Поможите
Поможите
выполните скрипт
пришлите карантин согласно приложения 3 правилКод:begin SearchRootkit(true, true); SetAVZGuardStatus(True); QuarantineFile('msansspc.dll',''); QuarantineFile('D7C79813.dll',''); QuarantineFile('C:\WINDOWS\system32\EA44A26D.dll',''); QuarantineFile('C:\WINDOWS\system32\01AFE3DC.dll',''); QuarantineFile('133AEAC9.dll',''); QuarantineFile('08223B03.dll',''); DeleteService('Ubmddrv'); QuarantineFile('C:\WINDOWS\system32\DRIVERS\Ubmddrv.sys',''); QuarantineFile('C:\WINDOWS\system32\drivers\HBKernel32.sys',''); QuarantineFile('C:\WINDOWS\system32\f35ee9e.sys',''); DeleteService('HBKernel32'); DeleteService('f35ee9e'); DeleteService('f28907d'); QuarantineFile('C:\WINDOWS\system32\f28907d.sys',''); DeleteService('d812a079'); QuarantineFile('C:\WINDOWS\system32\d812a079.sys',''); DeleteService('b71fe93'); DeleteService('b1a18a3e'); DeleteService('b160485'); QuarantineFile('C:\WINDOWS\system32\b71fe93.sys',''); QuarantineFile('C:\WINDOWS\system32\b1a18a3e.sys',''); QuarantineFile('C:\WINDOWS\system32\b160485.sys',''); DeleteService('6457aed'); QuarantineFile('C:\WINDOWS\system32\6457aed.sys',''); QuarantineFile('C:\WINDOWS\System32\service.exe',''); DeleteService('WmiApSrvRpcSs'); DeleteService('VSSNetDDEdsdm'); DeleteService('upnphostNtmsSvc'); DeleteService('osewuauserv'); DeleteService('NlaWebClient'); DeleteService('NetmanAlerter'); DeleteService('IrmonSCardSvr'); DeleteService('ImapiServicewinmgmt'); DeleteService('Dot3svcUPS'); DeleteService('DcomLaunchdmserver'); DeleteService('BrowserNtLmSsp'); DeleteService('ASWLSVCWmdmPmSN'); DeleteService('AlerterNetDDEdsdm'); QuarantineFile('srv.exe',''); DeleteFile('C:\WINDOWS\system32\6457aed.sys'); DeleteFile('C:\WINDOWS\system32\b160485.sys'); DeleteFile('C:\WINDOWS\system32\b1a18a3e.sys'); DeleteFile('C:\WINDOWS\system32\b71fe93.sys'); DeleteFile('C:\WINDOWS\system32\d812a079.sys'); DeleteFile('C:\WINDOWS\system32\f28907d.sys'); DeleteFile('C:\WINDOWS\system32\f35ee9e.sys'); DeleteFile('C:\WINDOWS\system32\drivers\HBKernel32.sys'); DeleteFile('C:\WINDOWS\system32\DRIVERS\Ubmddrv.sys'); DeleteFile('08223B03.dll'); DeleteFile('122B901E.dll'); DeleteFile('12316E69.dll'); DeleteFile('133AEAC9.dll'); DeleteFile('14F7F80A.dll'); DeleteFile('16AF66EB.dll'); DeleteFile('1FD51F1F.dll'); DeleteFile('2EF0D734.dll'); DeleteFile('34A25F04.dll'); DeleteFile('39349BEE.dll'); DeleteFile('3B8DA919.dll'); DeleteFile('3D144530.dll'); DeleteFile('43ACDCC5.dll'); DeleteFile('4D023DE9.dll'); DeleteFile('4FBFD5A4.dll'); DeleteFile('56BC86C7.dll'); DeleteFile('58FF3024.dll'); DeleteFile('5934EA2B.dll'); DeleteFile('66AFCB56.dll'); DeleteFile('70B0129E.dll'); DeleteFile('755D0ED0.dll'); DeleteFile('7E983C60.dll'); DeleteFile('93DEE065.dll'); DeleteFile('950D1600.dll'); DeleteFile('9CA963CA.dll'); DeleteFile('A55F538E.dll'); DeleteFile('AD794E6B.dll'); DeleteFile('B3721C07.dll'); DeleteFile('B6E23E89.dll'); DeleteFile('B8E83D3C.dll'); DeleteFile('BA7EDF54.dll'); DeleteFile('C8FFD223.dll'); DeleteFile('C:\WINDOWS\system32\01AFE3DC.dll'); DeleteFile('C:\WINDOWS\system32\06EA0A93.dll'); DeleteFile('C:\WINDOWS\system32\EA44A26D.dll'); DeleteFile('D7C79813.dll'); DeleteFile('D9C002DD.dll'); DeleteFile('DA63E650.dll'); DeleteFile('DFEC5CB7.dll'); DeleteFile('E1D19FCC.dll'); DeleteFile('E3367679.dll'); DeleteFile('E44343AD.dll'); DeleteFile('E4814792.dll'); DeleteFile('F65BDEC7.dll'); DeleteFile('F8E07BB2.dll'); DeleteFile('FFAE967F.dll'); DeleteFile('msansspc.dll'); DeleteFile('C:\WINDOWS\system32\29EA67E0.dll'); ExecuteRepair(9); BC_ImportDeletedList; ExecuteSysClean; RebootWindows(true); end.
