Рабочий компьютер( используется для хранения файлов и БД) подвергся атаке вируса шифровальщика, программа Doctor Web cureit определила его как Trojan.Encoder.32640. Все фалы включая базы данных были зашифрованы.
Follow along with the video below to see how to install our site as a web app on your home screen.
Примечание: This feature may not be available in some browsers.
Внимание. Восстановление баз 1С7, 1C8 и Mssql после атаки шифровальщика, подробности и отзывы читайте в профильной теме.
Внимание. Восстановление архивов RAR и ZIP, образов Acronis и виртуальных машин, баз почтовых программ после атаки шифровальщика, подробности и отзывы читайте в профильной теме.
Start::
CreateRestorePoint:
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
Policies: C:\Users\Все пользователи\NTUSER.pol: Restriction <==== ATTENTION
2021-01-01 10:09 - 2021-01-01 10:09 - 000002403 _____ C:\Windows\SysWOW64\Drivers\!INFO.HTA
2021-01-01 10:08 - 2021-01-01 10:08 - 000002403 _____ C:\Windows\Tasks\!INFO.HTA
2021-01-01 10:08 - 2021-01-01 10:08 - 000002403 _____ C:\Windows\SysWOW64\!INFO.HTA
2021-01-01 10:08 - 2021-01-01 10:08 - 000002403 _____ C:\Users\Администратор\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\!INFO.HTA
2021-01-01 10:07 - 2021-01-01 10:08 - 000002403 _____ C:\Users\Все пользователи\Documents\!INFO.HTA
2021-01-01 10:07 - 2021-01-01 10:08 - 000002403 _____ C:\Users\Все пользователи\Desktop\!INFO.HTA
2021-01-01 10:07 - 2021-01-01 10:08 - 000002403 _____ C:\Users\Администратор\AppData\Roaming\Microsoft\Windows\Start Menu\!INFO.HTA
2021-01-01 10:07 - 2021-01-01 10:08 - 000002403 _____ C:\Users\Public\Documents\!INFO.HTA
2021-01-01 10:07 - 2021-01-01 10:08 - 000002403 _____ C:\Users\Public\Desktop\!INFO.HTA
2021-01-01 10:07 - 2021-01-01 10:08 - 000002403 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\!INFO.HTA
2021-01-01 10:07 - 2021-01-01 10:08 - 000002403 _____ C:\ProgramData\Microsoft\Windows\Start Menu\!INFO.HTA
2021-01-01 10:07 - 2021-01-01 10:08 - 000002403 _____ C:\ProgramData\Documents\!INFO.HTA
2021-01-01 10:07 - 2021-01-01 10:08 - 000002403 _____ C:\ProgramData\Desktop\!INFO.HTA
2021-01-01 10:07 - 2021-01-01 10:07 - 000002403 _____ C:\Users\Администратор\Downloads\!INFO.HTA
2021-01-01 10:07 - 2021-01-01 10:07 - 000002403 _____ C:\Users\Администратор\Documents\!INFO.HTA
2021-01-01 10:07 - 2021-01-01 10:07 - 000002403 _____ C:\Users\Администратор\Desktop\!INFO.HTA
2021-01-01 10:07 - 2021-01-01 10:07 - 000002403 _____ C:\Users\Администратор\AppData\Roaming\!INFO.HTA
2021-01-01 10:07 - 2021-01-01 10:07 - 000002403 _____ C:\Users\Администратор\AppData\LocalLow\!INFO.HTA
2021-01-01 10:07 - 2021-01-01 10:07 - 000002403 _____ C:\Users\Администратор\AppData\Local\Temp\!INFO.HTA
2021-01-01 10:07 - 2021-01-01 10:07 - 000002403 _____ C:\Users\Администратор\AppData\!INFO.HTA
2021-01-01 10:07 - 2021-01-01 10:07 - 000002403 _____ C:\Users\Администратор\!INFO.HTA
