Началось с того, что было замечено в подлючениях новое, "Internet". Прекрасно помнил, что я его не создавал. Насторожило, но забил. Вышел в инет, и через некоторое время он отключается, даже не известив меня об этом. Поставил новый фаерволл, он обнаружил, что с частой периодичностью пытается запуститься странный файл rtradsfa6 в document abd Setting/мой профиль/ и блокировал его. Ясно, что таких файлов там быть не должно. Я заметил там 2 странных файла rtradsfa6 и rtrassn9, но rtradsfa6 постоянно восстанавливался(впрочем, после 1 проверки avz и выключения компа, восстановаился и 2 файл, и новый rtradsfi2). В процессах ничего не обнаружил странного, появлятся процесс лишь когда пытается запуститься файл тот. Насторожило, что 1 скрипт делал - был 1 файл. 2 скрипт - было 3 файла странных. Все нужные файлы приложил. Также интересно, что это было, и почему никак не убивалось, и не было процессов никаких?
Будь в курсе!Будь в курсе!
Надоело быть жертвой? Стань профи по информационной безопасности, получай самую свежую информацию об угрозах и средствах защиты от ведущего российского аналитического центра Anti-Malware.ru:
Странных файлов становится в папке всё больше. Если удалить их все, то регенится уже поменьше, но после перезагрузки чуть больше становится. Посмотрел лог, за опасные было принято 2 файла из этой компании, но, вроде бы, их было больше.
Зараженные папки:
C:\Program Files\Advantage (Adware.Advantage) -> Not selected for removal.
C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302} (Adware.Advantage) -> Not selected for removal.
C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome (Adware.Advantage) -> Not selected for removal.
C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\content (Adware.Advantage) -> Not selected for removal.
C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\locale (Adware.Advantage) -> Not selected for removal.
C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\locale\en-US (Adware.Advantage) -> Not selected for removal.
C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\components (Adware.Advantage) -> Not selected for removal.
C:\Documents and Settings\Oracul\Главное меню\Программы\Total Security (Rogue.TotalSecurity) -> Not selected for removal.
C:\WINDOWS\system32\wsnpoem (Trojan.Agent) -> Not selected for removal.
C:\Program Files\Common Files\Target Marketing Agency (Adware.TMAagent) -> Not selected for removal.
C:\Program Files\Common Files\Target Marketing Agency\TMAgent (Adware.TMAagent) -> Not selected for removal.
C:\Program Files\Common Files\Target Marketing Agency\TMAgent\extension (Adware.TMAagent) -> Not selected for removal.
C:\Program Files\Common Files\Target Marketing Agency\TMAgent\extension\chrome (Adware.TMAagent) -> Not selected for removal.
C:\Program Files\Common Files\Target Marketing Agency\TMAgent\extension\components (Adware.TMAagent) -> Not selected for removal.
C:\Documents and Settings\GoodPath\Local Settings\Application Data\Target Marketing Agency (Adware.TMAagent) -> Not selected for removal.
C:\Documents and Settings\GoodPath\Local Settings\Application Data\Target Marketing Agency\TMAgent (Adware.TMAagent) -> Not selected for removal.
C:\Documents and Settings\GoodPath\Local Settings\Application Data\Target Marketing Agency\TMAgent\update (Adware.TMAagent) -> Not selected for removal.
C:\Documents and Settings\Nemesis.DARK_TEMPLE\Local Settings\Application Data\Target Marketing Agency (Adware.TMAagent) -> Not selected for removal.
C:\Documents and Settings\Nemesis.DARK_TEMPLE\Local Settings\Application Data\Target Marketing Agency\TMAgent (Adware.TMAagent) -> Not selected for removal.
Зараженные файлы:
C:\Documents and Settings\GoodPath\Local Settings\Temp\TMP8.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\GoodPath\Local Settings\Temporary Internet Files\Content.IE5\TRTRXMLU\lol[1].exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Nemesis.I-867A8DE2A4404\Local Settings\Temp\~TMAE.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Nemesis.I-867A8DE2A4404\Local Settings\Temporary Internet Files\Content.IE5\MAU1HVIB\load[1].exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Nemesis.I-86DABC12708F4\Рабочий стол\AMV софт\trapcode[1].multikeygen.v1.1.exe (Malware.Packer.Gen) -> Not selected for removal.
