�� esetnod32.ru [��: �� .]

�� .

Fri, 27 Dec 2013 12:53:00 +0400

�� . � �� .
�� , �� .

�� uVS
- �� ;
- �� uVS(start.exe), �� : �� , �� - �� - �� ;
- �� ;
====code====

;uVS v3.81.7 [http://dsrt.dyndns.org]
;Target OS: NTv5.2

OFFSGNSAVE

addsgn A7679BF0AA0254E34BD4C6E90C881261848AFCF689AA7BF1A0C3C5BC50559D14704194DE5BBD625C6F10C49F75C4C32EF4CA94AE15DA3BE4AC965B2FC706AB7E 8 Trojan.Win32.Agent.adptx [Kaspersky]

zoo C:\WINDOWS\ISSERVICE.EXE
zoo %Sys32%\ISSERVICE.EXE
;------------------------autoscript---------------------------

chklst
delvir

deltmp
delnfr
;-------------------------------------------------------------
CZOO
restart

=============
��, �� .
�� uVS, �� (��: ZOO_2011-12-31_23-59-59.rar/7z) �� sendvirus2011@gmail.com, support@esetnod32.ru
------------
27.12.2013 12:53:00, santy.

�� .

Fri, 27 Dec 2013 09:58:29 +0400

�� . � �� .
��! �� !
-----------------------
�� -�� .

====quote====
ESTABLISHED 192.168.4.254:2128 <-> 183.94.213.88:9877
=============

https://www.nic.ru/whois/?query=83.94.213.88
27.12.2013 09:58:29, santy.

�� .

Fri, 27 Dec 2013 09:54:03 +0400

�� . � �� .
��... �� ... �� . � �� !
27.12.2013 09:54:03, �� .

�� .

Fri, 27 Dec 2013 09:42:14 +0400

�� . � �� .
��

====quote====
�� C:\WINDOWS\SYSTEM32\PUP_SERVER.EXE
�� PUP_SERVER.EXE
��. �� ?��? �� [��_��]

��
�� Trojan.DownLoader9.2347 [DrWeb] [�� 64(64), ��. �� 8, �� 64]

www.virustotal.com 2013-12-18 [2013-12-17 09:46:41 UTC ( 1 week, 2 days ago )]
Avast Win32:Malware-gen
Kaspersky Trojan.Win32.Staser.tvc
DrWeb Trojan.DownLoader9.2347
AntiVir TR/Downloader.Gen
ESET-NOD32 a variant of Win32/Agent.QCV

��
�� [��_��]
File_Id 52AD3E2D36000
Linker 6.0
�� 61952 ��
�� 20.12.2013 � 13:33:00
�� 20.12.2013 � 13:32:21
�� 32-� ��
��. ��

��. ��
pid = 1436 NT AUTHORITY\SYSTEM
CmdLine c:\windows\system32\PuP_SERVER.exe
�� 13:07:01 [2013.12.26]
� �� 20:13:23
parentid = 424 D:\WINDOWS\SYSTEM32\SERVICES.EXE
ESTABLISHED 192.168.4.254:2128 <-> 183.94.213.88:9877
SHA1 AD1881AAD5B629B0F9AFE4DE9E4632C01A064AA4
MD5 FE845C76FCCEBF17EAC1A6C569F0939E

��
�� HKLM\System\CurrentControlSet\Services\PuP_SERVER\ImagePath
ImagePath c:\windows\system32\PuP_SERVER.exe
PuP_SERVER �� : �� (2)

�� EXE � DLL
PUP_SERVER.EXE C:\WINDOWS\SYSTEM32

=============

�� uVS
- �� ;
- �� uVS(start.exe), �� : �� , �� - �� - �� ;
- �� ;
====code====


;uVS v3.81.7 [http://dsrt.dyndns.org]
;Target OS: NTv5.2

OFFSGNSAVE
addsgn 4ABC27D9553A288D3ED4AEB164AC9B20258AFCF6BA3A9670D58686D33DA6102F5725C3D8A6447F7971E2CB91697CFA608D5A897678F0E4089B04F1FFC2E415A9 8 Trojan.DownLoader9.2347 [DrWeb]

zoo C:\WINDOWS\SYSTEM32\PUP_SERVER.EXE
;------------------------autoscript---------------------------

chklst
delvir

deltmp
delnfr
;-------------------------------------------------------------

restart

=============
��, �� .
----------
27.12.2013 09:42:14, santy.

�� .

Fri, 27 Dec 2013 09:34:31 +0400

�� . � �� .
��
HOTLINE_2013-12-27_09-20-19.7z
27.12.2013 09:34:31, �� .

�� .

Thu, 26 Dec 2013 21:21:29 +0400

�� . � �� .
��, �� .
26.12.2013 21:21:29, santy.

�� .

Thu, 26 Dec 2013 21:15:49 +0400

�� . � �� .

====quote====
santy ��:
� �� RP55 �� , �� -�� .

=============

====quote====
santy ��:
�� 2003.

=============
�� , �� , � �� , �� . �� . �� RP55 �� . � �� , �� (��), �� , �� . �� .
26.12.2013 21:15:49, �� .

�� .

Thu, 26 Dec 2013 18:40:09 +0400

�� . � �� .
�� , ��, �� .

� �� RP55 �� , �� -�� .

�� 2003.

====quote====
� �� 2005 �� Microsoft �� Windows Server 2003 Service Pack 1, �� .
=============

26.12.2013 18:40:09, santy.

�� .

Thu, 26 Dec 2013 18:34:02 +0400

�� . � �� .
�� :

====quote====
�� :
�� , �� ! (�� , �.�. �� )
=============
�� . � �� . �� , �� , �� . � �� .
26.12.2013 18:34:02, �� .

�� .

Thu, 26 Dec 2013 18:16:15 +0400

�� . � �� .

====quote====
�� :
� �� ! �� . �� , � �� , � �� . �� .
=============
��, �� ,
�� . ��, ��
26.12.2013 18:16:15, santy.

�� .

Thu, 26 Dec 2013 16:26:06 +0400

�� . � �� .
� �� ! �� . �� , � �� , � �� . �� .
26.12.2013 16:26:06, �� .

�� .

Thu, 26 Dec 2013 15:54:05 +0400

�� . � �� .
� �� 2003?

====quote====
uVS v3.81.1 [http://dsrt.dyndns.org]: Microsoft Windows Server 2003 x86 (NT v5.2) build 3790 Service Pack 2 [D:\WINDOWS]
=============

26.12.2013 15:54:05, santy.

�� .

Thu, 26 Dec 2013 14:09:39 +0400

�� . � �� .
�� . �� .
26.12.2013 14:09:39, �� .

�� .

Thu, 26 Dec 2013 13:40:15 +0400

�� . � �� .
�� ? ��
26.12.2013 13:40:15, santy.

�� .

Thu, 26 Dec 2013 13:28:39 +0400

�� . � �� .
��! �� ! ��! � �� , �� , �� ?
26.12.2013 13:28:39, �� .

�� .

Thu, 26 Dec 2013 13:06:49 +0400

�� . � �� .
�� uVS
- �� ;
- �� uVS(start.exe), �� : �� , �� - �� - �� ;
- �� ;
====code====

;uVS v3.81.7 [http://dsrt.dyndns.org]
;Target OS: NTv5.2

OFFSGNSAVE
addsgn A7679BF0AA020C634BD4C60172881261848AFCF689AA7BF1A0C3C5BC50559D6C704194DE5BBD1E2CD780EE9EB90335EA3DDFB1F15802A66C2D8827221B106273 8 Trojan.DownLoad3.20055 [DrWeb]

zoo C:\WINDOWS\HOST.EXE
addsgn 9204749A556AA5990F89EBE4A7201305258A17AB3217E0877AC0183DBBD6014F23947EDF3A559D49A21D0C9B4616467FB6DCE872D85F24282D77F4D052AF2D73 8 Trojan.DownLoader10.22886 [DrWeb]

zoo C:\WINDOWS\SQLERVER.EXE
zoo C:\RECYCLER\SQLERVER.EXE
zoo C:\SQLERVER.EXE
addsgn A7679BF0AA02D4794AD4C63DD5881261848AFCF689AA7BF1A0C3C5BC5055B5E8704194DE5BBD625C4731C69FE5A6D1B87D7E58EA17DA71C425525B2FC70681CF 8 tr_new_year

zoo %SystemRoot%\AC9642BE\SVCHSOT.EXE
delall C:\RECYCLER\XSZ.EXE
;------------------------autoscript---------------------------

chklst
delvir

delref C:\WINDOWS\IME\CV.EXE

delref C:\WINDOWS\SYSTEM32\WBEM\OSINTER.EXE

delref C:\WINDOWS\JAVA\NET1.EXE

delref C:\WINDOWS\ADDINS\NET.EXE

delref C:\WINDOWS\SYSTEM32\WBEM\EXPLORE.EXE

delref C:\WINDOWS\SYSTEM32\CSX.EXE

deltmp
delnfr
;-------------------------------------------------------------

restart

=============
��, �� .
------------
��,
��
http://forum.esetnod32.ru/forum9/topic682/
26.12.2013 13:06:49, santy.

�� .

Thu, 26 Dec 2013 13:05:07 +0400

�� . � �� .
�� , �� ! (�� , �.�. �� )
26.12.2013 13:05:07, �� .

�� .

Thu, 26 Dec 2013 12:58:34 +0400

�� . � �� .
�� , �� .
santy ��!
HOTLINE_2013-12-26_12-47-59.7z
26.12.2013 12:58:34, �� .

����� esetnod32.ru [����: ������� ����.]

������� ����.

������� ����.

������� ����.

������� ����.

������� ����.

������� ����.

������� ����.

������� ����.

������� ����.

������� ����.

������� ����.

������� ����.

������� ����.

������� ����.

������� ����.

������� ����.

������� ����.

������� ����.

�� esetnod32.ru [��: �� .]

�� .

�� .

�� .

�� .

�� .

�� .

�� .

�� .

�� .

�� .

�� .

�� .

�� .

�� .

�� .

�� .

�� .

�� .