-
Junior Member
- Вес репутации
- 55
перезагрузка системы сразу после входа под любым пользователем
Здравствуйте.
ОС перезагружается сразу после входа в нее под любым пользователем. После выполнения первого скрипта в безопасном режиме, системы загрузилась. Второй скрипт avz и HiJackThis выполнил уже в нормальном режиме.
avz нашел кучу вирусов.
логи:
Последний раз редактировалось zlichu; 07.10.2010 в 06:31.
-
Будь в курсе!
Будь в курсе!
Надоело быть жертвой? Стань профи по информационной безопасности, получай самую свежую информацию об угрозах и средствах защиты от ведущего российского аналитического центра Anti-Malware.ru:
-
Выполните скрипт в AVZ
Код:
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
DeleteFile('.exe');
DeleteFile('D:\autorun.inf');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
ExecuteREpair(8);
ExecuteREpair(11);
ExecuteREpair(20);
RebootWindows(true);
end.
Компьютер перезагрузится.
Сделайте новые логи
Сделайте лог полного сканирования МВАМ
Microsoft MVP 2012-2016 Consumer Security
Microsoft MVP 2016 Reconnect
-
-
Junior Member
- Вес репутации
- 55
скрипт выполнил.
Вот логи:
Последний раз редактировалось zlichu; 07.10.2010 в 06:31.
-
Удалите в МВАМ
Код:
Объекты реестра заражены:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> No action taken.
Зараженные папки:
C:\Documents and Settings\Ратмир\Local Settings\Temp\E_4 (Worm.AutoRun) -> No action taken.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Bron.tok-10-1 (Worm.Brontok) -> No action taken.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Bron.tok-10-13 (Worm.Brontok) -> No action taken.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Bron.tok-10-14 (Worm.Brontok) -> No action taken.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Bron.tok-10-19 (Worm.Brontok) -> No action taken.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Bron.tok-10-2 (Worm.Brontok) -> No action taken.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Bron.tok-10-24 (Worm.Brontok) -> No action taken.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Bron.tok-10-26 (Worm.Brontok) -> No action taken.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Bron.tok-10-27 (Worm.Brontok) -> No action taken.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Bron.tok-10-28 (Worm.Brontok) -> No action taken.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Bron.tok-10-29 (Worm.Brontok) -> No action taken.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Bron.tok-10-3 (Worm.Brontok) -> No action taken.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Bron.tok-10-6 (Worm.Brontok) -> No action taken.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Bron.tok-10-9 (Worm.Brontok) -> No action taken.
C:\Documents and Settings\Администратор\Local Settings\Application Data\Bron.tok-10-4 (Worm.Brontok) -> No action taken.
C:\Documents and Settings\Администратор\Local Settings\Application Data\Bron.tok-10-6 (Worm.Brontok) -> No action taken.
C:\Documents and Settings\Ратмир\Local Settings\Application Data\Bron.tok-10-1 (Worm.Brontok) -> No action taken.
C:\Documents and Settings\Ратмир\Local Settings\Application Data\Bron.tok-10-11 (Worm.Brontok) -> No action taken.
C:\Documents and Settings\Ратмир\Local Settings\Application Data\Bron.tok-10-12 (Worm.Brontok) -> No action taken.
C:\Documents and Settings\Ратмир\Local Settings\Application Data\Bron.tok-10-13 (Worm.Brontok) -> No action taken.
C:\Documents and Settings\Ратмир\Local Settings\Application Data\Bron.tok-10-14 (Worm.Brontok) -> No action taken.
C:\Documents and Settings\Ратмир\Local Settings\Application Data\Bron.tok-10-19 (Worm.Brontok) -> No action taken.
C:\Documents and Settings\Ратмир\Local Settings\Application Data\Bron.tok-10-2 (Worm.Brontok) -> No action taken.
C:\Documents and Settings\Ратмир\Local Settings\Application Data\Bron.tok-10-20 (Worm.Brontok) -> No action taken.
C:\Documents and Settings\Ратмир\Local Settings\Application Data\Bron.tok-10-21 (Worm.Brontok) -> No action taken.
C:\Documents and Settings\Ратмир\Local Settings\Application Data\Bron.tok-10-22 (Worm.Brontok) -> No action taken.
C:\Documents and Settings\Ратмир\Local Settings\Application Data\Bron.tok-10-23 (Worm.Brontok) -> No action taken.
C:\Documents and Settings\Ратмир\Local Settings\Application Data\Bron.tok-10-24 (Worm.Brontok) -> No action taken.
C:\Documents and Settings\Ратмир\Local Settings\Application Data\Bron.tok-10-25 (Worm.Brontok) -> No action taken.
C:\Documents and Settings\Ратмир\Local Settings\Application Data\Bron.tok-10-26 (Worm.Brontok) -> No action taken.
C:\Documents and Settings\Ратмир\Local Settings\Application Data\Bron.tok-10-27 (Worm.Brontok) -> No action taken.
