Прошу помощи. Вот логи:
Printable View
Прошу помощи. Вот логи:
[URL="http://virusinfo.info/showthread.php?t=7239"]AVZ, меню "Файл - Выполнить скрипт" -- Скопировать ниже написанный скрипт-- Нажать кнопку "Запустить".[/URL]
[CODE]begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
QuarantineFile('C:\Documents and Settings\DIR01.NDIR\Application Data\AdobeUM\mssadv.dll','');
QuarantineFile('C:\Program Files\Microsoft Security Adviser\mssadv.exe','');
QuarantineFile('C:\mssadv.dll','');
QuarantineFile('C:\0xf9.exe','');
TerminateProcessByName('c:\program files\microsoft security adviser\msscan.exe');
QuarantineFile('c:\program files\microsoft security adviser\mssadv.exe','');
TerminateProcessByName('c:\program files\microsoft security adviser\mssadv.exe');
QuarantineFile('c:\program files\microsoft security adviser\msiemon.exe','');
TerminateProcessByName('c:\program files\microsoft security adviser\msiemon.exe');
QuarantineFile('c:\program files\microsoft security adviser\msfw.exe','');
TerminateProcessByName('c:\program files\microsoft security adviser\msfw.exe');
QuarantineFile('c:\program files\microsoft security adviser\msctrl.exe','');
TerminateProcessByName('c:\program files\microsoft security adviser\msctrl.exe');
QuarantineFile('c:\program files\microsoft security adviser\msavsc.exe','');
TerminateProcessByName('c:\program files\microsoft security adviser\msavsc.exe');
QuarantineFile('c:\winxp\system32\lphc1qbj0epej.exe','');
TerminateProcessByName('c:\winxp\system32\lphc1qbj0epej.exe');
TerminateProcessByName('c:\0xf9.exe');
QuarantineFile('c:\0xf9.exe','');
DeleteFile('c:\0xf9.exe');
DeleteFile('c:\winxp\system32\lphc1qbj0epej.exe');
DeleteFile('c:\program files\microsoft security adviser\msavsc.exe');
DeleteFile('c:\program files\microsoft security adviser\msctrl.exe');
DeleteFile('c:\program files\microsoft security adviser\msfw.exe');
DeleteFile('c:\program files\microsoft security adviser\msiemon.exe');
DeleteFile('c:\program files\microsoft security adviser\mssadv.exe');
DeleteFile('c:\program files\microsoft security adviser\msscan.exe');
DeleteFile('C:\WINXP\system32\lphc1qbj0epej.exe');
DeleteFile('C:\WINXP\system32\blphc1qbj0epej.scr');
DeleteFile('C:\0xf9.exe');
DeleteFile('C:\mssadv.dll');
BC_DeleteFile('C:\Program Files\Microsoft Security Adviser\mssadv.exe');
DeleteFile('C:\Documents and Settings\DIR01.NDIR\Application Data\AdobeUM\mssadv.dll');
BC_ImportALL;
ExecuteSysClean;
BC_Activate;
ExecuteRepair(5 );
ExecuteRepair(6 );
ExecuteRepair(11 );
RegKeyStrParamWrite('HKEY_USERS','.DEFAULT\Control Panel\Desktop','Wallpaper','');
RebootWindows(true);
end.[/CODE]
Пришлите карантин по правилам и повторите логи...
Карантин закачан: 081001_045241_virus_48e3486984a32.zip
Новые логи:
Что-нибудь осталось?
Внешние симптомы вроде исчезли.
Ничего плохого не видно.
Сервис Пак 3 поставте, возможно потребуется активация системы.
Большое спасибо за помощь!
Статистика проведенного лечения:
[LIST][*]Получено карантинов: [B]1[/B][*]Обработано файлов: [B]31[/B][*]В ходе лечения обнаружены вредоносные программы:
[LIST=1][*] c:\\documents and settings\\dir01.ndir\\application data\\adobeum\\mssadv.dll - [B]Trojan-Clicker.Win32.VB.ckd[/B] (DrWEB: Trojan.Click.20521)[*] c:\\mssadv.dll - [B]Trojan-Clicker.Win32.VB.ckd[/B] (DrWEB: Trojan.Click.20521)[*] c:\\program files\\microsoft security adviser\\msavsc.exe - [B]Trojan.Win32.Agent.afid[/B] (DrWEB: Trojan.DownLoad.6023)[*] c:\\program files\\microsoft security adviser\\msctrl.exe - [B]Trojan.Win32.Agent.afid[/B] (DrWEB: Trojan.DownLoad.6023)[*] c:\\program files\\microsoft security adviser\\msfw.exe - [B]Trojan.Win32.Agent.afid[/B] (DrWEB: Trojan.DownLoad.6023)[*] c:\\program files\\microsoft security adviser\\msiemon.exe - [B]Trojan.Win32.Agent.afid[/B] (DrWEB: Trojan.DownLoad.6023)[*] c:\\program files\\microsoft security adviser\\mssadv.exe - [B]Trojan-Clicker.Win32.VB.ckd[/B] (DrWEB: Trojan.Click.20521)[*] c:\\winxp\\system32\\lphc1qbj0epej.exe - [B]Trojan-Downloader.Win32.Small.aean[/B] (DrWEB: Trojan.Fakealert.1321)[*] c:\\0xf9.exe - [B]Trojan-Downloader.Win32.VB.hww[/B] (DrWEB: Trojan.DownLoad.8677)[/LIST][/LIST]