2021-01-01 10:07 - 2021-01-01 10:07 - 000002403 _____ C:\Users\terminal\Downloads\!INFO.HTA
2021-01-01 10:07 - 2021-01-01 10:07 - 000002403 _____ C:\Users\terminal\Documents\!INFO.HTA
2021-01-01 10:07 - 2021-01-01 10:07 - 000002403 _____ C:\Users\terminal\Desktop\!INFO.HTA
2021-01-01 10:07 - 2021-01-01 10:07 - 000002403 _____ C:\Users\terminal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\!INFO.HTA
2021-01-01 10:07 - 2021-01-01 10:07 - 000002403 _____ C:\Users\terminal\AppData\Roaming\Microsoft\Windows\Start Menu\!INFO.HTA
2021-01-01 10:07 - 2021-01-01 10:07 - 000002403 _____ C:\Users\terminal\AppData\Roaming\!INFO.HTA
2021-01-01 10:07 - 2021-01-01 10:07 - 000002403 _____ C:\Users\terminal\AppData\LocalLow\!INFO.HTA
2021-01-01 10:07 - 2021-01-01 10:07 - 000002403 _____ C:\Users\terminal\AppData\Local\Temp\!INFO.HTA
2021-01-01 10:07 - 2021-01-01 10:07 - 000002403 _____ C:\Users\terminal\AppData\!INFO.HTA
2021-01-01 10:07 - 2021-01-01 10:07 - 000002403 _____ C:\Users\terminal\!INFO.HTA
2021-01-01 10:07 - 2021-01-01 10:07 - 000002403 _____ C:\Users\Public\Downloads\!INFO.HTA
2021-01-01 10:07 - 2021-01-01 10:07 - 000002403 _____ C:\Users\Public\!INFO.HTA
2021-01-01 10:07 - 2021-01-01 10:07 - 000002403 _____ C:\Users\MSSQL$MICROSOFT##WID\Downloads\!INFO.HTA
2021-01-01 10:07 - 2021-01-01 10:07 - 000002403 _____ C:\Users\MSSQL$MICROSOFT##WID\Documents\!INFO.HTA
2021-01-01 10:07 - 2021-01-01 10:07 - 000002403 _____ C:\Users\MSSQL$MICROSOFT##WID\Desktop\!INFO.HTA
2021-01-01 10:07 - 2021-01-01 10:07 - 000002403 _____ C:\Users\MSSQL$MICROSOFT##WID\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\!INFO.HTA
2021-01-01 10:07 - 2021-01-01 10:07 - 000002403 _____ C:\Users\MSSQL$MICROSOFT##WID\AppData\Roaming\Microsoft\Windows\Start Menu\!INFO.HTA
2021-01-01 10:07 - 2021-01-01 10:07 - 000002403 _____ C:\Users\MSSQL$MICROSOFT##WID\AppData\Roaming\!INFO.HTA
2021-01-01 10:07 - 2021-01-01 10:07 - 000002403 _____ C:\Users\MSSQL$MICROSOFT##WID\AppData\LocalLow\!INFO.HTA
2021-01-01 10:07 - 2021-01-01 10:07 - 000002403 _____ C:\Users\MSSQL$MICROSOFT##WID\AppData\Local\Temp\!INFO.HTA
2021-01-01 10:07 - 2021-01-01 10:07 - 000002403 _____ C:\Users\MSSQL$MICROSOFT##WID\AppData\!INFO.HTA
2021-01-01 10:07 - 2021-01-01 10:07 - 000002403 _____ C:\Users\MSSQL$MICROSOFT##WID\!INFO.HTA
2021-01-01 10:07 - 2021-01-01 10:07 - 000002403 _____ C:\Users\Default\Downloads\!INFO.HTA
2021-01-01 10:07 - 2021-01-01 10:07 - 000002403 _____ C:\Users\Default\Documents\!INFO.HTA
2021-01-01 10:07 - 2021-01-01 10:07 - 000002403 _____ C:\Users\Default\Desktop\!INFO.HTA
2021-01-01 10:07 - 2021-01-01 10:07 - 000002403 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\!INFO.HTA
2021-01-01 10:07 - 2021-01-01 10:07 - 000002403 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\!INFO.HTA
2021-01-01 10:07 - 2021-01-01 10:07 - 000002403 _____ C:\Users\Default\AppData\Roaming\!INFO.HTA
