julia.kz_7
Новый пользователь
- Сообщения
- 11
- Реакции
- 0
И только сейчас на нем заработал Касперский 6.0
begin
SearchRootkit(true, true);
SetAVZGuardStatus(true);
QuarantineFile('C:\WINDOWS\system32\XP-D530B51C.EXE','');
SetServiceStart('abp470n5', 4);
QuarantineFile('C:\WINDOWS\system32\drivers\ilnifr.sys','');
QuarantineFile('C:\WINDOWS\system32\klogon.dll','');
QuarantineFile('C:\Program Files\Credo-III\NetAgent\NetAgent.exe','');
DeleteFile('C:\WINDOWS\system32\drivers\ilnifr.sys');
DeleteFile('C:\WINDOWS\system32\XP-D530B51C.EXE');
DeleteService('abp470n5');
BC_ImportALL;
BC_QrSvc('qenpuaxo');
ExecuteRepair(6);
ExecuteRepair(8);
BC_Activate;
ExecuteSysClean;
RebootWindows(true);
end.
begin
CreateQurantineArchive(GetAVZDirectory+'quarantine.zip');
end.
:Processes
explorer.exe
:Services
:Files
:Reg
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0a643eb7-c2b1-11dd-81d9-00d059584142}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{45400517-35ce-11dd-86ca-00d059584142}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5e4af220-813a-11dc-ba40-00d059584142}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6775d74a-b452-11dd-81be-00d059584142}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{715d0de5-cee4-11dc-ba7d-00d059584142}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7f7c026d-9840-11dd-8734-00d059584142}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8867461b-9826-11dd-8731-00d059584142}]
:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]
wks? (корпоративная версия)
нет не корпоративная.
новые логи.
после проверки Malwarebytes' Anti-Malware 1.33
Версия базы данных: 1654
Windows 5.1.2600 Service Pack 2
05.02.2009 13:32:46
mbam-log-2009-02-05 (13-32-46).txt
Тип проверки: Полная (C:\|)
Проверено объектов: 111021
Прошло времени: 44 minute(s), 47 second(s)
Заражено процессов в памяти: 0
Заражено модулей в памяти: 0
Заражено ключей реестра: 0
Заражено значений реестра: 0
Заражено параметров реестра: 0
Заражено папок: 0
Заражено файлов: 1
Заражено процессов в памяти:
(Вредоносные программы не обнаружены)
Заражено модулей в памяти:
(Вредоносные программы не обнаружены)
Заражено ключей реестра:
(Вредоносные программы не обнаружены)
Заражено значений реестра:
(Вредоносные программы не обнаружены)
Заражено параметров реестра:
(Вредоносные программы не обнаружены)
Заражено папок:
(Вредоносные программы не обнаружены)
Заражено файлов:
C:\WINDOWS\system32\krnln.fnr (Trojan.Agent) -> Quarantined and deleted successfully.
после OTMoveIt3 by OldTimer
========= PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
========== FILES ==========
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0a643eb7-c2b1-11dd-81d9-00d059584142}\\ deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{45400517-35ce-11dd-86ca-00d059584142}\\ deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5e4af220-813a-11dc-ba40-00d059584142}\\ deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6775d74a-b452-11dd-81be-00d059584142}\\ deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{715d0de5-cee4-11dc-ba7d-00d059584142}\\ deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7f7c026d-9840-11dd-8734-00d059584142}\\ deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8867461b-9826-11dd-8731-00d059584142}\\ deleted successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\user\LOCALS~1\Temp\~DF3528.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\user\LOCALS~1\Temp\~DF3D63.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Opera cache emptied.
Temp folders emptied.
Explorer started successfully
OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 02052009_102047
Files moved on Reboot...
File C:\DOCUME~1\user\LOCALS~1\Temp\~DF3528.tmp not found!
File C:\DOCUME~1\user\LOCALS~1\Temp\~DF3D63.tmp not found!
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File::
C:\autorun.inf.vir
c:\windows\system32\x
C:\c6ff
Driver::
qenpuaxo
Folder::
C:\khs
c:\windows\system32\x
C:\c6ff
Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3098:TCP"=-
FileLook::
DirLook::
Collect::
File::
C:\khs
Driver::
Folder::
C:\khs
Registry::
FileLook::
DirLook::
Collect::
:Processes
explorer.exe
:Services
:Files
C:\khs
:Reg
:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]
We use cookies and similar technologies for the following purposes:
Do you accept cookies and these technologies?
We use cookies and similar technologies for the following purposes:
Do you accept cookies and these technologies?