;uVS v3.74 script [http://dsrt.dyndns.org]
;Target OS: NTv6.1
breg
zoo %SystemDrive%\DOCUMENTS AND SETTINGS\ADMIN\LOCAL SETTINGS\TEMP\23894729347.EXE
; C:\DOCUMENTS AND SETTINGS\ADMIN\LOCAL SETTINGS\TEMP\23894729347.EXE
addsgn 9252776A156AC1CC0BF4514EA34F1A35248A7282AA87489394CA0838B36DA8DCA91185DF39129C925E870F81C5F8B5EBA6AD05CA54DAB02C2CACD1284C18A19D 8 W32/Yakes.LS!tr
; C:\DOCUMENTS AND SETTINGS\ADMIN\LOCAL SETTINGS\TEMP\0.7557451018972795.EXE
zoo %Sys32%\NOTEPAD.EXE
zoo %SystemDrive%\PROGRAM FILES\IP-TV PLAYER\IPTVPLAYER.EXE
deltmp
regt 12
chklst
delvir
begin
ShowMessage('Внимание! Перед выполнением скрипта AVZ автоматически закроет все сетевые подключения.'+#13#10+'После перезагрузки компьютера подключения к сети будут восстановлены в автоматическом режиме.');
ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true);
SearchRootkit(true, true);
SetAVZGuardStatus(True);
QuarantineFile('C:\WINDOWS\system32\53.tmp','');
DeleteFile('C:\WINDOWS\system32\53.tmp');
DeleteFileMask('C:\Documents and Settings\Admin\Application Data\86z8zd6uWw6A0Cp', '*.*', true);
DeleteFileMask('C:\Documents and Settings\Admin\Application Data\7a6vHav3hoMR2HG', '*.*', true);
DeleteFileMask('C:\chqXLdYHF7dSQHR', '*.*', true);
DeleteFileMask('C:\Documents and Settings\Admin\Application Data\MicroST', '*.*', true);
DeleteDirectory('C:\Documents and Settings\Admin\Application Data\MicroST')
DeleteDirectory('C:\chqXLdYHF7dSQHR');
DeleteDirectory('C:\Documents and Settings\Admin\Application Data\7a6vHav3hoMR2HG')
DeleteDirectory('C:\Documents and Settings\Admin\Application Data\86z8zd6uWw6A0Cp');
RegKeyIntParamWrite('HKCU', 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\', '1804', 1);
RegKeyIntParamWrite('HKCU', 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\', '2201', 3);
RegKeyIntParamWrite('HKCU', 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\', '1004', 3);
RegKeyIntParamWrite('HKCU', 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\', '1001', 1);
RegKeyIntParamWrite('HKCU', 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\', '1201', 3);
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.
begin
CreateQurantineArchive(GetAVZDirectory+'quarantine.zip');
end.
O2 - BHO: Html5 geolocation provider - {9BFBA68E-E21B-458E-AE12-FE85E903D2C0} - (no file)
tdsskiller.exe -silent -qmbr -qboot
begin
ShowMessage('Внимание! Перед выполнением скрипта AVZ автоматически закроет все сетевые подключения.'+#13#10+'После перезагрузки компьютера подключения к сети будут восстановлены в автоматическом режиме.');
ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true);
SearchRootkit(true, true);
SetAVZGuardStatus(True);
QuarantineFile('C:\WINDOWS\system32\53.tmp','');
DeleteFile('C:\WINDOWS\system32\53.tmp');
DeleteFileMask('C:\Documents and Settings\Admin\Application Data\86z8zd6uWw6A0Cp', '*.*', true);
DeleteFileMask('C:\Documents and Settings\Admin\Application Data\7a6vHav3hoMR2HG', '*.*', true);
DeleteFileMask('C:\chqXLdYHF7dSQHR', '*.*', true);
DeleteFileMask('C:\Documents and Settings\Admin\Application Data\MicroST', '*.*', true);
DeleteDirectory('C:\Documents and Settings\Admin\Application Data\MicroST');
DeleteDirectory('C:\chqXLdYHF7dSQHR');
DeleteDirectory('C:\Documents and Settings\Admin\Application Data\7a6vHav3hoMR2HG');
DeleteDirectory('C:\Documents and Settings\Admin\Application Data\86z8zd6uWw6A0Cp');
RegKeyIntParamWrite('HKCU', 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\', '1804', 1);
RegKeyIntParamWrite('HKCU', 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\', '2201', 3);
RegKeyIntParamWrite('HKCU', 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\', '1004', 3);
RegKeyIntParamWrite('HKCU', 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\', '1001', 1);
RegKeyIntParamWrite('HKCU', 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\', '1201', 3);
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.
Ждем.Повторите логи AVZ и RSIT
begin
ShowMessage('Внимание! Перед выполнением скрипта AVZ автоматически закроет все сетевые подключения.'+#13#10+'После перезагрузки компьютера подключения к сети будут восстановлены в автоматическом режиме.');
ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true);
ClearQuarantine;
SearchRootkit(true, true);
SetAVZGuardStatus(true);
QuarantineFile('C:\WINDOWS\notepad.exe',' ');
BC_LogFile(GetAVZDirectory + 'boot_clr.log');
BC_ImportQuarantineList;
BC_Activate;
RebootWindows(true);
end.
begin
CreateQurantineArchive(GetAVZDirectory+'quarantine.zip');
end.
We use cookies and similar technologies for the following purposes:
Do you accept cookies and these technologies?
We use cookies and similar technologies for the following purposes:
Do you accept cookies and these technologies?