begin
ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true);
ClearQuarantineEx(true);
TerminateProcessByName('c:\windows\system32\dllhostex.exe');
TerminateProcessByName('c:\windows\networkdistribution\svchost.exe');
QuarantineFile('c:\windows\system32\dllhostex.exe', '');
QuarantineFile('c:\windows\system32\windowsssdpmanager.dll','');
QuarantineFile('c:\windows\networkdistribution\svchost.exe','');
DeleteFile('c:\windows\networkdistribution\svchost.exe','32');
DeleteFile('c:\windows\system32\windowsssdpmanager.dll','32');
DeleteFile('c:\windows\system32\dllhostex.exe', '32');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SYSTEM\CurrentControlSet\Services\WindowsSSDPManager\Parameters','ServiceDll','x32');
BC_ImportAll;
ExecuteSysClean;
ExecuteWizard('TSW', 2, 3, true);
RebootWindows(true);
end.
begin
DeleteFile(GetAVZDirectory+'quarantine.7z');
ExecuteFile(GetAVZDirectory+'7za.exe', 'a -mx9 -pmalware quarantine .\Quarantine\*', 1, 300000, false);
end.
Start::
SystemRestore: On
CreateRestorePoint:
(Microsoft Corporation) [File not signed] C:\WINDOWS\system32\dllhostex.exe
CloseProcesses:
R2 WindowsSSDPManager; C:\WINDOWS\system32\WindowsSSDPManager.dll [109056 2008-04-14] (Microsoft Corporation) [File not signed]
NETSVC: WindowsSSDPManager -> C:\WINDOWS\system32\WindowsSSDPManager.dll (Microsoft Corporation)
NETSVC: WindowsSSDPManager -> C:\WINDOWS\system32\WindowsSSDPManager.dll (Microsoft Corporation)
2021-08-12 10:12 - 2021-08-12 10:12 - 000000000 ____D C:\WINDOWS\NetworkDistribution
C:\WINDOWS\system32\dllhostex.exe
C:\WINDOWS\system32\WindowsSSDPManager.dll
EmptyTemp:
Reboot:
End::
Не пробовал. Но после нескольких вылетов, заработало в стабильном режимеПроисходит ли такая же перезагрузка при старте системы в безопасном режиме?
Хорошо, но это завтра уже. Там закрытоХорошо.
Для контроля соберите и прикрепите новые логи FRST.txt и Addition.txt
;uVS v4.11.8 [http://dsrt.dyndns.org:8888]
;Target OS: NTv5.1
v400c
sreg
zoo %Sys32%\DLLHOSTEX.EXE
addsgn 71007B5D50D2F0180BD4AEB16420AC7E2C8A7F32851349847A3C552CC046E1DC769E260068061EA5374780BB46D62AFA82CAE8953FDA33C029F2645BB48FE1B4 8 Tool.BtcMine.1969 [DrWeb] 7
zoo %SystemRoot%\NETWORKDISTRIBUTION\SVCHOST.EXE
addsgn 1A00709A55838C8FF42B624E41A083442575D9D218BB1F87A0E354FD502954BCB356C39BF2995185E74C48538ADA8536B154AC565D51FC083D7C6CA48B222E06 8 BackDoor.Spy.3365 [DrWeb] 7
zoo %SystemRoot%\NETWORKDISTRIBUTION\LIBXML2.DLL
addsgn 79132211B9E9317E0AA1AB5970DA12057863670B76059487D048293DBCFE724C23B4BB05324514445FD2888FCF0339A871CF616F3988BC3CA442CC7DCB16AB4E 64 Tool.Equation.23 [DrWeb] 7
