Junior Member
Вес репутации
13
Десятки процессов CMD.exe и планировщика задачь
Добрый день. Словил вирус который создаёт десятки "процессов планировщик задач" "Обработчик команд Windows" "Console Windows Host" Постоянно генерирует службы с именем 4 рандомных буквы. Создаёт файл GoogleX.Bat Внутри которого прописана команда и судя по всему эти процессы её выполняют
Будь в курсе!
Будь в курсе!
Надоело быть жертвой? Стань профи по информационной безопасности, получай самую свежую информацию об угрозах и средствах защиты от ведущего российского аналитического центра Anti-Malware.ru:
Уважаемый(ая) Sektor1024 , спасибо за обращение на наш форум! правилах оформления запроса о помощи .поддержите проект .
Выполните скрипт в AVZ из папки Autologger :
Код:
begin
ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true);
StopService('aaGS');
StopService('abhi');
StopService('AfXk');
StopService('AiHF');
StopService('aKbx');
StopService('AluR');
StopService('AMLL');
StopService('aMnn');
StopService('anlA');
StopService('AodN');
StopService('AoEv');
StopService('ApgS');
StopService('ApIq');
StopService('aQId');
StopService('army');
StopService('ASgL');
StopService('aSuW');
StopService('ATMt');
StopService('aUAH');
StopService('AWFs');
StopService('awhz');
StopService('aWrD');
StopService('AXsr');
StopService('AYJQ');
StopService('AZoa');
StopService('bdTX');
StopService('bJIK');
StopService('bjyh');
StopService('bLid');
StopService('bOYn');
StopService('bPnS');
StopService('bPSb');
StopService('BpvX');
StopService('Bqop');
StopService('BqZN');
StopService('bRhy');
StopService('brtW');
StopService('BSSb');
StopService('bVVw');
StopService('ByWd');
StopService('bZfs');
StopService('CbsO');
StopService('ccaJ');
StopService('ccdW');
StopService('CCHJ');
StopService('Cdaf');
StopService('CgpH');
StopService('ciLP');
StopService('CLyY');
StopService('cmJv');
StopService('CmyH');
StopService('CNVY');
StopService('CnYl');
StopService('CnzB');
StopService('CpWd');
StopService('CqPu');
StopService('CrdT');
StopService('CruK');
StopService('CSuu');
StopService('cUie');
StopService('CUKf');
StopService('cUvn');
StopService('cvdk');
StopService('CvFa');
StopService('Cyef');
StopService('daGU');
StopService('DbQc');
StopService('dCBE');
StopService('DEeF');
StopService('dfQL');
StopService('dgTr');
StopService('dJEm');
StopService('dMRf');
StopService('dMud');
StopService('dnaO');
StopService('DNLQ');
StopService('dOgh');
StopService('dOxq');
StopService('dqms');
StopService('drGy');
StopService('DSuL');
StopService('dsxT');
StopService('DToV');
StopService('DUKy');
StopService('dvhw');
StopService('DVwM');
StopService('DXtq');
StopService('DYHo');
StopService('dYxz');
StopService('DzYS');
StopService('eaBy');
StopService('eanf');
StopService('eauE');
StopService('eDBD');
StopService('edKt');
StopService('eEGw');
StopService('EErn');
StopService('EETJ');
StopService('eJbm');
StopService('Ejrw');
StopService('EKlk');
StopService('eKwt');
StopService('ELlH');
StopService('EnNh');
StopService('EPqC');
StopService('eQhK');
StopService('erkp');
StopService('ErUr');
StopService('EsTA');
StopService('eTCg');
StopService('etgs');
StopService('eVfc');
StopService('EXQe');
StopService('FAfG');
StopService('faOh');
StopService('fcqb');
StopService('FCWt');
StopService('fdwL');
StopService('fECN');
StopService('feuu');
StopService('FGdo');
StopService('FgXh');
StopService('FHtx');
StopService('fhZm');
StopService('fkjU');
StopService('FLOl');
StopService('FlvH');
StopService('FnvT');
StopService('FPqr');
StopService('FqDp');
StopService('fsIg');
StopService('fuNe');
StopService('fVXn');
StopService('FXbR');
StopService('FxnN');
StopService('FxRL');
StopService('fXvk');
StopService('fYAD');
StopService('fYtH');
StopService('Fzbw');
StopService('FZft');
StopService('gbXm');
StopService('GdCY');
StopService('gEry');
StopService('GFZM');
StopService('GkPO');
StopService('GKVc');
StopService('glaJ');
StopService('gmOp');
StopService('GPSj');
StopService('gUwB');
StopService('GvYI');