C:\Documents and Settings\Nemesis.I-86DABC12708F4\Рабочий стол\AMV софт\Tpapcode All\Trapcode.Echospace.v1.0.1.Win.for.After.Effects.Incl.Keygen.INTERNAL-VR\vr-e101a\vr-e101a\Medicine\Keygen.exe (Malware.Packer.Gen) -> Not selected for removal.
C:\Documents and Settings\Nemesis.I-86DABC12708F4\Рабочий стол\AMV софт\Tpapcode All\Trapcode.Particular.v1.5.0.Win.for.After.Effects.Incl.Keygen.INTERNAL-VR\vr-p150a\vr-p150a\Medicine\Keygen.exe (Malware.Packer.Gen) -> Not selected for removal.
C:\Documents and Settings\Nemesis.I-86DABC12708F4\Рабочий стол\AMV софт\Tpapcode All\Trapcode.Sound.Keys.v1.1.2.Win.for.After.Effects.Incl.Keygen.INTERNAL-VR\vr-k112a\vr-k112a\Medicine\Keygen.exe (Malware.Packer.Gen) -> Not selected for removal.
C:\Documents and Settings\Nemesis.I-86DABC12708F4\Рабочий стол\Софт Всякий\Установщики\alcohol120-1.9.7.6221_retail_incl_crack\BetaMaster Activators\Old Versions\v.3.6\keymaker.exe (Password.Stealer) -> Not selected for removal.
C:\Documents and Settings\Nemesis.I-86DABC12708F4\Рабочий стол\Софт Всякий\Установщики\alcohol120-1.9.7.6221_retail_incl_crack\Tools\Tools for Trial Version\any_version_LoadeR_v3.1\manually\patch_ssc.exe (Trojan.Patcher) -> Not selected for removal.
C:\Documents and Settings\NetworkService.NT AUTHORITY.006\Local Settings\Temporary Internet Files\Content.IE5\2GLBI47W\qahdmyyt[1].jpg (Worm.Conficker) -> Not selected for removal.
C:\Documents and Settings\Oracul\rtradsfa6.exe (Trojan.Dialer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Oracul\rtradsfi2.exe (Trojan.Dialer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Oracul\Local Settings\Temporary Internet Files\Content.IE5\LP192L61\April2-p1[1].jpg (Trojan.Dialer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Oracul\Рабочий стол\Нужный софт\SRS.AS1.9.0.5\Crack\keygen.exe (Trojan.Agent) -> Not selected for removal.
C:\Documents and Settings\Администратор\Local Settings\Temporary Internet Files\Content.IE5\6ZER25UF\KeyGen[1].exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Downloads\Архивы\netscreen2fr\netscreen2fr.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Downloads\Программы\SRS.exe (Malware.Packer) -> Not selected for removal.
C:\Downloads\Программы\avz4\avz4\Infected\2010-04-12\avz00001.dta (Adware.TMAgent) -> Not selected for removal.
C:\DRIVE\BIN\April2.exe (Trojan.Dialer.Gen) -> Not selected for removal.
C:\System Volume Information\_restore{2F45D9BB-4397-4DA6-B052-35A9DAF03E96}\RP75\A0026821.exe (Adware.WhenU) -> Not selected for removal.
C:\System Volume Information\_restore{2F45D9BB-4397-4DA6-B052-35A9DAF03E96}\RP78\A0027056.exe (Adware.WhenU) -> Not selected for removal.
C:\System Volume Information\_restore{2F45D9BB-4397-4DA6-B052-35A9DAF03E96}\RP85\A0031848.exe (Adware.WhenU) -> Not selected for removal.
C:\System Volume Information\_restore{2F45D9BB-4397-4DA6-B052-35A9DAF03E96}\RP86\A0031864.exe (Adware.WhenU) -> Not selected for removal.
