появились файлы IEXPLORE.EXE jodrive32.exe aadrive32.exe
в папке систем32 постоянно появзялются файлики **.exe где ** натуральные числа
постоянно выполняются какие то процессы с интернет експлорера, хотя пользуюсь хромом!
появились файлы IEXPLORE.EXE jodrive32.exe aadrive32.exe
в папке систем32 постоянно появзялются файлики **.exe где ** натуральные числа
постоянно выполняются какие то процессы с интернет експлорера, хотя пользуюсь хромом!
Уважаемый(ая) kovriginborya, спасибо за обращение на наш форум!
Удаление вирусов - абсолютно бесплатная услуга на VirusInfo.Info. Хелперы, в самое ближайшее время, ответят на Ваш запрос.
Если наш сайт окажется полезен Вам и у Вас будет такая возможность - пожалуйста поддержите проект.
Внимательно прочитайте и аккуратно выполните
+ Сделайте лог MBAM
логи ниже:
- Выполните скрипт в AVZ
После перезагрузки:Код:begin SearchRootkit(true, true); SetAVZGuardStatus(True); QuarantineFile('C:\WINDOWS\system32\10.exe',''); QuarantineFile('c:\RECYCLER\R-1-5-21-1482476501-1644491937-682003330-1013\acleaner.exe',''); QuarantineFile('C:\WINDOWS\xsdll.exe',''); QuarantineFile('C:\WINDOWS\system32\ac32.exe',''); QuarantineFile('C:\WINDOWS\aadrive32.exe',''); QuarantineFile('C:\WINDOWS\System32\70.exe',''); QuarantineFile('C:\WINDOWS\System32\67.exe',''); QuarantineFile('C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811\vsbntlo.exe',''); QuarantineFile('C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1413\syitm.exe',''); QuarantineFile('C:\Documents and Settings\Admin\Application Data\Hmtath.exe',''); QuarantineFile('C:\Documents and Settings\Admin\Application Data\Bktatb.exe',''); QuarantineFile('C:\Documents and Settings\Admin\Application Data\5F2.tmp',''); QuarantineFile('C:\Documents and Settings\Admin\Application Data\1DBA.tmp',''); QuarantineFile('C:\Documents and Settings\Admin\Application Data\1D6E.tmp',''); QuarantineFile('C:\WINDOWS\jodrive32.exe',''); TerminateProcessByName('C:\WINDOWS\jodrive32.exe'); QuarantineFile('c:\windows\jodrive32.exe',''); TerminateProcessByName('c:\windows\jodrive32.exe'); QuarantineFile('c:\windows\aadrive32.exe',''); TerminateProcessByName('c:\windows\aadrive32.exe'); QuarantineFile('c:\windows\system32\67.exe',''); TerminateProcessByName('c:\windows\system32\67.exe'); DeleteFile('c:\windows\aadrive32.exe'); DeleteFile('c:\windows\jodrive32.exe'); DeleteFile('C:\WINDOWS\jodrive32.exe'); DeleteFile('C:\Documents and Settings\Admin\Application Data\1D6E.tmp'); DeleteFile('C:\Documents and Settings\Admin\Application Data\1DBA.tmp'); DeleteFile('C:\Documents and Settings\Admin\Application Data\5F2.tmp'); DeleteFile('C:\Documents and Settings\Admin\Application Data\Bktatb.exe'); DeleteFile('C:\Documents and Settings\Admin\Application Data\Hmtath.exe'); DeleteFile('C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1413\syitm.exe'); RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','Tnaww'); DeleteFile('C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811\vsbntlo.exe'); DeleteFile('C:\WINDOWS\System32\67.exe'); DeleteFile('C:\WINDOWS\aadrive32.exe'); RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','Microsoft Driver Setup'); RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run','Microsoft Driver Setup'); RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','Microsoft Config Setup'); RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run','Microsoft Config Setup'); DeleteFile('C:\WINDOWS\system32\ac32.exe'); RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','ac32'); DeleteFile('C:\WINDOWS\xsdll.exe'); RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','oo'); DeleteFile('c:\RECYCLER\R-1-5-21-1482476501-1644491937-682003330-1013\acleaner.exe'); DeleteFile('C:\WINDOWS\system32\10.exe'); RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows NT\CurrentVersion\Winlogon','Taskman '); QuarantineFile('c:\sdm32.exe',''); DeleteFileMask('c:\documents and settings\Admin\local settings\temporary internet files\Content.IE5', '*.*', true); DeleteFileMask('c:\documents and settings\networkservice\local settings\temporary internet files\Content.IE5', '*.*', true); BC_ImportAll; ExecuteSysClean; ExecuteRepair(11); ExecuteWizard('TSW', 2, 2, true); ExecuteWizard('SCU', 2, 2, true); BC_Activate; RebootWindows(true); end.
