- Execute following script in Manual Healing
Код:
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
QuarantineFile('C:\DOCUME~1\LOCALA~1\LOCALS~1\Temp\debug.exe','');
QuarantineFile('C:\DOCUME~1\LOCALA~1\LOCALS~1\Temp\taskmgr.exe','');
QuarantineFile('C:\DOCUME~1\LOCALA~1\LOCALS~1\Temp\win32.exe','');
QuarantineFile('c:\docume~1\locala~1\locals~1\temp\win32.exe','');
QuarantineFile('c:\docume~1\locala~1\locals~1\temp\taskmgr.exe','');
QuarantineFile('c:\docume~1\locala~1\locals~1\temp\svchost.exe','');
QuarantineFile('c:\docume~1\locala~1\locals~1\temp\dirxlx.exe','');
QuarantineFile('c:\docume~1\locala~1\locals~1\temp\debug.exe','');
TerminateProcessByName('c:\docume~1\locala~1\locals~1\temp\win32.exe');
TerminateProcessByName('c:\docume~1\locala~1\locals~1\temp\taskmgr.exe');
TerminateProcessByName('c:\docume~1\locala~1\locals~1\temp\svchost.exe');
TerminateProcessByName('c:\docume~1\locala~1\locals~1\temp\dirxlx.exe');
TerminateProcessByName('c:\docume~1\locala~1\locals~1\temp\debug.exe');
QuarantineFile('C:\DOCUME~1\LOCALA~1\LOCALS~1\Temp\dirxlx.exe','');
QuarantineFile('C:\DOCUME~1\LOCALA~1\LOCALS~1\Temp\svchost.exe','');
QuarantineFile('C:\Documents and Settings\localadmin\Application Data\B0FEFFC0FA9A58E52BE90F10867915CA\newupdate1142C.exe','');
QuarantineFile('zkxahym.sys','');
DeleteFile('zkxahym.sys');
DeleteFile('c:\windows\system32\drivers\zkxahym.sys');
RegKeyParamDel('HKEY_USERS','S-1-5-21-790525478-602609370-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Run','hsf87sdhfush87fsufhuie3fddf');
RegKeyParamDel('HKEY_USERS','S-1-5-21-790525478-602609370-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Run','hsf87efjhdsf87f3jfsdi7fhsujfd');
DeleteFile('C:\Documents and Settings\localadmin\Application Data\B0FEFFC0FA9A58E52BE90F10867915CA\newupdate1142C.exe');
DeleteFileMask('C:\DOCUME~1\LOCALA~1\LOCALS~1\Temp\svchost.exe');
DeleteFile('C:\DOCUME~1\LOCALA~1\LOCALS~1\Temp\','*.*',true);
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.
After reboot:
- Execute following script in Manual Healing
Код:
begin
CreateQurantineArchive('C:\quarantine.zip');
end.
- Upload the C:\quarantine.zip here: http://virusinfo.info/upload_virus_eng.php?tid=77111
- Repeat a log file.
- Attach a new log to your new post..