�� esetnod32.ru [��: �� CTBlocker]

�� CTBlocker

Tue, 16 Feb 2016 12:15:44 +0300

�� CTBlocker � �� .
�� ctblocker,
��
http://forum.esetnod32.ru/forum9/topic2687/
16.02.2016 12:15:44, santy.

�� CTBlocker

Tue, 16 Feb 2016 12:10:47 +0300

�� CTBlocker � �� .
�� . �� - ��.
16.02.2016 12:10:47, Andrey Nikonov.

�� CTBlocker

Sat, 16 May 2015 12:25:38 +0300

�� CTBlocker � �� .
� �� ? ��
16.05.2015 12:25:38, santy.

�� CTBlocker

Sat, 16 May 2015 11:21:31 +0300

�� CTBlocker � �� .
��, �� .
hijackthis.log
16.05.2015 11:21:31, �� .

�� CTBlocker

Sat, 16 May 2015 11:08:00 +0300

�� CTBlocker � �� .
�� ctblocker, �.�. �� .
16.05.2015 11:08:00, santy.

�� CTBlocker

Sat, 16 May 2015 11:01:03 +0300

�� CTBlocker � �� .
�� . � �� (Windows 7 32-b). �� *.emlawnl. �� , �� *.emlawnl �� .
16.05.2015 11:01:03, �� .

�� CTBlocker

Tue, 12 May 2015 18:49:09 +0300

�� CTBlocker � �� .
�� ! �� )
12.05.2015 18:49:09, �� .

�� CTBlocker

Tue, 12 May 2015 18:47:31 +0300

�� CTBlocker � �� .
�� , �� .
12.05.2015 18:47:31, santy.

�� CTBlocker

Tue, 12 May 2015 18:39:56 +0300

�� CTBlocker � �� .
��! � �� ?
12.05.2015 18:39:56, �� .

�� CTBlocker

Tue, 12 May 2015 11:52:17 +0300

�� CTBlocker � �� .
��,
�� - �� .
�� , �� 10 �� .
12.05.2015 11:52:17, santy.

�� CTBlocker

Tue, 12 May 2015 11:44:10 +0300

�� CTBlocker � �� .
��!!!
12.05.2015 11:44:10, �� .

�� CTBlocker

Tue, 12 May 2015 10:04:14 +0300

�� CTBlocker � �� .
��
12.05.2015 10:04:14, santy.

�� CTBlocker

Tue, 12 May 2015 09:55:03 +0300

�� CTBlocker � �� .
��, �� ?
12.05.2015 09:55:03, �� .

�� CTBlocker

Mon, 11 May 2015 18:09:46 +0300

�� CTBlocker � �� .
1. ��

�� uVS:
- �� ;
- �� uVS(start.exe), �� : �� , �� - �� - �� ;
- �� ;
�� - �� _�� "��"
====code====


;uVS v3.85.21 [http://dsrt.dyndns.org]
;Target OS: NTv6.1
v385c
OFFSGNSAVE
zoo %SystemDrive%\USERS\1\APPDATA\LOCAL\SMALLY\NFAPI.DLL
addsgn 71905392541F499AEAECAEB19BBC3601AEC6D8E602AE3B746D2E3B43AF8FB340234248BBBDB999C0567C0FE24E9D04F6BC36EF145A3570C725FA000BC7062273 64 Tool.NetFilter.1 [DrWeb]

addsgn 1A82389A5583C58CF42B627DA804DEC9E946303A4536942CA1CF4EF074D2F49E577EF097B411B941AF40F189C7ECC9FA7DDF9A7CD6E7D88B6F77A45BC2EFEE3C 8 AdWare.Trioris.A [ESET-NOD32]

zoo %SystemDrive%\USERS\1\APPDATA\LOCAL\SMALLY\SMALLY.EXE
;------------------------autoscript---------------------------

sreg

chklst
delvir

delref {B164E929-A1B6-4A06-B104-2CD0E90A88FF}\[CLSID]
delref HTTP://WWW.SWEET-PAGE.COM/WEB/?TYPE=DS&TS=1403203241&FROM=COR&UID=SAMSUNGXHM250HI_S20TJ9GZ436415&Q={SEARCHTERMS}
delref %Sys32%\DRIVERS\SMALLYFILTER.SYS
del %Sys32%\DRIVERS\SMALLYFILTER.SYS

