[B][url]http://virusinfo.info/showthread.php?t=68900[/url][/B] вот тоже самое и у меня
пишу с другого ноута..
я так понял нужно найти этот код помогите плиз...
Printable View
[B][url]http://virusinfo.info/showthread.php?t=68900[/url][/B] вот тоже самое и у меня
пишу с другого ноута..
я так понял нужно найти этот код помогите плиз...
Там написано, как найти этот код.
Можете ещё сделать это [URL="http://virusinfo.info/showpost.php?p=306441&postcount=2"]http://virusinfo.info/showpost.php?p=306441&postcount=2[/URL] или это [URL="http://virusinfo.info/showpost.php?p=557652&postcount=5"]http://virusinfo.info/showpost.php?p=557652&postcount=5[/URL]
[size="1"][color="#666686"][B][I]Добавлено через 4 минуты[/I][/B][/color][/size]
[URL="http://www.drweb.com/unlocker/index/"]http://www.drweb.com/unlocker/index/[/URL] :)
код не подошел...
а скачать лайв сиди не могу так как скорость маленькая
[size="1"][color="#666686"][B][I]Добавлено через 1 час 53 минуты[/I][/B][/color][/size]
ПОМОГИТИЕ
[size="1"][color="#666686"][B][I]Добавлено через 4 часа 16 минут[/I][/B][/color][/size]
проверил куритом в безопасном режиме нашел кучу винлоков
но удалитть их немогу.жму удалитьт и ничего не происходит
вобщем еле как удалил вирус. окно терь не показывается...но невозможно запустить ни антивирь ни hijeckthjis сделал логи авз
Ничего себе зоопарк :). Выполните скрипт
[code]begin
SearchRootkit(true,true);
SetAVZGuardStatus(true);
QuarantineFile('C:\WINDOWS\system32\vidcap.ax:Wxzs+vE:$DATA','');
QuarantineFile('C:\WINDOWS\system32\wscui.cpl:Wxzs+vE:$DATA','');
QuarantineFile('C:\WINDOWS\system32\wiasf.ax:Wxzs+vE:$DATA','');
QuarantineFile('C:\DOCUME~1\test\LOCALS~1\Temp\BHX70A.tmp','');
QuarantineFile('C:\WINDOWS\system32\lnud.yjo','');
DeleteFile('C:\WINDOWS\system32\lnud.yjo');
DeleteFile('C:\DOCUME~1\test\LOCALS~1\Temp\BHX70A.tmp');
DeleteFile('C:\WINDOWS\system32\wscui.cpl:Wxzs+vE:$DATA');
DeleteFile('C:\WINDOWS\system32\wiasf.ax:Wxzs+vE:$DATA');
DeleteFile('C:\WINDOWS\system32\vidcap.ax:Wxzs+vE:$DATA');
DeleteFile('C:\WINDOWS\system32\tslabels.h:Wxzs+vE:$DATA');
DeleteFile('C:\WINDOWS\system32\sqlsodbc.chm:Wxzs+vE:$DATA');
DeleteFile('C:\WINDOWS\system32\picclp32.ocx:Wxzs+vE:$DATA');
DeleteFile('C:\WINDOWS\system32\PhysX.cpl:Wxzs+vE:$DATA');