StopService('GXEA');
StopService('GZHC');
StopService('haev');
StopService('Hcah');
StopService('hcID');
StopService('HDPq');
StopService('hENs');
StopService('Heta');
StopService('HeTf');
StopService('HHEC');
StopService('HhGq');
StopService('hipZ');
StopService('hknS');
StopService('HliD');
StopService('hpNe');
StopService('hpzc');
StopService('hQxv');
StopService('HrNd');
StopService('hsfS');
StopService('huNG');
StopService('HuvD');
StopService('hVuE');
StopService('hvWs');
StopService('HwHQ');
StopService('HXjz');
StopService('HXsR');
StopService('hyvJ');
StopService('IBxf');
StopService('iEht');
StopService('iFNK');
StopService('IFVq');
StopService('IhEt');
StopService('ihxQ');
StopService('iiBY');
StopService('iImB');
StopService('IiTq');
StopService('iKeo');
StopService('iLIa');
StopService('imDQ');
StopService('imhK');
StopService('iOIH');
StopService('IRZc');
StopService('iSwW');
StopService('ivjk');
StopService('IwTh');
StopService('iWwc');
StopService('IxeJ');
StopService('ixjF');
StopService('Ixlz');
StopService('iZdL');
StopService('iZUP');
StopService('JajD');
StopService('JCml');
StopService('jDwb');
StopService('jFsb');
StopService('JgOM');
StopService('jjJf');
StopService('jjTS');
StopService('jKXj');
StopService('Jluh');
StopService('JOcr');
StopService('jOsJ');
StopService('Jskx');
StopService('JSRR');
StopService('JTbt');
StopService('jTKT');
StopService('jTzP');
StopService('jurW');
StopService('jwJR');
StopService('JWNA');
StopService('kCKF');
StopService('kCmz');
StopService('kCqQ');
StopService('KCrA');
StopService('KDel');
StopService('keGN');
StopService('kEME');
StopService('kEwI');
StopService('kfxL');
StopService('KHfP');
StopService('KIen');
StopService('kIpb');
StopService('KKMs');
StopService('kKnI');
StopService('kkYc');
StopService('klpE');
StopService('kMTb');
StopService('KnAx');
StopService('kNUe');
StopService('koac');
StopService('KPtb');
StopService('KpuR');
StopService('kqQB');
StopService('Kqwc');
StopService('ksbY');
StopService('kSLU');
StopService('KTxG');
StopService('kWAU');
StopService('KyDA');
StopService('lBcq');
StopService('lbhH');
StopService('LBSq');
StopService('LcYH');
StopService('lExx');
StopService('LfdN');
StopService('LfmD');
StopService('LHPt');
StopService('ljLy');
StopService('lJQO');
StopService('lLBF');
StopService('llHG');
StopService('LmCX');
StopService('Lmfp');
StopService('lnlv');
StopService('LpFr');
StopService('lqXl');
StopService('LsGh');
StopService('luYu');
StopService('LxyS');
StopService('LYIT');
StopService('MAdV');
StopService('MApA');
StopService('mboN');
StopService('mBtp');
StopService('mdln');
StopService('mdOa');
StopService('mEJO');
StopService('MEqK');
StopService('mIgD');
StopService('MISt');
StopService('miws');
StopService('Mllq');
StopService('mnCH');
StopService('Mnwl');
StopService('mPCz');
StopService('mPMn');
StopService('msVb');
StopService('MtYD');
StopService('MuZK');
StopService('MwkE');
StopService('mwnU');
StopService('MxTx');
StopService('MyGt');
StopService('nACK');
StopService('nBbw');
StopService('NbNG');
StopService('NCbh');
StopService('nDBY');
StopService('NdJT');
StopService('ndQI');
StopService('NDyU');
StopService('ngWs');
StopService('nINZ');
StopService('NJCe');
StopService('NjcY');
StopService('Njzo');
StopService('nkiR');
StopService('Nliw');
StopService('Nmvc');
StopService('NnGs');
StopService('NnWW');
StopService('nOax');
StopService('NrpX');
StopService('NrYe');
StopService('nSoD');
StopService('ntht');
StopService('nTmt');
StopService('nUFG');
StopService('nUHk');
StopService('nVRd');
StopService('Nvyh');
StopService('NwdO');
StopService('nwzT');
StopService('nyCA');
StopService('nydA');
StopService('nYKV');
StopService('oAcs');
StopService('oCRl');
StopService('OdEK');
StopService('oFch');
StopService('OFGo');
StopService('OfJd');
StopService('OGtC');
StopService('ohar');
StopService('OiAQ');
StopService('OIkr');
StopService('OiyO');
StopService('oLxG');
StopService('OLYt');
StopService('ombA');
StopService('omoH');
StopService('omSu');