C:\Documents and Settings\Ратмир\Local Settings\Application Data\Bron.tok-10-28 (Worm.Brontok) -> No action taken.
C:\Documents and Settings\Ратмир\Local Settings\Application Data\Bron.tok-10-29 (Worm.Brontok) -> No action taken.
C:\Documents and Settings\Ратмир\Local Settings\Application Data\Bron.tok-10-3 (Worm.Brontok) -> No action taken.
C:\Documents and Settings\Ратмир\Local Settings\Application Data\Bron.tok-10-30 (Worm.Brontok) -> No action taken.
C:\Documents and Settings\Ратмир\Local Settings\Application Data\Bron.tok-10-31 (Worm.Brontok) -> No action taken.
C:\Documents and Settings\Ратмир\Local Settings\Application Data\Bron.tok-10-4 (Worm.Brontok) -> No action taken.
C:\Documents and Settings\Ратмир\Local Settings\Application Data\Bron.tok-10-5 (Worm.Brontok) -> No action taken.
C:\Documents and Settings\Ратмир\Local Settings\Application Data\Bron.tok-10-6 (Worm.Brontok) -> No action taken.
C:\Documents and Settings\Ратмир\Local Settings\Application Data\Bron.tok-10-7 (Worm.Brontok) -> No action taken.
C:\Documents and Settings\Ратмир\Local Settings\Application Data\Bron.tok-10-8 (Worm.Brontok) -> No action taken.
C:\Documents and Settings\Ратмир\Local Settings\Application Data\Bron.tok-10-9 (Worm.Brontok) -> No action taken.
Зараженные файлы:
C:\Documents and Settings\Ратмир\Local Settings\Temp\E_4\com.run (Worm.AutoRun) -> No action taken.
C:\Documents and Settings\Ратмир\Local Settings\Temp\E_4\dp1.fne (Worm.AutoRun) -> No action taken.
C:\Documents and Settings\Ратмир\Local Settings\Temp\E_4\eAPI.fne (Worm.AutoRun) -> No action taken.
C:\Documents and Settings\Ратмир\Local Settings\Temp\E_4\krnln.fnr (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Ратмир\Local Settings\Temp\E_4\RegEx.fnr (Worm.AutoRun) -> No action taken.
C:\Documents and Settings\Ратмир\Local Settings\Temp\E_4\shell.fne (Worm.AutoRun) -> No action taken.
C:\WINDOWS\system32\shell.fne (Worm.AutoRun) -> No action taken.
C:\WINDOWS\system32\dp1.fne (Worm.AutoRun) -> No action taken.
C:\WINDOWS\system32\eAPI.fne (Worm.AutoRun) -> No action taken.
C:\WINDOWS\system32\krnln.fnr (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\com.run (Worm.AutoRun) -> No action taken.
C:\WINDOWS\system32\RegEx.fnr (Worm.AutoRun) -> No action taken.
C:\WINDOWS\system32\vfp8rrus.dll (Malware.Packer.Gen) -> No action taken.
D:\avz\avz4\Infected\2010-10-06\avz00001.dta (Worm.Brontok) -> No action taken.
D:\avz\avz4\Infected\2010-10-06\avz00002.dta (Worm.Brontok) -> No action taken.
D:\avz\avz4\Infected\2010-10-06\avz00003.dta (Worm.Brontok) -> No action taken.
D:\avz\avz4\Infected\2010-10-06\avz00004.dta (Worm.Brontok) -> No action taken.
D:\avz\avz4\Infected\2010-10-06\avz00005.dta (Worm.Brontok) -> No action taken.
D:\avz\avz4\Infected\2010-10-06\avz00006.dta (Worm.Brontok) -> No action taken.
D:\avz\avz4\Infected\2010-10-06\avz00007.dta (Worm.Brontok) -> No action taken.
D:\avz\avz4\Infected\2010-10-06\avz00008.dta (Worm.Brontok) -> No action taken.
D:\avz\avz4\Infected\2010-10-06\avz00009.dta (Worm.Brontok) -> No action taken.
D:\avz\avz4\Infected\2010-10-06\avz00010.dta (Worm.Brontok) -> No action taken.
D:\avz\avz4\Infected\2010-10-06\avz00011.dta (Worm.Brontok) -> No action taken.
D:\avz\avz4\Infected\2010-10-06\avz00012.dta (Worm.Brontok) -> No action taken.
D:\avz\avz4\Infected\2010-10-06\avz00013.dta (Worm.Brontok) -> No action taken.
D:\avz\avz4\Infected\2010-10-06\avz00014.dta (Worm.Brontok) -> No action taken.
D:\avz\avz4\Infected\2010-10-06\avz00015.dta (Worm.Brontok) -> No action taken.
D:\avz\avz4\Infected\2010-10-06\avz00016.dta (Worm.Brontok) -> No action taken.
D:\avz\avz4\Infected\2010-10-06\avz00017.dta (Worm.Brontok) -> No action taken.
