Компьютер не видит другие компьютеры в рабочей группе.

Printable View

13.07.2010, 18:37
tmsc

Компьютер не видит другие компьютеры в рабочей группе.

Компьютер не видит другие компьютеры в рабочей группе.
Установлен лицензионный Др. Веб.
Логи во вложении.
13.07.2010, 18:51
olejah

Закройте все программы
Отключите
- ПК от интернета/локалки.
- Антивирус и Файрвол
[URL="http://virusinfo.info/showthread.php?t=4905"]- Системное восстановление[/URL]

[URL="http://virusinfo.info/showthread.php?t=7239"]Выполните скрипт в АВЗ[/URL] -

[CODE]begin
SearchRootkit(true, true);
SetAVZGuardStatus(true);
QuarantineFile('C:\WINDOWS\system32\07D7.tmp','');
QuarantineFile('C:\WINDOWS\system32\01.tmp','');
DeleteFile('C:\WINDOWS\system32\01.tmp');
DeleteFile('C:\WINDOWS\system32\07D7.tmp');
DeleteService('acjqk');
DeleteService('zvhktqou');
DeleteService('zttapx');
DeleteService('zsphzruf');
DeleteService('zoeonxmcs');
DeleteService('znmst');
DeleteService('zkeqqkus');
DeleteService('zjyob');
DeleteService('zjfwgdnjv');
DeleteService('zejevkwfj');
DeleteService('zbrtvymjo');
DeleteService('yukmae');
DeleteService('yuglffmrk');
DeleteService('yriajsmw');
DeleteService('ymogifeah');
DeleteService('ymllwiwy');
DeleteService('ykwolug');
DeleteService('yisujjgjy');
DeleteService('yhfwwzhqc');
DeleteService('yfynnif');
DeleteService('ydsgbft');
DeleteService('ybgqta');
DeleteService('xzwpdooy');
DeleteService('xzougo');
DeleteService('xwsbyvwub');
DeleteService('xwlxzo');
DeleteService('xusejz');
DeleteService('xqlxi');
DeleteService('xoobar');
DeleteService('xmkcabfbs');
DeleteService('xjxfqtnxi');
DeleteService('xixbwvxtb');
DeleteService('xfzrij');
DeleteService('xfqwmp');
DeleteService('xefmivnab');
DeleteService('xdgddr');
DeleteService('xdcqhl');
DeleteService('xbtkt');
DeleteService('xawkeoatw');
DeleteService('wwqwvt');
DeleteService('wsiysfcxz');
DeleteService('wrwwkiahj');
DeleteService('wqiockzht');
DeleteService('wctgzr');
DeleteService('vtbft');
DeleteService('vnmdlstm');
DeleteService('vmoqsnz');
DeleteService('vlhqs');
DeleteService('vhisrbi');
DeleteService('uwsrebb');
DeleteService('uvijhjeva');
DeleteService('utyuryr');
DeleteService('uqsuno');
DeleteService('upifngme');
DeleteService('upbhe');
DeleteService('unrmrzs');
DeleteService('ukkla');
DeleteService('uisuqwvja');
DeleteService('ugwrihl');
DeleteService('ubwoybtx');
DeleteService('ubavv');
DeleteService('tzjwmzo');
DeleteService('tzeczhiyn');
DeleteService('tskssmoep');
DeleteService('tqxwlxzsu');
DeleteService('toecg');
DeleteService('tnwtrudfp');
DeleteService('tmsrvxi');
DeleteService('tmngbum');
DeleteService('tlpxc');
DeleteService('tkabbt');
DeleteService('thrsjek');
DeleteService('thcemjf');
DeleteService('tgxkf');
DeleteService('tfulbd');
DeleteService('tejcka');
DeleteService('tdcbtd');
DeleteService('tbszfnw');
DeleteService('tbixc');
DeleteService('swlpc');
DeleteService('srryu');
DeleteService('snlmwiz');
DeleteService('slsjn');
DeleteService('sjskrcf');
DeleteService('shace');
DeleteService('sbrzv');
DeleteService('sbryyt');
DeleteService('sascex');
DeleteService('rzstokts');
DeleteService('ryaupu');
DeleteService('rsqvjczr');
DeleteService('rspwhcas');
DeleteService('rnzwdi');
DeleteService('rljceghsx');
DeleteService('rjtyhumg');
DeleteService('rgudywz');
DeleteService('rfthqollc');
DeleteService('relqswzzc');
DeleteService('qzsntgul');
DeleteService('qyiwlgmaw');
DeleteService('qyfsf');
DeleteService('qwdguo');
DeleteService('qwabzk');
DeleteService('qsmlkt');
DeleteService('qpufs');
DeleteService('qpexeeo');
DeleteService('qokctnc');
DeleteService('qmtszdksf');
DeleteService('qdwcddn');
DeleteService('qdnrh');
DeleteService('pzpfkre');
DeleteService('pxtcnyp');
DeleteService('pvdjilkeq');
DeleteService('psock');
DeleteService('pshhpvp');
DeleteService('pqzzngp');
DeleteService('pnjfudykh');
DeleteService('plmrbd');
DeleteService('pdyxhu');
DeleteService('pbgdkdfj');
DeleteService('ozpfcemp');
DeleteService('otcsv');