DeleteFile('C:\WINDOWS\system32\pagefileconfig.vbs:Wxzs+vE:$DATA');
DeleteFile('C:\WINDOWS\system32\odbccp32.cpl:Wxzs+vE:$DATA');
DeleteFile('C:\WINDOWS\system32\mswinsck.ocx:Wxzs+vE:$DATA');
DeleteFile('C:\WINDOWS\system32\msflxgrd.ocx:Wxzs+vE:$DATA');
DeleteFile('C:\WINDOWS\system32\mmdriver.inf:Wxzs+vE:$DATA');
DeleteFile('C:\WINDOWS\system32\kswdmcap.ax:Wxzs+vE:$DATA');
DeleteFile('C:\WINDOWS\system32\joy.cpl:Wxzs+vE:$DATA');
DeleteFile('C:\WINDOWS\system32\ipsink.ax:Wxzs+vE:$DATA');
DeleteFile('C:\WINDOWS\system32\inetcpl.cpl:Wxzs+vE:$DATA');
DeleteFile('C:\WINDOWS\system32\dllcache\vbisurf.ax:Wxzs+vE:$DATA');
DeleteFile('C:\WINDOWS\system32\dllcache\tdc.ocx:Wxzs+vE:$DATA');
DeleteFile('C:\WINDOWS\system32\dllcache\prnmngr.vbs:Wxzs+vE:$DATA');
DeleteFile('C:\WINDOWS\system32\dllcache\prnjobs.vbs:Wxzs+vE:$DATA');
DeleteFile('C:\WINDOWS\system32\dllcache\prncnfg.vbs:Wxzs+vE:$DATA');
DeleteFile('C:\WINDOWS\system32\dllcache\odbccp32.cpl:Wxzs+vE:$DATA');
DeleteFile('C:\WINDOWS\system32\dllcache\nwc.cpl:Wxzs+vE:$DATA');
DeleteFile('C:\WINDOWS\system32\dllcache\msscds32.ax:Wxzs+vE:$DATA');
DeleteFile('C:\WINDOWS\system32\dllcache\msadds32.ax:Wxzs+vE:$DATA');
DeleteFile('C:\WINDOWS\system32\dllcache\mpg2splt.ax:Wxzs+vE:$DATA');
DeleteFile('C:\WINDOWS\system32\dllcache\kstvtune.ax:Wxzs+vE:$DATA');
DeleteFile('C:\WINDOWS\system32\dllcache\ieinfo5.ocx:Wxzs+vE:$DATA');
DeleteFile('C:\WINDOWS\system32\dllcache\certmap.ocx:Wxzs+vE:$DATA');
DeleteFile('C:\WINDOWS\system32\dllcache\archvapp.inf:Wxzs+vE:$DATA');
DeleteFile('C:\WINDOWS\system32\dllcache\apps.chm:Wxzs+vE:$DATA');
DeleteFile('C:\WINDOWS\system32\desk.cpl:Wxzs+vE:$DATA');
DeleteFile('C:\WINDOWS\system32\binifix5.cmd:Wxzs+vE:$DATA');
DeleteFile('C:\WINDOWS\system32\access.cpl:Wxzs+vE:$DATA');
DeleteFile('C:\WINDOWS\inf\wdma_es3.inf:Wxzs+vE:$DATA');
DeleteFile('C:\WINDOWS\inf\secdrv.inf:Wxzs+vE:$DATA');
DeleteFile('C:\WINDOWS\inf\sceregvl.inf:Wxzs+vE:$DATA');
DeleteFile('C:\WINDOWS\inf\ricoh.inf:Wxzs+vE:$DATA');
DeleteFile('C:\WINDOWS\inf\ovcam.inf:Wxzs+vE:$DATA');
DeleteFile('C:\WINDOWS\inf\Oeminfo.inf:Wxzs+vE:$DATA');
DeleteFile('C:\WINDOWS\inf\oem29.inf:Wxzs+vE:$DATA');
DeleteFile('C:\WINDOWS\inf\oem2.inf:Wxzs+vE:$DATA');