StopService('ooUT');
StopService('oqof');
StopService('ORCS');
StopService('OuXn');
StopService('ovcw');
StopService('OVFd');
StopService('oVjD');
StopService('ovQM');
StopService('oWnN');
StopService('OXNY');
StopService('OxoE');
StopService('oZAh');
StopService('OZbK');
StopService('OzOi');
StopService('OzUG');
StopService('PbfR');
StopService('PcAX');
StopService('PccC');
StopService('peHY');
StopService('PFvs');
StopService('pGhj');
StopService('PGIt');
StopService('PgMn');
StopService('PIrR');
StopService('pitq');
StopService('pItx');
StopService('pkwS');
StopService('PMEC');
StopService('pmQJ');
StopService('pOlN');
StopService('POpy');
StopService('poXB');
StopService('PoZJ');
StopService('PPpT');
StopService('PqJc');
StopService('pQVR');
StopService('PRfy');
StopService('PrPv');
StopService('Prvw');
StopService('PsTK');
StopService('PtRI');
StopService('PuEG');
StopService('puIW');
StopService('PUNt');
StopService('PuoC');
StopService('pUtY');
StopService('PXDw');
StopService('pxMg');
StopService('PXqm');
StopService('pXxd');
StopService('PXYC');
StopService('pYXX');
StopService('PztL');
StopService('QBdh');
StopService('qbDu');
StopService('QbNP');
StopService('qewt');
StopService('qgBR');
StopService('Qhnc');
StopService('QJnR');
StopService('QjYy');
StopService('qkXT');
StopService('qMfS');
StopService('qNTu');
StopService('Qotq');
StopService('qpTo');
StopService('qRiZ');
StopService('QtkM');
StopService('QuNS');
StopService('QuUV');
StopService('QuVC');
StopService('Qvgl');
StopService('QvLR');
StopService('QWFk');
StopService('QwPN');
StopService('Qxtv');
StopService('RAAG');
StopService('RaGL');
StopService('rAOS');
StopService('raTM');
StopService('RbHP');
StopService('RcDa');
StopService('RCHO');
StopService('rDTA');
StopService('REPJ');
StopService('rhdk');
StopService('Rjbg');
StopService('rlAo');
StopService('rLqN');
StopService('roDW');
StopService('ROmf');
StopService('rOWm');
StopService('Rqgj');
StopService('RQqP');
StopService('rQYY');
StopService('rrvD');
StopService('rtCg');
StopService('RTMu');
StopService('rUdN');
StopService('rveN');
StopService('rVfG');
StopService('rvlX');
StopService('rVsf');
StopService('RWeb');
StopService('RwGR');
StopService('RxCt');
StopService('RxOL');
StopService('Rxuj');
StopService('RZgQ');
StopService('rzit');
StopService('RZLi');
StopService('SANL');
StopService('SAtS');
StopService('sAyi');
StopService('SCcg');
StopService('sdcn');
StopService('sDOl');
StopService('SEnc');
StopService('SERm');
StopService('SHiS');
StopService('shsz');
StopService('sJKj');
StopService('sjoT');
StopService('SmeQ');
StopService('SmIB');
StopService('SnBQ');
StopService('snbZ');
StopService('sNiO');
StopService('SoFh');
StopService('spaX');
StopService('Spmp');
StopService('SPOm');
StopService('SRaD');
StopService('SRZG');
StopService('sRzz');
StopService('suHV');
StopService('sUKn');
StopService('SvEO');
StopService('SVhp');
StopService('sVqh');
StopService('SwWe');
StopService('SXnK');
StopService('SZAu');
StopService('tArC');
StopService('teAq');
StopService('TeZi');
StopService('tfia');
StopService('TfkV');
StopService('tfsh');
StopService('thCj');
StopService('thgP');
StopService('tivm');
StopService('TIyM');
StopService('TkbM');
StopService('tKnj');
StopService('TMkz');
StopService('Toif');
StopService('TQMU');
StopService('ttXX');
StopService('TurV');
StopService('tvym');
StopService('TWfY');
StopService('TwqB');
StopService('TWzz');
StopService('TXcs');
StopService('Tzov');
StopService('uCMV');
StopService('uEhY');
StopService('UEjH');
StopService('UGmp');
StopService('UhZf');
StopService('uiMw');
StopService('UiOZ');
StopService('UiRW');
StopService('uIZB');
StopService('UJdZ');
StopService('ulhy');
StopService('uLqf');
StopService('UmhJ');
StopService('umIz');
StopService('uMrz');
StopService('uNsj');
StopService('uNXN');
StopService('uoae');
StopService('UoFS');
StopService('uoLx');
StopService('UOZp');
StopService('UQSR');
StopService('utUh');
StopService('uxNA');
StopService('uYpc');
StopService('ValP');
