PDA

:

ahejanin
17-03-2012, 13:54
. ! ( ). " " HTML . . ? :
alex_sev
17-03-2012, 15:18
, , .

(http://safezone.cc/forum/showthread.php?t=10) ( - ):

begin
ShowMessage('! AVZ .'+#13#10+' .');
ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true);
SearchRootkit(true, true);
SetAVZGuardStatus(True);
QuarantineFile('C:\WINDOWS\system32\machineupdate32.exe','');
QuarantineFile('C:\WINDOWS\system32\srvhls.exe','');
QuarantineFile('C:\WINDOWS\system32\uqfjwue.dll','');
QuarantineFile('C:\WINDOWS\system32\7A.tmp','');
QuarantineFile('C:\Documents and Settings\Admin\Application Data\elro.exe','');
DeleteFile('C:\WINDOWS\system32\7A.tmp');
DeleteFile('C:\Documents and Settings\Admin\Application Data\elro.exe');
DeleteFile('C:\WINDOWS\system32\uqfjwue.dll');
DeleteFile('C:\WINDOWS\system32\srvhls.exe');
DeleteFile('C:\WINDOWS\system32\machineupdate32.exe');
DeleteFileMask('C:\Documents and Settings\Admin\Application Data\WxAVLTzeDNU2ubx', '*.*', true);
DeleteDirectory('C:\Documents and Settings\Admin\Application Data\WxAVLTzeDNU2ubx');
DeleteFileMask('C:\Documents and Settings\Admin\Application Data\hyFGUTXVnxhwsSj', '*.*', true);
DeleteDirectory('C:\Documents and Settings\Admin\Application Data\hyFGUTXVnxhwsSj');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run' ,'Windows Debugger 32');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
ExecuteWizard('SCU',2,3,true);
RebootWindows(true);
end.

, :
-

begin
CreateQurantineArchive(GetAVZDirectory+'quarantine.zip');
end.

AVZ (http://www.oszone.net/virusnet/) : quarantine <at> safezone.cc ( <at> @) () . : virus .

HJT (http://safezone.cc/forum/showthread.php?t=9):

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,userinit.exe
O4 - HKCU\..\Policies\Explorer\Run: [Windows Debugger 32] C:\WINDOWS\system32\machineupdate32.exe
O20 - AppInit_DLLs: C:\WINDOWS\system32\uqfjwue.dll]

AVZ RSIT (http://safezone.cc/forum/showthread.php?t=15)

Malwarebytes' Anti-Malware (http://malwarebytes.org/mbam-download-exe-random.php) (http://download.bleepingcomputer.com/malwarebytes/mbam-setup.exe), , , "Perform Full Scan" (" "), "Scan" (""), - Ok - Show Results (" ") - .
MBAM , . MBAM. (http://data.mbamupdates.com/tools/mbam-rules.exe)
ahejanin
19-03-2012, 09:38
. :
alex_sev
19-03-2012, 12:34
MBAM :

HKCR\CLSID\{82184935-B894-4AB2-8590-603BA7D74B71} (Trojan.WebMoner) -> .
HKCR\Sekrety_narodnyh_umelcev_2.eProtocol (Trojan.WebMoner) -> .
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2} (Trojan.BHO) -> .
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon|SysDebug32 (Trojan.Agent) -> : Ύ'}ep?,V>Fto,=!HhR7"V*t%*t%*t%*t%*t%*t%*t%*t%ޒ>{o,OJt5|r4BD?k%ד_y {*t%*t%*t%*t%*t%*t%*t%*t%U96e4jQy=VZ
*t%*t%*t%*t%*t%*t%*t%*t%*t%*t%*t%*t%*t %*t%*t%*t%*t%*t%*t%*t%*t%*t%*t%*t%*t% *t%*t%*t%*t%*t%*t%*t%*t%*t%*t%*t%*t%*t %*t%*t%*t%*t%*t%*t%*t%*t%*t%*t%*t%*t% *t%*t%*t%*t%*t%*t%*t%*t%*t%*t%*t%*t%*t %*t%*t%*t%*t%*t%*t%*t%o*ʕ -> .
C:\Documents and Settings\Admin\DoctorWeb\Quarantine\personal.finances.pro.v4.0.0.1169-ismail.exe (PUP.Hacktool.Patcher) -> .
C:\WINDOWS\inf\EAM\inst_lsass.exe (Trojan.Agent) -> .
C:\Documents and Settings\Admin\Application Data\igfxtray.dat (Malware.Trace) -> .
C:\WINDOWS\system32\ieunitdrf.inf (Malware.Trace) -> .

AVZ:

begin
ShowMessage('! AVZ .'+#13#10+' .');
ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true);
SearchRootkit(true, true);
SetAVZGuardStatus(True);
DeleteFileMask('C:\Documents and Settings\Admin\Application Data\88B13F96', '*.*', true);
DeleteDirectory('C:\Documents and Settings\Admin\Application Data\88B13F96');
DeleteFileMask('C:\Documents and Settings\Admin\Application Data\7a6vHav3hoOyMZC', '*.*', true);
DeleteDirectory('C:\Documents and Settings\Admin\Application Data\7a6vHav3hoOyMZC');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
ExecuteWizard('SCU',2,3,true);
RebootWindows(true);
end.

XueTr (http://safezone.cc/forum/showthread.php?t=15334) OSAM (http://safezone.cc/forum/showthread.php?t=4335)



© OSzone.net 2001-2012