Помогите в решении проблемы.
Printable View
Помогите в решении проблемы.
[B][COLOR="Red"]Отключите восстановление системы![/COLOR][/B]
[URL="http://virusinfo.info/showthread.php?t=7239"]В AVZ -> файл-> Выполнить скрипт[/URL]
[CODE]
begin
ClearQuarantine;
SearchRootkit(true, true);
SetAVZGuardStatus(True);
QuarantineFile('C:\System Volume Information\_restore{50E7B03F-A915-4588-AA32-AE0B53AA521C}\RP1\A0000051.exe','');
QuarantineFile('C:\System Volume Information\_restore{50E7B03F-A915-4588-AA32-AE0B53AA521C}\RP1\A0000025.exe','');
DelBHO('{9D64F819-9380-8473-DAB2-702FCB3D7A3E}');
QuarantineFile('C:\Documents and Settings\Agent_San\Application Data\bpfeed.dll','');
QuarantineFile('C:\WINDOWS\system32\servises.exe','');
QuarantineFile('C:\WINDOWS\system32\restorer64_a.exe','');
QuarantineFile('C:\WINDOWS\system32\regedit.exe','');
QuarantineFile('C:\WINDOWS\Temp\wpv831255703227.exe','');
QuarantineFile('C:\Documents and Settings\Agent_San\Application Data\seres.exe','');
QuarantineFile('C:\Documents and Settings\Agent_San\Application Data\svcst.exe','');
QuarantineFile('C:\Documents and Settings\Agent_San\restorer64_a.exe','');
QuarantineFile('C:\WINDOWS\dmgr134.sys','');
QuarantineFile('C:\WINDOWS\System32\{991F0AD1-DA5D-4dc3-B0BA-F46BA0F1D3CB}.dll','');
DeleteFile('C:\WINDOWS\System32\{991F0AD1-DA5D-4dc3-B0BA-F46BA0F1D3CB}.dll');
DeleteFile('C:\WINDOWS\system32\xxsfus.dll');
DeleteFile('C:\WINDOWS\system32\servises.exe');
DeleteFile('C:\WINDOWS\system32\regedit.exe');
DeleteFile('C:\WINDOWS\system32\restorer64_a.exe');
DeleteFile('C:\Documents and Settings\Agent_San\Application Data\bpfeed.dll');
DeleteFile('C:\System Volume Information\_restore{50E7B03F-A915-4588-AA32-AE0B53AA521C}\RP1\A0000025.exe');
DeleteFile('C:\System Volume Information\_restore{50E7B03F-A915-4588-AA32-AE0B53AA521C}\RP1\A0000051.exe');
DeleteFile('C:\Program Files\AntivirusPro_2010\AntivirusPro_2010.exe');
DeleteFile('C:\WINDOWS\Temp\wpv831255703227.exe');
DeleteFile('C:\WINDOWS\dmgr134.sys');
DeleteFile('C:\WINDOWS\system32\2.exe');
DeleteFile('C:\Documents and Settings\Agent_San\restorer64_a.exe');
DeleteFile('C:\Documents and Settings\Agent_San\Application Data\svcst.exe');
DeleteFile('C:\Documents and Settings\Agent_San\Application Data\seres.exe');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','mserv');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','svchost');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','restorer64_a');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','Antivirus Pro 2010');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','sysgif32');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','systme');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','Regedit32');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','restorer64_a');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','servises');
DeleteFileMask('C:\WINDOWS\Temp', '*.*', true);
DeleteFileMask('C:\Program Files\AntivirusPro_2010', '*.*', true);
BC_Importall;
ExecuteSysClean;
BC_Activate;
end.
[/CODE]
Компьютер перезагрузится.
Пришлите карантин согласно правил по ссылке [COLOR="Red"][B]Прислать запрошенный карантин[/B][/COLOR].
Повторите логи по правилам.
[size="1"][color="#666686"][B][I]Добавлено через 2 минуты[/I][/B][/color][/size]
И вот это ещё сделайте [URL="http://forum.kaspersky.com/index.php?showtopic=101154"]http://forum.kaspersky.com/index.php?showtopic=101154[/URL]