c:\documents and settings\Admin\мои документы\reinkarnatsiya_izabel_onlayn.exe (Trojan.Dropper) -> No action taken.
c:\documents and settings\Admin\мои документы\devid_kopperfild_onlayn.exe (Trojan.Dropper) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Hijack.StartPage) -> Bad: (http://webalta.ru) Good: (http://www.google.com/) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Default_Page_URL (Hijack.StartPage) -> Bad: (http://webalta.ru) Good: (http://www.google.com/) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Default_Page_URL (Hijack.StartPage) -> Bad: (http://webalta.ru) Good: (http://www.google.com/) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Hijack.StartPage) -> Bad: (http://webalta.ru) Good: (http://www.google.com/) -> No action taken.
c:\documents and settings\Admin\рабочий стол\программы\office_2003_sp2_rus\portable ms office 2003 sp2 rus\office2003.exe (Trojan.Downloader) -> No action taken.
c:\program files\total commander\Plugins\arc\Default.sfx (Malware.Packer.Gen) -> No action taken.
c:\program files\total commander\Utilites\SFX Tool\Upack.exe (Malware.Packer.Gen) -> No action taken.
c:\WINDOWS\Temp\_avast_\unp19427058.tmp (Trojan.Downloader) -> No action taken.
d:\ajnj\документы\programmu_menyayuschuyu_format_foto.rar.exe (Trojan.Dropper) -> No action taken.
d:\программа\corel_paint_shop_pro_photo_x3_13.2.0.35\corel paint shop pro photo x3 13.2.0.35\corel.psp.x3.keymaker-core\keygen.exe (Trojan.Dropper.PGen) -> No action taken.
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
TerminateProcessByName('c:\program files\vpets\vpets.exe');
TerminateProcessByName('c:\program files\pchd\pchdplayer.exe');
QuarantineFile('C:\Program Files\VPets\VPets.dll','');
QuarantineFile('C:\Program Files\pchd\PCHDPlayer.dll','');
QuarantineFile('c:\program files\vpets\vpets.exe','');
QuarantineFile('c:\program files\pchd\pchdplayer.exe','');
DeleteFile('c:\program files\pchd\pchdplayer.exe');
DeleteFile('c:\program files\vpets\vpets.exe');
DeleteFile('C:\Program Files\pchd\PCHDPlayer.dll');
DeleteFile('C:\Program Files\VPets\VPets.dll');
DeleteFileMask('C:\Program Files\pchd', '*.*', true);
DeleteDirectory('C:\Program Files\pchd');
DeleteFileMask('C:\Program Files\VPets', '*.*', true);
DeleteDirectory('C:\Program Files\VPets');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.
begin
CreateQurantineArchive(GetAVZDirectory+'quarantine.zip');
end.
O4 - HKCU\..\Run: [PCHDPlayer] C:\Program Files\pchd\PCHDPlayer.exe
O4 - HKCU\..\Run: [VPetsPlayer] C:\Program Files\VPets\VPets.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://webalta.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://webalta.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://webalta.ru/poisk
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://webalta.ru/poisk
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://webalta.ru/poisk
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://webalta.ru
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://webalta.ru
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://webalta.ru/poisk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://webalta.ru/poisk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://webalta.ru/poisk
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://webalta.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://webalta.ru/poisk
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://webalta.ru/poisk
We use cookies and similar technologies for the following purposes:
Do you accept cookies and these technologies?
We use cookies and similar technologies for the following purposes:
Do you accept cookies and these technologies?