Switch off/Disable System Restore
You have Sality-Virus. This infection used non-patched vulnerabilities and your system isn't patched at all.
First of all you must to check the system with CureIt starting from write-protected drive.
Than
Switch off/Disable:
- Antivirus and and, if you have - Firewall.
- Execute following script in Manual Cure
Код:
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
StopService('yxlxznqzj');
StopService('zldjxsp');
StopService('zkeqywb');
StopService('zfjzjouak');
StopService('zdsshon');
StopService('yvdsjfe');
StopService('yocaougg');
StopService('yfzjvejdf');
StopService('ycmjiajm');
StopService('xsauoz');
StopService('xjfbzrngy');
StopService('xiphzdgh');
StopService('xdomdyu');
StopService('xdjaevfb');
StopService('wxwdsock');
StopService('wpfqgizhd');
StopService('wnonya');
StopService('wkjdt');
StopService('wfkgl');
StopService('wfbixs');
StopService('vywnmp');
StopService('vvhunrar');
StopService('vvfvlvqxl');
StopService('vlkkbpqct');
StopService('veoak');
StopService('usaaodxc');
StopService('unqukwiax');
StopService('ufjbpee');
StopService('uczwkujbv');
StopService('ubdexn');
StopService('ubaembr');
StopService('uatudd');
StopService('twtig');
StopService('tvissuzoc');
StopService('tsfojwp');
StopService('tpleru');
StopService('tnzilgxe');
StopService('tfrfg');
StopService('tconotegp');
StopService('szmqv');
StopService('sumebrwv');
StopService('soqwez');
StopService('SjyPkt');
StopService('rpevm');
StopService('roytvq');
StopService('rhmnk');
StopService('rewhet');
StopService('rdrhcdbd');
StopService('rczjlf');
StopService('qvhxnj');
StopService('qqwgex');
StopService('qhwhoyu');
StopService('qcmvjxwmb');
StopService('qaxtbb');
StopService('pmwhz');
StopService('pierq');
StopService('pbuarnl');
StopService('oyohrnbvi');
StopService('opwwu');
StopService('oltmk');
StopService('oajygnv');
StopService('nzsxcbb');
StopService('nxwlwzg');
StopService('ntgmovtwq');
StopService('npmsydi');
StopService('nnmxbj');
StopService('nnkqmcnpz');
StopService('nhsccr');
StopService('ndwhwfkp');
StopService('mtxny');
StopService('mopfd');
StopService('lzbliqvmu');
StopService('lxjzktp');
StopService('lwcgxmkr');
StopService('ltvmm');
StopService('lfmng');
StopService('ldttovuxr');
StopService('kzvwebtci');
StopService('kzlsizuk');
StopService('kcesopqpc');
StopService('jzfpnvq');
StopService('jsebij');
StopService('jlxzxepvd');
StopService('jaaurcg');
StopService('iurtp');
StopService('isnno');
StopService('irkhjz');
StopService('imzcslc');
StopService('ilqlz');
StopService('ihzsxkn');
StopService('hzkjd');
StopService('hweemkehv');
StopService('hvwovdk');
StopService('hirzvj');
StopService('hgpzcttf');
StopService('gyywszthy');
StopService('gxglx');
StopService('guzjonyrs');
StopService('gpkudnna');
StopService('govptlxp');
StopService('goqtzkgc');
StopService('gmgut');
StopService('gkiayvhcm');
StopService('gjumngwc');
StopService('ghxoibdix');
