Внимание. Восстановление баз 1С7, 1C8 и Mssql после атаки шифровальщика, подробности и отзывы читайте в профильной теме.
Внимание. Восстановление архивов RAR и ZIP, образов Acronis и виртуальных машин, баз почтовых программ после атаки шифровальщика, подробности и отзывы читайте в профильной теме.
begin
ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true);
SearchRootkit(true, true);
SetAVZGuardStatus(True);
ClearQuarantineEx(true);
QuarantineFile('C:\Users\user14\AppData\Local\Temp\VWWYABBCDE.exe', '');
QuarantineFile('C:\Users\user16\AppData\Local\Temp\JKKLNOPQRS.exe', '');
DeleteFile('C:\Users\user14\AppData\Local\Temp\VWWYABBCDE.exe', '32');
DeleteFile('C:\Users\user16\AppData\Local\Temp\JKKLNOPQRS.exe', '32');
RegKeyParamDel('HKEY_USERS', 'S-1-5-21-3748994989-1004274494-2084532083-1016\Software\Microsoft\Windows\CurrentVersion\Run', '3358150663', '32');
RegKeyParamDel('HKEY_USERS', 'S-1-5-21-3748994989-1004274494-2084532083-1018\Software\Microsoft\Windows\CurrentVersion\Run', '3358150663', '32');
BC_ImportALL;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.
begin
DeleteFile(GetAVZDirectory+'quarantine.7z');
ExecuteFile(GetAVZDirectory+'7za.exe', 'a -mx9 -pmalware quarantine .\Quarantine\*', 1, 300000, false);
end.
Start::
CreateRestorePoint:
GroupPolicy: Restriction ? <==== ATTENTION
2019-06-18 01:10 - 2019-06-18 01:10 - 000001322 _____ C:\Users\user16\Desktop\email-nightmare666@cock.li.ver-CL 1.5.1.0.id-3358150663-136249432303892526176919.fname-README.txt.doubleoffset
2019-06-18 01:10 - 2019-06-18 01:10 - 000000090 _____ C:\Users\user16\README.txt
2019-06-18 01:10 - 2019-06-18 01:10 - 000000090 _____ C:\Users\user16\Downloads\README.txt
2019-06-18 01:10 - 2019-06-18 01:10 - 000000090 _____ C:\Users\user16\Documents\README.txt
2019-06-18 01:10 - 2019-06-18 01:10 - 000000090 _____ C:\Users\user16\Desktop\README.txt
2019-06-18 01:10 - 2019-06-18 01:10 - 000000090 _____ C:\Users\user16\AppData\Roaming\README.txt
2019-06-18 01:10 - 2019-06-18 01:10 - 000000090 _____ C:\Users\user16\AppData\Roaming\Microsoft\Windows\Start Menu\README.txt
2019-06-18 01:10 - 2019-06-18 01:10 - 000000090 _____ C:\Users\user16\AppData\README.txt
2019-06-18 01:10 - 2019-06-18 01:10 - 000000090 _____ C:\Users\user16\AppData\LocalLow\README.txt
2019-06-18 01:09 - 2019-06-18 01:09 - 000000090 _____ C:\Users\user16\AppData\Local\README.txt
2019-06-18 01:09 - 2019-06-18 01:09 - 000000011 _____ C:\Users\user19\Desktop\DesktopLocker.ini
2019-06-18 01:09 - 2019-04-25 00:19 - 000279303 _____ C:\Users\user19\Desktop\Desktop_Locker.exe
2019-06-18 01:07 - 2019-06-18 01:10 - 000001285 _____ C:\Users\user16\Desktop\email-nightmare666@cock.li.ver-CL 1.5.1.0.id-3358150663-136249432303892526176919.fname-DesktopLocker.ini.doubleoffset
2019-06-18 01:07 - 2019-04-25 00:19 - 000279303 _____ C:\Users\user16\Desktop\Desktop_Locker.exe
2019-06-18 01:04 - 2019-06-18 01:04 - 000000011 _____ C:\Users\user14\Desktop\DesktopLocker.ini
2019-06-18 01:04 - 2019-04-25 00:19 - 000279303 _____ C:\Users\user14\Desktop\Desktop_Locker.exe
