werwoolfwe
Новый пользователь
- Сообщения
- 18
- Реакции
- 0
begin
ClearQuarantine;
SearchRootkit(true, true);
SetAVZGuardStatus(true);
QuarantineFile('C:\WINDOWS\system32\FileKan.exe','');
QuarantineFile('C:\WINDOWS\system32\SocksA.exe','');
DeleteFile('C:\WINDOWS\system32\SocksA.exe');
DeleteFile('C:\WINDOWS\system32\FileKan.exe');
BC_ImportALL;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.
begin
CreateQurantineArchive(GetAVZDirectory+'quarantine.zip');
end.
:Processes
explorer.exe
:Services
:Files
:Reg
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"BSserver"=-
:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]
All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== SERVICES/DRIVERS ==========
========== FILES ==========
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\BSserver deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 402 bytes
User: USR-92
->Temp folder emptied: 794780693 bytes
->Temporary Internet Files folder emptied: 943244 bytes
User: wer
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2128867 bytes
%systemroot%\System32 .tmp files removed: 5709 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 13081025 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 56522989 bytes
Total Files Cleaned = 827,00 mb
OTM by OldTimer - Version 3.1.15.0 log created on 01012003_000239
Files moved on Reboot...
Registry entries deleted on Reboot...
Не могли бы вы пояснить пред идущий код.
:Processes
explorer.exe
:Services
:Files
:Reg
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"BSserver"=-
:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]
begin
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run-','ASocksrv');
end.
begin
SearchRootkit(true, true);
SetAVZGuardStatus(true);
SetServiceStart('WinSrv Service Controler', 4);
SetServiceStart('uolrde', 4);
SetServiceStart('llgdpqe', 4);
SetServiceStart('kukjoipo', 4);
SetServiceStart('tolso', 4);
SetServiceStart('huiwciher', 4);
QuarantineFile('C:\WINDOWS\system32\01.tmp','');
QuarantineFile('C:\WINDOWS\system32\02.tmp','');
QuarantineFile('c:\windows\system32\drivers\winsrv.exe','');
DeleteFile('c:\windows\system32\drivers\winsrv.exe');
DeleteFile('C:\WINDOWS\system32\01.tmp');
DeleteFile('C:\WINDOWS\system32\02.tmp');
DeleteFile('F:\autorun.inf');
DeleteFile('F:\RECYCLER\S-3-6-21-2434476501-1644491937-600003330-1213\WinSrv.exe');
DeleteService('uolrde');
DeleteService('WinSrv Service Controler');
DeleteService('huiwciher');
DeleteService('tolso');
DeleteService('llgdpqe');
DeleteService('kukjoipo');
BC_ImportALL;
BC_Activate;
ExecuteSysClean;
ExecuteRepair(1);
ExecuteRepair(8);
ExecuteRepair(16);
RebootWindows(true);
end.
begin
CreateQurantineArchive(GetAVZDirectory+'quarantine.zip');
end.
We use cookies and similar technologies for the following purposes:
Do you accept cookies and these technologies?
We use cookies and similar technologies for the following purposes:
Do you accept cookies and these technologies?