begin
ShowMessage('Внимание! Перед выполнением скрипта AVZ автоматически закроет все сетевые подключения.'+#13#10+'После перезагрузки компьютера подключения к сети будут восстановлены в автоматическом режиме.');
ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true);
SearchRootkit(true, true);
SetAVZGuardStatus(True);
TerminateProcessByName('d:\program files\common files\spigot\search settings\searchsettings.exe');
QuarantineFile('d:\program files\common files\spigot\search settings\searchsettings.exe','');
QuarantineFile('D:\WINDOWS1\system32\mgking0.dll','');
QuarantineFile('D:\WINDOWS1\system32\arking1.dll','');
QuarantineFile('D:\systemhost\24FC2AE3565.exe','');
QuarantineFile('D:\WINDOWS1\system32\mgking.exe','');
QuarantineFile('D:\WINDOWS1\system32\arking.exe','');
QuarantineFile('D:\Documents and Settings\All Users\Application Data\Microsoft\Windows\kxsziea.exe','');
QuarantineFile('D:\WINDOWS1\TEMP\Bp6z3JI\urhutow.dll','');
QuarantineFile('D:\WINDOWS1\system32\HpYfZTC.dll','');
QuarantineFile('D:\WINDOWS1\system32\arking0.dll','');
QuarantineFile('D:\Documents and Settings\All Users\Application Data\ISx31.tmp','');
QuarantineFile('D:\Documents and Settings\All Users\Application Data\ISx28.tmp','');
QuarantineFile('D:\w9.exe','');
DeleteFile('D:\Documents and Settings\All Users\Application Data\ISx31.tmp');
DeleteFile('D:\Documents and Settings\All Users\Application Data\ISx28.tmp');
DeleteFile('D:\w9.exe');
DeleteFile('D:\WINDOWS1\system32\arking0.dll');
DeleteFile('D:\WINDOWS1\system32\HpYfZTC.dll');
DeleteFile('D:\WINDOWS1\TEMP\Bp6z3JI\urhutow.dll');
DeleteFile('D:\Documents and Settings\All Users\Application Data\Microsoft\Windows\kxsziea.exe');
DeleteFile('D:\WINDOWS1\system32\arking.exe');
DeleteFile('D:\WINDOWS1\system32\mgking.exe');
DeleteFile('D:\systemhost\24FC2AE3565.exe');
DeleteFile('D:\WINDOWS1\system32\arking1.dll');
DeleteFile('D:\WINDOWS1\system32\mgking0.dll');
DeleteFile('d:\program files\common files\spigot\search settings\searchsettings.exe');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','B92wPsC');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','King_ar');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','king_mg');
RegKeyParamDel('HKEY_USERS','S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run','YI9B2F0F3EXHWFVZBMP');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
ExecuteWizard('SCU',2,3,true);
RebootWindows(true);
end.
begin
CreateQurantineArchive(GetAVZDirectory+'quarantine.zip');
end.
O4 - HKLM\..\Run: [SearchSettings] "D:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe"
O4 - HKLM\..\Run: [B92wPsC] D:\Documents and Settings\All Users\Application Data\Microsoft\Windows\kxsziea.exe
O4 - HKCU\..\Run: [king_mg] D:\WINDOWS1\system32\mgking.exe
O4 - HKCU\..\Run: [King_ar] D:\WINDOWS1\system32\arking.exe
O4 - HKUS\S-1-5-19\..\Run: [YI9B2F0F3EXHWFVZBMP] D:\systemhost\24FC2AE3565.exe (User 'LOCAL SERVICE')
O20 - AppInit_DLLs: HpYfZTC.dll
Письмо послал.
Только возникли проблемы с фиксом в HJT.
Строк нужных нету. Нашёл только две строки (020 - ... и 04 - HKUS\S-1-5-19\...)
c:\sibelius.v6.1.0.14.update\patch_sibelius_v6.1.0.14.exe (RiskWare.Tool.CK) -> No action taken.
begin
ShowMessage('Внимание! Перед выполнением скрипта AVZ автоматически закроет все сетевые подключения.'+#13#10+'После перезагрузки компьютера подключения к сети будут восстановлены в автоматическом режиме.');
ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true);
SearchRootkit(true, true);
SetAVZGuardStatus(True);
SetServiceStart('Application Updater', 4);
StopService('Application Updater');
TerminateProcessByName('d:\program files\application updater\applicationupdater.exe');
QuarantineFile('HpYfZTC.dll','');
QuarantineFile('d:\windows1\temp\rarsfx1\viorb.exe','');
QuarantineFile('d:\program files\application updater\applicationupdater.exe','');
DeleteFile('D:\Program Files\Application Updater\ApplicationUpdater.exe');
DeleteFile('HpYfZTC.dll');
DeleteService('Application Updater');
DeleteFileMask('d:\program files\application updater\', '*.*', true);
DeleteFileMask('d:\program files\common files\spigot\', '*.*', true);
DeleteDirectory('d:\program files\application updater\');
DeleteDirectory('d:\program files\common files\spigot\');
BC_ImportAll;
ExecuteSysClean;
BC_DeleteFile('HpYfZTC.dll');
BC_Activate;
ExecuteWizard('SCU',2,3,true);
RebootWindows(true);
end.
begin
CreateQurantineArchive(GetAVZDirectory+'quarantine.zip');
end.
begin
ShowMessage('Внимание! Перед выполнением скрипта AVZ автоматически закроет все сетевые подключения.'+#13#10+'После перезагрузки компьютера подключения к сети будут восстановлены в автоматическом режиме.');
ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true);
SearchRootkit(true, true);
SetAVZGuardStatus(True);
DeleteFile('D:\WINDOWS1\w_browser.exe');
RegKeyParamDel('HKEY_LOCAL_MACHINE','system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list','D:\WINDOWS1\w_browser.exe');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
ExecuteWizard('SCU',2,3,true);
RebootWindows(true);
end.
We use cookies and similar technologies for the following purposes:
Do you accept cookies and these technologies?
We use cookies and similar technologies for the following purposes:
Do you accept cookies and these technologies?