разновидность Podnuha.ay

[ihbin]

Здравствуйте! Помогите пролечить систему, логи во вложении.

[V_Bond]

выполните скрипт ...

Код:

begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
 QuarantineFile('D:\Documents and Settings\пользователь\Local Settings\Temporary Internet Files\Content.IE5\CIEODNZ8\setup_en[1].exe','');
 QuarantineFile('D:\Documents and Settings\пользователь\Local Settings\Temporary Internet Files\Content.IE5\17QLHA12\installdrivecleanerstart[1].exe','');
 QuarantineFile('D:\Documents and Settings\пользователь\Local Settings\Temp\setup_en.exe','');
 QuarantineFile('D:\Documents and Settings\пользователь\Local Settings\Temp\installdrivecleanerstart.exe','');
 QuarantineFile('D:\Documents and Settings\пользователь\Application Data\installer[5].exe','');
 QuarantineFile('D:\Documents and Settings\пользователь\Application Data\installer[4].exe','');
 QuarantineFile('D:\Documents and Settings\пользователь\Application Data\installer[3].exe','');
 QuarantineFile('D:\Documents and Settings\пользователь\Application Data\installer[2].exe','');
 QuarantineFile('D:\Documents and Settings\пользователь\Application Data\installer[1].exe','');
 QuarantineFile('D:\WINDOWS\system32\Drivers\yzqgidzp.dat','');
 QuarantineFile('D:\WINDOWS\system32\alderlcm.dll','');
 QuarantineFile('D:\WINDOWS\system32\alderlc.dll','');
 DeleteFile('D:\WINDOWS\system32\Drivers\yzqgidzp.dat');
 DeleteFile('D:\WINDOWS\system32\alderlc.dll');
 DeleteFile('d:\windows\system32\alderlc.dll');
 DeleteFile('D:\Documents and Settings\пользователь\Application Data\installer[1].exe');
 DeleteFile('D:\Documents and Settings\пользователь\Application Data\installer[2].exe');
 DeleteFile('D:\Documents and Settings\пользователь\Application Data\installer[3].exe');
 DeleteFile('D:\Documents and Settings\пользователь\Application Data\installer[4].exe');
 DeleteFile('D:\Documents and Settings\пользователь\Application Data\installer[5].exe');
 DeleteFile('D:\Documents and Settings\пользователь\Local Settings\Temp\setup_en.exe');
 DeleteFile('D:\Documents and Settings\пользователь\Local Settings\Temporary Internet Files\Content.IE5\17QLHA12\installdrivecleanerstart[1].exe');
 DeleteFile('D:\Documents and Settings\пользователь\Local Settings\Temporary Internet Files\Content.IE5\CIEODNZ8\setup_en[1].exe');
BC_ImportDeletedList;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.

пришлите карантин согласно приложения 3 правил ...
повторите логи ..