�� . ��

Thu, 16 Apr 2015 17:32:53 +0300

�� . ��  �� . �� . �� . �� -�� . � �� .
�� uVS:
- �� ;
- �� uVS(start.exe), �� : �� , �� - �� - �� ;
- �� ;
�� - �� _�� "��"

====code====

;uVS v3.85.19 [http://dsrt.dyndns.org]
;Target OS: NTv6.1
v385c
OFFSGNSAVE
zoo %SystemDrive%\USERS\����\APPDATA\LOCAL\YANDEX\UPDATER\PRAETORIAN.EXE
addsgn 1AA78B9A5583358CF42B254E3143FE547601B9FA0A3A13F1C03FA1374DD6714C239CC0339D559D492B0BC197CD4B457110236311A9255077E4B5AC2F9F5FA577 8 praetorian

zoo %SystemDrive%\PROGRAM FILES\DOLKARUIEPLUGIN\TINYBHO.DLL
addsgn 1B31D398558344210BD4472EB6CE12EC5BE2FDF66013EF7A852AA16550D698938915C3BE44969C49C2CB569946FF093578DF0139F0DBB0C56B4AA72F2E37DB73 64 Adware.Plugin.163 [DrWeb]

zoo %SystemDrive%\PROGRAM FILES\TOOLDEV342\WEATHERBAR\TRACERSTOOLBARBHO_X86.DLL
addsgn A7679B1928664D070E3C08B264C8ED70357589FA768F179082C3C5BCD3127D11E11BC33D2E3DCDC92B906CAB471649C9BD9F6382DCAF541FF6FEF9D34C7B2EFA 64 Trojan.BPlug.116 [DrWeb]

zoo %SystemDrive%\USERS\DOM\APPDATA\ROAMING\00000000-1427439760-0000-0000-001D7DD462D4\JNSEA6B9.TMP
addsgn 1AF5209A5583C58CF42B254E3143FE8E7082AAA10C286B7F0EBEC939AFA362A4ED2FC3575443C3C01B68BDA74616C23C96EC6337455F705929FFA6C4258DD058 64 Trojan.GenericKD.2252574 [BitDefender]

zoo %SystemDrive%\USERS\DOM\APPDATA\LOCAL\YANDEX\UPDATER\PRAETORIAN.EXE
addsgn 1A4B469B5583358CF42B254E3143FE547601B9FA0A3A13F1C03FA1374DD6714C239CC0339D559D492B0BC197CD4B457110236311A9255077E4B5AC2F9F5FA577 8 praetotian

zoo %SystemDrive%\PROGRAM FILES\DEALPLYLIVE\UPDATE\1.3.23.0\PSMACHINE.DLL
addsgn 79132211B9E9317E0AA1AB59568E1205DAFFF47DC4EA942D892B2942AF292811E11BC39BF2995185E74C48538ADA1C719188BEF920D63B613DFCD9274CC7A9A2 64 Win32:DealPly-A [PUP]

zoo %SystemDrive%\PROGRAM FILES\DEALPLYLIVE\UPDATE\1.3.23.0\DEALPLYLIVEONDEMAND.EXE
addsgn 1A24619A5583348CF42B254E3143FE8E7082AA7DFCF648938CA5407524C7330E6551CCE0305A2A4B24377DB48162A3A5235A280F505978D370B4DA2CF4C6622E 8 Adware.Shopper.363 [DrWeb]

zoo %SystemDrive%\PROGRAM FILES\DEALPLYLIVE\UPDATE\1.3.23.0\DEALPLYLIVEBROKER.EXE
zoo %SystemDrive%\PROGRAM FILES\MOBOGENIE\UPDATEMOBOGENIE.EXE
addsgn 1AB3729A5583FF8FF42B627DA804DEC9E90A05B6FAEF9F81A5B0C3B3F514A2ACE09C1364FED57C56F86247AC86259B39B188BE2166253B680963AFEFBA1265F8 8 demon_process

zoo %SystemDrive%\USERS\DOM\APPDATA\ROAMING\DESKTOPY.RU\DESKTOPY.EXE
addsgn 1A40C19A5583C58CF42B254E3143FE86C99A5DA6A5B01F4B404A8040DB83691F10CC95000586E356A0C590148C5F71E209D7A8499EAF46AFE4882FEDECC76A48 8 Trojan.Triosir.3 [DrWeb]

zoo %SystemDrive%\PROGRAM FILES\ZAXAR\ZAXARGAMEBROWSER.EXE
addsgn 1A69739A55832F8FF42B254E3143FE84C9A2FFF6895927BFCAC34CB164113E4CAA02F390715514540747CB9FCF23613D32DF614F711DFF2C4BFBB17F00492215 11 Win32/ZaxarGames.B [ESET-NOD32]

