�� esetnod32.ru [��: �� .�.]

�� .�.

Fri, 11 Nov 2016 16:00:15 +0300

�� .�. � �� .

====quote====
santy ��:
�� ? �� ?
=============
��-�� , �� . �� . ��, �� .
11.11.2016 16:00:15, �� .

�� .�.

Fri, 11 Nov 2016 15:31:55 +0300

�� .�. � �� .

====quote====
�� :

====quote====
santy ��:
�� , �� .
=============
� �� ? �� ?
=============
��, �� .
�� ? �� ?
11.11.2016 15:31:55, santy.

�� .�.

Fri, 11 Nov 2016 14:42:33 +0300

�� .�. � �� .

====quote====
santy ��:
�� , �� .
=============
� �� ? �� ?
11.11.2016 14:42:33, �� .

�� .�.

Fri, 11 Nov 2016 12:11:13 +0300

�� .�. � �� .
�� , � �� , �� .
+
�� .
11.11.2016 12:11:13, santy.

�� .�.

Fri, 11 Nov 2016 11:51:31 +0300

�� .�. � �� .
�� . �� , �� (�� ). ��, � �� , �� instup (�� ) � �� . �� , �� , �� . �� Anti-malware (��, �� ). �� , �� .

�� .

DENIS-SKAT_2016-11-11_08-20-27.7z
11.11.2016 11:51:31, �� .

�� .�.

Thu, 10 Nov 2016 09:11:51 +0300

�� .�. � �� .
�� , �� dll �� .
DNSapi.dll �� , �� .

�� , � �� AVAST ��. ��
https://www.avast.ru/uninstall-utility

�� .
�� ,
�� cmd.exe � ��

====quote====
netsh winsock reset catalog
=============
�� ,
�� .

�� ,
�� .
10.11.2016 09:11:51, santy.

�� .�.

Thu, 10 Nov 2016 08:21:23 +0300

�� .�. � �� .
�� , �� . �� , � �� (�� ), �� . �� . �� , �� . �� , �� , �� . ��-�� . �� .

�� zoo ��.
DENIS-SKAT_2016-11-07_09-08-11.7z
2016-11-07_09-01-52_log.txt

10.11.2016 08:21:23, �� .

�� .�.

Mon, 07 Nov 2016 05:09:43 +0300

�� .�. � �� .
��,
��, �� dll

1. �� dnsapi.dll
http://rgho.st/6vRmZl4jv
2. �� , �� uVS

��, �� 1 � 2!

3. �� uVS

�� uVS:
- �� ;
- �� uVS(start.exe), �� : �� , �� - �� - �� ;
- �� ;
�� - �� _�� "��"

====code====

;uVS v3.87.7 [http://dsrt.dyndns.org]
;Target OS: NTv10.0
OFFSGNSAVE
;------------------------autoscript---------------------------

zoo %SystemRoot%\SYSWOW64\DNSAPI.DLL
zoo %Sys32%\DNSAPI.DLL

EXEC cmd /c "rename %SystemRoot%\SYSWOW64\DNSAPI.DLL DNSAPI.DLL.old"
EXEC cmd /c "rename %Sys32%\DNSAPI.DLL DNSAPI.DLL.old"
EXEC cmd /c "copy DNSAPI.DLL %sys32%\DNSAPI.DLL"
EXEC cmd /c "copy DNSAPI64.DLL %SystemRoot%\SYSWOW64\DNSAPI.DLL" 
czoo
;-------------------------------------------------------------

restart

=============

��, �� .
�� uVS (�� : ZOO_yyyy-mm-dd_hh-mm-ss.rar/�� 7z) �� sendvirus2011@gmail.com, safety@chklst.ru

+
�� .
07.11.2016 05:09:43, santy.

�� .�.

Sun, 06 Nov 2016 20:26:05 +0300

�� .�. � �� .
C:\WINDOWS\SYSWOW64\DNSAPI.DLL
https://virustotal.com/ru/file/2e80cdd03ed614d5b844d639a3eb12104d6084127afa9b141b6dad3ec7fbffdc/anal...
C:\WINDOWS\SYSTEM32\DNSAPI.DLL
https://virustotal.com/ru/file/2e80cdd03ed614d5b844d639a3eb12104d6084127afa9b141b6dad3ec7fbffdc/anal...

�� : �� , �� .
DENIS-SKAT_2016-11-06_22-07-03.7z
06.11.2016 20:26:05, �� .

�� .�.

Sun, 06 Nov 2016 19:45:24 +0300

�� .�. � �� .
�� , �� .