C:\System Volume Information\_restore{EAC02D05-2297-4F90-817F-FBB8139E5905}(2)\RP13\A0002017.exe (Trojan.Dialer.Gen) -> Not selected for removal.
C:\RECYCLER\S-1-5-21-2025429265-362288127-1177238915-1003\Dc3.exe (Trojan.Dialer.Gen) -> Not selected for removal.
C:\RECYCLER\S-1-5-21-2025429265-362288127-1177238915-1003\Dc4.exe (Trojan.Dialer.Gen) -> Not selected for removal.
C:\Program Files\Common Files\Target Marketing Agency\TMAgent\tmasrv.exe (Adware.TMAgent) -> Not selected for removal.
C:\Program Files\Common Files\Target Marketing Agency\TMAgent\Uninstaller.exe (Adware.TMAgent) -> Not selected for removal.
C:\Program Files\LucasArts\LEGO Star Wars II\lego_data\dattool.dat (Malware.Packer) -> Not selected for removal.
C:\Program Files\QIP\Users\355734985\RcvdFiles\369999431_ere\game2_build_alpha1\game2_build_alpha1\config.exe (Malware.Packer) -> Not selected for removal.
C:\Program Files\WebMoney\WebMoney.exe (Spyware.WebMoney) -> Not selected for removal.
C:\Program Files\XDenSer NetScreen\NetScreen.exe (PuP.NetScreen) -> Not selected for removal.
E:\WINDOWS\system32\dllcache\iissync.exe (Virus.Expiro) -> Not selected for removal.
E:\System Volume Information\_restore{A29E8F76-7E88-461F-B2DA-26BD8872C0B9}\RP1\A0001223.exe (Malware.Packer.Morphine) -> Not selected for removal.
E:\System Volume Information\_restore{A29E8F76-7E88-461F-B2DA-26BD8872C0B9}\RP1\A0002432.exe (Virus.Expiro) -> Not selected for removal.
E:\System Volume Information\_restore{A29E8F76-7E88-461F-B2DA-26BD8872C0B9}\RP2\A0017912.exe (Malware.Packer) -> Not selected for removal.
E:\91bac6fc1f6f62fe4687\setupres.2070.dll (Trojan.Dropper) -> Not selected for removal.
F:\Warcraft III TFT\Crack\Keygen\Keygenroc.exe (Trojan.Agent) -> Not selected for removal.
F:\Warcraft III TFT\Tools\Bnconfig.exe (Trojan.LDPinch) -> Not selected for removal.
F:\SRS.AS1.9.0.5\Crack\keygen.exe (Trojan.Agent) -> Not selected for removal.
C:\Program Files\Advantage\AdVantage.db (Adware.Advantage) -> Not selected for removal.
C:\Program Files\Advantage\AdVantage.htm (Adware.Advantage) -> Not selected for removal.
C:\Program Files\Advantage\AdVUninst.exe (Adware.Advantage) -> Not selected for removal.
C:\Program Files\Advantage\DelMe.bat (Adware.Advantage) -> Not selected for removal.
C:\Program Files\Advantage\ffext.mod (Adware.Advantage) -> Not selected for removal.
C:\Program Files\Advantage\user.db (Adware.Advantage) -> Not selected for removal.
C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome.manifest (Adware.Advantage) -> Not selected for removal.
C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\install.js (Adware.Advantage) -> Not selected for removal.
C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\install.rdf (Adware.Advantage) -> Not selected for removal.
C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\vssver2.scc (Adware.Advantage) -> Not selected for removal.
C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\content\advantage.png (Adware.Advantage) -> Not selected for removal.
C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\content\contents.rdf (Adware.Advantage) -> Not selected for removal.
C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\content\overlay.js (Adware.Advantage) -> Not selected for removal.
C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\content\overlay.xul (Adware.Advantage) -> Not selected for removal.
C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\content\vssver2.scc (Adware.Advantage) -> Not selected for removal.
C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\locale\en-US\overlay.dtd (Adware.Advantage) -> Not selected for removal.
