begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
QuarantineFile('c:\recycler\s-51-9-25-3434476501-1644491938-601003312-1214\lzhgpw.exe','');
DeleteFile('c:\recycler\s-51-9-25-3434476501-1644491938-601003312-1214\lzhgpw.exe');
DelCLSID('{28ABC5C0-4FCB-11CF-AAX5-81CX1C635612}');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
ExecuteRepair(20);
RebootWindows(true);
end.
begin
CreateQurantineArchive(GetAVZDirectory+'quarantine.zip');
end.
Зараженные ключи в реестре:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{28abc5c0-4fcb-11cf-aax5-81cx1c635612} (Trojan.Agent) -> No action taken.
Объекты реестра заражены:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> No action taken.
evoq6k6n.exe -del service xfrge
evoq6k6n.exe -del file "C:\WINDOWS\system32\czkpti.dll"
evoq6k6n.exe -del reg "HKLM\SYSTEM\CurrentControlSet\Services\xfrge"
evoq6k6n.exe -del reg "HKLM\SYSTEM\ControlSet003\Services\xfrge"
evoq6k6n.exe -del reg "HKLM\SYSTEM\ControlSet002\Services\xfrge"
evoq6k6n.exe -reboot
begin
ClearQuarantine;
SearchRootkit(true, true);
SetAVZGuardStatus(true);
DeleteFileMask('C:\Program Files\Common Files\8CCC827Ba','*.*',true);
DeleteFileMask('C:\Program Files\Common Files\8ccc8688','*.*',true);
DeleteDirectory('C:\Program Files\Common Files\8CCC827Ba',' ');
DeleteDirectory('C:\Program Files\Common Files\8ccc8688',' ');
BC_ImportDeletedList;
BC_Activate;
ExecuteSysClean;
RebootWindows(true);
end.
На ваш выборА что посоветуете поставить KIS 2011 или что-то другое чтобы обезопасить себя на будущее?
We use cookies and similar technologies for the following purposes:
Do you accept cookies and these technologies?
We use cookies and similar technologies for the following purposes:
Do you accept cookies and these technologies?