begin
ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true);
TerminateProcessByName('c:\users\детсад\appdata\local\oneclick\oneclickapp.64.exe');
TerminateProcessByName('c:\users\детсад\appdata\local\oneclick\oneclickbandhandler.64.exe');
TerminateProcessByName('c:\programdata\ubar\ubar\ubar.exe');
QuarantineFile('C:\WINDOWS\system32\EOSNotify.exe','');
QuarantineFile('C:\Users\детсад\AppData\Local\Lite\Application\lite.exe', '');
QuarantineFile('C:\WINDOWS\system32\Notifier.exe','');
QuarantineFile('C:\WINDOWS\System32\UI0Detect.exe','');
QuarantineFile('C:\Windows\System32\icardres.dll','');
QuarantineFileF('c:\users\детсад\appdata\local\oneclick', '*.exe, *.dll, *.sys, *.bat, *.vbs, *.ps1, *.js*, *.tmp*', false, '', 0 ,0);
QuarantineFileF('c:\programdata\ubar', '*.exe, *.dll, *.sys, *.bat, *.vbs, *.ps1, *.js*, *.tmp*', true, '', 0 ,0);
QuarantineFile('c:\users\детсад\appdata\local\oneclick\oneclickapp.64.exe', '');
QuarantineFile('c:\users\детсад\appdata\local\oneclick\oneclickbandhandler.64.exe', '');
QuarantineFile('c:\programdata\ubar\ubar\ubar.exe', '');
QuarantineFile('C:\ProgramData\uBar\uBar\modules\cef\chrome_elf.dll', '');
QuarantineFile('C:\ProgramData\uBar\uBar\modules\cef\libcef.dll', '');
QuarantineFile('C:\ProgramData\uBar\uBar\modules\ubtorrent\ubtorrent.dll', '');
DeleteFile('c:\users\детсад\appdata\local\oneclick\oneclickapp.64.exe', '32');
DeleteFile('c:\users\детсад\appdata\local\oneclick\oneclickbandhandler.64.exe', '32');
DeleteFile('c:\programdata\ubar\ubar\ubar.exe', '32');
DeleteFile('C:\ProgramData\uBar\uBar\modules\cef\chrome_elf.dll', '32');
DeleteFile('C:\ProgramData\uBar\uBar\modules\cef\libcef.dll', '32');
DeleteFile('C:\ProgramData\uBar\uBar\modules\ubtorrent\ubtorrent.dll', '32');
DeleteFileMask('c:\users\детсад\appdata\local\oneclick', '*', true);
DeleteFileMask('c:\programdata\ubar', '*', true);
DeleteDirectory('c:\users\детсад\appdata\local\oneclick');
DeleteDirectory('c:\programdata\ubar');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','OneClick');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','uBar');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','OneClick');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','uBar');
ExecuteSysClean;
ExecuteWizard('SCU', 2, 3, true);
CreateQurantineArchive(GetAVZDirectory + 'quarantine.zip');
RebootWindows(true);
end.
begin
CreateQurantineArchive(GetAVZDirectory+'quarantine.zip');
end.
O22 - Task: \Microsoft\Windows\Setup\EOSNotify - C:\WINDOWS\system32\EOSNotify.exe (file missing)
O22 - Task: \Microsoft\Windows\Setup\Notifier - C:\WINDOWS\system32\Notifier.exe (file missing)
Давайте пока ссылку на VT, а там посмотрим.могу его выслать в "нужном" виде...
Давайте пока ссылку на VT, а там посмотрим.
uBar
Кнопка "Яндекс" на панели задач
Менеджер браузеров
я, в принципе, так и понял...Я удалил ubar скриптом
We use cookies and similar technologies for the following purposes:
Do you accept cookies and these technologies?
We use cookies and similar technologies for the following purposes:
Do you accept cookies and these technologies?