Drivers\Windc88.sys');
DeleteFile('H:\WINDOWS\System32\Drivers\Wined82.sys');
DeleteFile('H:\WINDOWS\System32\Drivers\Winit63.sys');
DeleteFile('H:\WINDOWS\System32\Drivers\Winjv44.sys');
DeleteFile('H:\WINDOWS\System32\Drivers\Winkv30.sys');
DeleteFile('H:\WINDOWS\System32\Drivers\Winny58.sys');
DeleteFile('H:\WINDOWS\System32\Drivers\Winoo25.sys');
DeleteFile('H:\WINDOWS\System32\Drivers\Winpc36.sys');
DeleteFile('H:\WINDOWS\System32\Drivers\Winpo14.sys');
DeleteFile('H:\WINDOWS\System32\Drivers\Winqc03.sys');
DeleteFile('H:\WINDOWS\System32\Drivers\Winre17.sys');
DeleteFile('H:\WINDOWS\System32\Drivers\Winsr60.sys');
DeleteFile('H:\WINDOWS\System32\Drivers\Wintg71.sys');
DeleteFile('H:\WINDOWS\System32\Drivers\Winth74.sys');
DeleteFile('H:\WINDOWS\System32\Drivers\Winyx71.sys');
DeleteFile('WinCtrl32.dll');
DeleteFileMask('%Tmp%', '*.*', true);
DeleteFileMask('H:\Documents and Settings\Владелец\Local Settings\Temporary Internet Files\Content.IE5\', '*.*', true);
BC_ImportDeletedList;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.
[/code]
повторите логи ...
Статистика проведенного лечения:
[LIST][*]Получено карантинов: [B]1[/B][*]Обработано файлов: [B]4[/B][*]В ходе лечения обнаружены вредоносные программы:
[LIST=1][*] h:\\program files\\microsoft common\\wuauclt.exe - [B]Trojan-Mailfinder.Win32.Agent.sk[/B] (DrWEB: Win32.HLLW.Autoruner.2634)[*] h:\\windows\\system32\\braviax.exe - [B]Hoax.Win32.Bravia.ir[/B] (DrWEB: Trojan.Packed.612)[*] h:\\windows\\system32\\winctrl32.dll - [B]Trojan-Downloader.Win32.Mutant.bgt[/B] (DrWEB: BackDoor.Bulknet.238)[/LIST][/LIST]