>>> [script][MASK] "C:\Users\123\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Intеrnеt Ехрlоrеr (Nо Аdd-оns).lnk" -> ["C:\Program Files (x86)\Internet Explorer\iexplore.bat"] -> start "" /I /B /D "c:\PROGRA~2\INTERN~1\" "c:\PROGRA~2\INTERN~1\iexplore.exe" hxxp://2015-search.ru (MD5:0C6F1590CF5743D45D40E6CAB7911651)
>>> [script][MASK] "C:\Users\123\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Ехрlоrеr (64-bit).lnk" -> ["C:\Program Files (x86)\Internet Explorer\iexplore.bat"] -> start "" /I /B /D "c:\PROGRA~2\INTERN~1\" "c:\PROGRA~2\INTERN~1\iexplore.exe" hxxp://2015-search.ru (MD5:0C6F1590CF5743D45D40E6CAB7911651)
>>> [script][MASK] "C:\Users\123\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Ехрlоrеr.lnk" -> ["C:\Program Files (x86)\Internet Explorer\iexplore.bat"] -> start "" /I /B /D "c:\PROGRA~2\INTERN~1\" "c:\PROGRA~2\INTERN~1\iexplore.exe" hxxp://2015-search.ru (MD5:0C6F1590CF5743D45D40E6CAB7911651)
>>> [MASK] "C:\Users\123\AppData\Local\Microsoft\Start Menu\Вoйти в Интeрнeт 2inf.net.lnk" -> ["C:\Users\123\AppData\Local\Microsoft\Start Menu\Вoйти в Интeрнeт 2inf.net.exe" -> hxxp://2inf.net/?utm_source=startlink]
>>> [modified][RO][MASK] "C:\Users\123\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Lаunсh Intеrnеt Ехplоrеr Вrоwsеr.lnk" -> ["C:\iexplore.bat"]
>>> [modified][MASK] "C:\Users\123\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Intеrnеt Ехplоrеr (Nо Аdd-оns).lnk" -> ["C:\iexplore.bat"]
>>> [modified][MASK] "C:\Users\123\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Ехplоrеr.lnk" -> ["C:\iexplore.bat"]
-[MASK] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ореrа.lnk" -> ["C:\Program Files\Opera\launcher.exe"]
-[MASK] "C:\Users\Public\Desktop\Ореrа.lnk" -> ["C:\Program Files\Opera\launcher.exe"]
>>> [script] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Grand Theft Auto IV\Rосkstаr Gаmеs Sосiаl Сlub.lnk" -> ["C:\Program Files (x86)\Rockstar Games Social Club\rgsclauncher.bat"] -> start "" /I /B /D "c:\PROGRA~2\ROCKST~1\" "c:\PROGRA~2\ROCKST~1\RGSCLA~1.EXE" hxxp://2015-search.ru (MD5:ACC8986A29FA409641A3B27512D5445C)
>>> [script] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R.G. Mechanics\Outlast\Играть Оutlаst.lnk" -> ["G:\Games\Outlast\outlastlauncher.bat"] -> start "" /I /B /D "g:\games\outlast\" "g:\games\outlast\OUTLAS~1.EXE" hxxp://2015-search.ru (MD5:9FBF655B694A87DAF619274300B6A0C8)
>>> [script] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R.G. Mechanics\Skyrim - Legendary Edition\Играть Skyrim - Lеgеndаry Еditiоn.lnk" -> ["G:\Games\Skyrim - Legendary Edition\skyrimlauncher.bat"] -> start "" /I /B /D "g:\games\SKYRIM~1\" "g:\games\SKYRIM~1\SKYRIM~1.EXE" hxxp://2015-search.ru (MD5:6766968D387D882710F3A3C595CF81FF)
>>> [script] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarGame\Mafia 2.Digital Deluxe.v 1.0.0.1u5 + 8 DLC\Mаfiа 2.Digitаl Dеluхе.v 1.0.0.1u5 + 8 DLС.lnk" -> ["G:\Games\Mafia 2.Digital Deluxe.v 1.0.0.1u5 + 8 DLC\launcher.bat"] -> start "" /I /B /D "g:\games\MAFIA2~1.1U5\" "g:\games\MAFIA2~1.1U5\launcher.exe" hxxp://2015-search.ru (MD5:9C813E0E7D331E8485B2F7E2CEAB73C9)
>>> [script] "C:\Users\123\Desktop\Игры\Mаfiа 2.Digitаl Dеluхе.v 1.0.0.1u5 + 8 DLС.lnk" -> ["G:\Games\Mafia 2.Digital Deluxe.v 1.0.0.1u5 + 8 DLC\launcher.bat"] -> start "" /I /B /D "g:\games\MAFIA2~1.1U5\" "g:\games\MAFIA2~1.1U5\launcher.exe" hxxp://2015-search.ru (MD5:9C813E0E7D331E8485B2F7E2CEAB73C9)
