-
1. удалите в MBAM
[CODE]
Зараженные ключи в реестре:
HKEY_CLASSES_ROOT\clinker.clinkerbho (Trojan.BHO) -> No action taken.
[/CODE]
2. Профиксите в HijackThis [URL="http://virusinfo.info/showthread.php?t=4491"]как "профиксить в HiJackThis"[/URL]
[CODE]
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)
O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
[/CODE]
3.- скачайте новую версию [URL="http://z-oleg.com/avz4.zip"]AVZ - 4.34[/URL]
- [B][COLOR="Red"]обновите базы AVZ[/COLOR][/B]
- Переделайте логи virusinfo_syscure.zip и virusinfo_syscheck.zip
-
[QUOTE=polword;672579]
3.- скачайте новую версию [URL="http://z-oleg.com/avz4.zip"]AVZ - 4.34[/URL]
- [B][COLOR="Red"]обновите базы AVZ[/COLOR][/B]
- Переделайте логи virusinfo_syscure.zip и virusinfo_syscheck.zip[/QUOTE]
они ею и сделаны.
спасибо, сейчас все проделаю
-
-
а может быть просто винда за собой не чистит?
-
-
Установите надежные пароли на учетные записи пользователей с правами администратора.
-
О! на встроенной учетке "администратор" неизвестно какой пароль был...
остальные вроде норм.
не помогло.
-
Отключите службу [B]Удаленный реестр[/B].
-
отключена уже. запуск: вручную
-
теперь стартуют ровно раз в час 12:00, 13:00, 14:00... по 3-4 штуки разом. может на это кто что подскажет.
строка запуска rundll32.exe zfyspqu.u,jazgtw
rundll32.exe zfyspqu.u,gudlpvdh
rundll32.exe zfyspqu.u,ddvpxa
rundll32.exe zfyspqu.u,yhcrfavg
-
- [URL="http://virusinfo.info/showthread.php?t=7239"]Выполните скрипт в AVZ[/URL]
[CODE]
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
DeleteFileMask(GetAVZDirectory + 'Quarantine', '*.*', true);
QuarantineFile('D:\WINDOWS\system32\zfyspqu.u','');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.[/CODE]
После перезагрузки:
- выполните такой скрипт
[CODE]begin
CreateQurantineArchive(GetAVZDirectory+'quarantine.zip');
end.[/CODE]
- Файл [B][COLOR="Red"]quarantine.zip[/COLOR][/B] из папки AVZ загрузите по ссылке [B][COLOR="Red"]Прислать запрошенный карантин[/COLOR][/B] вверху темы
- Поставте все последние обновления системы Windows - [URL="http://www.update.microsoft.com"]тут[/URL]
- Скачайте [URL="http://www.kaspersky.ru/support/wks6mp3/error?qid=208636215"]такую[/URL] утилиу и провертесь ей
-
Файл сохранён как 100727_142209_quarantine_4c4eb3511f760.zip
Размер файла 590
MD5 86fc9de58f15e07c7fe41715141c3d6f
[QUOTE]C:\>KK.exe
Net-Worm.Win32.Kido removing tool, Kaspersky Lab 2010
version 3.4.14 Mar 19 2010 10:17:17
scanning jobs ...
Infected job (JobFile D:\WINDOWS\Tasks\At1.job) was deleted
Infected job (JobFile D:\WINDOWS\Tasks\At10.job) was deleted
Infected job (JobFile D:\WINDOWS\Tasks\At11.job) was deleted
Infected job (JobFile D:\WINDOWS\Tasks\At12.job) was deleted
Infected job (JobFile D:\WINDOWS\Tasks\At13.job) was deleted
Infected job (JobFile D:\WINDOWS\Tasks\At14.job) was deleted
Infected job (JobFile D:\WINDOWS\Tasks\At15.job) was deleted
Infected job (JobFile D:\WINDOWS\Tasks\At16.job) was deleted
Infected job (JobFile D:\WINDOWS\Tasks\At17.job) was deleted
Infected job (JobFile D:\WINDOWS\Tasks\At18.job) was deleted
Infected job (JobFile D:\WINDOWS\Tasks\At19.job) was deleted
Infected job (JobFile D:\WINDOWS\Tasks\At2.job) was deleted
Infected job (JobFile D:\WINDOWS\Tasks\At20.job) was deleted
Infected job (JobFile D:\WINDOWS\Tasks\At21.job) was deleted
Infected job (JobFile D:\WINDOWS\Tasks\At22.job) was deleted
Infected job (JobFile D:\WINDOWS\Tasks\At23.job) was deleted
Infected job (JobFile D:\WINDOWS\Tasks\At24.job) was deleted
Infected job (JobFile D:\WINDOWS\Tasks\At25.job) was deleted
Infected job (JobFile D:\WINDOWS\Tasks\At26.job) was deleted
Infected job (JobFile D:\WINDOWS\Tasks\At27.job) was deleted
Infected job (JobFile D:\WINDOWS\Tasks\At28.job) was deleted
Infected job (JobFile D:\WINDOWS\Tasks\At29.job) was deleted
Infected job (JobFile D:\WINDOWS\Tasks\At3.job) was deleted
Infected job (JobFile D:\WINDOWS\Tasks\At30.job) was deleted
Infected job (JobFile D:\WINDOWS\Tasks\At31.job) was deleted
Infected job (JobFile D:\WINDOWS\Tasks\At32.job) was deleted
Infected job (JobFile D:\WINDOWS\Tasks\At33.job) was deleted
Infected job (JobFile D:\WINDOWS\Tasks\At34.job) was deleted
Infected job (JobFile D:\WINDOWS\Tasks\At35.job) was deleted
Infected job (JobFile D:\WINDOWS\Tasks\At36.job) was deleted
Infected job (JobFile D:\WINDOWS\Tasks\At37.job) was deleted
Infected job (JobFile D:\WINDOWS\Tasks\At4.job) was deleted
Infected job (JobFile D:\WINDOWS\Tasks\At5.job) was deleted
Infected job (JobFile D:\WINDOWS\Tasks\At6.job) was deleted
Infected job (JobFile D:\WINDOWS\Tasks\At7.job) was deleted
Infected job (JobFile D:\WINDOWS\Tasks\At8.job) was deleted
Infected job (JobFile D:\WINDOWS\Tasks\At9.job) was deleted
scanning processes ...
scanning threads ...
scanning modules in svchost.exe...
scanning modules in services.exe...
scanning modules in explorer.exe...
scanning D:\WINDOWS\system32 ...
scanning D:\Program Files\Internet Explorer\ ...
scanning D:\Program Files\Movie Maker\ ...
scanning D:\Program Files\Windows Media Player\ ...
scanning D:\Program Files\Windows NT\ ...
scanning D:\Documents and Settings\Владислав\Application Data ...
scanning d:\temp\ ...
scanning Flash drives ...
completed
Infected jobs: 37
Infected files: 0
Infected threads: 0
Spliced functions: 0
Cured files: 0
Fixed registry keys: 0
[/QUOTE]
-
-
Состояние стабильно тяжёлое, как говорят врачи, или же всё хорошо?
-
:) все гут. до обеда ни одного рундлл32. Спасибо всем.
-
Итог лечения
Статистика проведенного лечения:
[LIST][*]Получено карантинов: [B]2[/B][*]Обработано файлов: [B]4[/B][*]В ходе лечения обнаружены вредоносные программы:
[LIST=1][*] d:\windows\system32\msconftb.sys - [B]Trojan-Clicker.Win32.Agent.yo[/B][/LIST][/LIST]
Page generated in 0.01496 seconds with 10 queries