2021-01-01 10:07 - 2021-01-01 10:07 - 000002403 _____ C:\Users\Default\AppData\Local\Temp\!INFO.HTA
2021-01-01 10:07 - 2021-01-01 10:07 - 000002403 _____ C:\Users\Default\AppData\!INFO.HTA
2021-01-01 10:07 - 2021-01-01 10:07 - 000002403 _____ C:\Users\Default\!INFO.HTA
2021-01-01 10:07 - 2021-01-01 10:07 - 000002403 _____ C:\Users\Default User\Downloads\!INFO.HTA
2021-01-01 10:07 - 2021-01-01 10:07 - 000002403 _____ C:\Users\Default User\Documents\!INFO.HTA
2021-01-01 10:07 - 2021-01-01 10:07 - 000002403 _____ C:\Users\Default User\Desktop\!INFO.HTA
2021-01-01 10:07 - 2021-01-01 10:07 - 000002403 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\!INFO.HTA
2021-01-01 10:07 - 2021-01-01 10:07 - 000002403 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\!INFO.HTA
2021-01-01 10:07 - 2021-01-01 10:07 - 000002403 _____ C:\Users\Default User\AppData\Roaming\!INFO.HTA
2021-01-01 10:07 - 2021-01-01 10:07 - 000002403 _____ C:\Users\Default User\AppData\Local\Temp\!INFO.HTA
2021-01-01 10:07 - 2021-01-01 10:07 - 000002403 _____ C:\Users\Default User\AppData\!INFO.HTA
2021-01-01 10:07 - 2021-01-01 10:07 - 000002403 _____ C:\Users\Default User\!INFO.HTA
2021-01-01 10:07 - 2021-01-01 10:07 - 000002403 _____ C:\Users\1CUser\Downloads\!INFO.HTA
2021-01-01 10:07 - 2021-01-01 10:07 - 000002403 _____ C:\Users\1CUser\Documents\!INFO.HTA
2021-01-01 10:07 - 2021-01-01 10:07 - 000002403 _____ C:\Users\1CUser\Desktop\!INFO.HTA
2021-01-01 10:07 - 2021-01-01 10:07 - 000002403 _____ C:\Users\1CUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\!INFO.HTA
2021-01-01 10:07 - 2021-01-01 10:07 - 000002403 _____ C:\Users\1CUser\AppData\Roaming\Microsoft\Windows\Start Menu\!INFO.HTA
2021-01-01 10:07 - 2021-01-01 10:07 - 000002403 _____ C:\Users\1CUser\AppData\Roaming\!INFO.HTA
2021-01-01 10:07 - 2021-01-01 10:07 - 000002403 _____ C:\Users\1CUser\AppData\LocalLow\!INFO.HTA
2021-01-01 10:07 - 2021-01-01 10:07 - 000002403 _____ C:\Users\1CUser\AppData\Local\Temp\!INFO.HTA
2021-01-01 10:07 - 2021-01-01 10:07 - 000002403 _____ C:\Users\1CUser\AppData\!INFO.HTA
2021-01-01 10:07 - 2021-01-01 10:07 - 000002403 _____ C:\Users\1CUser\!INFO.HTA
2021-01-01 10:07 - 2021-01-01 10:07 - 000002403 _____ C:\Users\1CBackupAgent\Downloads\!INFO.HTA
2021-01-01 10:07 - 2021-01-01 10:07 - 000002403 _____ C:\Users\1CBackupAgent\Documents\!INFO.HTA
2021-01-01 10:07 - 2021-01-01 10:07 - 000002403 _____ C:\Users\1CBackupAgent\Desktop\!INFO.HTA
2021-01-01 10:07 - 2021-01-01 10:07 - 000002403 _____ C:\Users\1CBackupAgent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\!INFO.HTA
2021-01-01 10:07 - 2021-01-01 10:07 - 000002403 _____ C:\Users\1CBackupAgent\AppData\Roaming\Microsoft\Windows\Start Menu\!INFO.HTA
2021-01-01 10:07 - 2021-01-01 10:07 - 000002403 _____ C:\Users\1CBackupAgent\AppData\Roaming\!INFO.HTA