повторите логи
0
Последний раз редактировалось Alex_Goodwin; 16.12.2008 в 00:58.
1.Выполните скрипт
После выполнения скрипта компьютер перезагрузится.Код:begin SearchRootkit(true, true); SetAVZGuardStatus(True); QuarantineFile('C:\WINDOWS\system32\actxprxy.dll',''); QuarantineFile('C:\WINDOWS\system32\ASWL2K.exe',''); QuarantineFile('C:\Program Files\Messenger\msgmr.dll',''); QuarantineFile('C:\DOCUME~1\1\LOCALS~1\Temp\wmsetup.dll',''); QuarantineFile('C:\WINDOWS\system32\E0D39066.dll',''); QuarantineFile('C:\WINDOWS\system32\DRIVERS\34831814.sys',''); DeleteFile('01AFE3DC.dll'); DeleteFile('06EA0A93.dll'); DeleteFile('201476D0.dll'); DeleteFile('29EA67E0.dll'); DeleteFile('8566F82E.dll'); DeleteFile('9F684DE8.dll'); DeleteFile('A1A6BC2E.dll'); DeleteFile('C:\WINDOWS\system32\E0D39066.dll'); DeleteFile('DFB3DAC5.dll'); DeleteFile('EA44A26D.dll'); DeleteFile('C:\DOCUME~1\1\LOCALS~1\Temp\wmsetup.dll'); BC_ImportAll; BC_DeleteSvc('WmiApSrvRpcSs'); BC_DeleteSvc('VSSNetDDEdsdm'); BC_DeleteSvc('upnphostNtmsSvc'); BC_DeleteSvc('osewuauserv'); BC_DeleteSvc('NlaWebClient'); BC_DeleteSvc('NetmanAlerter'); BC_DeleteSvc('IrmonSCardSvr'); BC_DeleteSvc('ImapiServicewinmgmt'); BC_DeleteSvc('DcomLaunchdmserver'); BC_DeleteSvc('Dot3svcUPS'); BC_DeleteSvc('BrowserNtLmSsp'); BC_DeleteSvc('ASWLSVCWmdmPmSN'); BC_DeleteSvc('AlerterNetDDEdsdm'); ExecuteSysClean; BC_Activate; RebootWindows(true); end.
Прислать карантин согласно приложения 3 правил .
