begin
ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true);
if not IsWOW64
then
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
end;
QuarantineFile('E:\autorun.inf','');
QuarantineFile('C:\ProgramData\WindowsSQL\System.exe','');
DeleteFile('C:\ProgramData\WindowsSQL\System.exe','32');
DeleteFile('E:\autorun.inf','32');
BC_Activate;
ExecuteSysClean;
ExecuteWizard('SCU', 2, 3, true);
BC_ImportALL;
RebootWindows(true);
end.
begin
CreateQurantineArchive(GetAVZDirectory+'quarantine.zip');
end.
O23 - Service S2: Windows Driver Framework - (Framework) - C:\ProgramData\WindowsSQL\System.exe
Start::
CreateRestorePoint:
VirusTotal: C:\ProgramData\DirectX11b\System.exe;C:\WINDOWS\system32\hasplms.exe
() C:\ProgramData\DirectX11b\System.exe
C:\ProgramData\DirectX11b\System.exe
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
R2 DirectX11b; C:\ProgramData\DirectX11b\System.exe [8192 2016-02-17] () [File not signed] <==== ATTENTION
bl (HKLM-x32\...\{2A075BB4-E976-4278-BF3F-E5C6945D84C0}) (Version: 1.0.0 - Your Company Name) Hidden
CustomCLSID: HKU\S-1-5-21-2560521141-3087306814-2673944632-1001_Classes\CLSID\{E36606FE-036A-4dd0-ABA9-A58F409803F0}\InprocServer32 -> no filepath
Task: {C6C943DA-4817-4B73-82DE-F5669C56A63E} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
EmptyTemp:
Reboot:
End::
We use cookies and similar technologies for the following purposes:
Do you accept cookies and these technologies?
We use cookies and similar technologies for the following purposes:
Do you accept cookies and these technologies?