DeleteService('osengen');
DeleteService('opzgyect');
DeleteService('oiootxr');
DeleteService('ogdqdggp');
DeleteService('nxmvpftm');
DeleteService('nxjyv');
DeleteService('ntist');
DeleteService('nrmbxel');
DeleteService('npkdh');
DeleteService('nknows');
DeleteService('nggab');
DeleteService('nfilk');
DeleteService('ndeuis');
DeleteService('ndefltnxw');
DeleteService('nctglind');
DeleteService('nbnvicrys');
DeleteService('nbbkldwc');
DeleteService('mzftbqon');
DeleteService('mtkiv');
DeleteService('msxqvlq');
DeleteService('msrxvhzsi');
DeleteService('msmhe');
DeleteService('mqrerpsty');
DeleteService('mnlgspx');
DeleteService('mlcuu');
DeleteService('mkxxuzmm');
DeleteService('mjxcbxg');
DeleteService('mitws');
DeleteService('mdyyavx');
DeleteService('lvuobuxkl');
DeleteService('lntpq');
DeleteService('lnqjktox');
DeleteService('lkbnwtgj');
DeleteService('lgtouz');
DeleteService('lgsjdupbd');
DeleteService('lcevlotf');
DeleteService('kyrdq');
DeleteService('kwztxila');
DeleteService('kwsfdf');
DeleteService('krgkwrr');
DeleteService('kpaxpls');
DeleteService('kobogs');
DeleteService('klomddt');
DeleteService('keuyjlh');
DeleteService('keqxxbjd');
DeleteService('jzhhrmi');
DeleteService('jtcsdkmi');
DeleteService('jptqy');
DeleteService('joqeqvn');
DeleteService('jobcy');
DeleteService('jnpgckej');
DeleteService('jmvxy');
DeleteService('jieoa');
DeleteService('jhezs');
DeleteService('jgoow');
DeleteService('jfeniddgv');
DeleteService('itdtaslc');
DeleteService('irlci');
DeleteService('iodjikiq');
DeleteService('iljvxebbs');
DeleteService('iknyp');
DeleteService('ikhqe');
DeleteService('ijqvm');
DeleteService('hybyqyejh');
DeleteService('htfftj');
DeleteService('hsqqeh');
DeleteService('hmyyv');
DeleteService('hiodmr');
DeleteService('hhglqcdcf');
DeleteService('hfyetsf');
DeleteService('hdbcxqlj');
DeleteService('hbwidglgb');
DeleteService('gzwgwxm');
DeleteService('gzodkz');
DeleteService('guyuarnmf');
DeleteService('gupitbcmw');
DeleteService('gugbbcjr');
DeleteService('gubuusjjx');
DeleteService('gqnpl');
DeleteService('glxwetklt');
DeleteService('gkczi');
DeleteService('gizbol');
DeleteService('gcxcxcqd');
DeleteService('fzuaibn');
DeleteService('fyxmhvmj');
DeleteService('fryusl');
DeleteService('frgvn');
DeleteService('fnnpuad');
DeleteService('fnhhz');
DeleteService('fmnvts');
DeleteService('fmbvdsfrb');
DeleteService('fkdofcqcv');
DeleteService('feictw');
DeleteService('ezijst');
DeleteService('euxdrgwr');
DeleteService('eusgnniy');
DeleteService('ergiqbrvd');
DeleteService('erecncpes');
DeleteService('eqqoy');
DeleteService('epqvusmst');
DeleteService('eofvmza');
DeleteService('ekold');
DeleteService('ekimzs');
DeleteService('egrcat');
DeleteService('eexrpqq');
DeleteService('ecyhkoyr');
DeleteService('dzlsuex');
DeleteService('dyeanrra');
DeleteService('dviop');
DeleteService('dtubesli');
DeleteService('dshflalfc');
DeleteService('dkunt');
DeleteService('dkdszdag');
DeleteService('dhvzjvbvi');
DeleteService('dgaeupvvm');
DeleteService('deyevf');
DeleteService('czcbegja');
DeleteService('czauyyy');
DeleteService('cwpemtjxu');
DeleteService('cwieq');
DeleteService('cuyij');
DeleteService('ckizqh');
DeleteService('ciagq');
DeleteService('cdvzxi');
DeleteService('caklesxe');
DeleteService('buvsemtp');
DeleteService('buegdrvwl');
DeleteService('btmfwa');
DeleteService('bshycuhi');
DeleteService('bgmpp');
DeleteService('bfofud');
DeleteService('bcvod');
DeleteService('atntaa');
DeleteService('ajjmf');
DeleteService('akuxws');
DeleteService('akzrvvxm');
DeleteService('aggdkkcxm');
RegKeyResetSecurity('HKLM', 'SYSTEM\CurrentControlSet\Services\umtjbecup');
RegKeyResetSecurity('HKLM', 'SYSTEM\CurrentControlSet\Services\umtjbecup\Parameters');
RegKeyResetSecurity('HKLM', 'SYSTEM\CurrentControlSet\Services\xgxnbs');
RegKeyResetSecurity('HKLM', 'SYSTEM\CurrentControlSet\Services\xgxnbs\Parameters');
BC_ImportAll;
ExecuteSysClean;
ExecuteWizard('TSW',2,2,true);
BC_Activate;
RebootWindows(true);
end.[/CODE]