StopService('VAMF');
StopService('vaVc');
StopService('VBLM');
StopService('Vdff');
StopService('vDjA');
StopService('vDQv');
StopService('vEYK');
StopService('VHTa');
StopService('VihC');
StopService('vjdm');
StopService('vJfb');
StopService('Vkms');
StopService('vlbs');
StopService('VMPf');
StopService('vMRy');
StopService('voom');
StopService('VQgW');
StopService('vrBj');
StopService('VSRa');
StopService('vsrh');
StopService('VTwz');
StopService('vUri');
StopService('vvdG');
StopService('vvdJ');
StopService('vwxi');
StopService('VYSq');
StopService('WAGy');
StopService('wAua');
StopService('WbEi');
StopService('WbOw');
StopService('WCfP');
StopService('wCIG');
StopService('Wdhm');
StopService('wDVc');
StopService('WfxE');
StopService('wFxP');
StopService('wgBd');
StopService('Wjwz');
StopService('wkDx');
StopService('WlCO');
StopService('wmHm');
StopService('wMrw');
StopService('wonm');
StopService('wpRK');
StopService('WSEe');
StopService('wtgX');
StopService('WTzV');
StopService('WuLQ');
StopService('wUwV');
StopService('WVel');
StopService('WWvD');
StopService('WxTn');
StopService('wXUF');
StopService('wXWl');
StopService('wZtm');
StopService('XaLt');
StopService('XBcg');
StopService('XDTO');
StopService('xEtp');
StopService('XeXx');
StopService('xFnh');
StopService('xgga');
StopService('xhJw');
StopService('xHUx');
StopService('XJki');
StopService('XkTx');
StopService('Xliw');
StopService('XmzQ');
StopService('xnwl');
StopService('XpiQ');
StopService('XpLJ');
StopService('xqsn');
StopService('XraU');
StopService('XtcV');
StopService('xTOk');
StopService('XVwL');
StopService('xWaV');
StopService('XWbd');
StopService('xWEf');
StopService('XYUK');
StopService('xzcJ');
StopService('YbBJ');
StopService('ybyQ');
StopService('YCGT');
StopService('YcTA');
StopService('yFMa');
StopService('yfsF');
StopService('YFuB');
StopService('ygbC');
StopService('YGHG');
StopService('YgYt');
StopService('yJth');
StopService('yKBO');
StopService('ykmR');
StopService('YLyz');
StopService('yOod');
StopService('yOsz');
StopService('YrfH');
StopService('ytRT');
StopService('YtSQ');
StopService('YwAz');
StopService('YWsT');
StopService('zAqY');
StopService('zbdb');
StopService('zDVX');
StopService('zehI');
StopService('zgCj');
StopService('zNHc');
StopService('ZOxu');
StopService('ZQDg');
StopService('zrFb');
StopService('ZShG');
StopService('zSnC');
StopService('ZuAs');
StopService('ZUIe');
StopService('ZWTd');
StopService('zWTe');
StopService('zYpO');
StopService('ZZmI');
StopService('ZZQG');
QuarantineFile('C:\Program Files\rdp wrapper\rdpwrap.dll', '');
QuarantineFile('c:\windows\temp\GoogleX.bat', '');
DeleteFile('>>c:\windows\temp\GoogleX.bat&cmd.exe', '64');
DeleteFile('C:\Program Files\rdp wrapper\rdpwrap.dll', '');
DeleteService('aaGS');
DeleteService('abhi');
DeleteService('AfXk');
DeleteService('AiHF');
DeleteService('aKbx');
DeleteService('AluR');
DeleteService('AMLL');
DeleteService('aMnn');
DeleteService('anlA');
DeleteService('AodN');
DeleteService('AoEv');
DeleteService('ApgS');
DeleteService('ApIq');
DeleteService('aQId');
DeleteService('army');
DeleteService('ASgL');
DeleteService('aSuW');
DeleteService('ATMt');
DeleteService('aUAH');
DeleteService('AWFs');
DeleteService('awhz');
DeleteService('aWrD');
DeleteService('AXsr');
DeleteService('AYJQ');
DeleteService('AZoa');
DeleteService('bdTX');
DeleteService('bJIK');
DeleteService('bjyh');
DeleteService('bLid');
DeleteService('bOYn');
DeleteService('bPnS');
DeleteService('bPSb');
DeleteService('BpvX');
DeleteService('Bqop');
DeleteService('BqZN');
DeleteService('bRhy');
DeleteService('brtW');
DeleteService('BSSb');
DeleteService('bVVw');
DeleteService('ByWd');
DeleteService('bZfs');
DeleteService('CbsO');
DeleteService('ccaJ');
DeleteService('ccdW');
DeleteService('CCHJ');
DeleteService('Cdaf');
DeleteService('CgpH');
DeleteService('ciLP');
DeleteService('CLyY');
DeleteService('cmJv');
DeleteService('CmyH');
DeleteService('CNVY');
DeleteService('CnYl');
DeleteService('CnzB');
DeleteService('CpWd');