D:\avz\avz4\Infected\2010-10-06\avz00018.dta (Worm.Brontok) -> No action taken.
D:\avz\avz4\Infected\2010-10-06\avz00019.dta (Worm.Brontok) -> No action taken.
D:\avz\avz4\Infected\2010-10-06\avz00020.dta (Worm.Brontok) -> No action taken.
D:\avz\avz4\Infected\2010-10-06\avz00021.dta (Worm.Brontok) -> No action taken.
D:\avz\avz4\Infected\2010-10-06\avz00022.dta (Worm.Brontok) -> No action taken.
D:\avz\avz4\Infected\2010-10-06\avz00023.dta (Worm.Brontok) -> No action taken.
D:\avz\avz4\Infected\2010-10-06\avz00024.dta (Worm.Brontok) -> No action taken.
D:\avz\avz4\Infected\2010-10-06\avz00025.dta (Worm.Brontok) -> No action taken.
D:\avz\avz4\Infected\2010-10-06\avz00026.dta (Worm.Brontok) -> No action taken.
D:\avz\avz4\Infected\2010-10-06\avz00027.dta (Worm.Brontok) -> No action taken.
D:\avz\avz4\Infected\2010-10-06\avz00028.dta (Worm.Brontok) -> No action taken.
D:\avz\avz4\Infected\2010-10-06\avz00029.dta (Worm.Brontok) -> No action taken.
D:\avz\avz4\Infected\2010-10-06\avz00030.dta (Worm.Brontok) -> No action taken.
D:\avz\avz4\Infected\2010-10-06\avz00031.dta (Worm.Brontok) -> No action taken.
D:\avz\avz4\Infected\2010-10-06\avz00032.dta (Worm.Brontok) -> No action taken.
D:\avz\avz4\Infected\2010-10-06\avz00033.dta (Worm.Brontok) -> No action taken.
D:\avz\avz4\Infected\2010-10-06\avz00034.dta (Worm.Brontok) -> No action taken.
D:\avz\avz4\Infected\2010-10-06\avz00035.dta (Worm.Brontok) -> No action taken.
D:\avz\avz4\Infected\2010-10-06\avz00036.dta (Worm.Brontok) -> No action taken.
D:\avz\avz4\Infected\2010-10-06\avz00037.dta (Worm.Brontok) -> No action taken.
D:\avz\avz4\Infected\2010-10-06\avz00038.dta (Worm.Brontok) -> No action taken.
D:\avz\avz4\Infected\2010-10-06\avz00039.dta (Worm.Brontok) -> No action taken.
D:\avz\avz4\Infected\2010-10-06\avz00040.dta (Worm.Brontok) -> No action taken.
D:\avz\avz4\Infected\2010-10-06\avz00041.dta (Worm.Brontok) -> No action taken.
D:\avz\avz4\Infected\2010-10-06\avz00042.dta (Worm.Brontok) -> No action taken.
D:\avz\avz4\Infected\2010-10-06\avz00043.dta (Worm.Brontok) -> No action taken.
D:\avz\avz4\Infected\2010-10-06\avz00044.dta (Worm.Brontok) -> No action taken.
D:\avz\avz4\Infected\2010-10-06\avz00045.dta (Worm.Brontok) -> No action taken.
D:\avz\avz4\Infected\2010-10-06\avz00046.dta (Worm.Brontok) -> No action taken.
D:\avz\avz4\Infected\2010-10-06\avz00047.dta (Worm.Brontok) -> No action taken.
D:\avz\avz4\Infected\2010-10-06\avz00048.dta (Worm.Brontok) -> No action taken.
D:\avz\avz4\Infected\2010-10-06\avz00049.dta (Worm.Brontok) -> No action taken.
D:\avz\avz4\Infected\2010-10-06\avz00050.dta (Worm.Brontok) -> No action taken.
D:\avz\avz4\Infected\2010-10-06\avz00051.dta (Worm.Brontok) -> No action taken.
C:\Documents and Settings\Ратмир\Local Settings\Temp\E_4\internet.fne (Worm.AutoRun) -> No action taken.
C:\Documents and Settings\Ратмир\Local Settings\Temp\E_4\spec.fne (Worm.AutoRun) -> No action taken.
C:\WINDOWS\system32\internet.fne (Worm.AutoRun) -> No action taken.
C:\WINDOWS\system32\og.dll (Worm.AutoRun) -> No action taken.
C:\WINDOWS\system32\og.EDT (Worm.AutoRun) -> No action taken.
C:\WINDOWS\system32\spec.fne (Worm.AutoRun) -> No action taken.
C:\WINDOWS\system32\ul.dll (Worm.AutoRun) -> No action taken.
Microsoft MVP 2012-2016 Consumer Security
Microsoft MVP 2016 Reconnect
-
-
Junior Member
- Вес репутации
- 55
-
Junior Member
- Вес репутации
- 55
проверил drweb, вирусов нет. Спасибо за помощь. Тему можно закрыть