После выполнения скрипта компьютер перезагрузится.

После перезагрузки:
- выполните такой скрипт

[CODE]begin
CreateQurantineArchive(GetAVZDirectory+'quarantine.zip');
end.[/CODE]

Пришлите файл [B][COLOR="Red"]quarantine.zip[/COLOR][/B] из папки AVZ по ссылке [COLOR="Red"][B][U]Прислать запрошенный карантин[/U][/B][/COLOR] над первым сообщением этой темы.

Повторите логи.
15.07.2010, 16:29
tmsc

Карантин загрузил.
Логи во вложении.
15.07.2010, 16:54
olejah

[URL="http://virusinfo.info/showthread.php?t=7239"]Выполните скрипт в АВЗ[/URL] -

[CODE]begin
SearchRootkit(true, true);
SetAVZGuardStatus(true);
DeleteFileMask(GetAVZDirectory + 'Quarantine', '*.*', true);
DeleteService('xkmjtz');
QuarantineFile('C:\Windows\temp\LPTWDMIO.SYS','');
QuarantineFile('C:\WINDOWS\system32\hgpexfk.dll','');
DeleteFile('C:\WINDOWS\system32\01.tmp');
DeleteFile('C:\WINDOWS\system32\hgpexfk.dll');
BC_DeleteSvc('xkmjtz');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SYSTEM\CurrentControlSet\Services\umtjbecup\Parameters','ServiceDll');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SYSTEM\CurrentControlSet\Services\xgxnbs\Parameters','ServiceDll');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.[/CODE]

После выполнения скрипта компьютер перезагрузится.