StopService('ftaagyk');
StopService('fkpvwfxo');
StopService('fhrvchdaf');
StopService('ffgkqp');
StopService('fantqhy');
StopService('exxlkf');
StopService('erdehm');
StopService('eralogjyf');
StopService('emenm');
StopService('duluarrik');
StopService('dmtsi');
StopService('dijljtenm');
StopService('dgwhtuh');
StopService('dbewvljje');
StopService('cstbevlfo');
StopService('cndplxvar');
StopService('chnrjabbx');
StopService('cbuhxa');
StopService('bvymta');
StopService('buqaf');
StopService('bivjx');
StopService('belsisye');
StopService('asc3360pr');
StopService('aowijcfxq');
QuarantineFile('I:\autorun.inf','');
QuarantineFile('C:\WINDOWS\System32\Drivers\SjyPkt.sys','');
QuarantineFile('C:\WINDOWS\system32\drivers\qmnkfp.sys','');
QuarantineFile('C:\WINDOWS\system32\08.tmp','');
QuarantineFile('C:\WINDOWS\system32\06.tmp','');
QuarantineFile('C:\WINDOWS\system32\05.tmp','');
QuarantineFile('C:\WINDOWS\system32\04.tmp','');
QuarantineFile('C:\WINDOWS\system32\03.tmp','');
QuarantineFile('C:\WINDOWS\system32\02.tmp','');
QuarantineFile('C:\WINDOWS\system32\01.tmp','');
QuarantineFile('C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mc23.tmp','');
DeleteService('zldjxsp');
DeleteService('zkeqywb');
DeleteService('zfjzjouak');
DeleteService('zdsshon');
DeleteService('yxlxznqzj');
DeleteService('yvdsjfe');
DeleteService('yocaougg');
DeleteService('yfzjvejdf');
DeleteService('ycmjiajm');
DeleteService('xsauoz');
DeleteService('xjfbzrngy');
DeleteService('xiphzdgh');
DeleteService('xdomdyu');
DeleteService('xdjaevfb');
DeleteService('wxwdsock');
DeleteService('wpfqgizhd');
DeleteService('wnonya');
DeleteService('wkjdt');
DeleteService('wfkgl');
DeleteService('wfbixs');
DeleteService('vywnmp');
DeleteService('vvhunrar');
DeleteService('vvfvlvqxl');
DeleteService('vlkkbpqct');
DeleteService('veoak');
DeleteService('usaaodxc');
DeleteService('unqukwiax');
DeleteService('ufjbpee');
DeleteService('uczwkujbv');
DeleteService('ubdexn');
DeleteService('ubaembr');
DeleteService('uatudd');
DeleteService('twtig');
DeleteService('tvissuzoc');
DeleteService('tsfojwp');
DeleteService('tpleru');
DeleteService('tfrfg');
DeleteService('tconotegp');
DeleteService('szmqv');
DeleteService('sumebrwv');
DeleteService('soqwez');
DeleteService('SjyPkt');
DeleteService('rpevm');
DeleteService('roytvq');
DeleteService('rhmnk');
DeleteService('rewhet');
DeleteService('rdrhcdbd');
DeleteService('rczjlf');
DeleteService('qvhxnj');
DeleteService('qqwgex');
DeleteService('qhwhoyu');
DeleteService('qcmvjxwmb');
DeleteService('qaxtbb');
DeleteService('pmwhz');
DeleteService('pierq');
DeleteService('pbuarnl');
DeleteService('oyohrnbvi');
DeleteService('opwwu');
DeleteService('oltmk');
DeleteService('oajygnv');
DeleteService('nzsxcbb');
DeleteService('nxwlwzg');
DeleteService('ntgmovtwq');
DeleteService('npmsydi');
DeleteService('nnmxbj');
DeleteService('nnkqmcnpz');
DeleteService('nhsccr');
DeleteService('mtxny');