zoo %SystemRoot%\NETWORKDISTRIBUTION\COLI-0.DLL
addsgn 79132211B9E9317E0AA1AB59E4CB12057863670B76059487D048293DBCFE724C23B4E3133E45144437C4848FCF0351BE7DCF616F419EB03CA442B46BC716AB4E 64 BackDoor.Spy.3364 [DrWeb] 7
zoo %SystemRoot%\NETWORKDISTRIBUTION\EXMA-1.DLL
zoo %SystemRoot%\NETWORKDISTRIBUTION\TIBE-2.DLL
addsgn 79132211B9E9317E0AA1AB5958CB12057863670B76059487D048293DBCFE724C23B41BFD3D451444FF2A878FCF0399507ECF616F9970B33CA4426C85C416AB4E 64 Trojan.Equation.23 [DrWeb] 7
zoo %SystemRoot%\NETWORKDISTRIBUTION\TRFO-2.DLL
addsgn 79132211B9E9317E0AA1AB592ECC12057863670B76059487D048293DBCFE724C23B46BD23E4514448F05848FCF03E97F7DCF616FC95FB03CA4423CAAC716AB4E 64 Trojan.Equation.25 [DrWeb] 7
zoo %SystemRoot%\NETWORKDISTRIBUTION\UCL.DLL
addsgn 79132211B9E9317E0AA1AB5916CB12057863670B76059487D048293DBCFE724C23B483A33E4514441774848FCF03710E7DCF616F612EB03CA44294DBC716AB4E 64 Trojan.Equation.91 [DrWeb] 7
zoo %SystemRoot%\NETWORKDISTRIBUTION\\SVCHOST.EXE
zoo %SystemRoot%\NETWORKDISTRIBUTION\SPOOLSV.EXE
addsgn 1A96739A55838C8FF42B624E41304245250103A302169E94ADC0C5BCF3DECE0C239ECE5381159DC03E803BDF469F5406C39FE8FB60220E6C2DFE99DB79462215 8 BackDoor.Siggen2.2089 [DrWeb] 7
zoo %SystemRoot%\NETWORKDISTRIBUTION\CRLI-0.DLL
addsgn 79132211B9E9317E0AA1AB5918CB12057863670B76059487D048293DBCFE724C23B4E3033E45144437D4848FCF0351AE7DCF616F418EB03CA442B47BC716AB4E 64 Trojan.Equation.4 [DrWeb] 7
zoo %SystemRoot%\NETWORKDISTRIBUTION\SSLEAY32.DLL
addsgn 79132211B9E9317E0AA1AB591ACB12057863670B76059487D048293DBCFE724C23B4DB9E3C4514443F49868FCF0359337FCF616F5913B23CA442ACE6C516AB4E 64 Tool.Equation.22 [DrWeb] 7
zoo %SystemRoot%\NETWORKDISTRIBUTION\LIBEAY32.DLL
addsgn 79132211B9E9317E0AA1AB5952CB12057863670B76059487D048293DBCFE724C23B4732B3345144487FC898FCF03E18670CF616FF1A6BD3CA4420453CA16AB4E 64 Win32:Rootkit-gen [Rtk] [Avast] 7
zoo %SystemRoot%\NETWORKDISTRIBUTION\ZLIB1.DLL
addsgn 79132211B9E9317E0AA1AB5916CB12057863670B76059487D048293DBCFE724C23B4A3A3720F14447774C8C5CF03110E3185616F012EFC76A442F4DB8B5CAB4E 64 Tool.Equation.21 [DrWeb] 7
chklst
delvir
;---------command-b---------
bp C:\WINDOWS\SYSTEM32\WINDOWSSSDPMANAGER.DLL
dirzooex %SystemRoot%\NETWORKDISTRIBUTION
zoo %Sys32%\WINDOWSSSDPMANAGER.DLL
delall %Sys32%\WINDOWSSSDPMANAGER.DLL
apply
deldirex %SystemRoot%\NETWORKDISTRIBUTION
deltmp
areg
restart
We use cookies and similar technologies for the following purposes:
Do you accept cookies and these technologies?
We use cookies and similar technologies for the following purposes:
Do you accept cookies and these technologies?