Загружать по ссылке: http://virusinfo.info/upload_virus.php?tid=35580
Повторите логи как написано тут http://virusinfo.info/showthread.php?t=1235
Еще попытка
выполните скрипт
пришлите карантин согласно приложения 3 правилКод:begin SearchRootkit(true, true); SetAVZGuardStatus(True); DeleteService('HBKernel32'); QuarantineFile('C:\WINDOWS\system32\drivers\HBKernel32.sys',''); DeleteService('WSCM'); QuarantineFile('C:\WINDOWS\System32\service.exe',''); DeleteService('WmiApSrvRpcSs'); DeleteService('VSSNetDDEdsdm'); DeleteService('upnphostNtmsSvc'); DeleteService('osewuauserv'); DeleteService('NlaWebClient'); DeleteService('NetmanAlerter'); DeleteService('IrmonSCardSvr'); DeleteService('ImapiServicewinmgmt'); DeleteService('Dot3svcUPS'); DeleteService('DcomLaunchdmserver'); DeleteService('BrowserNtLmSsp'); DeleteService('ASWLSVCWmdmPmSN'); DeleteService('AlerterNetDDEdsdm'); QuarantineFile('srv.exe',''); QuarantineFile('C:\WINDOWS\system32\DRIVERS\NVKEYNT.SYS',''); QuarantineFile('C:\WINDOWS\system32\drivers\nvmini.sys',''); QuarantineFile('C:\WINDOWS\system32\DRIVERS\50665302.sys',''); QuarantineFile('C:\WINDOWS\system32\sh28010.dll',''); QuarantineFile('C:\WINDOWS\system32\sh14035.dll',''); QuarantineFile('C:\WINDOWS\system32\sh09019.dll',''); QuarantineFile('c:\windows\system32\rpcss.dll',''); QuarantineFile('C:\WINDOWS\system32\hbwulin2.dll',''); QuarantineFile('C:\WINDOWS\system32\hbtw2.dll',''); QuarantineFile('C:\WINDOWS\system32\hbshq.dll',''); QuarantineFile('C:\WINDOWS\System32\hbqqxx.dll',''); QuarantineFile('C:\WINDOWS\system32\hbqqsg.dll',''); QuarantineFile('C:\WINDOWS\system32\hbqqffo.dll',''); QuarantineFile('C:\WINDOWS\System32\hbjxsj.dll',''); QuarantineFile('C:\WINDOWS\System32\hbbo.dll',''); DeleteFile('C:\WINDOWS\System32\hbbo.dll'); DeleteFile('C:\WINDOWS\System32\hbjxsj.dll'); DeleteFile('C:\WINDOWS\system32\hbqqffo.dll'); DeleteFile('C:\WINDOWS\system32\hbqqsg.dll'); DeleteFile('C:\WINDOWS\System32\hbqqxx.dll'); DeleteFile('C:\WINDOWS\system32\hbshq.dll'); DeleteFile('C:\WINDOWS\system32\hbtw2.dll'); DeleteFile('C:\WINDOWS\system32\hbwulin2.dll'); DeleteFile('c:\windows\system32\rpcss.dll'); DeleteFile('C:\WINDOWS\system32\sh09019.dll'); DeleteFile('C:\WINDOWS\system32\sh14035.dll'); DeleteFile('C:\WINDOWS\system32\sh28010.dll'); DeleteFile('C:\WINDOWS\system32\DRIVERS\50665302.sys'); DeleteFile('C:\WINDOWS\system32\drivers\nvmini.sys'); DeleteFile('srv.exe'); DeleteFile('C:\WINDOWS\System32\service.exe'); DeleteFile('C:\WINDOWS\system32\drivers\HBKernel32.sys'); DeleteFile('C:\WINDOWS\system32\13DED518.dll'); DeleteFile('C:\WINDOWS\system32\hbbo.dll'); DeleteFile('C:\WINDOWS\system32\hbjxsj.dll'); DeleteFile('C:\WINDOWS\system32\hbqqxx.dll'); DeleteFile('D9C002DD.dll'); DeleteFile('DA63E650.dll'); DeleteFile('DFB3DAC5.dll'); DeleteFile('E0D39066.dll'); DeleteFile('E4814792.dll'); DeleteFile('E783C505.dll'); DeleteFile('EA44A26D.dll'); DeleteFile('F65BDEC7.dll'); DeleteFile('F8E07BB2.dll'); DeleteFile('appmgmts.dll'); BC_DeleteSvc('AlerterNetDDEdsdm'); BC_DeleteSvc('AlerterNetDDEdsdm'); BC_DeleteSvc('AlerterNetDDEdsdm'); BC_DeleteSvc('AlerterNetDDEdsdm'); ExecuteRepair(6); ExecuteRepair(8); ExecuteRepair(9); BC_ImportDeletedList; ExecuteSysClean; BC_Activate; RebootWindows(true); end.
пофиксите
выполните http://virusinfo.info/showthread.php?t=15927Код:O20 - AppInit_DLLs: hbwulin2.dll,hbqqsg.dll,hbshq.dll,hbtw2.dll,hbqqxx.dll,hbqqffo.dll,hbbo.dll,hbjxsj.dll,
повторите логи
Уважаемый(ая) Anton_SPb, наши специалисты оказали Вам всю возможную помощь по вашему обращению.
В целях поддержания безопасности вашего компьютера настоятельно рекомендуем:
Чтобы всегда быть в курсе актуальных угроз в области информационной безопасности и сохранять свой компьютер защищенным, рекомендуем следить за последними новостями ИТ-сферы портала Anti-Malware.ru:
Надеемся больше никогда не увидеть ваш компьютер зараженным!
Если Вас не затруднит, пополните пожалуйста нашу базу безопасных файлов.