; DLSecure Toolbar
exec C:\Program Files\dlsecuretb\uninstall.exe

deldirex %SystemDrive%\USERS\1\APPDATA\LOCAL\SMALLY

deltmp
delnfr
areg

;-------------------------------------------------------------

=============
��, �� .
------------
2. �� .

3. �� .
11.05.2015 18:09:46, santy.

�� CTBlocker

Mon, 11 May 2015 18:02:34 +0300

�� CTBlocker � �� .
��
1-��_2015-05-11_17-51-39.rar
11.05.2015 18:02:34, �� .

�� CTBlocker

Mon, 11 May 2015 17:32:49 +0300

�� CTBlocker � �� .
��
http://forum.esetnod32.ru/forum9/topic2687/
11.05.2015 17:32:49, santy.

�� CTBlocker

Mon, 11 May 2015 17:23:37 +0300

�� CTBlocker � �� .
�� .pbstcjm. ��
11.05.2015 17:23:37, �� .

�� CTBlocker

Fri, 08 May 2015 18:39:41 +0300

�� CTBlocker � �� .
��,
Filecoder.DA �� CTBLocker
��
�� , �� tasks
�� , �� , �� ,
� �� .

�� , �� , �� , � �� ,
(�.�. �� )
�� (�� ) �� ,
�� ctblocker �� ,
� �� (��) �� , �� .

====quote====
�� C:\DOCUMENTS AND SETTINGS\*\LOCAL SETTINGS\TEMP\BIEFWOI.EXE
�� BIEFWOI.EXE
��. �� ?��? ��

��
�� ctb locker [�� 64(64), ��. �� 8, �� 64]

��
TASK.EXE (�� ~ .JOB)(1) AND (�� ~ .EXE)(1) [auto]
SHIFR.STBLOCKER (�� ~ .JOB)(1) AND (�� ~ \TEMP\)(1) AND (�� ~ .EXE)(1) [delall]

��
��
File_Id 50898883B1000
Linker 7.0
�� 719360 ��
�� 28.01.2015 � 22:16:00
�� 28.01.2015 � 22:16:00
...
��. ��
pid = 572 NT AUTHORITY\SYSTEM
CmdLine "C:\DOCUME~1\*\LOCALS~1\Temp\biefwoi.exe"
�� 22:16:01 [2015.01.28]
� �� 00:01:21
parentid = 1040
SHA1 65FAB9B8BE60662644BE2373769457B156766CFB
MD5 79A88FAFA063DD9F62607AC22BA3600F

��
�� C:\WINDOWS\TASKS\WADOJXK.JOB
�� C:\DOCUME~1\*\LOCALS~1\Temp\biefwoi.exe

=============

08.05.2015 18:39:41, santy.

�� CTBlocker

Fri, 08 May 2015 17:53:21 +0300

�� CTBlocker � �� .
RP55 RP55

�� . �� everyone.
�� , �� .
�� 2� �� ...
�� ... �� -�� ...?!
08.05.2015 17:53:21, �� .

�� CTBlocker

Sun, 03 May 2015 03:39:01 +0300

�� CTBlocker � �� .
�� ,
�� , �� XP ��
�� ctblocker ��.
-------
+
�� , java ��
http://forum.esetnod32.ru/forum9/topic3998/
03.05.2015 03:39:01, santy.

