Вирус i-worm generic.cll

[Гриша]

У вас все заплатки стоят?

[striker2009]

скажите, пожалуйста. у меня еще такой вопрос. не знаю по теме или нет. многие компьютеры на предприятии виснут при загрузке на применении политики безопасности. это последствия этого вируса или что-то другое?

Добавлено через 32 секунды

заплатки все три поставил. службы не появляются, но тело вируса иногда появляется!

Добавлено через 2 часа 57 минут

Кстати поставил себе nod 32. Вот логи журнала. Через мазилу лезет и через квип. Только что с этим делать?

28.01.2009 12:00:34 Real-time file system protection file C:\WINNT\System32\wrrvx.sd a variant of Win32/Conficker.AE worm cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\Mozilla Firefox\firefox.exe.
28.01.2009 11:43:46 Real-time file system protection file C:\WINNT\System32\wrrvx.sd a variant of Win32/Conficker.AE worm cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\Mozilla Firefox\firefox.exe.
28.01.2009 11:41:45 Real-time file system protection file C:\WINNT\System32\wrrvx.sd a variant of Win32/Conficker.AE worm cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\Mozilla Firefox\firefox.exe.
28.01.2009 11:40:19 Real-time file system protection file C:\WINNT\System32\wrrvx.sd a variant of Win32/Conficker.AE worm cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\Mozilla Firefox\firefox.exe.
28.01.2009 11:07:24 Real-time file system protection file C:\WINNT\System32\wrrvx.sd a variant of Win32/Conficker.AE worm cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\Mozilla Firefox\firefox.exe.
28.01.2009 10:57:00 Real-time file system protection file C:\WINNT\System32\wrrvx.sd a variant of Win32/Conficker.AE worm cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\Mozilla Firefox\firefox.exe.
28.01.2009 10:54:44 Real-time file system protection file C:\WINNT\System32\wrrvx.sd a variant of Win32/Conficker.AE worm cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\Mozilla Firefox\firefox.exe.
28.01.2009 10:48:46 Real-time file system protection file C:\WINNT\System32\wrrvx.sd a variant of Win32/Conficker.AE worm cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\Mozilla Firefox\firefox.exe.
28.01.2009 10:16:08 Real-time file system protection file C:\WINNT\System32\wrrvx.sd a variant of Win32/Conficker.AE worm cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\Opera\Opera.exe.
28.01.2009 10:11:04 Real-time file system protection file C:\WINNT\System32\wrrvx.sd a variant of Win32/Conficker.AE worm cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\Mozilla Firefox\firefox.exe.
28.01.2009 10:08:47 Real-time file system protection file C:\WINNT\System32\wrrvx.sd a variant of Win32/Conficker.AE worm cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\Mozilla Firefox\firefox.exe.
28.01.2009 9:58:51 Real-time file system protection file C:\WINNT\System32\wrrvx.sd a variant of Win32/Conficker.AE worm cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\QIP\qip.exe.
28.01.2009 9:25:08 Real-time file system protection file C:\WINNT\System32\wrrvx.sd a variant of Win32/Conficker.AE worm cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\Mozilla Firefox\firefox.exe.
28.01.2009 9:24:20 Real-time file system protection file C:\WINNT\System32\wrrvx.sd a variant of Win32/Conficker.AE worm cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\Mozilla Firefox\firefox.exe.
28.01.2009 9:22:45 Real-time file system protection file C:\WINNT\System32\wrrvx.sd a variant of Win32/Conficker.AE worm cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\Mozilla Firefox\firefox.exe.
28.01.2009 9:08:55 Real-time file system protection file C:\WINNT\System32\wrrvx.sd a variant of Win32/Conficker.AE worm cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\QIP\qip.exe.
28.01.2009 8:40:19 Real-time file system protection file C:\WINNT\System32\wrrvx.sd a variant of Win32/Conficker.AE worm cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\Mozilla Firefox\firefox.exe.
28.01.2009 8:37:55 Real-time file system protection file C:\WINNT\System32\wrrvx.sd a variant of Win32/Conficker.AE worm cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\Mozilla Firefox\firefox.exe.
28.01.2009 8:35:17 Real-time file system protection file C:\WINNT\System32\wrrvx.sd a variant of Win32/Conficker.AE worm cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\Mozilla Firefox\firefox.exe.
27.01.2009 16:49:11 Real-time file system protection file C:\WINNT\System32\wrrvx.sd a variant of Win32/Conficker.AE worm cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\Mozilla Firefox\firefox.exe.
27.01.2009 16:39:45 Real-time file system protection file C:\WINNT\System32\wrrvx.sd a variant of Win32/Conficker.AE worm cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\QIP\qip.exe.
27.01.2009 16:26:37 Real-time file system protection file C:\WINNT\System32\wrrvx.sd a variant of Win32/Conficker.AE worm cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\Mozilla Firefox\firefox.exe.
27.01.2009 16:02:59 Real-time file system protection file C:\WINNT\System32\wrrvx.sd a variant of Win32/Conficker.AE worm cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\Mozilla Firefox\firefox.exe.
27.01.2009 16:02:23 Real-time file system protection file C:\WINNT\System32\wrrvx.sd a variant of Win32/Conficker.AE worm cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\Mozilla Firefox\firefox.exe.