>>> [script] "C:\Users\123\Desktop\Игры\Skyrim - Lеgеndаry Еditiоn.lnk" -> ["G:\Games\Skyrim - Legendary Edition\skyrimlauncher.bat"] -> start "" /I /B /D "g:\games\SKYRIM~1\" "g:\games\SKYRIM~1\SKYRIM~1.EXE" hxxp://2015-search.ru (MD5:6766968D387D882710F3A3C595CF81FF)
>>> [script] "C:\Users\123\Desktop\Игры\Оutlаst.lnk" -> ["G:\Games\Outlast\outlastlauncher.bat"] -> start "" /I /B /D "g:\games\outlast\" "g:\games\outlast\OUTLAS~1.EXE" hxxp://2015-search.ru (MD5:9FBF655B694A87DAF619274300B6A0C8)
>>> "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Red Faction 2\Запустить Rеd Fасtiоn Guеrrillа.lnk" -> ["C:\rfg_launcher.bat" -> "hxxp://kopsearch.ru" ]
>>> "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarGame\Mafia 2.Digital Deluxe.v 1.0.0.1u5 + 8 DLC\Маfiа 2.Digitаl Dеluхе.v 1.0.0.1u5 + 8 DLС.lnk" -> ["C:\launcher.bat" -> "hxxp://kopsearch.ru" ]
>>> "C:\Users\123\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\World of Tanks\Wоrld оf Таnks.lnk" -> ["C:\WoTLauncher.bat" -> "hxxp://kopsearch.ru" ]
>>> "C:\Users\123\Favorites\Links\Интернет.url" -> hxxp://2inf.net/?utm_source=favorites12
begin
DelBHO('{0633EE93-D776-472f-A0FF-E1416B8B2E3D}');
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ZaxarLoader', 'command');
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Timestasks', 'command');
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\pricefountainw.exe', 'command');
ExecuteWizard('SCU', 2, 2, true);
RebootWindows(true);
end.
begin
ClearQuarantine;
QuarantineFile('C:\Users\123\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Intеrnеt Ехрlоrеr (Nо Аdd-оns).lnk','');
QuarantineFile('C:\Users\123\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Ехрlоrеr (64-bit).lnk','');
QuarantineFile('C:\Users\123\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Ехрlоrеr.lnk','');
QuarantineFile('C:\Users\123\AppData\Local\Microsoft\Start Menu\Вoйти в Интeрнeт 2inf.net.lnk','');
QuarantineFile('C:\Users\123\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Lаunсh Intеrnеt Ехplоrеr Вrоwsеr.lnk','');
QuarantineFile('C:\Users\123\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Intеrnеt Ехplоrеr (Nо Аdd-оns).lnk','');
QuarantineFile('C:\Users\123\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Ехplоrеr.lnk','');
QuarantineFile('C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ореrа.lnk','');
QuarantineFile('C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Grand Theft Auto IV\Rосkstаr Gаmеs Sосiаl Сlub.lnk','');
QuarantineFile('C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R.G. Mechanics\Outlast\Играть Оutlаst.lnk','');
QuarantineFile('C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R.G. Mechanics\Skyrim - Legendary Edition\Играть Skyrim - Lеgеndаry Еditiоn.lnk','');
QuarantineFile('C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarGame\Mafia 2.Digital Deluxe.v 1.0.0.1u5 + 8 DLC\Mаfiа 2.Digitаl Dеluхе.v 1.0.0.1u5 + 8 DLС.lnk','');
QuarantineFile('C:\Users\123\Desktop\Игры\Mаfiа 2.Digitаl Dеluхе.v 1.0.0.1u5 + 8 DLС.lnk','');
QuarantineFile('C:\Users\123\Desktop\Игры\Skyrim - Lеgеndаry Еditiоn.lnk','');
QuarantineFile('C:\Users\123\Desktop\Игры\Оutlаst.lnk','');
QuarantineFile('C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Red Faction 2\Запустить Rеd Fасtiоn Guеrrillа.lnk','');
QuarantineFile('C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarGame\Mafia 2.Digital Deluxe.v 1.0.0.1u5 + 8 DLC\Маfiа 2.Digitаl Dеluхе.v 1.0.0.1u5 + 8 DLС.lnk','');
QuarantineFile('C:\Users\123\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\World of Tanks\Wоrld оf Таnks.lnk','');
