HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
begin
SearchRootkit(true, true);
SetAVZGuardStatus(true);
QuarantineFile('C:\n1deiect.com','');
QuarantineFile('C:\autorun.inf','');
DeleteFile('C:\autorun.inf');
DeleteFile('C:\n1deiect.com');
RegKeyIntParamWrite('HKCU', 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\', '2201', 1);
RegKeyIntParamWrite('HKCU', 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\', '2201', 3);
RegKeyIntParamWrite('HKCU', 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\', '1004', 3);
RegKeyIntParamWrite('HKCU', 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\', '1001', 1);
RegKeyIntParamWrite('HKCU', 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\', '1201', 3);
BC_ImportALL;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.
begin
CreateQurantineArchive(GetAVZDirectory+'quarantine.zip');
end.
begin
RegKeyIntParamWrite('HKCU', 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\', '2201', 1);
end.
Заражённые папки:
c:\program files\newdotnet (Adware.NewDotNet) -> No action taken.
c:\program files\VVSN (Adware.WhenU) -> No action taken.
c:\program files\VVSN\URL1 (Adware.WhenU) -> No action taken.
c:\program files\VVSN\URL2 (Adware.WhenU) -> No action taken.
c:\program files\VVSN\URL3 (Adware.WhenU) -> No action taken.
c:\program files\VVSN\URL4 (Adware.WhenU) -> No action taken.
c:\program files\VVSN\URL5 (Adware.WhenU) -> No action taken.
c:\program files\VVSN\URL6 (Adware.WhenU) -> No action taken.
c:\program files\VVSN\URL7 (Adware.WhenU) -> No action taken.
c:\program files\VVSN\URL8 (Adware.WhenU) -> No action taken.
c:\program files\VVSN\URL9 (Adware.WhenU) -> No action taken.
c:\program files\VVSN\URL10 (Adware.WhenU) -> No action taken.
Заражённые файлы:
c:\documents and settings\Admin\local settings\Temp\0.007082671134180263.exe (Trojan.Dropper) -> No action taken.
c:\program files\newdotnet\readme.html (Adware.NewDotNet) -> No action taken.
c:\program files\VVSN\vvsn.cfg (Adware.WhenU) -> No action taken.
Активного заражения не видно.
We use cookies and similar technologies for the following purposes:
Do you accept cookies and these technologies?
We use cookies and similar technologies for the following purposes:
Do you accept cookies and these technologies?