27.01.2009 15:48:13 Real-time file system protection file C:\WINNT\System32\wrrvx.sd a variant of Win32/Conficker.AE worm cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\Mozilla Firefox\firefox.exe.
27.01.2009 15:33:24 Real-time file system protection file C:\WINNT\System32\wrrvx.sd a variant of Win32/Conficker.AE worm cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\QIP\qip.exe.
27.01.2009 15:15:35 Real-time file system protection file C:\WINNT\System32\wrrvx.sd a variant of Win32/Conficker.AE worm cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\Mozilla Firefox\firefox.exe.
27.01.2009 15:11:00 Real-time file system protection file C:\WINNT\System32\wrrvx.sd a variant of Win32/Conficker.AE worm cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\Mozilla Firefox\firefox.exe.
27.01.2009 14:56:40 Real-time file system protection file C:\WINNT\System32\wrrvx.sd a variant of Win32/Conficker.AE worm cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\Mozilla Firefox\firefox.exe.
27.01.2009 14:40:09 Real-time file system protection file C:\WINNT\System32\wrrvx.sd a variant of Win32/Conficker.AE worm cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\Mozilla Firefox\firefox.exe.
27.01.2009 14:28:48 Real-time file system protection file C:\WINNT\System32\wrrvx.sd a variant of Win32/Conficker.AE worm cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\Mozilla Firefox\firefox.exe.
27.01.2009 14:17:57 Real-time file system protection file C:\WINNT\System32\wrrvx.sd a variant of Win32/Conficker.AE worm cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\Mozilla Firefox\firefox.exe.
27.01.2009 14:05:06 Real-time file system protection file C:\WINNT\System32\wrrvx.sd a variant of Win32/Conficker.AE worm cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\Mozilla Firefox\firefox.exe.
27.01.2009 13:47:02 Real-time file system protection file C:\WINNT\System32\wrrvx.sd a variant of Win32/Conficker.AE worm cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\Mozilla Firefox\firefox.exe.
27.01.2009 13:42:01 Real-time file system protection file C:\WINNT\System32\wrrvx.sd a variant of Win32/Conficker.AE worm cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\Mozilla Firefox\firefox.exe.
27.01.2009 13:26:59 Real-time file system protection file C:\WINNT\System32\wrrvx.sd a variant of Win32/Conficker.AE worm cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\Mozilla Firefox\firefox.exe.
27.01.2009 13:13:18 Real-time file system protection file C:\WINNT\System32\wrrvx.sd a variant of Win32/Conficker.AE worm cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\Mozilla Firefox\firefox.exe.
27.01.2009 12:55:14 Real-time file system protection file C:\WINNT\System32\wrrvx.sd a variant of Win32/Conficker.AE worm cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\Mozilla Firefox\firefox.exe.
27.01.2009 12:53:18 Real-time file system protection file C:\WINNT\System32\wrrvx.sd a variant of Win32/Conficker.AE worm cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\Mozilla Firefox\firefox.exe.
27.01.2009 12:36:04 Real-time file system protection file C:\WINNT\System32\wrrvx.sd a variant of Win32/Conficker.AE worm cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\Mozilla Firefox\firefox.exe.
27.01.2009 12:23:30 Real-time file system protection file C:\WINNT\System32\wrrvx.sd a variant of Win32/Conficker.AE worm cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\Mozilla Firefox\firefox.exe.
27.01.2009 12:09:27 Real-time file system protection file C:\WINNT\System32\wrrvx.sd a variant of Win32/Conficker.AE worm cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\Program Files\Mozilla Firefox\firefox.exe.
27.01.2009 12:09:27 Real-time file system protection file C:\WINNT\System32\wrrvx.sd a variant of Win32/Conficker.AE worm cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\Mozilla Firefox\firefox.exe.
27.01.2009 12:02:05 Real-time file system protection file C:\WINNT\System32\wrrvx.sd a variant of Win32/Conficker.AE worm cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\Mozilla Firefox\firefox.exe.
27.01.2009 11:45:07 Real-time file system protection file C:\WINNT\System32\wrrvx.sd a variant of Win32/Conficker.AE worm cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\Mozilla Firefox\firefox.exe.
27.01.2009 11:33:39 Real-time file system protection file C:\WINNT\System32\wrrvx.sd a variant of Win32/Conficker.AE worm cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\Mozilla Firefox\firefox.exe.
27.01.2009 11:23:34 Real-time file system protection file C:\WINNT\System32\wrrvx.sd a variant of Win32/Conficker.AE worm cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\QIP\qip.exe.
27.01.2009 11:10:54 Real-time file system protection file C:\WINNT\System32\wrrvx.sd a variant of Win32/Conficker.AE worm cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\Mozilla Firefox\firefox.exe.
27.01.2009 10:55:01 Real-time file system protection file C:\WINNT\System32\wrrvx.sd a variant of Win32/Conficker.AE worm cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\Mozilla Firefox\firefox.exe.
27.01.2009 10:45:33 Real-time file system protection file C:\WINNT\System32\wrrvx.sd a variant of Win32/Conficker.AE worm cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\Mozilla Firefox\firefox.exe.
27.01.2009 10:38:36 Real-time file system protection file C:\WINNT\System32\wrrvx.sd a variant of Win32/Conficker.AE worm cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\Mozilla Firefox\firefox.exe.