- выполните такой скрипт
- Файл quarantine.zip из папки AVZ загрузите по ссылке Прислать запрошенный карантин вверху темыКод:begin CreateQurantineArchive(GetAVZDirectory+'quarantine.zip'); end.
- удалите в MBAM оставшееся из этого
Обновите системуКод:Заражённые процессы в памяти: c:\WINDOWS\system32\67.exe (Malware.Gen) -> 1496 -> No action taken. c:\WINDOWS\aadrive32.exe (Trojan.Agent.Gen) -> 2668 -> No action taken. c:\WINDOWS\jodrive32.exe (Worm.Palevo) -> 188 -> No action taken. Заражённые параметры в реестре: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Microsoft Driver Setup (Trojan.Agent.Gen) -> Value: Microsoft Driver Setup -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Microsoft Driver Setup (Trojan.Agent.Gen) -> Value: Microsoft Driver Setup -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Microsoft Config Setup (Worm.Palevo) -> Value: Microsoft Config Setup -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Microsoft Config Setup (Worm.Palevo) -> Value: Microsoft Config Setup -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\name_me (Trojan.Downloader) -> Value: name_me -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\eeexixx (Trojan.Downloader) -> Value: eeexixx -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\aexi (Trojan.Downloader) -> Value: aexi -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Bktatb (Trojan.Agent.Gen) -> Value: Bktatb -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Tnaww (Trojan.Agent.Gen) -> Value: Tnaww -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Hmtath (Spyware.BlackShadesNET) -> Value: Hmtath -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\12CFG214-K641-12SF-N85P (Trojan.Agent.Gen) -> Value: 12CFG214-K641-12SF-N85P -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Worm.AutoRun) -> Value: Shell -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Taskman (Trojan.Agent) -> Value: Taskman -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ac32 (Trojan.Agent) -> Value: ac32 -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\oo (Trojan.Downloader) -> Value: oo -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Window DLL Service (Backdoor.Agent) -> Value: Window DLL Service -> No action taken. Объекты реестра заражены: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Malware.Gen) -> Bad: (C:\WINDOWS\System32\67.exe) Good: () -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Taskman (Trojan.Agent.Gen) -> Bad: (c:\RECYCLER\R-1-5-21-1482476501-1644491937-682003330-1013\acleaner.exe) Good: () -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1413\syitm.exe,explorer.exe) Good: (Explorer.exe) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyDocs (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\System32\67.exe -init) Good: (userinit.exe) -> No action taken. Заражённые папки: c:\RECYCLER\s-1-5-21-0243936033-3052116371-381863308-1811 (Trojan.Agent) -> No action taken. c:\documents and settings\Admin\local settings\Temp\E_4 (Worm.AutoRun) -> No action taken. c:\RECYCLER\s-1-5-21-0243556031-888888379-781863308-1413 (Worm.AutoRun) -> No action taken. c:\RECYCLER\r-1-5-21-1482476501-1644491937-682003330-1013 (Worm.AutoRun.Gen) -> No action taken. Заражённые файлы: c:\WINDOWS\system32\67.exe (Malware.Gen) -> No action taken. c:\WINDOWS\aadrive32.exe (Trojan.Agent.Gen) -> No action taken. c:\WINDOWS\jodrive32.exe (Worm.Palevo) -> No action taken. c:\documents and settings\Admin\application data\1DBA.tmp (Trojan.Downloader) -> No action taken. c:\documents and settings\Admin\application data\1D6E.tmp (Trojan.Downloader) -> No action taken. c:\documents and settings\Admin\application data\5F2.tmp (Trojan.Downloader) -> No action taken. c:\documents and settings\admin\application data\bktatb.exe (Trojan.Agent.Gen) -> No action taken. c:\RECYCLER\s-1-5-21-0243556031-888888379-781863308-1413\syitm.exe (Trojan.Agent.Gen) -> No action taken. c:\documents and settings\admin\application data\hmtath.exe (Spyware.BlackShadesNET) -> No action taken. c:\RECYCLER\s-1-5-21-0243936033-3052116371-381863308-1811\vsbntlo.exe (Trojan.Agent.Gen) -> No action taken. c:\RECYCLER\r-1-5-21-1482476501-1644491937-682003330-1013\acleaner.exe (Trojan.Agent.Gen) -> No action taken. c:\sdm32.exe (Spyware.BlackShadesNET) -> No action taken. c:\documents and settings\Admin\cadqj.exe (Trojan.Agent.Gen) -> No action taken. c:\documents and settings\Admin\cdqj.exe (Trojan.Agent.Gen) -> No action taken. c:\documents and settings\Admin\ddqj.exe (Trojan.Agent.Gen) -> No action taken. c:\documents and settings\Admin\zddqj.exe (Worm.Autorun) -> No action taken. c:\documents and settings\Admin\application data\10.tmp (Trojan.Agent) -> No action taken. c:\documents and settings\Admin\application data\103.tmp (Trojan.Agent.Gen) -> No action taken. c:\documents and settings\Admin\application data\106.tmp (Trojan.Downloader) -> No action taken. c:\documents and settings\Admin\application data\109.tmp (Trojan.Downloader) -> No action taken. c:\documents and settings\Admin\application data\10A.tmp (Trojan.Agent.Gen) -> No action taken. c:\documents and settings\Admin\application data\10C.tmp (Trojan.Agent.Gen) -> No action taken. c:\documents and settings\Admin\application data\10E.tmp (Trojan.Downloader) -> No action taken. c:\documents and settings\Admin\application data\110.tmp (Trojan.Downloader) -> No action taken. c:\documents and settings\Admin\application data\111.tmp (Trojan.Downloader) -> No action taken. c:\documents and settings\Admin\application data\113.tmp (Trojan.Downloader) -> No action taken. c:\documents and settings\Admin\application data\118.tmp (Trojan.Downloader) -> No action taken. c:\documents and settings\Admin\application data\119.tmp (Trojan.Agent.Gen) -> No action taken. c:\documents and settings\Admin\application data\11C.tmp (Trojan.Downloader) -> No action taken. c:\documents and settings\Admin\application data\11D.tmp (Trojan.Agent.Gen) -> No action taken. c:\documents and settings\Admin\application data\124.tmp (Trojan.Agent.Gen) -> No action taken. c:\documents and settings\Admin\application data\13.tmp (Trojan.Agent) -> No action taken. c:\documents and settings\Admin\application data\131.tmp (Spyware.BlackShadesNET) -> No action taken. c:\documents and settings\Admin\application data\13A.tmp (Trojan.Agent.Gen) -> No action taken. c:\documents and settings\Admin\application data\13C.tmp (Trojan.Downloader) -> No action taken. c:\documents and settings\Admin\application data\14.tmp (Trojan.Agent) -> No action taken. c:\documents and settings\Admin\application data\14B.tmp (Trojan.Agent.Gen) -> No action taken. c:\documents and settings\Admin\application data\visdrive.exe (Malware.Gen) -> No action taken. c:\documents and settings\Admin\application data\C.tmp (Trojan.Agent.Gen) -> No action taken. c:\documents and settings\Admin\application data\C1.tmp (Trojan.Agent.Gen) -> No action taken. c:\documents and settings\Admin\application data\C3.tmp (Trojan.Downloader) -> No action taken. c:\documents and settings\Admin\application data\C9.tmp (Trojan.Agent.Gen) -> No action taken. c:\documents and settings\Admin\application data\CD.tmp (Trojan.Downloader) -> No action taken. c:\documents and settings\Admin\application data\CE.tmp (Spyware.BlackShadesNET) -> No action taken. c:\documents and settings\Admin\application data\D.tmp (Trojan.Agent) -> No action taken. c:\documents and settings\Admin\application data\D6.tmp (Trojan.Agent.Gen) -> No action taken. c:\documents and settings\Admin\application data\D8.tmp (Trojan.Agent.Gen) -> No action taken. c:\documents and settings\Admin\application data\DD.tmp (Trojan.Agent.Gen) -> No action taken. c:\documents and settings\Admin\application data\E.tmp (Trojan.Agent) -> No action taken. c:\documents and settings\Admin\application data\E2.tmp (Trojan.Agent.Gen) -> No action taken. c:\documents and settings\Admin\application data\E5.tmp (Trojan.Downloader) -> No action taken. c:\documents and