DeleteService('CqPu');
DeleteService('CrdT');
DeleteService('CruK');
DeleteService('CSuu');
DeleteService('cUie');
DeleteService('CUKf');
DeleteService('cUvn');
DeleteService('cvdk');
DeleteService('CvFa');
DeleteService('Cyef');
DeleteService('daGU');
DeleteService('DbQc');
DeleteService('dCBE');
DeleteService('DEeF');
DeleteService('dfQL');
DeleteService('dgTr');
DeleteService('dJEm');
DeleteService('dMRf');
DeleteService('dMud');
DeleteService('dnaO');
DeleteService('DNLQ');
DeleteService('dOgh');
DeleteService('dOxq');
DeleteService('dqms');
DeleteService('drGy');
DeleteService('DSuL');
DeleteService('dsxT');
DeleteService('DToV');
DeleteService('DUKy');
DeleteService('dvhw');
DeleteService('DVwM');
DeleteService('DXtq');
DeleteService('DYHo');
DeleteService('dYxz');
DeleteService('DzYS');
DeleteService('eaBy');
DeleteService('eanf');
DeleteService('eauE');
DeleteService('eDBD');
DeleteService('edKt');
DeleteService('eEGw');
DeleteService('EErn');
DeleteService('EETJ');
DeleteService('eJbm');
DeleteService('Ejrw');
DeleteService('EKlk');
DeleteService('eKwt');
DeleteService('ELlH');
DeleteService('EnNh');
DeleteService('EPqC');
DeleteService('eQhK');
DeleteService('erkp');
DeleteService('ErUr');
DeleteService('EsTA');
DeleteService('eTCg');
DeleteService('etgs');
DeleteService('eVfc');
DeleteService('EXQe');
DeleteService('FAfG');
DeleteService('faOh');
DeleteService('fcqb');
DeleteService('FCWt');
DeleteService('fdwL');
DeleteService('fECN');
DeleteService('feuu');
DeleteService('FGdo');
DeleteService('FgXh');
DeleteService('FHtx');
DeleteService('fhZm');
DeleteService('fkjU');
DeleteService('FLOl');
DeleteService('FlvH');
DeleteService('FnvT');
DeleteService('FPqr');
DeleteService('FqDp');
DeleteService('fsIg');
DeleteService('fuNe');
DeleteService('fVXn');
DeleteService('FXbR');
DeleteService('FxnN');
DeleteService('FxRL');
DeleteService('fXvk');
DeleteService('fYAD');
DeleteService('fYtH');
DeleteService('Fzbw');
DeleteService('FZft');
DeleteService('gbXm');
DeleteService('GdCY');
DeleteService('gEry');
DeleteService('GFZM');
DeleteService('GkPO');
DeleteService('GKVc');
DeleteService('glaJ');
DeleteService('gmOp');
DeleteService('GPSj');
DeleteService('gUwB');
DeleteService('GvYI');
DeleteService('GXEA');
DeleteService('GZHC');
DeleteService('haev');
DeleteService('Hcah');
DeleteService('hcID');
DeleteService('HDPq');
DeleteService('hENs');
DeleteService('Heta');
DeleteService('HeTf');
DeleteService('HHEC');
DeleteService('HhGq');
DeleteService('hipZ');
DeleteService('hknS');
DeleteService('HliD');
DeleteService('hpNe');
DeleteService('hpzc');
DeleteService('hQxv');
DeleteService('HrNd');
DeleteService('hsfS');
DeleteService('huNG');
DeleteService('HuvD');
DeleteService('hVuE');
DeleteService('hvWs');
DeleteService('HwHQ');
DeleteService('HXjz');
DeleteService('HXsR');
DeleteService('hyvJ');
DeleteService('IBxf');
DeleteService('iEht');
DeleteService('iFNK');
DeleteService('IFVq');
DeleteService('IhEt');
DeleteService('ihxQ');
DeleteService('iiBY');
DeleteService('iImB');
DeleteService('IiTq');
DeleteService('iKeo');
DeleteService('iLIa');
DeleteService('imDQ');
DeleteService('imhK');
DeleteService('iOIH');
DeleteService('IRZc');
DeleteService('iSwW');
DeleteService('ivjk');
DeleteService('IwTh');
DeleteService('iWwc');
DeleteService('IxeJ');
DeleteService('ixjF');
DeleteService('Ixlz');
DeleteService('iZdL');
DeleteService('iZUP');
DeleteService('JajD');
DeleteService('JCml');
DeleteService('jDwb');
DeleteService('jFsb');
DeleteService('JgOM');
DeleteService('jjJf');
DeleteService('jjTS');
DeleteService('jKXj');
DeleteService('Jluh');
DeleteService('JOcr');
DeleteService('jOsJ');
DeleteService('Jskx');
DeleteService('JSRR');
DeleteService('JTbt');
DeleteService('jTKT');
DeleteService('jTzP');
DeleteService('jurW');
DeleteService('jwJR');
DeleteService('JWNA');
DeleteService('kCKF');
DeleteService('kCmz');
DeleteService('kCqQ');
DeleteService('KCrA');
DeleteService('KDel');
DeleteService('keGN');
DeleteService('kEME');
DeleteService('kEwI');
