В опере появился баннер про вирус и предлагает обновить браузер. Логи сделал. Помогите, пожалуйста, побороть заразу...
В опере появился баннер про вирус и предлагает обновить браузер. Логи сделал. Помогите, пожалуйста, побороть заразу...
Уважаемый(ая) Olagas, спасибо за обращение на наш форум!
Помощь при заражении комьютера на VirusInfo.Info оказывается абсолютно бесплатно. Хелперы, в самое ближайшее время, ответят на Ваш запрос.
Если наш сайт окажется полезен Вам и у Вас будет такая возможность - пожалуйста поддержите проект.
- Выполните скрипт в AVZ
После перезагрузки:Код:begin SearchRootkit(true, true); SetAVZGuardStatus(True); QuarantineFile('C:\WINDOWS\system32\amvo.exe',''); QuarantineFile('C:\WINDOWS\system32\9.exe',''); QuarantineFile('C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe',''); QuarantineFile('C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL',''); QuarantineFile('C:\DOCUME~1\3\LOCALS~1\Temp\kTfi.exe',''); DeleteService('MyWebSearchService'); QuarantineFile('C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe',''); QuarantineFile('C:\WINDOWS\system32\hcbdzng.dll',''); DeleteFile('C:\WINDOWS\system32\hcbdzng.dll'); DeleteFile('C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe'); DeleteFile('C:\DOCUME~1\3\LOCALS~1\Temp\kTfi.exe'); RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','PromoReg'); DeleteFile('C:\WINDOWS\system32\9.exe'); RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','systme'); DeleteFile('C:\WINDOWS\system32\amvo.exe'); RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','amva'); ClearHostsFile; RegKeyStrParamWrite('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows','AppInit_DLLs',''); BC_ImportAll; ExecuteSysClean; ExecuteWizard('TSW', 2, 2, true); ExecuteWizard('SCU', 2, 2, true); BC_Activate; RebootWindows(true); end.
- выполните такой скрипт
- Файл quarantine.zip из папки AVZ загрузите по ссылке Прислать запрошенный карантин вверху темыКод:begin CreateQurantineArchive(GetAVZDirectory+'quarantine.zip'); end.
- Сделайте повторные логи по правилам п.2 и 3 раздела Диагностика.(virusinfo_syscheck.zip;hijackthis.log)
- Сделайте лог MBAM
Карантин загрузил, новые логи сделал.
- удалите в MBAM
- Сделайте повторный лог MBAMКод:Зараженные модули в памяти: c:\program files\mywebsearch\bar\1.bin\MWSBAR.DLL (Adware.MyWebSearch) -> No action taken. Зараженные ключи в реестре: HKEY_CLASSES_ROOT\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\MyWebSearchToolBar.SettingsPlugin.1 (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\MyWebSearchToolBar.SettingsPlugin (Adware.MyWebSearch) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\Interface\{1093995A-BA37-41D2-836E-091067C4AD17} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\FunWebProducts.IECookiesManager.1 (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\FunWebProducts.IECookiesManager (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{25560540-9571-4D7B-9389-0F166788785A} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\FunWebProducts.DataControl.1 (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\FunWebProducts.DataControl (Adware.MyWebSearch) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4D7B-9389-0F166788785A} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\FunWebProducts.HTMLMenu.2 (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\FunWebProducts.HTMLMenu (Adware.MyWebSearch) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{3E720452-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\Interface\{3E720451-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\MyWebSearch.HTMLPanel.1 (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\MyWebSearch.HTMLPanel (Adware.MyWebSearch) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3E720452-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\MyWebSearchToolBar.ToolbarPlugin.1 (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\MyWebSearchToolBar.ToolbarPlugin (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\FunWebProducts.PopSwatterSettingsControl.1 (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\FunWebProducts.PopSwatterSettingsControl (Adware.MyWebSearch) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\TypeLib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\MyWebSearch.PseudoTransparentPlugin.1 (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\MyWebSearch.PseudoTransparentPlugin (Adware.MyWebSearch) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473D294-B7BB-4F24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{84DA4FDF-A1CF-4195-8688-3E961F505983} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\FunWebProducts.PopSwatterBarButton.1 (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\FunWebProducts.PopSwatterBarButton (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{938AA51A-996C-4884-98CE-80DD16A5C9DA} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{98D9753D-D73B-42D5-8C85-4469CDA897AB} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\FunWebProducts.HTMLMenu.1 (Adware.MyWebSearch) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98D9753D-D73B-42D5-8C85-4469CDA897AB} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\ScreenSaverControl.ScreenSaverInstaller.1 (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\ScreenSaverControl.ScreenSaverInstaller (Adware.MyWebSearch) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9FF05104-B030-46FC-94B8-81276E4E27DF} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{A9571378-68A1-443d-B082-284F960C6D17} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\MyWebSearch.OutlookAddin.1 (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{B813095C-81C0-4E40-AA14-67520372B987} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\FunWebProducts.KillerObjManager.1 (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\FunWebProducts.KillerObjManager (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\FunWebProducts.HistoryKillerScheduler.1 (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\FunWebProducts.HistoryKillerScheduler (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\FunWebProducts.HistorySwatterControlBar.1 (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\FunWebProducts.HistorySwatterControlBar (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{D9FFFB27-D62A-4D64-8CEC-1FF006528805} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\TypeLib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\MyWebSearch.ChatSessionPlugin.1 (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\MyWebSearch.ChatSessionPlugin (Adware.MyWebSearch) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E79DFBCA-5697-4FBD-94E5-5B2A9C7C1612} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\Typelib\{D518921A-4A03-425E-9873-B9A71756821E} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\Typelib\{F42228FB-E84E-479E-B922-FBBD096E792C} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA} (Adware.MyWebSearch) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF6-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481} (Adware.MyWebSearch) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45dd-9B68-D6A12C30E5D7} (Adware.MyWebSearch) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907} (Adware.MyWebSearch) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127} (Adware.MyWebSearch) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7} (Adware.MyWebSearch) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA} (Adware.MyWebSearch) -> No action taken. HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127AD2-394B-70F5-C650-B97867BAA1F7} (Backdoor.Bot) -> No action taken. HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127AD2-394B-70F5-C650-B97867BAA1F7} (Backdoor.Bot) -> No action taken. HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43BF8CD1-C5D5-2230-7BB2-98F22C2B7DC6} (Backdoor.Bot) -> No action taken. HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43BF8CD1-C5D5-2230-7BB2-98F22C2B7DC6} (Backdoor.Bot) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ACRORD32.EXE (Trojan.IRCBot) -> No action taken. HKEY_CLASSES_ROOT\idid (Trojan.Sasfix) -> No action taken. HKEY_CLASSES_ROOT\multimediaControls.chl (Trojan.Zlob) -> No action taken. HKEY_CLASSES_ROOT\CLSID\MADOWN (Worm.Magania) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\NetProject (Trojan.Zlob) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DbgMgr (Malware.Trace) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MultiMedia Software (Trojan.Zlob) -> No action taken. Зараженные параметры в реестре: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\My Web Search Bar Search Scope Monitor (Adware.MyWebSearch) -> Value: My Web Search Bar Search Scope Monitor -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MyWebSearch Plugin (Adware.MyWebSearch) -> Value: MyWebSearch Plugin -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Value: {07B18EA9-A523-4961-B6BB-170DE4475CCA} -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Value: {07B18EA9-A523-4961-B6BB-170DE4475CCA} -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Value: {07B18EA9-A523-4961-B6BB-170DE4475CCA} -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Value: {07B18EA9-A523-4961-B6BB-170DE4475CCA} -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Value: {07B18EA9-A523-4961-B6BB-170DE4475CCA} -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Value: {07B18EA9-A523-4961-B6BB-170DE4475CCA} -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\(default) (Adware.Hotbar) -> Value: (default) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3PopularScreensavers (Adware.MyWebSearch) -> Value: f3PopularScreensavers -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> Value: UID -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\FunWebProducts (Adware.MyWebSearch) -> Value: FunWebProducts -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Internet Connection Wizard Setup Tool (Trojan.Downloader) -> Value: Internet Connection Wizard Setup Tool -> No action taken. Зараженные папки: c:\program files\funwebproducts (Adware.MyWebSearch) -> No action taken. c:\program files\funwebproducts\screensaver (Adware.MyWebSearch) -> No action taken. c:\program files\funwebproducts\screensaver\Images (Adware.MyWebSearch) -> No action taken. c:\program files\funwebproducts\Shared (Adware.MyWebSearch) -> No action taken. c:\program files\funwebproducts\Shared\Cache (Adware.MyWebSearch) -> No action taken. c:\program files\mywebsearch (Adware.MyWebSearch) -> No action taken. c:\program files\mywebsearch\bar (Adware.MyWebSearch) -> No action taken. c:\program files\mywebsearch\bar\1.bin (Adware.MyWebSearch) -> No action taken. c:\program files\mywebsearch\bar\Avatar (Adware.MyWebSearch) -> No action taken. c:\program files\mywebsearch\bar\Message (Adware.MyWebSearch) -> No action taken. c:\program files\mywebsearch\bar\Message\COMMON (Adware.MyWebSearch) -> No action taken. c:\program files\mywebsearch\bar\Notifier (Adware.MyWebSearch) -> No action taken. c:\program files\mywebsearch\bar\Game (Adware.MyWebSearch) -> No action taken. c:\program files\mywebsearch\bar\icons (Adware.MyWebSearch) -> No action taken. c:\program files\mywebsearch\bar\Settings (Adware.MyWebSearch) -> No action taken. c:\program files\mywebsearch\bar\Cache (Adware.MyWebSearch) -> No action taken. c:\program files\mywebsearch\bar\History (Adware.MyWebSearch) -> No action taken. c:\program files\mywebsearch\SrchAstt (Adware.MyWebSearch) -> No action taken. c:\program files\mywebsearch\SrchAstt\1.bin (Adware.MyWebSearch) -> No action taken. c:\WINDOWS\system32\lowsec (Stolen.data) -> No action taken. Зараженные файлы: c:\program files\mywebsearch\bar\1.bin\MWSBAR.DLL (Adware.MyWebSearch) -> No action taken. c:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE (Adware.MyWebSearch) -> No action taken. c:\program files\mywebsearch\bar\1.bin\M3PLUGIN.DLL (Adware.MyWebSearch) -> No action taken. c:\program files\mywebsearch\bar\1.bin\F3HISTSW.DLL (Adware.MyWebSearch) -> No action taken. c:\program files\mywebsearch\bar\1.bin\F3DTACTL.DLL (Adware.MyWebSearch) -> No action taken. c:\program files\mywebsearch\bar\1.bin\F3HTMLMU.DLL (Adware.MyWebSearch) -> No action taken. c:\program files\mywebsearch\bar\1.bin\M3HTML.DLL (Adware.MyWebSearch) -> No action taken. c:\program files\mywebsearch\bar\1.bin\F3POPSWT.DLL (Adware.MyWebSearch) -> No action taken. c:\program files\mywebsearch\bar\1.bin\M3SKIN.DLL (Adware.MyWebSearch) -> No action taken. c:\program files\mywebsearch\bar\1.bin\F3CJPEG.DLL (Adware.MyWebSearch) -> No action taken. c:\program files\mywebsearch\bar\1.bin\F3SCRCTR.DLL (Adware.MyWebSearch) -> No action taken. c:\program files\mywebsearch\bar\1.bin\F3HTTPCT.DLL (Adware.MyWebSearch) -> No action taken. c:\program files\mywebsearch\bar\1.bin\M3MSG.DLL (Adware.MyWebSearch) -> No action taken. c:\program files\mywebsearch\bar\1.bin\F3REPROX.DLL (Adware.MyWebSearch) -> No action taken. c:\program files\mywebsearch\bar\1.bin\MWSOEPLG.DLL (Adware.MyWebSearch) -> No action taken. c:\program files\internet explorer\msimg32.dll (PUP.FunWebProducts) -> No action taken. c:\program files\Adobe\adobe photoshop cs3\photoshop.cs3.extended-activate.exe (Trojan.Downloader) -> No action taken. c:\program files\Google\google earth\ge.4.0.xxxx.copyright.remover2.exe (Trojan.Downloader) -> No action taken. c:\program files\Google\google earth\google earth pro\ge.4.0.xxxx.copyright.remover2.exe (Trojan.Downloader) -> No action taken. c:\program files\Google\google earth\google earth pro\4000002900002i\Opera.exe (Trojan.IRCBot) -> No action taken. c:\program files\Google\google earth\google earth pro\4000001b00002i\Opera.exe (Trojan.IRCBot) -> No action taken. c:\program files\Google\google earth\google earth pro\4000005300002i\AcroRd32.exe (Trojan.IRCBot) -> No action taken. c:\program files\Google\google earth\google earth pro\40000024000002i\adobeupdater.exe (Trojan.IRCBot) -> No action taken. c:\program files\Google\google earth\google earth pro\400000ce00002i\opera.exe (Trojan.IRCBot) -> No action taken. c:\program files\mywebsearch\bar\1.bin\F3IMSTUB.DLL (PUP.FunWebProducts) -> No action taken. c:\program files\mywebsearch\bar\1.bin\F3RESTUB.DLL (PUP.FunWebProducts) -> No action taken. c:\program files\mywebsearch\bar\1.bin\F3SCHMON.EXE (PUP.FunWebProducts) -> No action taken. c:\program files\mywebsearch\bar\1.bin\M3HIGHIN.EXE (Adware.MyWebSearch) -> No action taken. c:\program files\mywebsearch\bar\1.bin\M3IDLE.DLL (Adware.MyWebSearch) -> No action taken. c:\program files\mywebsearch\bar\1.bin\M3IMPIPE.EXE (Adware.MyWebSearch) -> No action taken. c:\program files\mywebsearch\bar\1.bin\M3MEDINT.EXE (Adware.MyWebSearch) -> No action taken. c:\program files\mywebsearch\bar\1.bin\M3SKPLAY.EXE (Adware.MyWebSearch) -> No action taken. c:\program files\mywebsearch\bar\1.bin\M3SLSRCH.EXE (Adware.MyWebSearch) -> No action taken. c:\program files\mywebsearch\bar\1.bin\NPMYWEBS.DLL (Adware.MyWebSearch) -> No action taken. c:\documents and settings\3\application data\wiaserva.log (Malware.Trace) -> No action taken. c:\program files\mywebsearch\bar\1.bin\F3BKGERR.JPG (Adware.MyWebSearch) -> No action taken. c:\program files\mywebsearch\bar\1.bin\F3SPACER.WMV (Adware.MyWebSearch) -> No action taken. c:\program files\mywebsearch\bar\1.bin\F3WALLPP.DAT (Adware.MyWebSearch) -> No action taken. c:\program files\mywebsearch\bar\1.bin\FWPBUDDY.PNG (Adware.MyWebSearch) -> No action taken. c:\program files\mywebsearch\bar\1.bin\M3FFXTBR.JAR (Adware.MyWebSearch) -> No action taken. c:\program files\mywebsearch\bar\1.bin\m3ffxtbr.manifest (Adware.MyWebSearch) -> No action taken. c:\program files\mywebsearch\bar\1.bin\M3NTSTBR.JAR (Adware.MyWebSearch) -> No action taken. c:\program files\mywebsearch\bar\1.bin\m3ntstbr.manifest (Adware.MyWebSearch) -> No action taken. c:\program files\mywebsearch\bar\Avatar\COMMON.F3S (Adware.MyWebSearch) -> No action taken. c:\program files\mywebsearch\bar\Message\COMMON.F3S (Adware.MyWebSearch) -> No action taken. c:\program files\mywebsearch\bar\Message\COMMON\index.htm (Adware.MyWebSearch) -> No action taken. c:\program files\mywebsearch\bar\Message\COMMON\ask_logo.gif (Adware.MyWebSearch) -> No action taken. c:\program