settings\Admin\application data\EB.tmp (Trojan.Agent.Gen) -> No action taken. c:\documents and settings\Admin\application data\F.tmp (Trojan.Agent) -> No action taken. c:\documents and settings\Admin\application data\F8.tmp (Spyware.BlackShadesNET) -> No action taken. c:\documents and settings\Admin\application data\FB.tmp (Trojan.Agent.Gen) -> No action taken. c:\documents and settings\Admin\application data\FD.tmp (Trojan.Downloader) -> No action taken. c:\documents and settings\Admin\application data\FF.tmp (Trojan.Agent) -> No action taken. c:\documents and settings\Admin\application data\23.tmp (Trojan.Agent.Gen) -> No action taken. c:\documents and settings\Admin\application data\233C.tmp (Trojan.Downloader) -> No action taken. c:\documents and settings\Admin\application data\241.tmp (Trojan.Downloader) -> No action taken. c:\documents and settings\Admin\application data\244.tmp (Trojan.Downloader) -> No action taken. c:\documents and settings\Admin\application data\246.tmp (Trojan.Downloader) -> No action taken. c:\documents and settings\Admin\application data\25.tmp (Trojan.Agent.Gen) -> No action taken. c:\documents and settings\Admin\application data\251.tmp (Trojan.Agent.Gen) -> No action taken. c:\documents and settings\Admin\application data\253.tmp (Spyware.BlackShadesNET) -> No action taken. c:\documents and settings\Admin\application data\255.tmp (Trojan.Agent.Gen) -> No action taken. c:\documents and settings\Admin\application data\257.tmp (Trojan.Downloader) -> No action taken. c:\documents and settings\Admin\application data\29.tmp (Trojan.Agent.Gen) -> No action taken. c:\documents and settings\Admin\application data\294.tmp (Trojan.Agent.Gen) -> No action taken. c:\documents and settings\Admin\application data\296.tmp (Trojan.Agent.Gen) -> No action taken. c:\documents and settings\Admin\application data\2B.tmp (Trojan.Agent.Gen) -> No action taken. c:\documents and settings\Admin\application data\2DA5.tmp (Trojan.Downloader) -> No action taken. c:\documents and settings\Admin\application data\2DEF.tmp (Trojan.Downloader) -> No action taken. c:\documents and settings\Admin\application data\2DF5.tmp (Trojan.Downloader) -> No action taken. c:\documents and settings\Admin\application data\2F.tmp (Trojan.Agent.Gen) -> No action taken. c:\documents and settings\Admin\application data\3.tmp (Trojan.Agent) -> No action taken. c:\documents and settings\Admin\application data\310.tmp (Trojan.Downloader) -> No action taken. c:\documents and settings\Admin\application data\316.tmp (Trojan.Downloader) -> No action taken. c:\documents and settings\Admin\application data\31A.tmp (Trojan.Downloader) -> No action taken. c:\documents and settings\Admin\application data\32.tmp (Trojan.Agent.Gen) -> No action taken. c:\documents and settings\Admin\application data\34.tmp (Trojan.Agent.Gen) -> No action taken. c:\documents and settings\Admin\application data\36.tmp (Trojan.Agent.Gen) -> No action taken. c:\documents and settings\Admin\application data\3C.tmp (Trojan.Agent.Gen) -> No action taken. c:\documents and settings\Admin\application data\3C4.tmp (Trojan.Downloader) -> No action taken. c:\documents and settings\Admin\application data\4.tmp (Worm.Palevo) -> No action taken. c:\documents and settings\Admin\application data\40.tmp (Trojan.Agent.Gen) -> No action taken. c:\documents and settings\Admin\application data\42.tmp (Trojan.Agent.Gen) -> No action taken. c:\documents and settings\Admin\application data\43.tmp (Trojan.Agent.Gen) -> No action taken. c:\documents and settings\Admin\application data\44.tmp (Trojan.Agent.Gen) -> No action taken. c:\documents and settings\Admin\application data\45.tmp (Trojan.Agent.Gen) -> No action taken. c:\documents and settings\Admin\application data\46.tmp (Trojan.Agent.Gen) -> No action taken. c:\documents and settings\Admin\application data\47.tmp (Worm.Palevo) -> No action taken. c:\documents and settings\Admin\application data\48.tmp (Trojan.Agent.Gen) -> No action