DeleteService('mopfd');
DeleteService('lzbliqvmu');
DeleteService('lxjzktp');
DeleteService('lwcgxmkr');
DeleteService('ltvmm');
DeleteService('lfmng');
DeleteService('ldttovuxr');
DeleteService('kzvwebtci');
DeleteService('kzlsizuk');
DeleteService('kcesopqpc');
DeleteService('jzfpnvq');
DeleteService('jsebij');
DeleteService('jlxzxepvd');
DeleteService('jaaurcg');
DeleteService('iurtp');
DeleteService('isnno');
DeleteService('irkhjz');
DeleteService('imzcslc');
DeleteService('ilqlz');
DeleteService('ihzsxkn');
DeleteService('hzkjd');
DeleteService('hweemkehv');
DeleteService('hvwovdk');
DeleteService('hirzvj');
DeleteService('hgpzcttf');
DeleteService('gyywszthy');
DeleteService('gxglx');
DeleteService('guzjonyrs');
DeleteService('gpkudnna');
DeleteService('govptlxp');
DeleteService('goqtzkgc');
DeleteService('gmgut');
DeleteService('gkiayvhcm');
DeleteService('gjumngwc');
DeleteService('ghxoibdix');
DeleteService('ftaagyk');
DeleteService('fkpvwfxo');
DeleteService('fhrvchdaf');
DeleteService('ffgkqp');
DeleteService('fantqhy');
DeleteService('exxlkf');
DeleteService('erdehm');
DeleteService('eralogjyf');
DeleteService('emenm');
DeleteService('duluarrik');
DeleteService('dmtsi');
DeleteService('dijljtenm');
DeleteService('dgwhtuh');
DeleteService('dbewvljje');
DeleteService('cstbevlfo');
DeleteService('cndplxvar');
DeleteService('chnrjabbx');
DeleteService('cbuhxa');
DeleteService('bvymta');
DeleteService('buqaf');
DeleteService('bivjx');
DeleteService('belsisye');
DeleteService('asc3360pr');
DeleteService('aowijcfxq');
DeleteFile('I:\autorun.inf');
DeleteFile('C:\WINDOWS\System32\Drivers\SjyPkt.sys');
DeleteFile('C:\WINDOWS\system32\drivers\qmnkfp.sys');
DeleteFile('C:\WINDOWS\system32\08.tmp');
DeleteFile('C:\WINDOWS\system32\06.tmp');
DeleteFile('C:\WINDOWS\system32\05.tmp');
DeleteFile('C:\WINDOWS\system32\04.tmp');
DeleteFile('C:\WINDOWS\system32\03.tmp');
DeleteFile('C:\WINDOWS\system32\02.tmp');
DeleteFile('C:\WINDOWS\system32\01.tmp');
DeleteFile('C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mc23.tmp');
BC_ImportAll;
ExecuteSysClean;
BC_DeleteSvc('zldjxsp');
BC_DeleteSvc('zkeqywb');
BC_DeleteSvc('zfjzjouak');
BC_DeleteSvc('zdsshon');
BC_DeleteSvc('yxlxznqzj');
BC_DeleteSvc('yvdsjfe');
BC_DeleteSvc('yocaougg');
BC_DeleteSvc('yfzjvejdf');
BC_DeleteSvc('ycmjiajm');
BC_DeleteSvc('xsauoz');
BC_DeleteSvc('xjfbzrngy');
BC_DeleteSvc('xiphzdgh');
BC_DeleteSvc('xdomdyu');
BC_DeleteSvc('xdjaevfb');
BC_DeleteSvc('wxwdsock');
BC_DeleteSvc('wpfqgizhd');
BC_DeleteSvc('wnonya');
BC_DeleteSvc('wkjdt');
BC_DeleteSvc('wfkgl');
BC_DeleteSvc('wfbixs');
BC_DeleteSvc('vywnmp');
BC_DeleteSvc('vvhunrar');
BC_DeleteSvc('vvfvlvqxl');
BC_DeleteSvc('vlkkbpqct');
BC_DeleteSvc('veoak');
BC_DeleteSvc('usaaodxc');
BC_DeleteSvc('unqukwiax');
BC_DeleteSvc('ufjbpee');
BC_DeleteSvc('uczwkujbv');
BC_DeleteSvc('ubdexn');
BC_DeleteSvc('ubaembr');
BC_DeleteSvc('uatudd');
BC_DeleteSvc('twtig');