DeleteService('kfxL');
DeleteService('KHfP');
DeleteService('KIen');
DeleteService('kIpb');
DeleteService('KKMs');
DeleteService('kKnI');
DeleteService('kkYc');
DeleteService('klpE');
DeleteService('kMTb');
DeleteService('KnAx');
DeleteService('kNUe');
DeleteService('koac');
DeleteService('KPtb');
DeleteService('KpuR');
DeleteService('kqQB');
DeleteService('Kqwc');
DeleteService('ksbY');
DeleteService('kSLU');
DeleteService('KTxG');
DeleteService('kWAU');
DeleteService('KyDA');
DeleteService('lBcq');
DeleteService('lbhH');
DeleteService('LBSq');
DeleteService('LcYH');
DeleteService('lExx');
DeleteService('LfdN');
DeleteService('LfmD');
DeleteService('LHPt');
DeleteService('ljLy');
DeleteService('lJQO');
DeleteService('lLBF');
DeleteService('llHG');
DeleteService('LmCX');
DeleteService('Lmfp');
DeleteService('lnlv');
DeleteService('LpFr');
DeleteService('lqXl');
DeleteService('LsGh');
DeleteService('luYu');
DeleteService('LxyS');
DeleteService('LYIT');
DeleteService('MAdV');
DeleteService('MApA');
DeleteService('mboN');
DeleteService('mBtp');
DeleteService('mdln');
DeleteService('mdOa');
DeleteService('mEJO');
DeleteService('MEqK');
DeleteService('mIgD');
DeleteService('MISt');
DeleteService('miws');
DeleteService('Mllq');
DeleteService('mnCH');
DeleteService('Mnwl');
DeleteService('mPCz');
DeleteService('mPMn');
DeleteService('msVb');
DeleteService('MtYD');
DeleteService('MuZK');
DeleteService('MwkE');
DeleteService('mwnU');
DeleteService('MxTx');
DeleteService('MyGt');
DeleteService('nACK');
DeleteService('nBbw');
DeleteService('NbNG');
DeleteService('NCbh');
DeleteService('nDBY');
DeleteService('NdJT');
DeleteService('ndQI');
DeleteService('NDyU');
DeleteService('ngWs');
DeleteService('nINZ');
DeleteService('NJCe');
DeleteService('NjcY');
DeleteService('Njzo');
DeleteService('nkiR');
DeleteService('Nliw');
DeleteService('Nmvc');
DeleteService('NnGs');
DeleteService('NnWW');
DeleteService('nOax');
DeleteService('NrpX');
DeleteService('NrYe');
DeleteService('nSoD');
DeleteService('ntht');
DeleteService('nTmt');
DeleteService('nUFG');
DeleteService('nUHk');
DeleteService('nVRd');
DeleteService('Nvyh');
DeleteService('NwdO');
DeleteService('nwzT');
DeleteService('nyCA');
DeleteService('nydA');
DeleteService('nYKV');
DeleteService('oAcs');
DeleteService('oCRl');
DeleteService('OdEK');
DeleteService('oFch');
DeleteService('OFGo');
DeleteService('OfJd');
DeleteService('OGtC');
DeleteService('ohar');
DeleteService('OiAQ');
DeleteService('OIkr');
DeleteService('OiyO');
DeleteService('oLxG');
DeleteService('OLYt');
DeleteService('ombA');
DeleteService('omoH');
DeleteService('omSu');
DeleteService('ooUT');
DeleteService('oqof');
DeleteService('ORCS');
DeleteService('OuXn');
DeleteService('ovcw');
DeleteService('OVFd');
DeleteService('oVjD');
DeleteService('ovQM');
DeleteService('oWnN');
DeleteService('OXNY');
DeleteService('OxoE');
DeleteService('oZAh');
DeleteService('OZbK');
DeleteService('OzOi');
DeleteService('OzUG');
DeleteService('PbfR');
DeleteService('PcAX');
DeleteService('PccC');
DeleteService('peHY');
DeleteService('PFvs');
DeleteService('pGhj');
DeleteService('PGIt');
DeleteService('PgMn');
DeleteService('PIrR');
DeleteService('pitq');
DeleteService('pItx');
DeleteService('pkwS');
DeleteService('PMEC');
DeleteService('pmQJ');
DeleteService('pOlN');
DeleteService('POpy');
DeleteService('poXB');
DeleteService('PoZJ');
DeleteService('PPpT');
DeleteService('PqJc');
DeleteService('pQVR');
DeleteService('PRfy');
DeleteService('PrPv');
DeleteService('Prvw');
DeleteService('PsTK');
DeleteService('PtRI');
DeleteService('PuEG');
DeleteService('puIW');
DeleteService('PUNt');
DeleteService('PuoC');
DeleteService('pUtY');
DeleteService('PXDw');
DeleteService('pxMg');
DeleteService('PXqm');
DeleteService('pXxd');
DeleteService('PXYC');
DeleteService('pYXX');
DeleteService('PztL');
DeleteService('QBdh');
DeleteService('qbDu');
DeleteService('QbNP');
DeleteService('qewt');
DeleteService('qgBR');
DeleteService('Qhnc');
DeleteService('QJnR');
DeleteService('QjYy');