taken. c:\documents and settings\Admin\application data\49.tmp (Worm.Palevo.H) -> No action taken. c:\documents and settings\Admin\application data\15.tmp (Trojan.Agent) -> No action taken. c:\documents and settings\Admin\application data\5B.tmp (Trojan.Agent.Gen) -> No action taken. c:\documents and settings\Admin\application data\7.tmp (Trojan.Agent) -> No action taken. c:\documents and settings\Admin\application data\8D.tmp (Trojan.Downloader) -> No action taken. c:\documents and settings\Admin\application data\4BC.tmp (Trojan.Agent.Gen) -> No action taken. c:\documents and settings\Admin\application data\4BE.tmp (Spyware.BlackShadesNET) -> No action taken. c:\documents and settings\Admin\application data\4C0.tmp (Trojan.Agent.Gen) -> No action taken. c:\documents and settings\Admin\application data\4C2.tmp (Trojan.Downloader) -> No action taken. c:\documents and settings\Admin\application data\4D.tmp (Worm.Palevo.H) -> No action taken. c:\documents and settings\Admin\application data\4E.tmp (Trojan.Agent.Gen) -> No action taken. c:\documents and settings\Admin\application data\4F.tmp (Trojan.Agent.Gen) -> No action taken. c:\documents and settings\Admin\application data\50.tmp (Worm.Palevo.H) -> No action taken. c:\documents and settings\Admin\application data\51.tmp (Trojan.Agent.Gen) -> No action taken. c:\documents and settings\Admin\application data\52.tmp (Trojan.Agent.Gen) -> No action taken. c:\documents and settings\Admin\application data\53.tmp (Worm.Palevo.H) -> No action taken. c:\documents and settings\Admin\application data\54.tmp (Trojan.Agent.Gen) -> No action taken. c:\documents and settings\Admin\application data\55.tmp (Trojan.Agent.Gen) -> No action taken. c:\documents and settings\Admin\application data\56.tmp (Trojan.Agent.Gen) -> No action taken. c:\documents and settings\Admin\application data\57.tmp (Trojan.Agent.Gen) -> No action taken. c:\documents and settings\Admin\application data\58.tmp (Trojan.Agent.Gen) -> No action taken. c:\documents and settings\Admin\application data\59.tmp (Trojan.Agent.Gen) -> No action taken. c:\documents and settings\Admin\application data\5A.tmp (Trojan.Agent.Gen) -> No action taken. c:\documents and settings\Admin\application data\70.tmp (Trojan.Downloader) -> No action taken. c:\documents and settings\Admin\application data\71.tmp (Spyware.BlackShadesNET) -> No action taken. c:\documents and settings\Admin\application data\72.tmp (Trojan.Agent.Gen) -> No action taken. c:\documents and settings\Admin\application data\73.tmp (Trojan.Downloader) -> No action taken. c:\documents and settings\Admin\application data\74.tmp (Trojan.Downloader) -> No action taken. c:\documents and settings\Admin\application data\76.tmp (Trojan.Downloader) -> No action taken. c:\documents and settings\Admin\application data\77.tmp (Trojan.Agent.Gen) -> No action taken. c:\documents and settings\Admin\application data\78.tmp (Trojan.Agent.Gen) -> No action taken. c:\documents and settings\Admin\application data\79.tmp (Trojan.Agent.Gen) -> No action taken. c:\documents and settings\Admin\application data\7A.tmp (Worm.Autorun) -> No action taken. c:\documents and settings\Admin\application data\7B.tmp (Trojan.Downloader) -> No action taken. c:\documents and settings\Admin\application data\7C.tmp (Trojan.Agent.Gen) -> No action taken. c:\documents and settings\Admin\application data\7D.tmp (Worm.Palevo.H) -> No action taken. c:\documents and settings\Admin\application data\7E.tmp (Trojan.Downloader) -> No action taken. c:\documents and settings\Admin\application data\7F.tmp (Trojan.Agent.Gen) -> No action taken. c:\documents and settings\Admin\application data\8.tmp (Trojan.Agent) -> No action taken. c:\documents and settings\Admin\application data\80.tmp (Trojan.Downloader) -> No action taken. c:\documents and settings\Admin\application data\81.tmp (Trojan.Agent.Gen) -> No action taken. c:\documents and settings\Admin\application data\82.tmp (Trojan.Downloader) -> No action taken. c:\documents