�� CTBlocker

Sat, 02 May 2015 23:41:34 +0300

�� CTBlocker � �� .
�� uVS v3.85
http://rghost.ru/6fSMHfM9n
02.05.2015 23:41:34, bucil bucil.

�� CTBlocker

Fri, 01 May 2015 21:25:02 +0300

�� CTBlocker � �� .
+ � �� http://forum.esetnod32.ru/forum35/topic11575/ �� .
01.05.2015 21:25:02, mike 1.

�� CTBlocker

Thu, 30 Apr 2015 14:20:52 +0300

�� CTBlocker � �� .
��, ��. �� ESET, �� : support@esetnod32.ru
�� - �� uVS: http://forum.esetnod32.ru/forum9/topic683/
30.04.2015 14:20:52, ��.

�� CTBlocker

Thu, 30 Apr 2015 14:03:35 +0300

�� CTBlocker � �� .
�� , �� avewlui. �� , �� . �� , �� ?
30.04.2015 14:03:35, �� .

�� CTBlocker

Wed, 29 Apr 2015 16:00:15 +0300

�� CTBlocker � �� .
1. �� (�� )

�� uVS:
- �� ;
- �� uVS(start.exe), �� : �� , �� - �� - �� ;
- �� ;
�� - �� _�� "��"

====code====

;uVS v3.85.21 [http://dsrt.dyndns.org]
;Target OS: NTv6.3
v385c
OFFSGNSAVE
zoo %SystemDrive%\PROGRAM FILES (X86)\SPEED TEST\SCRIPTHOST.DLL
addsgn 79132211B9E9317E0AA1AB59E2A31205DAFFF47DC4EA942D892B2942AF292811E11BC33D323DC5B72E906C385A16499073379D1F55DAE9AF488BA4A4B20EA93D 64 Besttoolbars.J [ESET-NOD32]

zoo %SystemDrive%\USERS\ABILDINOV_B\APPDATA\ROAMING\NEWNEXT.ME\NENGINE.DLL
addsgn 79132211B9E9317E0AA1AB59A52C1205DAFFF47DC4EA942D892B2942AF292811E11BC3DCC10016A57D0BF193CB50B67FBBABFC9ABACEB02CEA77B22FC706CA34 64 Trojan.Siggen6.685 [DrWeb]

zoo %SystemDrive%\USERS\ABILDINOV_B\APPDATA\LOCAL\YANDEX\UPDATER\PRAETORIAN.EXE
addsgn 1AF67A9B5583358CF42B254E3143FE547601B9FA0A3A13F1C03FA1374DD6714C239CC0339D559D492B0BC197CD4B457110236311A9255077E4B5AC2F9F5FA577 8 praetorian

addsgn 1A85479A5583C58CF42B254E3143FE86C9AA77B381AC48128D9A7B04939671C15EF730F2B71065C26E8CDB1603EA177FBDABE48455D2C42BEA32502F879F23FE 8 Win32/Filecoder.DA [ESET-NOD32]

zoo %SystemDrive%\USERS\ABILDINOV_B\APPDATA\LOCAL\TEMP\OZICEEM.EXE
delall %SystemDrive%\PROGRAM FILES (X86)\SPEED TEST\SCRIPTHOST64.DLL
delall %SystemDrive%\USERS\ABILDI~1\APPDATA\ROAMING\MSNYVW.EXE
delall %SystemDrive%\PROGRAM FILES (X86)\MOBOGENIE\DAEMONPROCESS.EXE
delall %SystemDrive%\PROGRAM FILES (X86)\EXPRESSFILES\EFUPDATER.EXE
;------------------------autoscript---------------------------

chklst
delvir

delref {8984B388-A5BB-4DF7-B274-77B879E179DB}\[CLSID]

regt 28
regt 29
deltmp
delnfr
;-------------------------------------------------------------

restart

=============
��, �� .
------------
2. �� (�� )

3. �� . �� ctblocker
29.04.2015 16:00:15, santy.