2021-01-01 10:07 - 2021-01-01 10:07 - 000002403 _____ C:\Users\1CBackupAgent\AppData\LocalLow\!INFO.HTA
2021-01-01 10:07 - 2021-01-01 10:07 - 000002403 _____ C:\Users\1CBackupAgent\AppData\Local\Temp\!INFO.HTA
2021-01-01 10:07 - 2021-01-01 10:07 - 000002403 _____ C:\Users\1CBackupAgent\AppData\!INFO.HTA
2021-01-01 10:07 - 2021-01-01 10:07 - 000002403 _____ C:\Users\1CBackupAgent\!INFO.HTA
2021-01-01 10:07 - 2021-01-01 10:07 - 000002403 _____ C:\Program Files\Common Files\!INFO.HTA
2021-01-01 10:06 - 2021-01-01 10:08 - 000002403 _____ C:\Users\Все пользователи\!INFO.HTA
2021-01-01 10:06 - 2021-01-01 10:08 - 000002403 _____ C:\ProgramData\!INFO.HTA
2021-01-01 10:06 - 2021-01-01 10:06 - 000002403 _____ C:\Windows\!INFO.HTA
2021-01-01 10:06 - 2021-01-01 10:06 - 000002403 _____ C:\Users\!INFO.HTA
2021-01-01 10:06 - 2021-01-01 10:06 - 000002403 _____ C:\Program Files\!INFO.HTA
2021-01-01 10:06 - 2021-01-01 10:06 - 000002403 _____ C:\Program Files (x86)\!INFO.HTA
2021-01-01 10:06 - 2021-01-01 10:06 - 000002403 _____ () C:\Program Files\!INFO.HTA
2021-01-01 10:06 - 2021-01-01 10:06 - 000002403 _____ () C:\Program Files (x86)\!INFO.HTA
2021-01-01 10:07 - 2021-01-01 10:07 - 000002403 _____ () C:\Program Files\Common Files\!INFO.HTA
2021-01-01 10:07 - 2021-01-01 10:07 - 000002403 _____ () C:\Program Files (x86)\Common Files\!INFO.HTA
2021-01-01 10:07 - 2021-01-01 10:07 - 000002403 _____ () C:\Users\Администратор\AppData\Roaming\!INFO.HTA
2021-01-01 20:37 - 2021-01-01 20:38 - 000001694 _____ () C:\Users\Администратор\AppData\Roaming\hidewin.cfg
2021-01-01 10:08 - 2021-01-01 10:08 - 000002403 _____ () C:\Users\Администратор\AppData\Roaming\Microsoft\!INFO.HTA
2021-01-01 10:07 - 2021-01-01 10:07 - 000002403 _____ () C:\Users\Администратор\AppData\Local\!INFO.HTA
FirewallRules: [{7442B04B-C013-4DAC-A7E7-6F5583F5E52B}] => (Allow) C:\Users\Администратор\Downloads\AnyDesk.exe => No File
FirewallRules: [{238909E8-F0DB-46BA-BAF7-956BEAAB95E2}] => (Allow) C:\Users\Администратор\Downloads\AnyDesk.exe => No File
FirewallRules: [{A6742C14-CFFC-4C5A-A619-CDBB9FDD78D8}] => (Allow) C:\Users\Администратор\Downloads\AnyDesk.exe => No File
FirewallRules: [{9F45B53B-6918-4477-820A-DABC9884D382}] => (Allow) C:\Users\Администратор\Downloads\AnyDesk.exe => No File
End::
+Меняйте пароли на RDP
var
LogPath : string;
ScriptPath : string;
begin
LogPath := GetAVZDirectory + 'log\avz_log.txt';
if FileExists(LogPath) Then DeleteFile(LogPath);
ScriptPath := GetAVZDirectory +'ScanVuln.txt';
if DownloadFile('http://dataforce.ru/~kad/ScanVuln.txt', ScriptPath, 1) then ExecuteScript(ScriptPath) else
begin
if DownloadFile('http://dataforce.ru/~kad/ScanVuln.txt', ScriptPath, 0) then ExecuteScript(ScriptPath)
else begin
ShowMessage('Невозможно загрузить скрипт AVZ для обнаружения наиболее часто используемых уязвимостей!');
exit;
end;
end;
if FileExists(LogPath) Then ExecuteFile('notepad.exe', LogPath, 1, 0, false)
end.