and settings\Admin\application data\83.tmp (Trojan.Agent.Gen) -> No action taken. c:\documents and settings\Admin\application data\84.tmp (Trojan.Agent.Gen) -> No action taken. c:\documents and settings\Admin\application data\85.tmp (Trojan.Agent.Gen) -> No action taken. c:\documents and settings\Admin\application data\86.tmp (Trojan.Agent.Gen) -> No action taken. c:\documents and settings\Admin\application data\87.tmp (Trojan.Agent.Gen) -> No action taken. c:\documents and settings\Admin\application data\88.tmp (Trojan.Agent.Gen) -> No action taken. c:\documents and settings\Admin\application data\89.tmp (Trojan.Agent.Gen) -> No action taken. c:\documents and settings\Admin\application data\8A.tmp (Trojan.Agent.Gen) -> No action taken. c:\documents and settings\Admin\application data\8A7.tmp (Trojan.Agent.Gen) -> No action taken. c:\documents and settings\Admin\application data\8B.tmp (Trojan.Downloader) -> No action taken. c:\documents and settings\Admin\application data\8C.tmp (Trojan.Agent.Gen) -> No action taken. c:\documents and settings\Admin\application data\8E.tmp (Trojan.Agent.Gen) -> No action taken. c:\documents and settings\Admin\application data\8F.tmp (Trojan.Agent.Gen) -> No action taken. c:\documents and settings\Admin\application data\9.tmp (Trojan.Agent) -> No action taken. c:\documents and settings\Admin\application data\90.tmp (Trojan.Downloader) -> No action taken. c:\documents and settings\Admin\application data\91.tmp (Trojan.Agent.Gen) -> No action taken. c:\documents and settings\Admin\application data\92.tmp (Trojan.Downloader) -> No action taken. c:\documents and settings\Admin\application data\98.tmp (Trojan.Agent.Gen) -> No action taken. c:\documents and settings\Admin\application data\9D.tmp (Trojan.Agent.Gen) -> No action taken. c:\documents and settings\Admin\application data\A.tmp (Trojan.Agent) -> No action taken. c:\documents and settings\Admin\application data\A2.tmp (Worm.Palevo.H) -> No action taken. c:\documents and settings\Admin\application data\A6.tmp (Trojan.Agent.Gen) -> No action taken. c:\documents and settings\Admin\application data\AB.tmp (Trojan.Agent.Gen) -> No action taken. c:\documents and settings\Admin\application data\B.tmp (Trojan.Agent) -> No action taken. c:\documents and settings\Admin\application data\B6.tmp (Trojan.Agent.Gen) -> No action taken. c:\documents and settings\Admin\application data\BA.tmp (Trojan.Downloader) -> No action taken. c:\documents and settings\Admin\application data\160.tmp (Trojan.Agent.Gen) -> No action taken. c:\documents and settings\Admin\application data\17.tmp (Trojan.Agent.Gen) -> No action taken. c:\documents and settings\Admin\application data\18.tmp (Trojan.Agent.Gen) -> No action taken. c:\documents and settings\Admin\application data\1A.tmp (Trojan.Agent.Gen) -> No action taken. c:\documents and settings\Admin\application data\1A1.tmp (Trojan.Agent.Gen) -> No action taken. c:\documents and settings\Admin\application data\1B0.tmp (Spyware.BlackShadesNET) -> No action taken. c:\documents and settings\Admin\application data\1C.tmp (Trojan.Agent.Gen) -> No action taken. c:\documents and settings\Admin\application data\1D.tmp (Trojan.Agent.Gen) -> No action taken. c:\documents and settings\Admin\application data\1D6B.tmp (Trojan.Downloader) -> No action taken. c:\documents and settings\Admin\application data\1D80.tmp (Trojan.Agent.Gen) -> No action taken. c:\documents and settings\Admin\application data\1E.tmp (Trojan.Agent.Gen) -> No action taken. c:\documents and settings\Admin\application data\1F.tmp (Trojan.Agent.Gen) -> No action taken. c:\documents and settings\Admin\application data\20.tmp (Trojan.Agent.Gen) -> No action taken. c:\documents and settings\Admin\application data\5C.tmp (Trojan.Agent.Gen) -> No action taken. c:\documents and settings\Admin\application data\5D.tmp (Trojan.Agent.Gen) -> No action taken. c:\documents and settings\Admin\application data\5D3.tmp (Trojan.Agent.Gen) -> No action taken. c:\documents