QuarantineFile('C:\Users\123\Favorites\Links\Интернет.url','');
QuarantineFile('C:\Program Files (x86)\Internet Explorer\iexplore.bat','');
QuarantineFile('C:\iexplore.bat','');
QuarantineFile('C:\Program Files (x86)\Rockstar Games Social Club\rgsclauncher.bat','');
QuarantineFile('G:\Games\Outlast\outlastlauncher.bat','');
QuarantineFile('G:\Games\Skyrim - Legendary Edition\skyrimlauncher.bat','');
QuarantineFile('G:\Games\Mafia 2.Digital Deluxe.v 1.0.0.1u5 + 8 DLC\launcher.bat','');
QuarantineFile('C:\rfg_launcher.bat','');
QuarantineFile('C:\launcher.bat','');
QuarantineFile('C:\WoTLauncher.bat','');
DeleteFile('C:\Program Files (x86)\Internet Explorer\iexplore.bat','');
DeleteFile('C:\iexplore.bat','');
DeleteFile('C:\Program Files (x86)\Rockstar Games Social Club\rgsclauncher.bat','');
DeleteFile('G:\Games\Outlast\outlastlauncher.bat','');
DeleteFile('G:\Games\Skyrim - Legendary Edition\skyrimlauncher.bat','');
DeleteFile('G:\Games\Mafia 2.Digital Deluxe.v 1.0.0.1u5 + 8 DLC\launcher.bat','');
DeleteFile('C:\rfg_launcher.bat','');
DeleteFile('C:\launcher.bat','');
DeleteFile('C:\WoTLauncher.bat','');
CreateQurantineArchive(GetAVZDirectory + 'quarantine.zip');
end.
begin
ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true);
ClearQuarantineEx(true);
QuarantineFile('C:\Program Files\Common Files\WADHost\WADHost Client\wadsrv.exe', '');
QuarantineFile('wadsrv.exe', '');
QuarantineFile('C:\ProgramData\WADHostAgent\startprocess.js', '');
DeleteFile('C:\Windows\system32\Tasks\{33E05A33-4E09-408D-8596-9713BEAC6A4D}', '64');
DeleteFile('C:\Windows\system32\Tasks\{3A054213-EB28-40B0-97C6-B5BC09205F94}', '64');
DeleteFile('C:\Windows\system32\Tasks\{4C652DCB-C09C-4278-AA6C-5269A9DE1C7E}', '64');
DeleteFile('C:\Windows\system32\Tasks\{F027CC18-A530-4C69-881F-B50F1597FE8F}', '64');
DeleteFile('C:\Windows\system32\Tasks\{DDD987BA-D5CD-4113-9C1E-18885D66501C}', '64');
DeleteFile('C:\Windows\system32\Tasks\{BC22A287-8F10-4525-A08B-3E00AD0A699E}', '64');
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ZaxarLoader', 'command');
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Timestasks', 'command');
ExecuteSysClean;
ExecuteRepair(1);
CreateQurantineArchive(GetAVZDirectory+'quarantine.zip');
RebootWindows(true);
end.
В браузерах, которые у меня установлены: Opera и IE.Эта проблема только в Опере наблюдается или во всех браузерах?
begin
ShowMessage('Внимание! Перед выполнением скрипта AVZ автоматически закроет все сетевые подключения.'+#13#10+'После перезагрузки компьютера подключения к сети будут восстановлены в автоматическом режиме.');
ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true);
if not IsWOW64
then
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
end;
QuarantineFile('C:\ProgramData\WADHostAgent\startprocess.js','');
QuarantineFile('C:\Users\123\AppData\Local\PriceFountain\pricefountainw.exe','');
QuarantineFile('C:\ProgramData\TimeTasks\TimeTasksSetup.exe','');
QuarantineFile('C:\Program Files (x86)\Zaxar\ZaxarLoader.exe','');
DeleteFile('C:\Program Files (x86)\Zaxar\ZaxarLoader.exe','32');
DeleteFile('C:\ProgramData\TimeTasks\TimeTasksSetup.exe','32');
DeleteFile('C:\Users\123\AppData\Local\PriceFountain\pricefountainw.exe','32');
DeleteFile('C:\ProgramData\WADHostAgent\startprocess.js','32');
DeleteFile('C:\Windows\system32\Tasks\GoogleUpdateTaskUserS_1_5_22_478699874-4155726479-3780505679-1001UA__323638383233313538332d375055574132506c572a4a45','64');
BC_ImportALL;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.
