:OTL
c:\windows\apppatch\sjemyll.dat
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\apppatch\sjemyll.dat) - C:\WINDOWS\AppPatch\sjemyll.dat (Kaspersky Lab)
:files
recycler /alldrives
ipconfig /flushdns /c
:Commands
[purity]
[resethosts]
[clearallrestorepoints]
[emptytemp]
[emptyflash]
[Reboot]
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
QuarantineFile('c:\documents and settings\admin\рабочий стол\лечение\avz4\explorer.exe','');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
ExecuteRepair(20);
RebootWindows(true);
end.
O1 - Hosts: яю127.0.0.1 localhost
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
QuarantineFile('C:\Documents and Settings\Admin\Application Data\2BEF.tmp','');
DeleteFile('C:\Documents and Settings\Admin\Application Data\2BEF.tmp');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.
begin
CreateQurantineArchive(GetAVZDirectory+'quarantine.zip');
end.
Зараженные файлы:
c:\documents and settings\Admin\application data\2BEF.tmp (Trojan.FakeMS) -> No action taken.
c:\system volume information\_restore{911dacf1-5066-4c86-9a56-de3290b93af0}\RP73\A0013708.exe (Trojan.Downloader) -> No action taken.
c:\system volume information\_restore{911dacf1-5066-4c86-9a56-de3290b93af0}\RP74\A0014737.exe (Trojan.Downloader) -> No action taken.
c:\system volume information\_restore{911dacf1-5066-4c86-9a56-de3290b93af0}\RP74\A0014740.exe (Trojan.FakeMS) -> No action taken.
We use cookies and similar technologies for the following purposes:
Do you accept cookies and these technologies?
We use cookies and similar technologies for the following purposes:
Do you accept cookies and these technologies?