and settings\Admin\application data\5E.tmp (Trojan.Agent.Gen) -> No action taken. c:\documents and settings\Admin\application data\5EE.tmp (Spyware.BlackShadesNET) -> No action taken. c:\documents and settings\Admin\application data\5F.tmp (Trojan.Agent.Gen) -> No action taken. c:\documents and settings\Admin\application data\6.tmp (Trojan.Agent) -> No action taken. c:\documents and settings\Admin\application data\60.tmp (Trojan.Agent.Gen) -> No action taken. c:\documents and settings\Admin\application data\61.tmp (Trojan.Agent.Gen) -> No action taken. c:\documents and settings\Admin\application data\62.tmp (Trojan.Agent.Gen) -> No action taken. c:\documents and settings\Admin\application data\63.tmp (Trojan.Agent.Gen) -> No action taken. c:\documents and settings\Admin\application data\64.tmp (Trojan.Agent.Gen) -> No action taken. c:\documents and settings\Admin\application data\65.tmp (Trojan.Agent.Gen) -> No action taken. c:\documents and settings\Admin\application data\66.tmp (Trojan.Agent.Gen) -> No action taken. c:\documents and settings\Admin\application data\67.tmp (Trojan.Agent.Gen) -> No action taken. c:\documents and settings\Admin\application data\68.tmp (Trojan.Agent.Gen) -> No action taken. c:\documents and settings\Admin\application data\69.tmp (Trojan.Agent.Gen) -> No action taken. c:\documents and settings\Admin\application data\6A.tmp (Trojan.Agent.Gen) -> No action taken. c:\documents and settings\Admin\application data\6B.tmp (Trojan.Agent.Gen) -> No action taken. c:\documents and settings\Admin\application data\6C.tmp (Trojan.Agent.Gen) -> No action taken. c:\documents and settings\Admin\application data\6D.tmp (Trojan.Agent.Gen) -> No action taken. c:\documents and settings\Admin\application data\6E.tmp (Trojan.Agent.Gen) -> No action taken. c:\documents and settings\Admin\application data\6F.tmp (Trojan.Agent.Gen) -> No action taken. c:\documents and settings\Admin\doctorweb\quarantine\bsysmgr.exe (Worm.Palevo.XGen) -> No action taken. c:\documents and settings\Admin\local settings\temporary internet files\Content.IE5\63KSTJGM\752825289[1].gif (Worm.Palevo.XGen) -> No action taken. c:\documents and settings\Admin\local settings\temporary internet files\Content.IE5\63KSTJGM\wffwwng[1].exe (Spyware.BlackShadesNET) -> No action taken. c:\documents and settings\Admin\local settings\temporary internet files\Content.IE5\63KSTJGM\wffwwng[2].exe (Spyware.BlackShadesNET) -> No action taken. c:\documents and settings\Admin\local settings\temporary internet files\Content.IE5\8F8PONQM\3800fe[1].exe (Trojan.Agent.Gen) -> No action taken. c:\documents and settings\Admin\local settings\temporary internet files\Content.IE5\8F8PONQM\200few[1].exe (Spyware.BlackShadesNET) -> No action taken. c:\documents and settings\Admin\local settings\temporary internet files\Content.IE5\8F8PONQM\200few[2].exe (Spyware.BlackShadesNET) -> No action taken. c:\documents and settings\Admin\local settings\temporary internet files\Content.IE5\RMWCP679\3800fe[1].exe (Trojan.Agent.Gen) -> No action taken. c:\documents and settings\Admin\local settings\temporary internet files\Content.IE5\RMWCP679\brsuli[1].exe (Trojan.Agent.Gen) -> No action taken. c:\documents and settings\Admin\local settings\temporary internet files\Content.IE5\RMWCP679\haydar[1].exe (Trojan.Agent.Gen) -> No action taken. c:\documents and settings\Admin\local settings\temporary internet files\Content.IE5\YEO8V4RB\ngioz[1].exe (Trojan.Agent.Gen) -> No action taken. c:\documents and settings\Admin\local settings\temporary internet files\Content.IE5\YEO8V4RB\200fuwk[1].exe (Spyware.BlackShadesNET) -> No action taken. c:\documents and settings\Admin\local settings\temporary internet files\Content.IE5\YEO8V4RB\200xmmmx[1].exe (Spyware.BlackShadesNET) -> No action taken. c:\documents and settings\Admin\local settings\temporary internet files\Content.IE5\YEO8V4RB\haydar[1].exe (Trojan.Agent.Gen) -> No action taken. c:\documents and settings\Admin\local settings\temporary