delall %SystemDrive%\PROGRAM FILES\PPRIUZECOUPON\8ZEKYOV07AKC21.DLL
delall %SystemDrive%\PROGRAM FILES\BAIDU\BAIDUAN\4.0.0.5166\BAIDUANTRAY.EXE
delall %SystemDrive%\PROGRAM FILES\BAIDU\BAIDUSD\3.0.0.4605\BAIDUSDTRAY.EXE
delall %SystemDrive%\PROGRAM FILES\DEALPLYLIVE\UPDATE\DEALPLYLIVE.EXE
delall %SystemDrive%\PROGRAM FILES\KINGSOFT\SHOUJIZHUSHOU\KPHONETRAY.EXE
delall %SystemDrive%\PROGRAM FILES\KINGSOFT\KINGSOFT ANTIVIRUS\KXETRAY.EXE
delall %SystemDrive%\PROGRAM FILES\DEALPLYLIVE\UPDATE\1.3.23.0\NPGOOGLEUPDATE3.DLL
delall %SystemDrive%\USERS\DOM\APPDATA\LOCAL\SWVUPDATER\UPDATER.EXE
delall %SystemDrive%\USERS\DOM\APPDATA\ROAMING\DEALPLY\UPDATE~1\UPDATE~1.EXE
delall %SystemDrive%\PROGRAM FILES\BAIDU\BAIDUSD\3.0.0.4605\WEBSAFE\WEBMONBHO.DLL
;------------------------autoscript---------------------------

sreg

chklst
delvir

delref {AE48ED75-5A56-4C5F-BBCE-6F1AC3875F66}\[CLSID]
delref %Sys32%\DRIVERS\NETHFDRV.SYS
del %Sys32%\DRIVERS\NETHFDRV.SYS

del %SystemDrive%\PROGRAM FILES\GOOGLE\CHROME\CHROME.BAT

del %SystemDrive%\PROGRAM FILES\MICROSOFT SILVERLIGHT\SLLAUNCHER.BAT

del %SystemDrive%\USERS\DOM\APPDATA\LOCAL\YANDEX\YANDEXBROWSER\APPLICATION\BROWSER.BAT

del %SystemDrive%\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.BAT

del %SystemDrive%\USERS\DOM\APPDATA\LOCAL\XPOM\CHROME.BAT

del %SystemDrive%\PROGRAM FILES\OPERA\OPERA.BAT

del %SystemDrive%\PROGRAM FILES\HP\HP DESKJET 2050 J510 SERIES\BIN\USBSETUPLAUNCHER.BAT

delhst 62.113.243.117 m.odnoklassniki.ru
delhst 62.113.243.117 ok.ru
delhst 62.113.243.117 m.ok.ru
delhst 62.113.243.117 www.odnoklassniki.ru
; DealPly (remove only)
exec C:\Program Files\DealPly\uninst.exe" /uninstall
; desktopy
exec C:\Program Files\desktopy\uninstall.exe
; desktopy.ru
exec C:\Users\Dom\AppData\Roaming\desktopy.ru\uninstall.exe
; Mobogenie
exec C:\Program Files\Mobogenie\uninst.exe
; Mobogenie3
exec C:\Program Files\Mobogenie3\Uninstall.exe
; superpromokody 1.1
exec C:\Program Files\DolkaRuIePlugin\uninst.exe
; Zaxar Games Browser
exec C:\Program Files\Zaxar\uninstall.exe
; Weatherbar
exec MsiExec.exe /I{BE742AE3-0C95-46CC-B5C8-9F942FDD9360} /quiet
; Dealply
exec C:\Users\Dom\AppData\Roaming\Dealply\UpdateProc\UpdateTask.exe /Uninstall

deldirex %SystemDrive%\PROGRAM FILES\DEALPLY
deldirex %SystemDrive%\USERS\DOM\APPDATA\ROAMING\ASPACKAGE
deldir %SystemDrive%\USERS\DOM\APPDATA\LOCAL\MEDIAGET2
deldirex %SystemDrive%\USERS\DOM\APPDATA\LOCAL\SKYMONK2



REGT 28
REGT 29

deltmp
delnfr
areg

;-------------------------------------------------------------

=============
��, �� .
------------
��,
��
http://forum.esetnod32.ru/forum9/topic10688/
16.04.2015 17:32:53, santy.

�� . ��

Thu, 16 Apr 2015 17:04:20 +0300

�� . ��  �� . �� . �� . �� -�� . � �� .

�� :
http://rghost.ru/8PYbYGKw4
16.04.2015 17:04:20, �� .

����� esetnod32.ru [����: �������� ������� ��������� �����. ������ � ���� �� �����������]

�������� ������� ��������� �����. ������ � ���� �� �����������

�������� ������� ��������� �����. ������ � ���� �� �����������

�� esetnod32.ru [��: �� . �� ]

�� . ��

�� . ��