�� CTBlocker

Wed, 29 Apr 2015 14:39:00 +0300

�� CTBlocker � �� .
��.
29.04.2015 14:39:00, �� .

�� CTBlocker

Wed, 29 Apr 2015 14:32:45 +0300

�� CTBlocker � �� .
http://rghost.ru/7fDtLQT4F �� . �� . �� .�� CTB-Locker. �� ! �� .
29.04.2015 14:32:45, �� .

�� CTBlocker

Wed, 29 Apr 2015 14:12:12 +0300

�� CTBlocker � �� .
��, �� , (baidu, rising � ��. ��)

1. ��
�� uVS:
- �� ;
- �� uVS(start.exe), �� : �� , �� - �� - �� ;
- �� ;
�� - �� _�� "��"

====code====

;uVS v3.85.21 [http://dsrt.dyndns.org]
;Target OS: NTv5.1
v385c
OFFSGNSAVE
zoo %SystemDrive%\DOCUMENTS AND SETTINGS\ADMIN\LOCAL SETTINGS\APPLICATION DATA\YANDEX\UPDATER\PRAETORIAN.EXE
addsgn 1A4B469B5583358CF42B254E3143FE547601B9FA0A3A13F1C03FA1374DD6714C239CC0339D559D492B0BC197CD4B457110236311A9255077E4B5AC2F9F5FA577 8 praetorian

delall %SystemRoot%\TEMP\HNKEPWJ.EXE
delref HTTP://SINDEX.BIZ/?COMPANY=1
delall %SystemDrive%\DOCUME~1\ADMIN\APPLIC~1\DSITE\UPDATE~1\UPDATE~1.EXE
chklst
delvir

delnfr
restart

=============
��, �� .
------------
2. �� (�� ), �� , �� .
3. �� . �� CTBlocker
29.04.2015 14:12:12, santy.

�� CTBlocker

Wed, 29 Apr 2015 13:46:00 +0300

�� CTBlocker � �� .
�� . � ��, �� ? ��, �� ...
29.04.2015 13:46:00, �� .

�� CTBlocker

Wed, 29 Apr 2015 12:52:31 +0300

�� CTBlocker � �� .
�� 360 Internet Security �� ?
29.04.2015 12:52:31, santy.

����� esetnod32.ru [����: ����������� � CTBlocker]

����������� � CTBlocker

����������� � CTBlocker

����������� � CTBlocker

����������� � CTBlocker

����������� � CTBlocker

����������� � CTBlocker

����������� � CTBlocker

����������� � CTBlocker

����������� � CTBlocker

����������� � CTBlocker

����������� � CTBlocker

����������� � CTBlocker

����������� � CTBlocker

����������� � CTBlocker

����������� � CTBlocker

����������� � CTBlocker

����������� � CTBlocker

����������� � CTBlocker

����������� � CTBlocker

����������� � CTBlocker

����������� � CTBlocker

����������� � CTBlocker

����������� � CTBlocker

����������� � CTBlocker

����������� � CTBlocker

����������� � CTBlocker

����������� � CTBlocker

����������� � CTBlocker

����������� � CTBlocker

����������� � CTBlocker

�� esetnod32.ru [��: �� CTBlocker]

�� CTBlocker

�� CTBlocker

�� CTBlocker

�� CTBlocker

�� CTBlocker

�� CTBlocker

�� CTBlocker

�� CTBlocker

�� CTBlocker

�� CTBlocker

�� CTBlocker

�� CTBlocker

�� CTBlocker

�� CTBlocker

�� CTBlocker

�� CTBlocker

�� CTBlocker

�� CTBlocker

�� CTBlocker

�� CTBlocker

�� CTBlocker

�� CTBlocker

�� CTBlocker

�� CTBlocker

�� CTBlocker

�� CTBlocker

�� CTBlocker

�� CTBlocker

�� CTBlocker

�� CTBlocker