[striker2009]

ну ответьте, пожалуйста, проблема-то серьезная!

[Гриша]

Пароли на учетки он тоже может подбирать, пока не вылечите всю сеть, спокойствия вам не видать...

[striker2009]

спасибо, будем стараться!

[striker2009]

Победил я его на своем компе. Спасибо вам. Теперь надо думать как на других компах почистить. Чтобы в автоматическом режиме. Скриптик бы написать в avz, но я не умею!

Добавлено через 49 минут

научите меня, пожалуйста писать скрипты avz. сейчас объясню, что мне надо. мне надо, чтобы скриптиком удалялись некоторые ветки реестра. просто у нас везде 2000 винда стоит, а атм права на ветках не сбросить. этот вирус он выставляет на свои ветки такие права, что их не удалить. мне надо вот удалять эти ветки реестра с машин. ветки бы я сами ручками прописывал в скрипте, так как они везде по-разному называются. мне просто образец нужен. и еще хотелось бы, чтобы скриптик делал поиск и удаление файлов (они тоже могут быть заблокированы) размером 156691 байт. Это реально?!

[striker2009]

ответьте, пожалуйста!

[PavelA]

Отвечу, но не обрадую.
Мы учим писать скрипты для AVZ, но это процесс длительный.
В Вашем случае надо идти станд. путем: логи с каждой машины в отдельную тему.

[striker2009]

логи с каждой машины не получится. на предприятии больше 100 машин. + серваки.
мне же всего парочку тегов нужно узнать. как разблокировать и удалять ветки в реестре и как искать и удалять файлы определенного размера, если такое можно.

[Гриша]

Тогда справку читайте...

[striker2009]

а где справка находится?

[PavelA]

Внутри AVZ. Где Хелп, там описание всех команд для скрипта.

[striker2009]

спасибо