Sanitar Diska

**Zeromancer** · 18.08.2008, 20:22

Уж не знаю, где подцепил. Регулярно вылетает explorer.exe, самопроизвольно открывается IE с сайтом sanitardiska.com, сайты не открываются, пока не завершены rundll32.exe и тот же explorer.exe. Проверил Dr. Web'ом по ссылке из правил, он нашел около 50 зараженных файлов, в основном в system32 и temporary internet files для IE, удалил все, но после перезагрузки проблемы остались.
Помогите, пожалуйста.

Надоело быть жертвой? Стань профи по информационной безопасности, получай самую свежую информацию об угрозах и средствах защиты от ведущего российского аналитического центра Anti-Malware.ru:

**V_Bond** · 18.08.2008, 21:15

удалите временные интернет файлы !!! (через свойства обозревателя)
выполните скрипт ...

Код:

begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
 DelBHO('{43A7CF57-DA45-4F24-97CA-C2BCF669D5A3}');
 QuarantineFile('C:\Windows\system32\xekguiyk.dll','');
 DeleteFile('C:\Windows\system32\xekguiyk.dll');
BC_ImportDeletedList;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.

пришлите карантин согласно приложения 3 правил ...
повторите логи ...

**Zeromancer** · 18.08.2008, 23:02

Временные файлы удалил (вообще я IE не использую), карантин выслал. Логи не высылаются (форум почему-то жалуется на превышение ограничения), поэтому заархивировал и выложил здесь - http://ifolder.ru/7764769

**V_Bond** · 18.08.2008, 23:05

на slil.ru переложите ...

**Zeromancer** · 18.08.2008, 23:14

http://slil.ru/26069395

**V_Bond** · 18.08.2008, 23:20

выполните скрипт

Код:

begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
 DelBHO('{B2F24FAB-9128-4E23-8EE0-467B54F45148}');
 QuarantineFile('C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\494KUNSV\3077htsbdjyf[1].dll','');
 QuarantineFile('C:\Windows\system32\fetvepai.dll','');
 DeleteFile('C:\Windows\system32\fetvepai.dll');
 DeleteFile('C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\494KUNSV\3077htsbdjyf[1].dll');
 DeleteFile('C:\Users\User\Local Settings\Temporary Internet Files\Content.IE5\494KUNSV\3077htsbdjyf[1].dll');
 DeleteFile('C:\Users\User\Local Settings\Microsoft\Windows\Temporary Internet Files\Content.IE5\494KUNSV\3077htsbdjyf[1].dll');
 DeleteFile('C:\Users\User\Local Settings\Application Data\Temporary Internet Files\Content.IE5\494KUNSV\3077htsbdjyf[1].dll');
 DeleteFile('C:\Users\User\Local Settings\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\494KUNSV\3077htsbdjyf[1].dll');
 DeleteFile('C:\Users\User\Local Settings\Application Data\Application Data\Temporary Internet Files\Content.IE5\494KUNSV\3077htsbdjyf[1].dll');
 DeleteFile('C:\Users\User\Local Settings\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\494KUNSV\3077htsbdjyf[1].dll');
 DeleteFile('C:\Users\User\Local Settings\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\494KUNSV\3077htsbdjyf[1].dll');
 DeleteFile('C:\Users\User\Local Settings\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\494KUNSV\3077htsbdjyf[1].dll');
 DeleteFile('C:\Users\User\Local Settings\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\494KUNSV\3077htsbdjyf[1].dll');
 DeleteFile('C:\Users\User\Local Settings\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\494KUNSV\3077htsbdjyf[1].dll');
 DeleteFile('C:\Users\User\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\494KUNSV\3077htsbdjyf[1].dll');
 DeleteFile('C:\Users\User\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\494KUNSV\3077htsbdjyf[1].dll');
 DeleteFile('C:\Users\User\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\494KUNSV\3077htsbdjyf[1].dll');
 DeleteFile('C:\Users\User\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\494KUNSV\3077htsbdjyf[1].dll');
 DeleteFile('C:\Users\User\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\494KUNSV\3077htsbdjyf[1].dll');
 DeleteFile('C:\Users\User\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\494KUNSV\3077htsbdjyf[1].dll');
 DeleteFile('C:\Users\User\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\494KUNSV\3077htsbdjyf[1].dll');
 DeleteFile('C:\Users\User\AppData\Local\Temporary Internet Files\Content.IE5\494KUNSV\3077htsbdjyf[1].dll');
 DeleteFile('C:\Users\User\AppData\Local\Application Data\Temporary Internet Files\Content.IE5\494KUNSV\3077htsbdjyf[1].dll');
 DeleteFile('C:\Users\User\AppData\Local\Application Data\Application Data\Temporary Internet Files\Content.IE5\494KUNSV\3077htsbdjyf[1].dll');
 DeleteFile('C:\Users\User\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\494KUNSV\3077htsbdjyf[1].dll');
 DeleteFile('C:\Users\User\AppData\Local\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\494KUNSV\3077htsbdjyf[1].dll');
 DeleteFile('C:\Users\User\AppData\Local\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\494KUNSV\3077htsbdjyf[1].dll');
 DeleteFile('C:\Users\User\AppData\Local\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\494KUNSV\3077htsbdjyf[1].dll');
 DeleteFile('C:\Users\User\AppData\Local\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\494KUNSV\3077htsbdjyf[1].dll');
 DeleteFile('C:\Users\User\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\494KUNSV\3077htsbdjyf[1].dll');
 DeleteFile('C:\Users\User\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\494KUNSV\3077htsbdjyf[1].dll');
 DeleteFile('C:\Users\User\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\494KUNSV\3077htsbdjyf[1].dll');
 DeleteFile('C:\Users\User\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\494KUNSV\3077htsbdjyf[1].dll');
 DeleteFile('C:\Users\User\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\494KUNSV\3077htsbdjyf[1].dll');
 DeleteFile('C:\Users\User\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\494KUNSV\3077htsbdjyf[1].dll');
 DeleteFile('C:\Users\User\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\494KUNSV\3077htsbdjyf[1].dll');
 DeleteFile('C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\494KUNSV\3077htsbdjyf[1].dll');
 DeleteFile('C:\Documents and Settings\User\Local Settings\Microsoft\Windows\Temporary Internet Files\Content.IE5\494KUNSV\3077htsbdjyf[1].dll');
 DeleteFile('C:\Documents and Settings\User\Local Settings\Application Data\Temporary Internet Files\Content.IE5\494KUNSV\3077htsbdjyf[1].dll');
 DeleteFile('C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\494KUNSV\3077htsbdjyf[1].dll');
 DeleteFile('C:\Documents and Settings\User\Local Settings\Application Data\Application Data\Temporary Internet Files\Content.IE5\494KUNSV\3077htsbdjyf[1].dll');
 DeleteFile('C:\Documents and Settings\User\Local Settings\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\494KUNSV\3077htsbdjyf[1].dll');
 DeleteFile('C:\Documents and Settings\User\Local Settings\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\494KUNSV\3077htsbdjyf[1].dll');
 DeleteFile('C:\Documents and Settings\User\Local Settings\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\494KUNSV\3077htsbdjyf[1].dll');
 DeleteFile('C:\Documents and Settings\User\Local Settings\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\494KUNSV\3077htsbdjyf[1].dll');
 DeleteFile('C:\Documents and Settings\User\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\494KUNSV\3077htsbdjyf[1].dll');
 DeleteFile('C:\Documents and Settings\User\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\494KUNSV\3077htsbdjyf[1].dll');
 DeleteFile('C:\Documents and Settings\User\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\494KUNSV\3077htsbdjyf[1].dll');
 DeleteFile('C:\Documents and Settings\User\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\494KUNSV\3077htsbdjyf[1].dll');
 DeleteFile('C:\Documents and Settings\User\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\494KUNSV\3077htsbdjyf[1].dll');
 DeleteFile('C:\Documents and Settings\User\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\494KUNSV\3077htsbdjyf[1].dll');
 DeleteFile('C:\Documents and Settings\User\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\494KUNSV\3077htsbdjyf[1].dll');
 DeleteFile('C:\Documents and Settings\User\AppData\Local\Temporary Internet Files\Content.IE5\494KUNSV\3077htsbdjyf[1].dll');
 DeleteFile('C:\Documents and Settings\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\494KUNSV\3077htsbdjyf[1].dll');
 DeleteFile('C:\Documents and Settings\User\AppData\Local\Application Data\Temporary Internet Files\Content.IE5\494KUNSV\3077htsbdjyf[1].dll');
 DeleteFile('C:\Documents and Settings\User\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\494KUNSV\3077htsbdjyf[1].dll');
 DeleteFile('C:\Documents and Settings\User\AppData\Local\Application Data\Application Data\Temporary Internet Files\Content.IE5\494KUNSV\3077htsbdjyf[1].dll');
 DeleteFile('C:\Documents and Settings\User\AppData\Local\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\494KUNSV\3077htsbdjyf[1].dll');
 DeleteFile('C:\Documents and Settings\User\AppData\Local\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\494KUNSV\3077htsbdjyf[1].dll');
 DeleteFile('C:\Documents and Settings\User\AppData\Local\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\494KUNSV\3077htsbdjyf[1].dll');
 DeleteFile('C:\Documents and Settings\User\AppData\Local\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\494KUNSV\3077htsbdjyf[1].dll');
 DeleteFile('C:\Documents and Settings\User\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\494KUNSV\3077htsbdjyf[1].dll');
 DeleteFile('C:\Documents and Settings\User\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\494KUNSV\3077htsbdjyf[1].dll');
 DeleteFile('C:\Documents and Settings\User\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\494KUNSV\3077htsbdjyf[1].dll');
 DeleteFile('C:\Documents and Settings\User\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\494KUNSV\3077htsbdjyf[1].dll');
 DeleteFile('C:\Documents and Settings\User\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\494KUNSV\3077htsbdjyf[1].dll');
 DeleteFile('C:\Documents and Settings\User\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\494KUNSV\3077htsbdjyf[1].dll');
 DeleteFile('C:\Documents and Settings\User\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\494KUNSV\3077htsbdjyf[1].dll');
 DeleteFile('c:\users\user\appdata\local\microsoft\windows\temporary internet files\content.ie5\494kunsv\3077htsbdjyf[1].dll');
BC_ImportDeletedList;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.

пришлите карантин согласно приложения 3 правил ....
повторите логи ...

**Zeromancer** · 19.08.2008, 00:03

Карантин прислал, логи - http://slil.ru/26069496
Сейчас проблем вроде нет, но при старте Windows появляется "Ошибка при загрузке C:\Windows\system32\fetvepai.dll"

**V_Bond** · 19.08.2008, 00:15

пофиксите ...

Код:

O4 - HKLM\..\Run: [BM13f54a77] Rundll32.exe "C:\Windows\system32\fetvepai.dll",s

больше ничего плохого ...

**Zeromancer** · 19.08.2008, 00:17

Большое спасибо за помощь.

Sanitar Diska (заявка № 28348)

Опции темы

Sanitar Diska

Похожие темы

Sanitar Diska

Sanitar Diska

Sanitar Diska...

Sanitar diska

sanitar diska !!!!

Ваши права в разделе