Плизз помогите решить проблему:(
Printable View
Плизз помогите решить проблему:(
Закройте все открытые приложения, кроме АVZ и Internet Explorer.
Отключите
- ПК от интернета/локалки
- Антивирус и Файрвол.
- Системное восстановление.
- [URL="http://virusinfo.info/showthread.php?t=7239"]Выполните скрипт[/URL]
[CODE]begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
QuarantineFile('F:\WINDOWS\System32\Drivers\Winxe05.sys','');
QuarantineFile('F:\WINDOWS\System32\Drivers\Winsy52.sys','');
QuarantineFile('F:\WINDOWS\System32\Drivers\Winrx38.sys','');
QuarantineFile('F:\WINDOWS\System32\Drivers\Winrx06.sys','');
QuarantineFile('F:\WINDOWS\System32\Drivers\Winou30.sys','');
QuarantineFile('F:\WINDOWS\System32\Drivers\Winms73.sys','');
QuarantineFile('F:\WINDOWS\System32\Drivers\Winkq63.sys','');
QuarantineFile('F:\WINDOWS\System32\Drivers\Winkq38.sys','');
QuarantineFile('F:\WINDOWS\System32\Drivers\Winhn63.sys','');
QuarantineFile('F:\WINDOWS\System32\Drivers\Winel52.sys','');
QuarantineFile('F:\WINDOWS\System32\Drivers\Winek52.sys','');
QuarantineFile('F:\WINDOWS\System32\Drivers\Windj63.sys','');
QuarantineFile('F:\WINDOWS\System32\Drivers\Winci52.sys','');
QuarantineFile('F:\WINDOWS\System32\Drivers\Winag85.sys','');
QuarantineFile('F:\WINDOWS\system32\blphc7jrj0e14a.scr','');
QuarantineFile('F:\WINDOWS\system32\lphc7jrj0e14a.exe','');
QuarantineFile('karina.dat','');
QuarantineFile('msfir80.exe','');
QuarantineFile('msime80.exe','');
DeleteService('ATIhelpsvc');
DeleteService('AtiMySql');
DeleteService('AtiStarWindServiceAE');
DeleteService('ClipSrvxmlprov');
DeleteService('COMSysAppTrkWks');
DeleteService('COMSysAppTrkWksThemes');
DeleteService('EhttpSrvWZCSVC');
DeleteService('helpsvcThemes');
DeleteService('HidServDcomLaunch');
DeleteService('HidServEventSystem');
DeleteService('HidServEventSystemSSDPSRV');
DeleteService('lanmanserverdmadmin');
DeleteService('lanmanworkstationlanmanserver');
DeleteService('LmHostsFastUserSwitchingCompatibility');
DeleteService('MicrosoftWZCSVC');
DeleteService('MSDTCDnscache');
DeleteService('NetDDEmnmsrvc');
DeleteService('NetDDEWebClient');
DeleteService('NetlogonSwPrv');
DeleteService('RemoteAccessPolicyAgent');
DeleteService('SamSsdmserver');
DeleteService('StarWindServiceAEEventlog');
DeleteService('TapiSrvWZCSVC');
DeleteService('VSSaspnet_state');
DeleteService('Winxe05');
DeleteService('Winsy52');
DeleteService('Winrx38');
DeleteService('Winrx06');
DeleteService('Winou30');
DeleteService('Winms73');
DeleteService('Winkq63');
DeleteService('Winkq38');
DeleteService('Winhn63');
DeleteService('Winel52');
DeleteService('Winek52');
DeleteService('Windj63');
DeleteService('Windj16');
DeleteService('Winci52');
DeleteService('Winag85');
DeleteFile('msime80.exe');
