begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
QuarantineFile('C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\VFTWX3AG\pin[1].exe','');
QuarantineFile('yes.exe','');
QuarantineFile('C:\WINDOWS\system32\msvcrt57.dll','');
QuarantineFile('C:\WINDOWS\system32\twex.exe','');
DeleteFile('C:\WINDOWS\system32\twex.exe');
DeleteFile('C:\WINDOWS\system32\msvcrt57.dll');
DeleteFile('C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\VFTWX3AG\pin[1].exe');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.
begin
CreateQurantineArchive(GetAVZDirectory+'quarantine.zip');
end.
O4 - HKLM\..\Run: [ALCalendar] yes
O24 - Desktop Component 0: (no name) - http://www.winda.ru/photo/files/big/DNaturenature_374.jpg
O24 - Desktop Component 1: (no name) - http://www.winda.ru/photo/files/big/DPrirodab4732.jpg
O24 - Desktop Component 2: (no name) - http://www.winda.ru/photo/files/big/DPictureslandscape57.JPG
O24 - Desktop Component 3: (no name) - http://www.winda.ru/photo/files/big/DPicturesCAT_0030.JPG
O24 - Desktop Component 4: (no name) - http://www.winda.ru/photo/files/big/DNature72-1024.JPG
O24 - Desktop Component 5: (no name) - http://www.winda.ru/photo/files/small/DNaturenature_437.jpg
O24 - Desktop Component 6: (no name) - http://img.blogonline.ru/bl/posts/thumbs/70/1178388470_1_53.jpg
:Processes
explorer.exe
:Services
ajpzfedx
:Files
C:\WINDOWS\system32\drivers\ajpzfedx.sys
:Reg
:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]
1.5 Проверка обработчиков IRP
\FileSystem\ntfs[IRP_MJ_QUERY_INFORMATION] = 863671F8 -> перехватчик не определен
\FileSystem\ntfs[IRP_MJ_SET_INFORMATION] = 863671F8 -> перехватчик не определен
\FileSystem\ntfs[IRP_MJ_QUERY_EA] = 863671F8 -> перехватчик не определен
\FileSystem\ntfs[IRP_MJ_SET_EA] = 863671F8 -> перехватчик не определен
Это запускалось что-то из архива."\Device\HarddiskVolume1\DOCUME~1\9335~1\LOCALS~1\ Temp\RarSFX0\setup.exe"
We use cookies and similar technologies for the following purposes:
Do you accept cookies and these technologies?
We use cookies and similar technologies for the following purposes:
Do you accept cookies and these technologies?