Вирусы есть и это видно но НОД ваще не помогает...
Заранее благодарен!)))
Printable View
Вирусы есть и это видно но НОД ваще не помогает...
Заранее благодарен!)))
Скачайте [URL="http://virusinfo.info/showthread.php?t=17109"]IceSword [/URL], поищите и скопируйте файлы:
[CODE]C:\WINDOWS\System32\Drivers\Winru34.sys
[/CODE]
Скопированные с помощью IceSword файлы сохраните в карантине (Приложение 2 правил).
Потом удалите их с помощью [URL="http://virusinfo.info/showthread.php?t=17228"]force delete[/URL]
Если Вы какие-то файлы не обнаружите - переходите к следующему шагу.
Закройте все открытые приложения, кроме АVZ и Internet Explorer.
Отключите
- ПК от интернета/локалки
- Антивирус и Файрвол.
- Системное восстановление.
- [URL="http://virusinfo.info/showthread.php?t=7239"]Выполните скрипт[/URL]
[CODE]begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
QuarantineFile('C:\WINDOWS\System32\Drivers\Winar80.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winbs62.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winct06.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Wincw06.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winem01.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winey40.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winfk35.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winfs41.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winfu18.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winfu62.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winge14.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Wingv60.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winib14.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winin42.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winjg43.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winjh60.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winjo24.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winjo46.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winjt22.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winkp77.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winkx23.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winlb46.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winlt06.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winlx10.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winmh77.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winmr58.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winnf48.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winnn85.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winoh11.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winom18.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winoo61.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winpd66.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winpn11.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winpn73.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winqv07.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winrw10.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winsl52.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winsn42.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winsp12.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winss42.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Wintl38.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winua61.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winui15.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winvl11.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winxp47.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winye30.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winyh72.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winyj52.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winru34.sys','');