DeleteFile('C:\WINDOWS\inf\nokia9500IrDA.inf:Wxzs+vE:$DATA');
DeleteFile('C:\WINDOWS\inf\nokia6230IrDA.inf:Wxzs+vE:$DATA');
DeleteFile('C:\WINDOWS\inf\netw940.inf:Wxzs+vE:$DATA');
DeleteFile('C:\WINDOWS\inf\netvt86.inf:Wxzs+vE:$DATA');
DeleteFile('C:\WINDOWS\inf\netnwcli.inf:Wxzs+vE:$DATA');
DeleteFile('C:\WINDOWS\inf\netmscli.inf:Wxzs+vE:$DATA');
DeleteFile('C:\WINDOWS\inf\netiprip.inf:Wxzs+vE:$DATA');
DeleteFile('C:\WINDOWS\inf\netfw.inf:Wxzs+vE:$DATA');
DeleteFile('C:\WINDOWS\inf\netfore.inf:Wxzs+vE:$DATA');
DeleteFile('C:\WINDOWS\inf\netdav.inf:Wxzs+vE:$DATA');
DeleteFile('C:\WINDOWS\inf\n7260Cable.inf:Wxzs+vE:$DATA');
DeleteFile('C:\WINDOWS\inf\n7200Cable.inf:Wxzs+vE:$DATA');
DeleteFile('C:\WINDOWS\inf\n6630BT.inf:Wxzs+vE:$DATA');
DeleteFile('C:\WINDOWS\inf\n3220Cable.inf:Wxzs+vE:$DATA');
DeleteFile('C:\WINDOWS\inf\mfx56nf.inf:Wxzs+vE:$DATA');
DeleteFile('C:\WINDOWS\inf\mflm.inf:Wxzs+vE:$DATA');
DeleteFile('C:\WINDOWS\inf\mfcem33.inf:Wxzs+vE:$DATA');
DeleteFile('C:\WINDOWS\inf\mfcem28.inf:Wxzs+vE:$DATA');
DeleteFile('C:\WINDOWS\inf\mf.inf:Wxzs+vE:$DATA');
DeleteFile('C:\WINDOWS\inf\mdmntt1.INF:Wxzs+vE:$DATA');
DeleteFile('C:\WINDOWS\inf\mdmmhzk1.inf:Wxzs+vE:$DATA');
DeleteFile('C:\WINDOWS\inf\mdmgl003.inf:Wxzs+vE:$DATA');
DeleteFile('C:\WINDOWS\inf\mdmar1.inf:Wxzs+vE:$DATA');
DeleteFile('C:\WINDOWS\inf\irnsc.inf:Wxzs+vE:$DATA');
DeleteFile('C:\WINDOWS\inf\irbus.inf:Wxzs+vE:$DATA');
DeleteFile('C:\WINDOWS\inf\icam5usb.inf:Wxzs+vE:$DATA');
DeleteFile('C:\WINDOWS\inf\camvid30.inf:Wxzs+vE:$DATA');
DeleteFile('C:\WINDOWS\inf\agtinst.inf:Wxzs+vE:$DATA');
DeleteFile('C:\WINDOWS\inf\acpi.inf:Wxzs+vE:$DATA');
DeleteFile('C:\WINDOWS\imsins.BAK:Wxzs+vE:$DATA');
DeleteFile('C:\WINDOWS\Help\wmplay.chm:Wxzs+vE:$DATA');
DeleteFile('C:\WINDOWS\Help\wbemtest.chm:Wxzs+vE:$DATA');
DeleteFile('C:\WINDOWS\Help\telnet.chm:Wxzs+vE:$DATA');
DeleteFile('C:\WINDOWS\Help\sysrestore.chm:Wxzs+vE:$DATA');
DeleteFile('C:\WINDOWS\Help\sysdm.chm:Wxzs+vE:$DATA');
DeleteFile('C:\WINDOWS\Help\sndvol32.chm:Wxzs+vE:$DATA');
DeleteFile('C:\WINDOWS\Help\secedit.chm:Wxzs+vE:$DATA');
DeleteFile('C:\WINDOWS\Help\scmconcepts.chm:Wxzs+vE:$DATA');
DeleteFile('C:\WINDOWS\Help\sce.chm:Wxzs+vE:$DATA');