DeleteFile('msfir80.exe');
DeleteFile('karina.dat');
DeleteFile('F:\WINDOWS\system32\lphc7jrj0e14a.exe');
DeleteFile('F:\WINDOWS\system32\blphc7jrj0e14a.scr');
DeleteFile('F:\WINDOWS\System32\Drivers\Winag85.sys');
DeleteFile('F:\WINDOWS\System32\Drivers\Winci52.sys');
DeleteFile('F:\WINDOWS\System32\Drivers\Windj16.sys');
DeleteFile('F:\WINDOWS\System32\Drivers\Windj63.sys');
DeleteFile('F:\WINDOWS\System32\Drivers\Winek52.sys');
DeleteFile('F:\WINDOWS\System32\Drivers\Winel52.sys');
DeleteFile('F:\WINDOWS\System32\Drivers\Winhn63.sys');
DeleteFile('F:\WINDOWS\System32\Drivers\Winkq38.sys');
DeleteFile('F:\WINDOWS\System32\Drivers\Winkq63.sys');
DeleteFile('F:\WINDOWS\System32\Drivers\Winms73.sys');
DeleteFile('F:\WINDOWS\System32\Drivers\Winrx06.sys');
DeleteFile('F:\WINDOWS\System32\Drivers\Winrx38.sys');
DeleteFile('F:\WINDOWS\System32\Drivers\Winsy52.sys');
DeleteFile('F:\WINDOWS\System32\Drivers\Winxe05.sys');
BC_ImportAll;
ExecuteSysClean;
BC_DeleteSvc('ATIhelpsvc');
BC_DeleteSvc('AtiMySql');
BC_DeleteSvc('AtiStarWindServiceAE');
BC_DeleteSvc('ClipSrvxmlprov');
BC_DeleteSvc('COMSysAppTrkWks');
BC_DeleteSvc('COMSysAppTrkWksThemes');
BC_DeleteSvc('EhttpSrvWZCSVC');
BC_DeleteSvc('helpsvcThemes');
BC_DeleteSvc('HidServDcomLaunch');
BC_DeleteSvc('HidServEventSystem');
BC_DeleteSvc('HidServEventSystemSSDPSRV');
BC_DeleteSvc('lanmanserverdmadmin');
BC_DeleteSvc('lanmanworkstationlanmanserver');
BC_DeleteSvc('LmHostsFastUserSwitchingCompatibility');
BC_DeleteSvc('MicrosoftWZCSVC');
BC_DeleteSvc('MSDTCDnscache');
BC_DeleteSvc('NetDDEmnmsrvc');
BC_DeleteSvc('NetDDEWebClient');
BC_DeleteSvc('NetlogonSwPrv');
BC_DeleteSvc('RemoteAccessPolicyAgent');
BC_DeleteSvc('SamSsdmserver');
BC_DeleteSvc('StarWindServiceAEEventlog');
BC_DeleteSvc('TapiSrvWZCSVC');
BC_DeleteSvc('VSSaspnet_state');
BC_DeleteSvc('Winxe05');
BC_DeleteSvc('Winsy52');
BC_DeleteSvc('Winrx38');
BC_DeleteSvc('Winrx06');
BC_DeleteSvc('Winou30');
BC_DeleteSvc('Winms73');
BC_DeleteSvc('Winkq63');
BC_DeleteSvc('Winkq38');
BC_DeleteSvc('Winhn63');
BC_DeleteSvc('Winel52');
BC_DeleteSvc('Winek52');
BC_DeleteSvc('Windj63');
BC_DeleteSvc('Windj16');
BC_DeleteSvc('Winci52');
BC_DeleteSvc('Winag85');
BC_Activate;
RebootWindows(true);
end.
[/CODE]
После перезагрузки:
- [url="http://virusinfo.info/showthread.php?t=10025"] Очистите [/url]темп-папки, кэш проводников и корзину.
- Закройте все программы, включая Антивирус и Файрвол, Оставьте запущенным [B]только Internet Explorer[/B]. Если он не запущен - запустите!!!
- Сделайте повторные логи по правилам.
- Включите Антвирус и Файрволл
- Подключите ПК к интернету/локалке
- Закачайте карантин по ссылке [COLOR="Red"][B]Прислать запрошенный карантин[/B][/COLOR] вверху темы.
- Прикрепите логи к новому сообщению.