QuarantineFile('C:\WINDOWS\system32\blphctw0j0ep7c.scr','');
QuarantineFile('C:\WINDOWS\system32\braviax.exe','');
QuarantineFile('C:\WINDOWS\system32\lphctw0j0ep7c.exe','');
QuarantineFile('WinCtrl32.dll','');
DeleteService('Winyj52');
DeleteService('Winye30');
DeleteService('Winxp47');
DeleteService('Winvl11');
DeleteService('Winui15');
DeleteService('Winua61');
DeleteService('Wintl38');
DeleteService('Winss42');
DeleteService('Winsp12');
DeleteService('Winsn42');
DeleteService('Winsl52');
DeleteService('Winrw10');
DeleteService('Winrr88');
DeleteService('Winrk01');
DeleteService('Winqy43');
DeleteService('Winqv07');
DeleteService('Winpn73');
DeleteService('Winpn11');
DeleteService('Winpd66');
DeleteService('Winoo61');
DeleteService('Winom18');
DeleteService('Winoh11');
DeleteService('Winnn85');
DeleteService('Winnk77');
DeleteService('Winnf48');
DeleteService('Winmr58');
DeleteService('Winmh77');
DeleteService('Winlx10');
DeleteService('Winlt06');
DeleteService('Winkx23');
DeleteService('Winkp77');
DeleteService('Winjt22');
DeleteService('Winjo24');
DeleteService('Winjh60');
DeleteService('Winjg43');
DeleteService('Winin42');
DeleteService('Winib14');
DeleteService('Wingv60');
DeleteService('Winge14');
DeleteService('Winfu62');
DeleteService('Winfu18');
DeleteService('Winfs41');
DeleteService('Winfk35');
DeleteService('Winey40');
DeleteService('Winem01');
DeleteService('Winds47');
DeleteService('Wincw06');
DeleteService('Winct06');
DeleteService('Winbs62');
DeleteService('Winar80');
DeleteService('ALGRpcSs');
DeleteService('ALGseclogonVSS');
DeleteService('BrowserImapiServiceSSDPSRVsrserviceUPS');
DeleteService('CiSvcPolicyAgent');
DeleteService('CryptSvcUPS');
DeleteService('CryptSvcUPSDhcpEventSystemAudioSrv');
DeleteService('CryptSvcUPSseclogonBrowser');
DeleteService('CryptSvcUPSseclogonBrowserDhcp');
DeleteService('CryptSvcUPSseclogonBrowserWMPNetworkSvc');
DeleteService('DhcpEventSystemAudioSrv');
DeleteService('EhttpSrvoseProtectedStorageDnscache');
DeleteService('EhttpSrvoseProtectedStorageDnscacheTapiSrvLmHosts');
DeleteService('EhttpSrvoseProtectedStorageDnscacheWmi');
DeleteService('ekrnRasAuto');
DeleteService('ERSvcAlerter');
DeleteService('ERSvcSwPrv');
DeleteService('EventSystemAudioSrv');
DeleteService('EventSystemwinmgmt');
DeleteService('helpsvcERSvcAlerter');
DeleteService('HidServWZCSVCALGCiSvc');
DeleteService('ImapiServiceSSDPSRV');
DeleteService('ImapiServiceSSDPSRVsrserviceUPS');
DeleteService('ImapiServiceSSDPSRVsrserviceUPSNetDDEsrserviceUPS');
DeleteService('lanmanworkstationWmiApSrv');
DeleteService('mnmsrvcLmHosts');
DeleteService('mnmsrvcTermServiceAppMgmt');
DeleteService('NetDDESchedule');
DeleteService('NetDDEsrserviceUPS');
DeleteService('NetmanoseProtectedStorageDnscache');
DeleteService('NtLmSspCryptSvcUPSseclogonBrowserDhcp');
DeleteService('oseProtectedStorage');
DeleteService('oseProtectedStorageDnscache');
DeleteService('ProtectedStoragemnmsrvc');
DeleteService('RemoteAccessdmserver');
DeleteService('RpcSsdmadmin');
DeleteService('RpcSsstisvc');
DeleteService('seclogonBrowser');
DeleteService('seclogonEventSystem');
DeleteService('seclogonRDSessMgr');
DeleteService('seclogonVSS');
DeleteService('SharedAccesswuauserv');
DeleteService('SpoolerWMPNetworkSvc');
DeleteService('srserviceUPS');
DeleteService('SwPrvWZCSVCALGCiSvc');
DeleteService('TapiSrvLmHosts');
DeleteService('TermServiceAppMgmt');
DeleteService('TermServiceSwPrv');
DeleteService('TlntSvrWudfSvc');
DeleteService('TlntSvrWudfSvcImapiServiceSSDPSRVsrserviceUPS');
DeleteService('TrkWksFastUserSwitchingCompatibility');
DeleteService('WebClientPlugPlay');
DeleteService('WmdmPmSNWMPNetworkSvc');
DeleteService('WmiNetDDEsrserviceUPS');
DeleteService('WMPNetworkSvcWZCSVC');
DeleteService('wscsvcseclogonBrowser');
DeleteService('WZCSVCALG');
DeleteService('WZCSVCALGCiSvc');
DeleteService('Winru34');
DeleteFile('WinCtrl32.dll');
