:ohmy: Помогите А ещё лезет постоянно какой-то червь Conficker AE :biggrinsanta: Антивирус -NOD 32, и Веб
Printable View
:ohmy: Помогите А ещё лезет постоянно какой-то червь Conficker AE :biggrinsanta: Антивирус -NOD 32, и Веб
[b]Отключите восстановление системы![/b]
Выполните скрипт в AVZ:
[code]
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
QuarantineFile('sys32.dll','');
QuarantineFile('digeste.dll','');
QuarantineFile('c006A934.mat','');
QuarantineFile('C:\WINDOWS\System32\msansspc.dll','');
QuarantineFile('C:\WINDOWS\System32\hhupd.exe','');
QuarantineFile('C:\Documents and Settings\1.GOMER\svchost.exe','');
QuarantineFile('C:\DOCUME~1\1C909~1.GOM\LOCALS~1\Temp\1\svchost.exe','');
QuarantineFile('C:\WINDOWS\system32\drivers\i386si.sys','');
QuarantineFile('C:\WINDOWS\system32\drivers\ksi32sk.sys','');
QuarantineFile('C:\WINDOWS\system32\drivers\netsik.sys','');
QuarantineFile('C:\WINDOWS\system32\drivers\nicsk32.sys','');
QuarantineFile('C:\WINDOWS\system32\drivers\port135sik.sys','');
QuarantineFile('C:\WINDOWS\system32\drivers\systemntmi.sys','');
QuarantineFile('C:\WINDOWS\System32\drivers\sgefqojsb.sys','');
QuarantineFile('C:\WINDOWS\system32\drivers\services.exe','');
DeleteFile('C:\WINDOWS\system32\drivers\services.exe');
DeleteFile('C:\WINDOWS\System32\drivers\sgefqojsb.sys');
DeleteFile('C:\WINDOWS\system32\drivers\systemntmi.sys');
DeleteFile('C:\WINDOWS\system32\drivers\port135sik.sys');
DeleteFile('C:\WINDOWS\system32\drivers\nicsk32.sys');
DeleteFile('C:\WINDOWS\system32\drivers\netsik.sys');
DeleteFile('C:\WINDOWS\system32\drivers\ksi32sk.sys');
DeleteFile('C:\WINDOWS\system32\drivers\i386si.sys');
DeleteFile('C:\DOCUME~1\1C909~1.GOM\LOCALS~1\Temp\1\svchost.exe');
DeleteFile('C:\Documents and Settings\1.GOMER\svchost.exe');
DeleteFile('C:\WINDOWS\System32\hhupd.exe');
DeleteFile('C:\WINDOWS\System32\msansspc.dll');
DeleteFile('c006A934.mat');
DeleteFile('digeste.dll');
DeleteFile('sys32.dll');
BC_ImportDeletedList;
ExecuteSysClean;
BC_DeleteSvc('Wintw58');
BC_DeleteSvc('Winpr58');
BC_DeleteSvc('Winmq25');
BC_DeleteSvc('Winkn81');
BC_DeleteSvc('Winhk71');
BC_DeleteSvc('Winbe24');
BC_DeleteSvc('vrispgxicjf');
BC_DeleteSvc('systemntmi');
BC_DeleteSvc('port135sik');
BC_DeleteSvc('nicsk32');
BC_DeleteSvc('netsik');
BC_DeleteSvc('ksi32sk');
BC_DeleteSvc('i386si');
BC_DeleteSvc('ati8wyxx');
BC_DeleteSvc('ati8cexx');
BC_DeleteSvc('ati7uxxx');
BC_DeleteSvc('ati7hkxx');
BC_DeleteSvc('ati7gixx');
BC_DeleteSvc('ati6twxx');
BC_DeleteSvc('ati6ehxx');
BC_DeleteSvc('ati64si');
BC_DeleteSvc('ati5jmxx');
BC_DeleteSvc('ati4ehxx');
BC_DeleteSvc('ati3tvxx');
BC_DeleteSvc('ati3nqxx');
BC_DeleteSvc('ati3knxx');
BC_DeleteSvc('ati2ycxx');
BC_DeleteSvc('ati2svxx');
BC_DeleteSvc('ati2suxx');
BC_DeleteSvc('ati2bexx');
BC_DeleteSvc('ati1wyxx');
BC_DeleteSvc('ati1uwxx');
BC_DeleteSvc('ati0ycxx');
BC_DeleteSvc('ati0ruxx');
BC_DeleteSvc('ati0ehxx');
BC_DeleteSvc('ati0bexx');
BC_DeleteSvc('Schedule');
BC_DeleteSvc('ThemesRSVP');
BC_DeleteSvc('SharedAccessServiceLayer');
BC_DeleteSvc('NtmsSvcBrowser');
BC_DeleteSvc('HidServwinmgmt');
BC_DeleteSvc('HidServSCardDrv');
BC_DeleteSvc('DhcpNetman');
BC_DeleteSvc('COMSysAppuploadmgr');
BC_Activate;
RebootWindows(true);
end.[/code]
Компьютер перезагрузится.
Пришлите карантин согласно приложению 3 правил
(загружать тут: [url]http://virusinfo.info/upload_virus.php?tid=38191[/url]).
Сделайте новые логи (лучше AVZ и HijackThis, а не AVPTool).