�� esetnod32.ru [��: �� JS/Spy.Banker.T]

�� JS/Spy.Banker.T

Fri, 18 Jul 2014 18:33:33 +0400

�� JS/Spy.Banker.T � �� .
��
http://forum.esetnod32.ru/forum9/topic3998/
18.07.2014 18:33:33, santy.

�� JS/Spy.Banker.T

Fri, 18 Jul 2014 15:47:17 +0400

�� JS/Spy.Banker.T � �� .
��, �� , �� , �� HiJack\autoconfig � ��. �� , ��
18.07.2014 15:47:17, �� .

�� JS/Spy.Banker.T

Thu, 17 Jul 2014 18:23:35 +0400

�� JS/Spy.Banker.T � �� .
�� uVS:
- �� ;
- �� uVS(start.exe), �� : �� , �� - �� - �� ;
- �� ;
�� - �� _�� "��"
====code====


;uVS v3.83 BETA 6 [http://dsrt.dyndns.org]
;Target OS: NTv6.1

OFFSGNSAVE
delref HTTP://ELTRASTA.COM/DATEUPTO/TIMER2.RUT
delref 0HTTP://ELTRASTA.COM/DATEUPTO/TIMER2.RUT
delall %SystemDrive%\USERS\USER\APPDATA\LOCAL\YANDEX\UPDATER\PRAETORIAN.EXE
deltmp
delnfr
restart

=============
��, �� .
------------
��,
��
http://forum.esetnod32.ru/forum9/topic10688/
17.07.2014 18:23:35, santy.

�� JS/Spy.Banker.T

Thu, 17 Jul 2014 18:03:37 +0400

�� JS/Spy.Banker.T � �� .
��
�� :
--------
�� 0HTT ( P )://ELTRASTA.COM/DATEUPTO/TIMER2.RUT

��

��
�� HKLM\System\CurrentControlSet\services\NlaSvc\Parameters\Internet\ManualProxies\
0http://eltrasta.com/dateupto/timer2.rut

----------------
�� HTT ( P )://ELTRASTA.COM/DATEUPTO/TIMER2.RUT

��
��

��
�� HKLM\vwdykikzm\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoConfigURL
AutoConfigURL htt ( p )://eltrasta.com/dateupto/timer2.rut

�� HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoConfigURL
AutoConfigURL htt ( p )://eltrasta.com/dateupto/timer2.rut

�� HKEY_USERS\S-1-5-21-2218210365-278549834-152457995-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoConfigURL
AutoConfigURL htt ( p )://eltrasta.com/dateupto/timer2.rut

�� HKEY_USERS\S-1-5-21-2218210365-278549834-152457995-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoConfigURL
AutoConfigURL htt ( p )://eltrasta.com/dateupto/timer2.rut
-----------
( p )

17.07.2014 18:03:37, RP55 RP55.

�� JS/Spy.Banker.T

Thu, 17 Jul 2014 18:00:41 +0400

�� JS/Spy.Banker.T � �� .
�� , �� Firefox, �� Chrome, �� , �� . ��
17.07.2014 18:00:41, �� .

�� JS/Spy.Banker.T

Thu, 17 Jul 2014 17:52:28 +0400

�� JS/Spy.Banker.T � �� .
�� ...
17.07.2014 17:52:28, zloyDi.

�� JS/Spy.Banker.T

Thu, 17 Jul 2014 17:41:45 +0400

�� JS/Spy.Banker.T � �� .
�� , �� url, ��, ��
17.07.2014 17:41:45, �� .

�� JS/Spy.Banker.T

Thu, 17 Jul 2014 17:23:08 +0400

�� JS/Spy.Banker.T � �� .
��
http://forum.esetnod32.ru/forum9/topic2687/
17.07.2014 17:23:08, zloyDi.

�� JS/Spy.Banker.T

Thu, 17 Jul 2014 17:18:02 +0400

�� JS/Spy.Banker.T � �� .
�� , JS/Spy.Banker.T �� svchost �� mozila.exe, NOD �� , � �� ! ��
KASHIR_2014-07-17_17-26-05.7z
17.07.2014 17:18:02, �� .

����� esetnod32.ru [����: �������� ������� JS/Spy.Banker.T]

�������� ������� JS/Spy.Banker.T

�������� ������� JS/Spy.Banker.T

�������� ������� JS/Spy.Banker.T

�������� ������� JS/Spy.Banker.T

�������� ������� JS/Spy.Banker.T

�������� ������� JS/Spy.Banker.T

�������� ������� JS/Spy.Banker.T

�������� ������� JS/Spy.Banker.T

�������� ������� JS/Spy.Banker.T

�� esetnod32.ru [��: �� JS/Spy.Banker.T]

�� JS/Spy.Banker.T

�� JS/Spy.Banker.T

�� JS/Spy.Banker.T

�� JS/Spy.Banker.T

�� JS/Spy.Banker.T

�� JS/Spy.Banker.T

�� JS/Spy.Banker.T

�� JS/Spy.Banker.T

�� JS/Spy.Banker.T