DeleteService('qkXT');
DeleteService('qMfS');
DeleteService('qNTu');
DeleteService('Qotq');
DeleteService('qpTo');
DeleteService('qRiZ');
DeleteService('QtkM');
DeleteService('QuNS');
DeleteService('QuUV');
DeleteService('QuVC');
DeleteService('Qvgl');
DeleteService('QvLR');
DeleteService('QWFk');
DeleteService('QwPN');
DeleteService('Qxtv');
DeleteService('RAAG');
DeleteService('RaGL');
DeleteService('rAOS');
DeleteService('raTM');
DeleteService('RbHP');
DeleteService('RcDa');
DeleteService('RCHO');
DeleteService('rDTA');
DeleteService('REPJ');
DeleteService('rhdk');
DeleteService('Rjbg');
DeleteService('rlAo');
DeleteService('rLqN');
DeleteService('roDW');
DeleteService('ROmf');
DeleteService('rOWm');
DeleteService('Rqgj');
DeleteService('RQqP');
DeleteService('rQYY');
DeleteService('rrvD');
DeleteService('rtCg');
DeleteService('RTMu');
DeleteService('rUdN');
DeleteService('rveN');
DeleteService('rVfG');
DeleteService('rvlX');
DeleteService('rVsf');
DeleteService('RWeb');
DeleteService('RwGR');
DeleteService('RxCt');
DeleteService('RxOL');
DeleteService('Rxuj');
DeleteService('RZgQ');
DeleteService('rzit');
DeleteService('RZLi');
DeleteService('SANL');
DeleteService('SAtS');
DeleteService('sAyi');
DeleteService('SCcg');
DeleteService('sdcn');
DeleteService('sDOl');
DeleteService('SEnc');
DeleteService('SERm');
DeleteService('SHiS');
DeleteService('shsz');
DeleteService('sJKj');
DeleteService('sjoT');
DeleteService('SmeQ');
DeleteService('SmIB');
DeleteService('SnBQ');
DeleteService('snbZ');
DeleteService('sNiO');
DeleteService('SoFh');
DeleteService('spaX');
DeleteService('Spmp');
DeleteService('SPOm');
DeleteService('SRaD');
DeleteService('SRZG');
DeleteService('sRzz');
DeleteService('suHV');
DeleteService('sUKn');
DeleteService('SvEO');
DeleteService('SVhp');
DeleteService('sVqh');
DeleteService('SwWe');
DeleteService('SXnK');
DeleteService('SZAu');
DeleteService('tArC');
DeleteService('teAq');
DeleteService('TeZi');
DeleteService('tfia');
DeleteService('TfkV');
DeleteService('tfsh');
DeleteService('thCj');
DeleteService('thgP');
DeleteService('tivm');
DeleteService('TIyM');
DeleteService('TkbM');
DeleteService('tKnj');
DeleteService('TMkz');
DeleteService('Toif');
DeleteService('TQMU');
DeleteService('ttXX');
DeleteService('TurV');
DeleteService('tvym');
DeleteService('TWfY');
DeleteService('TwqB');
DeleteService('TWzz');
DeleteService('TXcs');
DeleteService('Tzov');
DeleteService('uCMV');
DeleteService('uEhY');
DeleteService('UEjH');
DeleteService('UGmp');
DeleteService('UhZf');
DeleteService('uiMw');
DeleteService('UiOZ');
DeleteService('UiRW');
DeleteService('uIZB');
DeleteService('UJdZ');
DeleteService('ulhy');
DeleteService('uLqf');
DeleteService('UmhJ');
DeleteService('umIz');
DeleteService('uMrz');
DeleteService('uNsj');
DeleteService('uNXN');
DeleteService('uoae');
DeleteService('UoFS');
DeleteService('uoLx');
DeleteService('UOZp');
DeleteService('UQSR');
DeleteService('utUh');
DeleteService('uxNA');
DeleteService('uYpc');
DeleteService('ValP');
DeleteService('VAMF');
DeleteService('vaVc');
DeleteService('VBLM');
DeleteService('Vdff');
DeleteService('vDjA');
DeleteService('vDQv');
DeleteService('vEYK');
DeleteService('VHTa');
DeleteService('VihC');
DeleteService('vjdm');
DeleteService('vJfb');
DeleteService('Vkms');
DeleteService('vlbs');
DeleteService('VMPf');
DeleteService('vMRy');
DeleteService('voom');
DeleteService('VQgW');
DeleteService('vrBj');
DeleteService('VSRa');
DeleteService('vsrh');
DeleteService('VTwz');
DeleteService('vUri');
DeleteService('vvdG');
DeleteService('vvdJ');
DeleteService('vwxi');
DeleteService('VYSq');
DeleteService('WAGy');
DeleteService('wAua');
DeleteService('WbEi');
DeleteService('WbOw');
DeleteService('WCfP');
DeleteService('wCIG');
DeleteService('Wdhm');
DeleteService('wDVc');
DeleteService('WfxE');
DeleteService('wFxP');
DeleteService('wgBd');
DeleteService('Wjwz');
DeleteService('wkDx');
DeleteService('WlCO');
DeleteService('wmHm');
DeleteService('wMrw');
DeleteService('wonm');
DeleteService('wpRK');
