Василий-d Posted December 10, 2008 Report Share Posted December 10, 2008 В том числе заблокированы сайты Касперского, Dr.Web Постоянно выскакивают ошибки, как на скрине. Что делать? Спасибо. virusinfo_syscure.zip virusinfo_syscheck.zip hijackthis.log virusinfo_syscure.zip virusinfo_syscheck.zip hijackthis.log Quote Link to comment Share on other sites More sharing options...
ТроПа Posted December 12, 2008 Report Share Posted December 12, 2008 (edited) 1.AVZ, меню "Файл - Выполнить скрипт" -- Скопировать ниже написанный скрипт-- Нажать кнопку "Запустить". beginSearchRootkit(true, true);SetAVZGuardStatus(True);QuarantineFile('C:\WINDOWS\system32\svсhost.exe','');QuarantineFile('C:\WINDOWS\system32\сsrss.exe','');QuarantineFile('C:\WINDOWS\System32\Drivers\Beep.SYS','');QuarantineFile('c:\tmp\xvfy.exe','');TerminateProcessByName('c:\tmp\xvfy.exe');QuarantineFile('c:\tmp\sebd.exe','');TerminateProcessByName('c:\tmp\sebd.exe');DeleteFile('c:\tmp\sebd.exe');DeleteFile('C:\WINDOWS\system32\сsrss.exe');DeleteFile('C:\WINDOWS\system32\svсhost.exe');DeleteFile('c:\tmp\xvfy.exe');DeleteFile('C:\WINDOWS\System32\Drivers\Beep.SYS');DeleteFile('C:\System Volume Information\_restore{6C04D56E-D120-4013-86AB-23214FE02C03}\RP373\A0923785.exe');DeleteFile('C:\System Volume Information\_restore{6C04D56E-D120-4013-86AB-23214FE02C03}\RP379\A0935440.exe');DeleteFile('C:\System Volume Information\_restore{6C04D56E-D120-4013-86AB-23214FE02C03}\RP379\A0937179.exe');BC_ImportAll;DeleteService('abp470n5');DeleteService('Beep');ExecuteSysClean;ExecuteRepair(11);ExecuteRepair(17);BC_Activate;RebootWindows(true);end. После выполнения скрипта компьютер перезагрузится. AVZ, меню "Файл - Выполнить скрипт" -- Скопировать ниже написанный скрипт-- Нажать кнопку "Запустить". beginCreateQurantineArchive(GetAVZDirectory+'quarantine.zip');end. Прислать карантин (файл quarantine.zip из папки AVZ) на адрес 54712<at>rambler.ru где <at> - это @. 2.Пофиксить в HijackThis следующие строчки ) O2 - BHO: (no name) - {FFFC57DB-1DE3-4303-B24D-CEE6DCDD3D86} - C:\PROGRA~1\MYCENT~1\InfoBar\MYCENT~1.DLL (file missing) Повторите логи. Edited December 12, 2008 by wise-wistful Quote Link to comment Share on other sites More sharing options...
Василий-d Posted December 12, 2008 Author Report Share Posted December 12, 2008 Ошибки пропали. Сайты антивирусов открываются. Task manager и regedit работают. Спасибо! Повторные логи: virusinfo_syscure.zip virusinfo_syscheck.zip hijackthis.log virusinfo_syscure.zip virusinfo_syscheck.zip hijackthis.log Quote Link to comment Share on other sites More sharing options...
akoK Posted December 13, 2008 Report Share Posted December 13, 2008 AVZ, меню "Файл - Выполнить скрипт" -- Скопировать ниже написанный скрипт-- Нажать кнопку "Запустить". beginClearQuarantine;SearchRootkit(true, true);SetAVZGuardStatus(true);SetServiceStart('abp470n5', 4);DeleteFile('C:\WINDOWS\system32\drivers\idlrmm.sys');DeleteService('abp470n5');BC_ImportDeletedList;BC_Activate;ExecuteSysClean;RebootWindows(true);end. После выполнения скрипта компьютер перезагрузится. Скачайте Malwarebytes' Anti-Malware, установите, обновите базы, выберите "Perform Full Scan", нажмите "Scan", после сканирования - Ok - Show Results (показать результаты) - нажмите "Remove Selected" (удалить выделенные). Откройте лог и скопируйте в сообщение. Quote Link to comment Share on other sites More sharing options...
Василий-d Posted December 13, 2008 Author Report Share Posted December 13, 2008 Malwarebytes' Anti-Malware 1.31 Database version: 1497 Windows 5.1.2600 Service Pack 2 14.12.2008 1:03:35 mbam-log-2008-12-14 (01-03-35).txt Scan type: Full Scan (C:\|E:\|F:\|G:\|) Objects scanned: 348874 Time elapsed: 1 hour(s), 22 minute(s), 54 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 2 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 1 Files Infected: 7 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\WR (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\asc3550p (Rootkit.Agent) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: C:\Program Files\YourSiteBar (Adware.ISTBar) -> Quarantined and deleted successfully. Files Infected: C:\WINDOWS\system32\config\56133762.Evt (Rootkit.Agent.H) -> Delete on reboot. C:\System Volume Information\_restore{6C04D56E-D120-4013-86AB-23214FE02C03}\RP377\A0930247.exe (Malware.Tool) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{ABB80C42-AA45-468F-83EA-5880E03A563F}\RP5\A0001271.exe (Malware.Tool) -> Quarantined and deleted successfully. C:\WIN2K3\system32\drivers\utg5odu4.sys (Worm.Bagel) -> Quarantined and deleted successfully. C:\Program Files\Игры от NevoSoft\NevoDRM\UnWrapper.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully. G:\Katty\Games\UnWrapper.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\WINDOWS\wr.txt (Malware.Trace) -> Quarantined and deleted successfully. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.