обновления все поставили?
- Выполните скрипт в AVZ
Код:
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
DeleteFileMask(GetAVZDirectory + 'Quarantine', '*.*', true);
QuarantineFile('c:\documents and settings\Admin\application data\ltzqai.exe','');
QuarantineFile('c:\documents and settings\Admin\local settings\Temp\0272561.exe','');
QuarantineFile('c:\documents and settings\Admin\local settings\Temp\453.exe','');
QuarantineFile('c:\documents and settings\Admin\local settings\Temp\481.exe','');
QuarantineFile('c:\documents and settings\Admin\local settings\Temp\96365.exe','');
QuarantineFile('c:\documents and settings\Admin\local settings\temporary internet files\1432375.exe','');
QuarantineFile('c:\documents and settings\Admin\local settings\temporary internet files\Content.IE5\0F0RLYG4\view[1].gif','');
QuarantineFile('c:\documents and settings\Admin\local settings\temporary internet files\Content.IE5\22KYT3TY\cf95[1].exe','');
QuarantineFile('c:\documents and settings\Admin\local settings\temporary internet files\Content.IE5\FADRJ9NW\9[1].exe','');
QuarantineFile('c:\documents and settings\Admin\local settings\temporary internet files\Content.IE5\FADRJ9NW\a2[1].exe','');
QuarantineFile('c:\documents and settings\Admin\local settings\temporary internet files\Content.IE5\I8QG8CYY\m[1].s','');
QuarantineFile('c:\documents and settings\networkservice\local settings\temporary internet files\Content.IE5\JR46W6OX\mobii[1].exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\temporary internet files\Content.IE5\OSGR7Y9M\1863[1].exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\temporary internet files\Content.IE5\OSGR7Y9M\1863[2].exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\temporary internet files\Content.IE5\OSGR7Y9M\1863[3].exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\temporary internet files\Content.IE5\VO86ZCW1\0[1].exe','');
QuarantineFile('c:\RECYCLER\s-1-5-21-2403664291-9959929151-674607804-0458\mcvcn.exe','');
QuarantineFile('c:\RECYCLER\s-1-5-21-4327045422-4395743973-617697718-0679\csisf.exe','');
QuarantineFile('c:\WINDOWS\gjdrive32.exe','');
QuarantineFile('c:\WINDOWS\gwdrive32.exe','');
QuarantineFile('c:\WINDOWS\innounp.exe','');
QuarantineFile('c:\WINDOWS\system32\01.exe','');
QuarantineFile('c:\WINDOWS\system32\07.exe','');
QuarantineFile('c:\WINDOWS\system32\17.exe','');
QuarantineFile('c:\WINDOWS\system32\22.exe','');
QuarantineFile('c:\WINDOWS\system32\msvmiode.exe','');
QuarantineFile('c:\WINDOWS\system32\34.exe','');
QuarantineFile('c:\WINDOWS\system32\43.exe','');
QuarantineFile('c:\WINDOWS\system32\47.exe','');
QuarantineFile('c:\WINDOWS\system32\56.exe','');
QuarantineFile('c:\WINDOWS\system32\75.exe','');
DeleteFile('c:\documents and settings\Admin\application data\ltzqai.exe');
DeleteFile('c:\documents and settings\Admin\local settings\Temp\0272561.exe');
DeleteFile('c:\documents and settings\Admin\local settings\Temp\453.exe');
DeleteFile('c:\documents and settings\Admin\local settings\Temp\481.exe');
DeleteFile('c:\documents and settings\Admin\local settings\Temp\96365.exe');
DeleteFile('c:\documents and settings\Admin\local settings\temporary internet files\1432375.exe');
DeleteFile('c:\documents and settings\Admin\local settings\temporary internet files\Content.IE5\0F0RLYG4\view[1].gif');
DeleteFile('c:\documents and settings\Admin\local settings\temporary internet files\Content.IE5\22KYT3TY\cf95[1].exe');
DeleteFile('c:\documents and settings\Admin\local settings\temporary internet files\Content.IE5\FADRJ9NW\9[1].exe');
DeleteFile('c:\documents and settings\Admin\local settings\temporary internet files\Content.IE5\FADRJ9NW\a2[1].exe');
DeleteFile('c:\documents and settings\Admin\local settings\temporary internet files\Content.IE5\I8QG8CYY\m[1].s');
DeleteFile('c:\documents and settings\networkservice\local settings\temporary internet files\Content.IE5\JR46W6OX\mobii[1].exe');
DeleteFile('c:\documents and settings\networkservice\local settings\temporary internet files\Content.IE5\OSGR7Y9M\1863[1].exe');
DeleteFile('c:\documents and settings\networkservice\local settings\temporary internet files\Content.IE5\OSGR7Y9M\1863[2].exe');
DeleteFile('c:\documents and settings\networkservice\local settings\temporary internet files\Content.IE5\OSGR7Y9M\1863[3].exe');
DeleteFile('c:\documents and settings\networkservice\local settings\temporary internet files\Content.IE5\VO86ZCW1\0[1].exe');
DeleteFile('c:\RECYCLER\s-1-5-21-2403664291-9959929151-674607804-0458\mcvcn.exe');
DeleteFile('c:\RECYCLER\s-1-5-21-4327045422-4395743973-617697718-0679\csisf.exe');
DeleteFileMask('c:\documents and settings\Admin\local settings\temporary internet files\Content.IE5', '*.*', true);
DeleteFileMask('c:\documents and settings\networkservice\local settings\temporary internet files\Content.IE5', '*.*', true);
DeleteFile('c:\WINDOWS\gjdrive32.exe');
DeleteFile('c:\WINDOWS\gwdrive32.exe');
DeleteFile('c:\WINDOWS\innounp.exe');
DeleteFile('c:\WINDOWS\system32\01.exe');
DeleteFile('c:\WINDOWS\system32\07.exe');
DeleteFile('c:\WINDOWS\system32\17.exe');
DeleteFile('c:\WINDOWS\system32\22.exe');
DeleteFile('c:\WINDOWS\system32\msvmiode.exe');
DeleteFile('c:\WINDOWS\system32\34.exe');
DeleteFile('c:\WINDOWS\system32\43.exe');
DeleteFile('c:\WINDOWS\system32\47.exe');
DeleteFile('c:\WINDOWS\system32\56.exe');
DeleteFile('c:\WINDOWS\system32\75.exe');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.
После перезагрузки:
- выполните такой скрипт
Код:
begin
CreateQurantineArchive(GetAVZDirectory+'quarantine.zip');
end.
- Файл quarantine.zip из папки AVZ загрузите по ссылке Прислать запрошенный карантин вверху темы
- Сделайте повторный лог virusinfo_syscheck.zip;
- Сделайте лог MBAM