DeleteFile('C:\WINDOWS\Help\regedit.chm:Wxzs+vE:$DATA');
DeleteFile('C:\WINDOWS\Help\plyr_err.chm:Wxzs+vE:$DATA');
DeleteFile('C:\WINDOWS\Help\password.chm:Wxzs+vE:$DATA');
DeleteFile('C:\WINDOWS\Help\osk.chm:Wxzs+vE:$DATA');
DeleteFile('C:\WINDOWS\Help\odbcinst.chm:Wxzs+vE:$DATA');
DeleteFile('C:\WINDOWS\Help\ntshared.chm:Wxzs+vE:$DATA');
DeleteFile('C:\WINDOWS\Help\ntdef.chm:Wxzs+vE:$DATA');
DeleteFile('C:\WINDOWS\Help\notepad.chm:Wxzs+vE:$DATA');
DeleteFile('C:\WINDOWS\Help\netcfg.chm:Wxzs+vE:$DATA');
DeleteFile('C:\WINDOWS\Help\mspaint.chm:Wxzs+vE:$DATA');
DeleteFile('C:\WINDOWS\Help\msmq.chm:Wxzs+vE:$DATA');
DeleteFile('C:\WINDOWS\Help\msconfig.chm:Wxzs+vE:$DATA');
DeleteFile('C:\WINDOWS\Help\mail.chm:Wxzs+vE:$DATA');
DeleteFile('C:\WINDOWS\Help\keyb.chm:Wxzs+vE:$DATA');
DeleteFile('C:\WINDOWS\Help\ipsecconcepts.chm:Wxzs+vE:$DATA');
DeleteFile('C:\WINDOWS\Help\intellimirror.chm:Wxzs+vE:$DATA');
DeleteFile('C:\WINDOWS\Help\input.chm:Wxzs+vE:$DATA');
DeleteFile('C:\WINDOWS\Help\imgprev.chm:Wxzs+vE:$DATA');
DeleteFile('C:\WINDOWS\Help\iismmc.chm:Wxzs+vE:$DATA');
DeleteFile('C:\WINDOWS\Help\ieakmmc.chm:Wxzs+vE:$DATA');
DeleteFile('C:\WINDOWS\Help\fonts.chm:Wxzs+vE:$DATA');
DeleteFile('C:\WINDOWS\Help\find.chm:Wxzs+vE:$DATA');
DeleteFile('C:\WINDOWS\Help\dkconcepts.chm:Wxzs+vE:$DATA');
DeleteFile('C:\WINDOWS\Help\digiras.chm:Wxzs+vE:$DATA');
DeleteFile('C:\WINDOWS\Help\cyycoins.chm:Wxzs+vE:$DATA');
DeleteFile('C:\WINDOWS\Help\compmgmt.chm:Wxzs+vE:$DATA');
DeleteFile('C:\WINDOWS\Help\compfldr.chm:Wxzs+vE:$DATA');
DeleteFile('C:\WINDOWS\Help\certmgr.chm:Wxzs+vE:$DATA');
DeleteFile('C:\WINDOWS\Help\brief.chm:Wxzs+vE:$DATA');
DeleteFile('C:\WINDOWS\Help\bootcons.chm:Wxzs+vE:$DATA');
DeleteFile('C:\WINDOWS\Help\apps_sp.chm:Wxzs+vE:$DATA');
DeleteFile('C:\WINDOWS\Help\accessib.chm:Wxzs+vE:$DATA');
BC_ImportALL;
BC_DeleteSvc('GarenaPEngine');
ExecuteSysClean;
BC_Activate;
ExecuteRepair(6);
ExecuteWizard('SCU', 2, 2, true);
ExecuteWizard('TSW', 2, 2, true);
RebootWindows(true);
end.[/code]
Закачайте полученный карантин по красной ссылке вверху. Повторите логи
вылез опять этот вирус...проверяю снова вебом..так как без этого авз не запустишь..
непонятно почему др.веб не удаляет...файл карантина весит 20 мб )))