internet files\Content.IE5\YEO8V4RB\brsuli[1].exe (Trojan.Agent.Gen) -> No action taken. c:\documents and settings\networkservice\local settings\temporary internet files\Content.IE5\7FZYJRSY\c[1].exe (Spyware.BlackShadesNET) -> No action taken. c:\documents and settings\networkservice\local settings\temporary internet files\Content.IE5\7FZYJRSY\z[1].exe (Trojan.Agent.Gen) -> No action taken. c:\documents and settings\networkservice\local settings\temporary internet files\Content.IE5\ITH1BGXZ\z[1].exe (Trojan.Agent.Gen) -> No action taken. c:\documents and settings\networkservice\local settings\temporary internet files\Content.IE5\XYSY5VKR\z[1].exe (Trojan.Agent.Gen) -> No action taken. c:\WINDOWS\system32\10.exe (Spyware.BlackShadesNET) -> No action taken. c:\WINDOWS\system32\shell.fne (Worm.AutoRun) -> No action taken. c:\WINDOWS\system32\wchrv.exe (Trojan.Dropper) -> No action taken. c:\WINDOWS\system32\wmasrv.exe (Trojan.Dropper) -> No action taken. c:\WINDOWS\system32\dp1.fne (Worm.Autorun) -> No action taken. c:\WINDOWS\system32\eAPI.fne (Worm.AutoRun) -> No action taken. c:\WINDOWS\system32\internet.fne (Trojan.Agent) -> No action taken. c:\WINDOWS\system32\krnln.fnr (Worm.Autorun) -> No action taken. c:\WINDOWS\system32\com.run (Trojan.Agent) -> No action taken. c:\WINDOWS\system32\ac.blabla (Worm.Autorun) -> No action taken. c:\WINDOWS\system32\RegEx.fnr (Worm.AutoRun) -> No action taken. c:\WINDOWS\system32\26.exe (Trojan.Agent.Gen) -> No action taken. c:\WINDOWS\system32\52.exe (Trojan.Agent.Gen) -> No action taken. c:\WINDOWS\system32\62.exe (Trojan.Agent.Gen) -> No action taken. c:\WINDOWS\system32\86.exe (Trojan.Agent.Gen) -> No action taken. c:\WINDOWS\system32\og.dll (Worm.AutoRun) -> No action taken. c:\WINDOWS\system32\og.edt (Worm.AutoRun) -> No action taken. c:\WINDOWS\system32\spec.fne (Worm.AutoRun) -> No action taken. c:\WINDOWS\system32\ul.dll (Worm.AutoRun) -> No action taken. c:\WINDOWS\logfile32.txt (Malware.Trace) -> No action taken. c:\RECYCLER\s-1-5-21-0243936033-3052116371-381863308-1811\Desktop.ini (Trojan.Agent) -> No action taken. c:\RECYCLER\s-1-5-21-0243556031-888888379-781863308-1413\Desktop.ini (Worm.AutoRun) -> No action taken. c:\RECYCLER\r-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini (Worm.AutoRun.Gen) -> No action taken.
- SP2 обновите до Service Pack 3(может потребоваться активация)
* Перед установкой Сервис Пака необходимо выгрузить антивирус, файрвол, а так же резидентные приложения типа TeaTimer (Spybot Search and Destroy) и др.)
* Microsoft остановил поддержку и выпуск обновлений безопасности для ОС Windows XP без установленного SP3, см.тут
- Установите Internet-Explorer 8.(даже если Вы его не используете)
- Поставте все последние обновления системы Windows - тут
После обновления:
- Сделайте повторные логи по правилам п.2 и 3 раздела Диагностика.(virusinfo_syscheck.zip;hijackthis.log)
- Сделайте лог MBAM
-
- Выполните скрипт в AVZ
После перезагрузки:Код:begin SearchRootkit(true, true); SetAVZGuardStatus(True); DeleteFileMask(GetAVZDirectory + 'Quarantine', '*.*', true); DeleteFile('C:\Documents and Settings\NetworkService\Application Data\Hmtath.exe'); RegKeyParamDel('HKEY_USERS','S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run','Hmtath'); RegKeyParamDel('HKEY_USERS','.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run','Hmtath'); BC_ImportAll; ExecuteSysClean; BC_Activate; RebootWindows(true); end.
- Сделайте повторный лог virusinfo_syscheck.zip;
-
Уважаемый(ая) kovriginborya, наши специалисты оказали Вам всю возможную помощь по вашему обращению.
В целях поддержания безопасности вашего компьютера настоятельно рекомендуем:
Чтобы всегда быть в курсе актуальных угроз в области информационной безопасности и сохранять свой компьютер защищенным, рекомендуем следить за последними новостями ИТ-сферы портала Anti-Malware.ru:
Надеемся больше никогда не увидеть ваш компьютер зараженным!
Если Вас не затруднит, пополните пожалуйста нашу базу безопасных файлов.