files\mywebsearch\bar\Message\COMMON\autoup.gif (Adware.MyWebSearch) -> No action taken. c:\program files\mywebsearch\bar\Message\COMMON\autoup.htm (Adware.MyWebSearch) -> No action taken. c:\program files\mywebsearch\bar\Message\COMMON\center.htm (Adware.MyWebSearch) -> No action taken. c:\program files\mywebsearch\bar\Message\COMMON\mid_dots.gif (Adware.MyWebSearch) -> No action taken. c:\program files\mywebsearch\bar\Message\COMMON\mws_logo.gif (Adware.MyWebSearch) -> No action taken. c:\program files\mywebsearch\bar\Message\COMMON\protect.htm (Adware.MyWebSearch) -> No action taken. c:\program files\mywebsearch\bar\Message\COMMON\shocked.gif (Adware.MyWebSearch) -> No action taken. c:\program files\mywebsearch\bar\Message\COMMON\stop.gif (Adware.MyWebSearch) -> No action taken. c:\program files\mywebsearch\bar\Message\COMMON\systray.htm (Adware.MyWebSearch) -> No action taken. c:\program files\mywebsearch\bar\Message\COMMON\systrayp.htm (Adware.MyWebSearch) -> No action taken. c:\program files\mywebsearch\bar\Message\COMMON\tp_grad.gif (Adware.MyWebSearch) -> No action taken. c:\program files\mywebsearch\bar\Message\COMMON\warn.gif (Adware.MyWebSearch) -> No action taken. c:\program files\mywebsearch\bar\Notifier\COMMON.F3S (Adware.MyWebSearch) -> No action taken. c:\program files\mywebsearch\bar\Notifier\DOG.F3S (Adware.MyWebSearch) -> No action taken. c:\program files\mywebsearch\bar\Notifier\FISH.F3S (Adware.MyWebSearch) -> No action taken. c:\program files\mywebsearch\bar\Notifier\KUNGFU.F3S (Adware.MyWebSearch) -> No action taken. c:\program files\mywebsearch\bar\Notifier\LIFEGARD.F3S (Adware.MyWebSearch) -> No action taken. c:\program files\mywebsearch\bar\Notifier\MAID.F3S (Adware.MyWebSearch) -> No action taken. c:\program files\mywebsearch\bar\Notifier\MAILBOX.F3S (Adware.MyWebSearch) -> No action taken. c:\program files\mywebsearch\bar\Notifier\OPERA.F3S (Adware.MyWebSearch) -> No action taken. c:\program files\mywebsearch\bar\Notifier\ROBOT.F3S (Adware.MyWebSearch) -> No action taken. c:\program files\mywebsearch\bar\Notifier\SEDUCT.F3S (Adware.MyWebSearch) -> No action taken. c:\program files\mywebsearch\bar\Notifier\SURFER.F3S (Adware.MyWebSearch) -> No action taken. c:\program files\mywebsearch\bar\Game\CHECKERS.F3S (Adware.MyWebSearch) -> No action taken. c:\program files\mywebsearch\bar\Game\CHESS.F3S (Adware.MyWebSearch) -> No action taken. c:\program files\mywebsearch\bar\Game\REVERSI.F3S (Adware.MyWebSearch) -> No action taken. c:\program files\mywebsearch\bar\icons\CM.ICO (Adware.MyWebSearch) -> No action taken. c:\program files\mywebsearch\bar\icons\MFC.ICO (Adware.MyWebSearch) -> No action taken. c:\program files\mywebsearch\bar\icons\PSS.ICO (Adware.MyWebSearch) -> No action taken. c:\program files\mywebsearch\bar\icons\SMILEY.ICO (Adware.MyWebSearch) -> No action taken. c:\program files\mywebsearch\bar\icons\WB.ICO (Adware.MyWebSearch) -> No action taken. c:\program files\mywebsearch\bar\icons\ZWINKY.ICO (Adware.MyWebSearch) -> No action taken. c:\program files\mywebsearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> No action taken. c:\program files\mywebsearch\bar\Settings\prevcfg2.htm (Adware.MyWebSearch) -> No action taken. c:\program files\mywebsearch\bar\Cache\files.ini (Adware.MyWebSearch) -> No action taken. c:\program files\mywebsearch\bar\Cache\0153254A.bin (Adware.MyWebSearch) -> No action taken. c:\program files\mywebsearch\bar\Cache\0153274D.bin (Adware.MyWebSearch) -> No action taken. c:\program files\mywebsearch\bar\Cache\01532960.bin (Adware.MyWebSearch) -> No action taken. c:\program files\mywebsearch\bar\Cache\01532B45.bin (Adware.MyWebSearch) -> No action taken. c:\program files\mywebsearch\bar\Cache\0093D5A4 (Adware.MyWebSearch) -> No action taken. c:\program files\mywebsearch\bar\Cache\0102A273 (Adware.MyWebSearch) -> No action taken. c:\program files\mywebsearch\bar\History\search3 (Adware.MyWebSearch) -> No action taken. c:\WINDOWS\system32\lowsec\user.ds (Stolen.data) -> No action taken. c:\WINDOWS\system32\lowsec\local.ds (Stolen.data) -> No action taken.
-Профиксите в HijackThis
-Выполните скрипт в AVZКод:R3 - URLSearchHook: (no name) - - (no file) O1 - Hosts: 92.241.171.71 babyblog.ru O1 - Hosts: 78.108.88.23 mywed.ru O1 - Hosts: 72.233.112.78 forum.ru-board.com O1 - Hosts: 62.148.128.14 kaluga.ru O1 - Hosts: 195.82.146.114 torrents.ru O1 - Hosts: 93.186.227.125 vkontakte.ru O1 - Hosts: 208.93.0.129 livejournal.com O1 - Hosts: 94.158.96.40 radio-portal.ru O1 - Hosts: 211.233.9.149 gmarket.co.kr
После перезагрузки:Код:begin DeleteFileMask(GetAVZDirectory + 'Quarantine', '*.*', true); ExecuteRepair(13); RebootWindows(true); end.
- Сделайте повторные логи по правилам п.2 и 3 раздела Диагностика.(virusinfo_syscheck.zip;hijackthis.log)
Огромное спасибо за помощь!!!
Повторный лог MBAM сделал, virusinfo_syscheck тоже.
Вопрос - нужно ли фиксить в HijackThis изменения файла hosts, если эти изменения были вписаны туда мною ранее и верны? Он их удалит из файла Hosts?
Фиксить в таком случае не надо, и скрипт последний выполнять тоже не надо.
Выполните скрипт в AVZ:
Компьютер перезагрузится.Код:begin SearchRootkit(true, true); SetAVZGuardStatus(True); ClearQuarantine; QuarantineFile('C:\WINDOWS\system32\drivers\tlyt.sys',''); QuarantineFile('C:\WINDOWS\system32\drivers\nvrqaum.sys',''); QuarantineFile('C:\WINDOWS\system32\tlyt.sys',''); QuarantineFile('C:\WINDOWS\system32\nvrqaum.sys',''); QuarantineFile('C:\WINDOWS\tlyt.sys',''); QuarantineFile('C:\WINDOWS\nvrqaum.sys',''); QuarantineFile('C:\Program Files\Common Files\msdao23.tlc',''); DeleteFile('C:\Program Files\Common Files\msdao23.tlc'); BC_ImportAll; ExecuteSysClean; BC_Activate; RegKeyParamWrite('HKLM', 'SYSTEM\CurrentControlSet\Services\lanmanserver\Parameters', 'ServiceDll', 'REG_EXPAND_SZ', '%SystemRoot%\system32\svchost.exe -k netsvcs'); RebootWindows(true); end.
Пришлите карантин согласно приложению 3 правил
(загружать тут: http://virusinfo.info/upload_virus.php?tid=103745).
Сделайте новые логи (только п.2 и 3 раздела Диагностика).
I am not young enough to know everything...
Скрипт выполнил, но карантин пуст...
Вот новые логи
Выполните скрипт в AVZ:
В остальном чисто.Код:begin RegKeyParamWrite('HKLM', 'SYSTEM\CurrentControlSet\Services\lanmanserver\Parameters', 'ServiceDll', 'REG_EXPAND_SZ', '%SystemRoot%\System32\srvsvc.dll'); end.
Последний раз редактировалось Bratez; 17.06.2011 в 18:48.
I am not young enough to know everything...
Огромное спасибо!!! Теперь все работает просто отлично!
Статистика проведенного лечения:
- Получено карантинов: 1
- Обработано файлов: 17
- В ходе лечения обнаружены вредоносные программы:
- c:\\windows\\system32\\hcbdzng.dll - Trojan.Win32.Agent.huuj ( DrWEB: Trojan.Mayachok.based, BitDefender: Trojan.Generic.KDV.254026, AVAST4: Win32:MalOb-HG [Cryp] )
Уважаемый(ая) Olagas, наши специалисты оказали Вам всю возможную помощь по вашему обращению.
В целях поддержания безопасности вашего компьютера настоятельно рекомендуем:
Чтобы всегда быть в курсе актуальных угроз в области информационной безопасности и сохранять свой компьютер защищенным, рекомендуем следить за последними новостями ИТ-сферы портала Anti-Malware.ru:
Надеемся больше никогда не увидеть ваш компьютер зараженным!
Если Вас не затруднит, пополните пожалуйста нашу базу безопасных файлов.