BC_DeleteSvc('tvissuzoc');
BC_DeleteSvc('tsfojwp');
BC_DeleteSvc('tpleru');
BC_DeleteSvc('tfrfg');
BC_DeleteSvc('tconotegp');
BC_DeleteSvc('szmqv');
BC_DeleteSvc('sumebrwv');
BC_DeleteSvc('soqwez');
BC_DeleteSvc('SjyPkt');
BC_DeleteSvc('rpevm');
BC_DeleteSvc('roytvq');
BC_DeleteSvc('rhmnk');
BC_DeleteSvc('rewhet');
BC_DeleteSvc('rdrhcdbd');
BC_DeleteSvc('rczjlf');
BC_DeleteSvc('qvhxnj');
BC_DeleteSvc('qqwgex');
BC_DeleteSvc('qhwhoyu');
BC_DeleteSvc('qcmvjxwmb');
BC_DeleteSvc('qaxtbb');
BC_DeleteSvc('pmwhz');
BC_DeleteSvc('pierq');
BC_DeleteSvc('pbuarnl');
BC_DeleteSvc('oyohrnbvi');
BC_DeleteSvc('opwwu');
BC_DeleteSvc('oltmk');
BC_DeleteSvc('oajygnv');
BC_DeleteSvc('nzsxcbb');
BC_DeleteSvc('nxwlwzg');
BC_DeleteSvc('ntgmovtwq');
BC_DeleteSvc('npmsydi');
BC_DeleteSvc('nnmxbj');
BC_DeleteSvc('nnkqmcnpz');
BC_DeleteSvc('nhsccr');
BC_DeleteSvc('mtxny');
BC_DeleteSvc('mopfd');
BC_DeleteSvc('lzbliqvmu');
BC_DeleteSvc('lxjzktp');
BC_DeleteSvc('lwcgxmkr');
BC_DeleteSvc('ltvmm');
BC_DeleteSvc('lfmng');
BC_DeleteSvc('ldttovuxr');
BC_DeleteSvc('kzvwebtci');
BC_DeleteSvc('kzlsizuk');
BC_DeleteSvc('kcesopqpc');
BC_DeleteSvc('jzfpnvq');
BC_DeleteSvc('jsebij');
BC_DeleteSvc('jlxzxepvd');
BC_DeleteSvc('jaaurcg');
BC_DeleteSvc('iurtp');
BC_DeleteSvc('isnno');
BC_DeleteSvc('irkhjz');
BC_DeleteSvc('imzcslc');
BC_DeleteSvc('ilqlz');
BC_DeleteSvc('ihzsxkn');
BC_DeleteSvc('hzkjd');
BC_DeleteSvc('hweemkehv');
BC_DeleteSvc('hvwovdk');
BC_DeleteSvc('hirzvj');
BC_DeleteSvc('hgpzcttf');
BC_DeleteSvc('gyywszthy');
BC_DeleteSvc('gxglx');
BC_DeleteSvc('guzjonyrs');
BC_DeleteSvc('gpkudnna');
BC_DeleteSvc('govptlxp');
BC_DeleteSvc('goqtzkgc');
BC_DeleteSvc('gmgut');
BC_DeleteSvc('gkiayvhcm');
BC_DeleteSvc('gjumngwc');
BC_DeleteSvc('ghxoibdix');
BC_DeleteSvc('ftaagyk');
BC_DeleteSvc('fkpvwfxo');
BC_DeleteSvc('fhrvchdaf');
BC_DeleteSvc('ffgkqp');
BC_DeleteSvc('fantqhy');
BC_DeleteSvc('exxlkf');
BC_DeleteSvc('erdehm');
BC_DeleteSvc('eralogjyf');
BC_DeleteSvc('emenm');
BC_DeleteSvc('duluarrik');
BC_DeleteSvc('dmtsi');
BC_DeleteSvc('dijljtenm');
BC_DeleteSvc('dgwhtuh');
BC_DeleteSvc('dbewvljje');
BC_DeleteSvc('cstbevlfo');
BC_DeleteSvc('cndplxvar');
BC_DeleteSvc('chnrjabbx');
BC_DeleteSvc('cbuhxa');
BC_DeleteSvc('bvymta');
BC_DeleteSvc('buqaf');
BC_DeleteSvc('bivjx');
BC_DeleteSvc('belsisye');
BC_DeleteSvc('asc3360pr');
BC_DeleteSvc('aowijcfxq');
BC_Activate;
RebootWindows(true);
end.
After reboot execute following script in Manual Cure
Код:
begin
CreateQurantineArchive('C:\quarantine.zip');
end.
- Remove Bonjour
- Clean Temp-Maps, Cache of Browsers, Recycler. Use Windows service tool cleanmgr or CCleaner or ClearProg
- Close all the programs and start only Internet Explorer!!!
- Repeat a log file.
- Switch Antivirus and, if you have - Firewall, on.
- Go On-Line
- Upload the quarantine.zip over the link Upload quarantined files on the top of this page.
- Attach a log to your new post..
Ваши права в разделе
Ответить с цитированием