begin
CreateQurantineArchive(GetAVZDirectory+'quarantine.zip');
end.
begin
ClearQuarantineEx(true);
QuarantineFile('C:\Program Files\Common Files\WADHost\WADHost Client\waddrw.sys','');
QuarantineFileF('C:\Program Files\Common Files\WADHost\', '*.exe, *.dll, *.sys, *.bat, *.vbs, *.js', true, '', 0, 0);
CreateQurantineArchive(GetAVZDirectory + 'quarantine.zip');
end.
Procedure ScanDir(ADirName : string; AScanSubDir : boolean);
var FS : TFileSearch;
begin
ADirName := NormalDir(ADirName);
FS := TFileSearch.Create(nil);
FS.FindFirst(ADirName + '*.*');
while FS.Found do
begin
SetStatusBarText(ADirName + FS.FileName);
if FS.IsDir then
begin
if AScanSubDir and (FS.FileName <> '.') and (FS.FileName <> '..') then
ScanDir(ADirName + FS.FileName, AScanSubDir)
end
else
AddToLog(ADirName + FS.FileName + '__MD5= ' + CalkFileMD5(ADirName + FS.FileName)+ '__Size= '+ IntToStr(GetFileSize(ADirName + FS.FileName)));
FS.FindNext;
end;
FS.Free;
end;
begin
ClearLog;
ScanDir(' C:\Program Files\Common Files\WADHost ', true);
SaveLog(GetAVZDirectory + 'MD5&Size.txt');
end.
C:\Program Files\Common Files\WADHost\
Заархивируйте в zip архив с паролем virus затем загрузите на и пришлите мне ссылку через личные сообщения.Но всё таки хочется знать, что делать с этим WADHost?
var
LogPath : string;
ScriptPath : string;
begin
LogPath := GetAVZDirectory + 'log\avz_log.txt';
if FileExists(LogPath) Then DeleteFile(LogPath);
ScriptPath := GetAVZDirectory +'ScanVuln.txt';
if DownloadFile('http://dataforce.ru/~kad/ScanVuln.txt', ScriptPath, 1) then ExecuteScript(ScriptPath) else begin
if DownloadFile('http://dataforce.ru/~kad/ScanVuln.txt', ScriptPath, 0) then ExecuteScript(ScriptPath) else begin
ShowMessage('Невозможно загрузить скрипт AVZ для обнаружения наиболее часто используемых уязвимостей!');
exit;
end;
end;
if FileExists(LogPath) Then ExecuteFile('notepad.exe', LogPath, 1, 0, false)
end.
begin
ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true);
ClearQuarantineEx(true);
StopService('wadupdd');
QuarantineFile('C:\Program Files\Common Files\WADHost\WADHost Client\waddrw.sys', '');
DeleteFile('');
DeleteFile('C:\Program Files\Common Files\WADHost\WADHost Client\waddrw.sys', '32');
DeleteFile('C:\Program Files\Common Files\WADHost\WADHost Client\uninstall.exe');
DeleteFile('C:\Program Files\Common Files\WADHost\WADHost Client\wada.exe');
DeleteFile('C:\Program Files\Common Files\WADHost\WADHost Client\wadmm64.dll');
DeleteFile('C:\Program Files\Common Files\WADHost\WADHost Client\wadmm32.dll');
DeleteService('wadupdd');
ExecuteSysClean;
RebootWindows(true);
end.
begin
ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true);
ClearQuarantineEx(true);
StopService('WADUpd');
QuarantineFile('C:\Program Files\Common Files\WADHost\WADHost Client\wadsrv.exe', '');
DeleteFile('C:\Program Files\Common Files\WADHost\WADHost Client\wadsrv.exe', '32');
DeleteService('WADUpd');
ExecuteSysClean;
RebootWindows(true);
end.
We use cookies and similar technologies for the following purposes:
Do you accept cookies and these technologies?
We use cookies and similar technologies for the following purposes:
Do you accept cookies and these technologies?