C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\locale\en-US\vssver2.scc (Adware.Advantage) -> Not selected for removal.
C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\components\IMeMedia_FF.xpt (Adware.Advantage) -> Not selected for removal.
C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\components\MeMedia_FF.dll (Adware.Advantage) -> Not selected for removal.
C:\Documents and Settings\Oracul\Главное меню\Программы\Total Security\Total Security 2009.lnk (Rogue.TotalSecurity) -> Not selected for removal.
C:\Program Files\Common Files\Target Marketing Agency\TMAgent\aupdate.exe (Adware.TMAagent) -> Not selected for removal.
C:\Program Files\Common Files\Target Marketing Agency\TMAgent\license.txt (Adware.TMAagent) -> Not selected for removal.
C:\Program Files\Common Files\Target Marketing Agency\TMAgent\extension\chrome.manifest (Adware.TMAagent) -> Not selected for removal.
C:\Program Files\Common Files\Target Marketing Agency\TMAgent\extension\install.rdf (Adware.TMAagent) -> Not selected for removal.
C:\Program Files\Common Files\Target Marketing Agency\TMAgent\extension\chrome\tmagent.jar (Adware.TMAagent) -> Not selected for removal.
C:\Program Files\Common Files\Target Marketing Agency\TMAgent\extension\components\fftma.dll (Adware.TMAagent) -> Not selected for removal.
C:\Program Files\Common Files\Target Marketing Agency\TMAgent\extension\components\nsIAdHandler.xpt (Adware.TMAagent) -> Not selected for removal.
C:\Program Files\Common Files\Target Marketing Agency\TMAgent\extension\components\nsISteadway.xpt (Adware.TMAagent) -> Not selected for removal.
C:\Documents and Settings\GoodPath\Local Settings\Application Data\Target Marketing Agency\TMAgent\data.bin (Adware.TMAagent) -> Not selected for removal.
C:\Documents and Settings\GoodPath\Local Settings\Application Data\Target Marketing Agency\TMAgent\params.bin (Adware.TMAagent) -> Not selected for removal.
C:\Documents and Settings\GoodPath\Local Settings\Application Data\Target Marketing Agency\TMAgent\tmagent.bin (Adware.TMAagent) -> Not selected for removal.
C:\Documents and Settings\GoodPath\Local Settings\Application Data\Target Marketing Agency\TMAgent\update\curver.xml (Adware.TMAagent) -> Not selected for removal.
C:\Documents and Settings\GoodPath\Local Settings\Application Data\Target Marketing Agency\TMAgent\update\updateInfo.xml (Adware.TMAagent) -> Not selected for removal.
C:\Documents and Settings\Nemesis.DARK_TEMPLE\Local Settings\Application Data\Target Marketing Agency\TMAgent\data.bin (Adware.TMAagent) -> Not selected for removal.
C:\Documents and Settings\Nemesis.DARK_TEMPLE\Local Settings\Application Data\Target Marketing Agency\TMAgent\params.bin (Adware.TMAagent) -> Not selected for removal.
C:\Documents and Settings\Nemesis.DARK_TEMPLE\Local Settings\Application Data\Target Marketing Agency\TMAgent\tmagent.bin (Adware.TMAagent) -> Not selected for removal.
C:\Documents and Settings\GoodPath\Application Data\wiaserva.log (Malware.Trace) -> Not selected for removal.
C:\Documents and Settings\Oracul\Рабочий стол\Total Security 2009.lnk (Rogue.TotalSecurity) -> Not selected for removal.
C:\Documents and Settings\Nemesis.I-867A8DE2A4404\oashdihasidhasuidhiasdhiashdiuasdhasd (Malware.Trace) -> Not selected for removal.
C:\Documents and Settings\LevelUp\Local Settings\Temp\0.601054550897766.exe (Trojan.Dropper) -> Not selected for removal.
Чтобы всегда быть в курсе актуальных угроз в области информационной безопасности и сохранять свой компьютер защищенным, рекомендуем следить за последними новостями ИТ-сферы портала Anti-Malware.ru: