�� esetnod32.ru [��: ��]

��

Mon, 17 Feb 2014 10:55:28 +0400

�� � �� .
�� , �� .
�� .

�� , � �� ,

�� , �� . + �� , �� .
17.02.2014 10:55:28, santy.

��

Mon, 17 Feb 2014 09:54:22 +0400

�� � �� .
�� . �� .
mbam-log-2014-02-17 (11-04-05).txt
��-��_2014-02-17_11-16-54.7z
17.02.2014 09:54:22, � �.

��

Wed, 05 Feb 2014 07:46:42 +0400

�� � �� .
�� Neshta. � �� jeffo.

====quote====
�� C:\WINDOWS\SVCHOST.COM
�� SVCHOST.COM
��. �� ?��? ��

��
�� Win32/Neshta.A [�� 64(64), ��. �� 22, �� 64]

��
NESHTA.VIRUS ( ~ SVCHOST.COM "%1" %*)(1)

=============
� �� ? �� ?

�� .... �� , � �� ...

�� .
05.02.2014 07:46:42, santy.

��

Wed, 05 Feb 2014 07:36:43 +0400

�� � �� .
� �� ! � �� . �� ?
mbam-log-2014-02-05 (14-23-51).txt
��-��_2014-02-05_14-09-49.7z
05.02.2014 07:36:43, � �.

��

Mon, 03 Feb 2014 11:58:44 +0400

�� � �� .
��
http://forum.esetnod32.ru/forum9/topic7084/
03.02.2014 11:58:44, santy.

��

Mon, 03 Feb 2014 11:47:40 +0400

�� � �� .
Malwaverebytes ��
��-��_2014-02-03_18-25-28.7z
03.02.2014 11:47:40, � �.

��

Mon, 03 Feb 2014 10:48:38 +0400

�� � �� .
��

�� uVS:
- �� ;
- �� uVS(start.exe), �� : �� , �� - �� - �� ;
- �� ;
�� - �� _�� "��"
====code====


;uVS v3.81.9 [http://dsrt.dyndns.org]
;Target OS: NTv6.1

OFFSGNSAVE
deltmp
delnfr
; Better Surf Plus
exec C:\Program Files (x86)\BetterSurf\BetterSurfPlus\uninstall.exe

; Video Player
exec C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta697\uninstall.exe

; Webexp Enhanced
exec C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha850\uninstall.exe

restart

=============
��, �� .
------------
��,
��
http://forum.esetnod32.ru/forum9/topic682/
03.02.2014 10:48:38, santy.

��

Mon, 03 Feb 2014 10:11:06 +0400

�� � �� .
�� . �� , �� ID � �� (� �� ), � ��

� �� .
------
�� , �� (�� , �� ) �� Chrome. �� .
03.02.2014 10:11:06, santy.

��

Mon, 03 Feb 2014 10:08:51 +0400

�� � �� .
�� Chrome �� ! � � Firefox � �� adblock � �� .
03.02.2014 10:08:51, � �.

��

Mon, 03 Feb 2014 09:55:45 +0400

�� � �� .
� Chrome �� ? �� , �� Chrome � ��, �� Chrome. �� .
03.02.2014 09:55:45, santy.

��

Mon, 03 Feb 2014 08:57:55 +0400

�� � �� .
��... � �� Firefox �� !
03.02.2014 08:57:55, � �.

��

Sun, 02 Feb 2014 17:35:38 +0400

�� � �� .
��, ��

====quote====
C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta697\ch\VideoPlayerV3beta697.crx (Adware.VPlayer) -> �� .
C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta697\ff\chrome.manifest (Adware.VPlayer) -> �� .
C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta697\ff\install.rdf (Adware.VPlayer) -> �� .
C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta697\ff\chrome\content\ffVideoPlayerV3beta697.js (Adware.VPlayer) -> �� .
C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta697\ff\chrome\content\ffVideoPlayerV3beta697ffaction.js (Adware.VPlayer) -> �� .
C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta697\ff\chrome\content\overlay.xul (Adware.VPlayer) -> �� .
C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta697\ff\chrome\content\icons\Thumbs.db (Adware.VPlayer) -> �� .
C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta697\ff\chrome\content\icons\default\VideoPlayerV3beta697_32.png (Adware.VPlayer) -> �� .