После перезагрузки:
- выполните такой скрипт

[CODE]begin
CreateQurantineArchive(GetAVZDirectory+'quarantine2.zip');
end.[/CODE]

Пришлите файл [B][COLOR="Red"]quarantine2.zip[/COLOR][/B] из папки AVZ по ссылке [COLOR="Red"][B][U]Прислать запрошенный карантин[/U][/B][/COLOR] над первым сообщением этой темы.

Ещё разок повторите логи.
15.07.2010, 18:08
tmsc

Карантин2 закачал.
Новые логи во вложении.
15.07.2010, 18:42
olejah

В карантине Кидо, скачайте [URL="http://www.kaspersky.ru/support/downloads/utils/kk.zip"]KidoKiller[/URL] и прочитайте как полечиться в этой статье - [URL="http://www.kaspersky.ru/support/wks6mp3/error?qid=208636215"]http://www.kaspersky.ru/support/wks6mp3/error?qid=208636215[/URL]
19.07.2010, 19:34
tmsc

Полечились.
Но компьютеры рабочей группы в сетевом окружении все равно не показывает :(
19.07.2010, 21:02
polword

комплект логов сделайте
29.07.2010, 22:00
tmsc

Новый комплект логов во вложении.
29.07.2010, 23:38
polword

[QUOTE]R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.0.1:3129[/QUOTE]
это сами прописывали? если нет то профиксите в hijackthis
[URL="http://virusinfo.info/showthread.php?t=7239"]Выполните скрипт в AVZ[/URL]
[CODE]
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
DeleteFileMask(GetAVZDirectory + 'Quarantine', '*.*', true);
DeleteService('nikqfv');
DeleteService('lbswcj');
DeleteService('iputiq');
DeleteService('hbtqk');
DeleteFile('C:\WINDOWS\system32\01.tmp');
DeleteFile('C:\WINDOWS\system32\0D.tmp');
BC_ImportAll;
ExecuteSysClean;
ExecuteWizard('TSW', 2, 2, true);
ExecuteWizard('SCU', 2, 2, true);
BC_Activate;
RebootWindows(true);
end.[/CODE]

После перезагрузки:
- выполните такой скрипт
[CODE]begin
CreateQurantineArchive(GetAVZDirectory+'quarantine.zip');
end.[/CODE]
- Файл [B][COLOR="Red"]quarantine.zip[/COLOR][/B] из папки AVZ загрузите по ссылке [B][COLOR="Red"]Прислать запрошенный карантин[/COLOR][/B] вверху темы
- Сделайте повторные логи по [URL="http://virusinfo.info/pravila_old.html"]правилам[/URL] п.2 и 3 раздела Диагностика.(virusinfo_syscheck.zip; hijackthis.log)
30.07.2010, 16:30
tmsc

Файл карантина пустой, не загружается, говорит что уже загружен.
Новые логи во вложении.
01.08.2010, 17:49
AndreyKa

В логах не видно ничего подозрительного.
На компьютеру установлен DrWeb Enterprise Suite 4.44 и похоже у него не обновляются програмные модули уже очень давно.
Попробуйте деинсталлировать Enterprise Suite с этого компьютера.
02.08.2010, 17:49
CyberHelper

Итог лечения

Статистика проведенного лечения:
[LIST][*]Получено карантинов: [B]2[/B][*]Обработано файлов: [B]9[/B][*]В ходе лечения обнаружены вредоносные программы:
[LIST=1][*] c:\windows\system32\hgpexfk.dll - [B]Net-Worm.Win32.Kido.ih[/B] ( DrWEB: Trojan.Click1.18983, BitDefender: Trojan.Generic.3191248, AVAST4: Win32:Malware-gen )[/LIST][/LIST]