Прошу помощи
Printable View
Прошу помощи
Выполнить скрипт:
[CODE]begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
QuarantineFile('c:\windows\explorer.exe:userini.exe:$DATA','');
QuarantineFile('C:\WINDOWS\system32\userini.exe','');
QuarantineFile('C:\Documents and Settings\1.ALEX-7EC9A68B79\ikyu.exe','');
QuarantineFile('C:\Documents and Settings\1.ALEX-7EC9A68B79\Application Data\yxdqln.exe,C:\Documents and Settings\1.ALEX-7EC9A68B79\Application Data\irvlna.exe,explorer.exe,C:\RECYCLER\S-1-5-21-4132972133-2037526008-710209850-5293\nissan.exe','');
QuarantineFile('C:\Documents and Settings\1.ALEX-7EC9A68B79\Application Data\irvlna.exe','');
QuarantineFile('C:\Documents and Settings\1.ALEX-7EC9A68B79\Application Data\Microsoft Security Essentials\msseces.exe','');
QuarantineFile('C:\DOCUME~1\185CD~1.ALE\LOCALS~1\Temp\Rar$EX00.984\InternetConnect2.exe','');
QuarantineFile('C:\WINDOWS\system32\drivers\protect.sys','');
DeleteService('aic32p');
DeleteService('qaqjfoxt');
QuarantineFile('C:\WINDOWS\system32\Drivers\qaqjfoxt.sys','');
QuarantineFile('C:\WINDOWS\system32\drivers\kjhqnn.sys','');
QuarantineFile('c:\windows\temp\winjnmvys.exe','');
QuarantineFile('C:\Documents and Settings\1.ALEX-7EC9A68B79\Application Data\yxdqln.exe,C:\Documents and Settings\1.ALEX-7EC9A68B79\Application Data\irvlna.exe,explorer.exe,C:\RECYCLER\S-1-5-21-4132972133-2037526008-710209850-5293\nissan.exe','');
DeleteFile('c:\windows\temp\winjnmvys.exe');
DeleteFile('c:\windows\temp\winmvqjcx.exe');
DeleteFile('C:\WINDOWS\system32\drivers\kjhqnn.sys');
DeleteFile('C:\WINDOWS\system32\Drivers\qaqjfoxt.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\qaqjfoxt.sys');
DeleteFile('C:\Documents and Settings\1.ALEX-7EC9A68B79\Application Data\irvlna.exe');
DeleteFile('C:\Documents and Settings\1.ALEX-7EC9A68B79\Application Data\yxdqln.exe');
DeleteFile('C:\Documents and Settings\1.ALEX-7EC9A68B79\Application Data\irvlna.exe');
DeleteFile('C:\RECYCLER\S-1-5-21-4132972133-2037526008-710209850-5293\nissan.exe');
DeleteFile('C:\Documents and Settings\1.ALEX-7EC9A68B79\ikyu.exe');
DeleteFile('C:\WINDOWS\system32\userini.exe');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run','userini');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run','userini');
DeleteFile('c:\windows\explorer.exe:userini.exe:$DATA');
BC_ImportDeletedList;
ExecuteSysClean;
BC_Activate;
end.[/CODE]
прислать карантин по Правилам.
Повторить логи.