=============
�� .

+
��: �� (��) �� (Chrome) �� ?
+
�� (�� ) � �� . (�� regedit)

HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome \ExtensionInstallForcelist
� ��
HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome \ExtensionInstallSources

+
�� Chrome
(�� chrome://extension)
02.02.2014 17:35:38, santy.

��

Sun, 02 Feb 2014 17:07:17 +0400

�� � �� .
�� ! �� ! �� !
MBAM-log-2014-02-02 (17-48-07).txt
��-��_2014-02-02_23-27-52.7z
02.02.2014 17:07:17, � �.

��

Sun, 02 Feb 2014 12:09:53 +0400

�� � �� .
�� ? ��

�� uVS:
1. �� ;

2. �� uVS(start.exe), �� : �� , �� - �� - �� ;

3. �� ;

�� - �� _�� "��" (�� , �� �� .... )

-------------
��, �� , �� UVS
http://chklst.ru/forum/discussion/5/kak-vypolnit-skript-v-uvs#Item_1
02.02.2014 12:09:53, santy.

��

Sun, 02 Feb 2014 10:16:31 +0400

�� � �� .
��... �� !
02.02.2014 10:16:31, � �.

��

Sun, 02 Feb 2014 08:55:31 +0400

�� � �� .
�� uVS:
- �� ;
- �� uVS(start.exe), �� : �� , �� - �� - �� ;
- �� ;
�� - �� _�� "��"
====code====


;uVS v3.81.9 [http://dsrt.dyndns.org]
;Target OS: NTv6.1

OFFSGNSAVE
zoo %SystemDrive%\USERS\�����\APPDATA\LOCAL\YANDEX\UPDATER\PRAETORIAN.EXE
addsgn 1AD78B9A5583358CF42B254E3143FE547601B9FA0A3A13F1C03FA1374DD6714C239CC0339D559D492B0BC197CD4B457110236311A9255077E4B5AC2F9F5FA577 8 praetorian
zoo %SystemRoot%\SVCHOST.COM
delall %SystemDrive%\USERS\�����\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\STARTUP\UPDATE.LNK
delall %SystemRoot%\SVCHOST.COM
EXEC cmd /c"reg add HKCR\exefile\shell\open\command /ve /d "\"%1\" %*" /f"
chklst
delvir
deltmp
delnfr
regt 1
czoo
restart

=============
��, �� .
�� uVS (�� : ZOO_2012-12-31_23-59-59.rar/7z) �� sendvirus2011@gmail.com, support@esetnod32.ru
------------
��,
��
http://forum.esetnod32.ru/forum9/topic682/
02.02.2014 08:55:31, santy.

��

Sun, 02 Feb 2014 04:18:55 +0400

�� � �� .
��!
��-��_2014-02-02_11-01-41.7z
02.02.2014 04:18:55, � �.

��

Sat, 01 Feb 2014 10:55:09 +0400

�� � �� .
��

====quote====
Win32/Neshta.A [�� 64(64), ��. �� 22, �� 64]
=============

�� ESET rescue
http://forum.esetnod32.ru/forum9/topic1966/

�� , ��
01.02.2014 10:55:09, santy.

��

Sat, 01 Feb 2014 07:07:06 +0400

�� � �� .
��
��-��_2014-02-01_13-38-46.7z
01.02.2014 07:07:06, � �.

����� esetnod32.ru [����: �����]

�����

�����

�����

�����

�����

�����

�����

�����

�����

�����

�����

�����

�����

�����

�����

�����

�����

�����

�����

�� esetnod32.ru [��: ��]

��

��

��

��

��

��

��

��

��

��

��

��

��

��

��

��

��

��

��