Денис 777 Posted October 26, 2009 Report Share Posted October 26, 2009 Всем доброго вечера! Помогите вирус. Не отображаются страницы. Все логи как положено сделал. Посмотрите. В долгу не останусь info.txt log.txt virusinfo_syscheck.zip virusinfo_syscure.zip info.txt log.txt virusinfo_syscheck.zip virusinfo_syscure.zip Quote Link to comment Share on other sites More sharing options...
миднайт Posted October 26, 2009 Report Share Posted October 26, 2009 Закройте/выгрузите все программы кроме AVZ и Internet Explorer. - Отключите ПК от интернета/локалки - Отключите Антивирус и Файрвол. В AVZ выполните скрипт: beginSearchRootkit(true, true);SetAVZGuardStatus(True);TerminateProcessByName('c:\windows\system32\nssm.exe');DelBHO('{92780B25-18CC-41C8-B9BE-3C9C571A8263}');DelBHO('{26528DB7-3F17-47C3-B742-8250C7DA5D55}');QuarantineFile('C:\WINDOWS\system32\qyklib.dll','');QuarantineFile('WinCtrl32.dll','');QuarantineFile('C:\WINDOWS\system32\dllcache\ntsser.dll','');QuarantineFile('C:\WINDOWS\System32\Drivers\Winpx75.sys','');QuarantineFile('C:\WINDOWS\System32\Drivers\Winpx21.sys','');QuarantineFile('C:\WINDOWS\System32\Drivers\Winnv87.sys','');QuarantineFile('C:\WINDOWS\System32\Drivers\Winmv43.sys','');QuarantineFile('C:\WINDOWS\System32\Drivers\Wingo21.sys','');QuarantineFile('C:\WINDOWS\System32\Drivers\Winen10.sys','');QuarantineFile('C:\WINDOWS\System32\Drivers\Windl65.sys','');QuarantineFile('C:\WINDOWS\System32\Drivers\Windl64.sys','');QuarantineFile('C:\WINDOWS\System32\Drivers\Winci85.sys','');QuarantineFile('C:\WINDOWS\System32\Drivers\Winve08.sys','');QuarantineFile('C:\WINDOWS\system32\WLCtrl32.dll','');QuarantineFile('c:\windows\system32\nssm.exe','');DeleteService('Winve08');DeleteService('Winpx75');DeleteService('Winpx21');DeleteService('Winnv87');DeleteService('Winmv43');DeleteService('Wingo21');DeleteService('Winen10');DeleteService('Windl65');DeleteService('Windl64');DeleteService('Winci85');DeleteFile('c:\windows\system32\nssm.exe');DeleteFile('C:\WINDOWS\System32\Drivers\Winve08.sys');DeleteFile('C:\WINDOWS\System32\Drivers\Winci85.sys');DeleteFile('C:\WINDOWS\System32\Drivers\Windl64.sys');DeleteFile('C:\WINDOWS\System32\Drivers\Windl65.sys');DeleteFile('C:\WINDOWS\System32\Drivers\Winen10.sys');DeleteFile('C:\WINDOWS\System32\Drivers\Wingo21.sys');DeleteFile('C:\WINDOWS\System32\Drivers\Winmv43.sys');DeleteFile('C:\WINDOWS\System32\Drivers\Winnv87.sys');DeleteFile('C:\WINDOWS\System32\Drivers\Winpx21.sys');DeleteFile('C:\WINDOWS\System32\Drivers\Winpx75.sys');DeleteFile('C:\WINDOWS\system32\WLCtrl32.dll');DeleteFile('WinCtrl32.dll');DeleteFile('C:\WINDOWS\system32\qyklib.dll');BC_ImportAll;ExecuteSysClean;BC_Activate;RebootWindows(true);end. После перезагрузки begin CreateQurantineArchive(GetAVZDirectory+'quarantine.zip'); end. В HiJackThis пофиксите: O20 - Winlogon Notify: WinCtrl32 - WinCtrl32.dll (file missing) Файл quarantine.zip из папки с AVZ пришлите на mind_storm()mail.ru Повторите логи. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.