DeleteFile('C:\WINDOWS\system32\lphctw0j0ep7c.exe');
DeleteFile('C:\WINDOWS\system32\braviax.exe');
DeleteFile('C:\WINDOWS\system32\blphctw0j0ep7c.scr');
DeleteFile('C:\WINDOWS\System32\Drivers\Winru34.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winyj52.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winyh72.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winye30.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winxp47.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winvl11.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winui15.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winua61.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Wintl38.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winss42.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winsp12.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winsn42.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winsl52.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winrw10.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winrr88.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winrk01.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winqy43.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winqv07.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winpn11.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winpd66.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winoo61.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winom18.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winoh11.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winnn85.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winnk77.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winnf48.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winmr58.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winmh77.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winlx10.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winlt06.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winlb46.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winkx23.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winkp77.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winjt22.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winjo46.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winjo24.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winjh60.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winjg43.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winin42.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winib14.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Wingv60.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winge14.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winfu62.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winfu18.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winfs41.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winfk35.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winey40.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winem01.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winds47.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Wincw06.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winct06.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winbs62.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winar80.sys');
BC_ImportAll;
ExecuteSysClean;
BC_DeleteSvc('Winyj52');
BC_DeleteSvc('Winye30');
BC_DeleteSvc('Winxp47');
BC_DeleteSvc('Winvl11');
BC_DeleteSvc('Winui15');
BC_DeleteSvc('Winua61');
BC_DeleteSvc('Wintl38');
BC_DeleteSvc('Winss42');
BC_DeleteSvc('Winsp12');
BC_DeleteSvc('Winsn42');
BC_DeleteSvc('Winsl52');
BC_DeleteSvc('Winrw10');
BC_DeleteSvc('Winrr88');
BC_DeleteSvc('Winrk01');
BC_DeleteSvc('Winqy43');
BC_DeleteSvc('Winqv07');
BC_DeleteSvc('Winpn73');
BC_DeleteSvc('Winpn11');
BC_DeleteSvc('Winpd66');
BC_DeleteSvc('Winoo61');