2019-06-18 00:43 - 2019-06-18 01:09 - 000001322 _____ C:\Users\Все пользователи\email-nightmare666@cock.li.ver-CL 1.5.1.0.id-3358150663-136249432303892526176919.fname-README.txt.doubleoffset
2019-06-18 00:43 - 2019-06-18 01:09 - 000001322 _____ C:\Users\Public\email-nightmare666@cock.li.ver-CL 1.5.1.0.id-3358150663-136249432303892526176919.fname-README.txt.doubleoffset
2019-06-18 00:43 - 2019-06-18 01:09 - 000001322 _____ C:\Users\Public\Downloads\email-nightmare666@cock.li.ver-CL 1.5.1.0.id-3358150663-136249432303892526176919.fname-README.txt.doubleoffset
2019-06-18 00:43 - 2019-06-18 01:09 - 000001322 _____ C:\Users\Public\Documents\email-nightmare666@cock.li.ver-CL 1.5.1.0.id-3358150663-136249432303892526176919.fname-README.txt.doubleoffset
2019-06-18 00:43 - 2019-06-18 01:09 - 000001322 _____ C:\ProgramData\email-nightmare666@cock.li.ver-CL 1.5.1.0.id-3358150663-136249432303892526176919.fname-README.txt.doubleoffset
2019-06-18 00:43 - 2019-06-18 01:09 - 000000090 _____ C:\Users\Public\README.txt
2019-06-18 00:43 - 2019-06-18 01:09 - 000000090 _____ C:\Users\Public\Downloads\README.txt
2019-06-18 00:43 - 2019-06-18 01:09 - 000000090 _____ C:\Users\Public\Documents\README.txt
2019-06-18 00:43 - 2019-06-18 00:44 - 000001321 _____ C:\Users\user14\Desktop\email-nightmare666@cock.li.ver-CL 1.5.1.0.id-3358150663-99826423610241112378399.fname-README.txt.doubleoffset
2019-06-18 00:43 - 2019-06-18 00:44 - 000000090 _____ C:\Users\user14\Desktop\README.txt
2019-06-18 00:43 - 2019-06-18 00:43 - 000001321 _____ C:\Users\Все пользователи\email-nightmare666@cock.li.ver-CL 1.5.1.0.id-3358150663-99826423610241112378399.fname-README.txt.doubleoffset
2019-06-18 00:43 - 2019-06-18 00:43 - 000001321 _____ C:\Users\Public\Documents\email-nightmare666@cock.li.ver-CL 1.5.1.0.id-3358150663-99826423610241112378399.fname-README.txt.doubleoffset
2019-06-18 00:43 - 2019-06-18 00:43 - 000001321 _____ C:\ProgramData\email-nightmare666@cock.li.ver-CL 1.5.1.0.id-3358150663-99826423610241112378399.fname-README.txt.doubleoffset
2019-06-18 00:43 - 2019-06-18 00:43 - 000000090 _____ C:\Users\Все пользователи\README.txt
2019-06-18 00:43 - 2019-06-18 00:43 - 000000090 _____ C:\Users\user14\README.txt
2019-06-18 00:43 - 2019-06-18 00:43 - 000000090 _____ C:\Users\user14\Downloads\README.txt
2019-06-18 00:43 - 2019-06-18 00:43 - 000000090 _____ C:\Users\user14\Documents\README.txt
2019-06-18 00:43 - 2019-06-18 00:43 - 000000090 _____ C:\Users\user14\AppData\Roaming\README.txt
2019-06-18 00:43 - 2019-06-18 00:43 - 000000090 _____ C:\Users\user14\AppData\Roaming\Microsoft\Windows\Start Menu\README.txt
2019-06-18 00:43 - 2019-06-18 00:43 - 000000090 _____ C:\Users\user14\AppData\README.txt
2019-06-18 00:43 - 2019-06-18 00:43 - 000000090 _____ C:\Users\user14\AppData\LocalLow\README.txt
2019-06-18 00:43 - 2019-06-18 00:43 - 000000090 _____ C:\Users\user14\AppData\Local\README.txt
2019-06-18 00:43 - 2019-06-18 00:43 - 000000090 _____ C:\ProgramData\README.txt
Reboot:
End::
We use cookies and similar technologies for the following purposes:
Do you accept cookies and these technologies?
We use cookies and similar technologies for the following purposes:
Do you accept cookies and these technologies?