File::
c:\windows\system32\msvcrt57.dll
c:\windows\system32\tmpFE634.FOT
c:\windows\system32\tmpF7934.FOT
c:\windows\system32\tmpDC934.FOT
c:\windows\system32\tmpD3734.FOT
c:\windows\system32\tmpB9734.FOT
c:\windows\system32\tmpB1A34.FOT
c:\windows\system32\tmpA5A34.FOT
c:\windows\system32\tmp8F734.FOT
c:\windows\system32\tmp66834.FOT
c:\windows\system32\tmp35634.FOT
c:\windows\system32\tmp21934.FOT
c:\windows\system32\tmp0B634.FOT
c:\windows\adobe.bat
c:\windows\_id.dat
c:\program files\wsv.exe
D:\Setup.exe
Driver::
Folder::
Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{ce49f8e5-bd0c-11da-8326-806d6172696f}]
[-HKEY_CLASSES_ROOT\clsid\{83821c2b-32a8-4dd7-b6d4-44309a78e668}]
FileLook::
c:\windows\macromix.dll
c:\windows\dirdib.drv
c:\windows\system32\GPhotos.scr
DirLook::
Collect::
У Вас установлен Norton?Norton Security Scan
.... нажмите "Remove Selected" (удалить выделенные)...
begin
SearchRootkit(true, true);
SetAVZGuardStatus(true);
SetServiceStart('WebaltaController', 4);
QuarantineFile('C:\WINDOWS\system32\psubst.exe','');
QuarantineFile('C:\WINDOWS\system32\Rundll32.exe','');
QuarantineFile('C:\WINDOWS\system32\gptext.dll','');
QuarantineFile('C:\WINDOWS\System32\WS2_32.dll','');
QuarantineFile('C:\WINDOWS\system32\kеrnеl32.dll','');
DeleteFile('eiotxt.sys');
DeleteFile('C:\Program Files\Webalta\WebaltaUpdaterService.exe');
DeleteFile('cscdll.dll');
RegKeyDel('HKLM','SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}');
DeleteService('WebaltaController');
BC_ImportALL;
BC_Activate;
ExecuteSysClean;
RebootWindows(true);
end.
begin
CreateQurantineArchive(GetAVZDirectory+'quarantine.zip');
end.
O20 - AppInit_DLLs: kеrnеl32.dll
begin
SearchRootkit(true, true);
SetAVZGuardStatus(true);
QuarantineFile('C:\WINDOWS\system32\vksaver.dll','');
DeleteFile('C:\WINDOWS\system32\vksaver.dll');
BC_ImportALL;
BC_Activate;
ExecuteSysClean;
RebootWindows(true);
end.
begin
CreateQurantineArchive(GetAVZDirectory+'quarantine.zip');
end.
:Processes
explorer.exe
:Services
:Files
:Reg
:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]
We use cookies and similar technologies for the following purposes:
Do you accept cookies and these technologies?
We use cookies and similar technologies for the following purposes:
Do you accept cookies and these technologies?