DeleteService('WSEe');
DeleteService('wtgX');
DeleteService('WTzV');
DeleteService('WuLQ');
DeleteService('wUwV');
DeleteService('WVel');
DeleteService('WWvD');
DeleteService('WxTn');
DeleteService('wXUF');
DeleteService('wXWl');
DeleteService('wZtm');
DeleteService('XaLt');
DeleteService('XBcg');
DeleteService('XDTO');
DeleteService('xEtp');
DeleteService('XeXx');
DeleteService('xFnh');
DeleteService('xgga');
DeleteService('xhJw');
DeleteService('xHUx');
DeleteService('XJki');
DeleteService('XkTx');
DeleteService('Xliw');
DeleteService('XmzQ');
DeleteService('xnwl');
DeleteService('XpiQ');
DeleteService('XpLJ');
DeleteService('xqsn');
DeleteService('XraU');
DeleteService('XtcV');
DeleteService('xTOk');
DeleteService('XVwL');
DeleteService('xWaV');
DeleteService('XWbd');
DeleteService('xWEf');
DeleteService('XYUK');
DeleteService('xzcJ');
DeleteService('YbBJ');
DeleteService('ybyQ');
DeleteService('YCGT');
DeleteService('YcTA');
DeleteService('yFMa');
DeleteService('yfsF');
DeleteService('YFuB');
DeleteService('ygbC');
DeleteService('YGHG');
DeleteService('YgYt');
DeleteService('yJth');
DeleteService('yKBO');
DeleteService('ykmR');
DeleteService('YLyz');
DeleteService('yOod');
DeleteService('yOsz');
DeleteService('YrfH');
DeleteService('ytRT');
DeleteService('YtSQ');
DeleteService('YwAz');
DeleteService('YWsT');
DeleteService('zAqY');
DeleteService('zbdb');
DeleteService('zDVX');
DeleteService('zehI');
DeleteService('zgCj');
DeleteService('zNHc');
DeleteService('ZOxu');
DeleteService('ZQDg');
DeleteService('zrFb');
DeleteService('ZShG');
DeleteService('zSnC');
DeleteService('ZuAs');
DeleteService('ZUIe');
DeleteService('ZWTd');
DeleteService('zWTe');
DeleteService('zYpO');
DeleteService('ZZmI');
DeleteService('ZZQG');
DeleteFileMask('c:\program files\rdp wrapper', '*', true);
DeleteDirectory('c:\program files\rdp wrapper');
CreateQurantineArchive(GetAVZDirectory + 'quarantine.zip');
ExecuteSysClean;
ExecuteWizard('SCU', 3, 3, true);
RebootWindows(true);
end.
Компьютер перезагрузится.Прислать запрошенный карантин над над первым сообщением в теме.отсюда и сделайте полный образ автозапуска uVS .
Junior Member
Вес репутации
13
quarantine.zip создался но он пустой, в чём может быть ошибка?
Не попали файлы в карантин, продолжайте дальше выполнять рекомендации.
Junior Member
Вес репутации
13
Universal Virus Sniffer создал файл размером 845 Кб форум не принимает такой размер.
Junior Member
Вес репутации
13
Загрузите его в доступное облачное хранилище или на файлообменник без капчи и дайте ссылку.
Junior Member
Вес репутации
13
Отключите временно антивирус.
Код:
;uVS v4.11.1 [http://dsrt.dyndns.org:8888]
;Target OS: NTv10.0
v400c
OFFSGNSAVE
deltmp
;---------command-block---------
unload %Sys32%\CMD.EXE
deltsk %Sys32%\CMD.EXE
delref >>C:/WINDOWS/TEMP/GOOGLEX.BAT
delref >>C:/WINDOWS/TEMP/GOOGLEX.BAT&CMD.EXE
zoo %SystemRoot%\TEMP\GOOGLEX.BAT
delall %SystemRoot%\TEMP\GOOGLEX.BAT
delref HTTP://GOOGLE.PROTOPOWER.ICU/MS.HTML
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.29.5\GOOGLEUPDATEBROKER.EXE
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.29.5\PSMACHINE.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.29.5\PSMACHINE_64.DLL
apply
czoo
Запустите файл start.exe из папки с uVS, выберите "Запустить под текущим пользователем", в главном меню программы - Скрипты -> выполнить скрипт из буфера обмена.
Junior Member
Вес репутации
13
Если не ошибаюсь этот вирус зашёл в сеть когда открыл NAT на модеме для RDP.
Если к этому компьютеру сейчас доступа нет, скорее всего, по сети восстанавливают. Судя по логу, всё должно быть вычищено.Удаленная работа в офисе. RDP, Port Knocking, Mikrotik: просто и безопасно Farbar Recovery Scan Tool и сохраните на Рабочем столе.
=C8=F2=EE=E3 =EB=E5=F7=E5=ED=E8=FF
=D1=F2=E0=F2=E8=F1=F2=E8=EA=E0 =EF=F0=EE=E2=E5=E4=E5=ED=ED=EE=E3=EE =EB==CF=EE=EB=F3=F7=E5=ED=EE =EA=E0=F0=E0=ED=F2=E8=ED=EE=E2: 1 =CE=E1=F0=E0=E1=EE=F2=E0=ED=EE =F4=E0=E9=EB=EE=E2: 1 =C2 =F5=EE=E4=E5 =EB=E5=F7=E5=ED=E8=FF =E2=F0=E5=E4=EE=ED=EE=F1=ED=FB=