BC_DeleteSvc('Winom18');
BC_DeleteSvc('Winoh11');
BC_DeleteSvc('Winnn85');
BC_DeleteSvc('Winnk77');
BC_DeleteSvc('Winnf48');
BC_DeleteSvc('Winmr58');
BC_DeleteSvc('Winmh77');
BC_DeleteSvc('Winlx10');
BC_DeleteSvc('Winlt06');
BC_DeleteSvc('Winkx23');
BC_DeleteSvc('Winkp77');
BC_DeleteSvc('Winjt22');
BC_DeleteSvc('Winjo24');
BC_DeleteSvc('Winjh60');
BC_DeleteSvc('Winjg43');
BC_DeleteSvc('Winin42');
BC_DeleteSvc('Winib14');
BC_DeleteSvc('Wingv60');
BC_DeleteSvc('Winge14');
BC_DeleteSvc('Winfu62');
BC_DeleteSvc('Winfu18');
BC_DeleteSvc('Winfs41');
BC_DeleteSvc('Winfk35');
BC_DeleteSvc('Winey40');
BC_DeleteSvc('Winem01');
BC_DeleteSvc('Winds47');
BC_DeleteSvc('Wincw06');
BC_DeleteSvc('Winct06');
BC_DeleteSvc('Winbs62');
BC_DeleteSvc('Winar80');
BC_DeleteSvc('ALGRpcSs');
BC_DeleteSvc('ALGseclogonVSS');
BC_DeleteSvc('BrowserImapiServiceSSDPSRVsrserviceUPS');
BC_DeleteSvc('CiSvcPolicyAgent');
BC_DeleteSvc('CryptSvcUPS');
BC_DeleteSvc('CryptSvcUPSDhcpEventSystemAudioSrv');
BC_DeleteSvc('CryptSvcUPSseclogonBrowser');
BC_DeleteSvc('CryptSvcUPSseclogonBrowserDhcp');
BC_DeleteSvc('CryptSvcUPSseclogonBrowserWMPNetworkSvc');
BC_DeleteSvc('DhcpEventSystemAudioSrv');
BC_DeleteSvc('EhttpSrvoseProtectedStorageDnscache');
BC_DeleteSvc('EhttpSrvoseProtectedStorageDnscacheTapiSrvLmHosts');
BC_DeleteSvc('EhttpSrvoseProtectedStorageDnscacheWmi');
BC_DeleteSvc('ekrnRasAuto');
BC_DeleteSvc('ERSvcAlerter');
BC_DeleteSvc('ERSvcSwPrv');
BC_DeleteSvc('EventSystemAudioSrv');
BC_DeleteSvc('EventSystemwinmgmt');
BC_DeleteSvc('helpsvcERSvcAlerter');
BC_DeleteSvc('HidServWZCSVCALGCiSvc');
BC_DeleteSvc('ImapiServiceSSDPSRV');
BC_DeleteSvc('ImapiServiceSSDPSRVsrserviceUPS');
BC_DeleteSvc('ImapiServiceSSDPSRVsrserviceUPSNetDDEsrserviceUPS');
BC_DeleteSvc('lanmanworkstationWmiApSrv');
BC_DeleteSvc('mnmsrvcLmHosts');
BC_DeleteSvc('mnmsrvcTermServiceAppMgmt');
BC_DeleteSvc('NetDDESchedule');
BC_DeleteSvc('NetDDEsrserviceUPS');
BC_DeleteSvc('NetmanoseProtectedStorageDnscache');
BC_DeleteSvc('NtLmSspCryptSvcUPSseclogonBrowserDhcp');
BC_DeleteSvc('oseProtectedStorage');
BC_DeleteSvc('oseProtectedStorageDnscache');
BC_DeleteSvc('ProtectedStoragemnmsrvc');
BC_DeleteSvc('RemoteAccessdmserver');
BC_DeleteSvc('RpcSsdmadmin');
BC_DeleteSvc('RpcSsstisvc');
BC_DeleteSvc('seclogonBrowser');
BC_DeleteSvc('seclogonEventSystem');
BC_DeleteSvc('seclogonRDSessMgr');
BC_DeleteSvc('seclogonVSS');
BC_DeleteSvc('SharedAccesswuauserv');
BC_DeleteSvc('SpoolerWMPNetworkSvc');
BC_DeleteSvc('srserviceUPS');
BC_DeleteSvc('SwPrvWZCSVCALGCiSvc');
BC_DeleteSvc('TapiSrvLmHosts');
BC_DeleteSvc('TermServiceAppMgmt');
BC_DeleteSvc('TermServiceSwPrv');
BC_DeleteSvc('TlntSvrWudfSvc');
BC_DeleteSvc('TlntSvrWudfSvcImapiServiceSSDPSRVsrserviceUPS');
BC_DeleteSvc('TrkWksFastUserSwitchingCompatibility');
BC_DeleteSvc('WebClientPlugPlay');
BC_DeleteSvc('WmdmPmSNWMPNetworkSvc');
BC_DeleteSvc('WmiNetDDEsrserviceUPS');
BC_DeleteSvc('WMPNetworkSvcWZCSVC');
BC_DeleteSvc('wscsvcseclogonBrowser');
BC_DeleteSvc('WZCSVCALG');
BC_DeleteSvc('WZCSVCALGCiSvc');
BC_DeleteSvc('Winru34');
BC_Activate;
RebootWindows(true);
end.
[/CODE]
После перезагрузки:
- [url="http://virusinfo.info/showthread.php?t=10025"] Очистите [/url]темп-папки, кэш проводников и корзину.
- Закройте все программы, включая Антивирус и Файрвол, Оставьте запущенным [B]только Internet Explorer[/B]. Если он не запущен - запустите!!!
- Сделайте повторные логи по правилам.
- Включите Антвирус и Файрволл
- Подключите ПК к интернету/локалке
- Закачайте карантин по ссылке [COLOR="Red"][B]Прислать запрошенный карантин[/B][/COLOR] вверху темы.
- Прикрепите логи к новому сообщению.
Статистика проведенного лечения:
[LIST][*]Получено карантинов: [B]1[/B][*]Обработано файлов: [B]19[/B][*]В ходе лечения обнаружены вредоносные программы:
[LIST=1][*] c:\\program files\\lingobit localizer\\localizer.com - [B]Trojan.Win32.Rabbit.a[/B][/LIST][/LIST]