�� uVS:
- �� ;
- �� uVS(start.exe), �� : �� , �� - �� - �� ;
- �� ;
�� - �� _�� "��"
====code====


;uVS v3.87.7 [http://dsrt.dyndns.org]
;Target OS: NTv10.0
OFFSGNSAVE
zoo %SystemDrive%\PROGRAM FILES (X86)\SCREENUP\FUTURE_HELPER.EXE
addsgn 1A17C49A5583338CF42B467603C8128EF501BE9AB2FF8B03C1C3B1ACDBDB29306717461D4E2098A122DE849FCD564D39957E8F72555160A76F1B9F2A537D6673 8 Win32/RiskWare.NetFilter

addsgn 98EC888F4991C672A8D4BECD64A212FA3096077C89591F68F9C3AFBCAFC36DB7A91760572E299D232B7F9183BD9C49597DCF94723FDA4F39318C2E2F6406320F 8 Trojan.Turboinstall.12 [DrWeb]

zoo %SystemDrive%\USERS\DENIS\APPDATA\LOCAL\MZIZNTM0MZC=\S_INST.EXE
;------------------------autoscript---------------------------

chklst
delvir

;delref %Sys32%\DNSAPI.DLL

;delref %SystemRoot%\SYSWOW64\DNSAPI.DLL

deldirex %SystemDrive%\PROGRAM FILES (X86)\KINGSOFT\KINGSOFT ANTIVIRUS

delref {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}\[CLSID]

delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DCCFIFBOJENKENPKMNBNNDEADPFDIFFOF%26INSTALLSOURCE%3DONDEMAND%26UC

delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DGOMEKMIDLODGLBBMALCNEEGIEACBDMKI%26INSTALLSOURCE%3DONDEMAND%26UC

delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DNLBEJMCCBHKNCGOKJCMGHPFLOAAJCFFJ%26INSTALLSOURCE%3DONDEMAND%26UC

delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DOELPKEPJLGMEHAJEHFEICFBJDIOBDKFJ%26INSTALLSOURCE%3DONDEMAND%26UC

delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DOJLCEBDKBPJDPILIGKDBBKDKFJMCHBFD%26INSTALLSOURCE%3DONDEMAND%26UC

delref {10921475-03CE-4E04-90CE-E2E7EF20C814}\[CLSID]

delref %SystemDrive%\USERS\DENIS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\CHROMEDEFAULTDATA\EXTENSIONS\OJLCEBDKBPJDPILIGKDBBKDKFJMCHBFD\12.0.11_0\����� MAIL.RU

regt 28
regt 29
deltmp
delnfr
;-------------------------------------------------------------

restart

=============
��, �� .
------------
+
�� http://virustotal.com

====quote====
C:\WINDOWS\SYSWOW64\DNSAPI.DLL
C:\WINDOWS\SYSTEM32\DNSAPI.DLL

=============
� �� , �� .
(�� , �� , �� .)
06.11.2016 19:45:24, santy.

�� .�.

Sun, 06 Nov 2016 18:24:23 +0300

�� .�. � �� .
�� windows �� , �� . �� , �� , ��.
DENIS-SKAT_2016-11-06_20-12-35.7z
06.11.2016 18:24:23, �� .

�� .�.

Sun, 06 Nov 2016 17:48:25 +0300

�� .�. � �� .
�� , �� .
+
�� .
06.11.2016 17:48:25, santy.

�� .�.

Sun, 06 Nov 2016 17:38:09 +0300

�� .�. � �� .
�� -�� , �� . �� -��.
DENIS-SKAT_2016-11-06_19-01-49.7z
2016-11-06_18-56-51_log.txt
06.11.2016 17:38:09, �� .

�� .�.

Sun, 06 Nov 2016 16:46:22 +0300

�� .�. � �� .
�� uVS:
- �� ;
- �� uVS(start.exe), �� : �� , �� - �� - �� ;
- �� ;
�� - �� _�� "��"
====code====


;uVS v3.87.7 [http://dsrt.dyndns.org]
;Target OS: NTv10.0
OFFSGNSAVE
sreg

delref %SystemDrive%\PROGRAM FILES (X86)\KINGSOFT\KINGSOFT ANTIVIRUS\KXESCORE.EXE
delref %Sys32%\DRIVERS\KSAPI64.SYS
delref %SystemDrive%\PROGRAM FILES (X86)\TENCENT\QQPCMGR\12.0.18061.220\QMUDISK64_EV.SYS
delref %SystemDrive%\PROGRAM FILES (X86)\TENCENT\QQPCMGR\12.0.18061.220\QQPCHW-X64_EV.SYS
delref %SystemDrive%\PROGRAM FILES (X86)\TENCENT\QQPCMGR\12.0.18061.220\SOFTAAL64_EV.SYS
delref %SystemDrive%\PROGRAM FILES (X86)\TENCENT\QQPCMGR\12.0.18061.220\TSNETHLPX64_EV.SYS
delref %SystemDrive%\PROGRAM FILES (X86)\KINGSOFT\KINGSOFT ANTIVIRUS\SECURITY\KXESCAN\KDHACKER64.SYS
delref %Sys32%\DRIVERS\KISKNL.SYS
delref %SystemDrive%\PROGRAM FILES (X86)\KINGSOFT\KINGSOFT ANTIVIRUS\SECURITY\KSNETM\KISNETM64.SYS
delref %SystemDrive%\PROGRAM FILES (X86)\KINGSOFT\KINGSOFT ANTIVIRUS\KXETRAY.EXE
delref %SystemDrive%\USERS\DENIS\APPDATA\LOCAL\TEMP\SERVICESC.EXE
areg

=============
��, �� .
------------
+
�� .
06.11.2016 16:46:22, santy.

�� .�.

Sun, 06 Nov 2016 16:10:17 +0300

�� .�. � �� .
��-�� , � �� (kingsoft), ��-�� -��. � �� lowcostbar, �� , �� . �� Google �� . �� "�� " ��, �� , �� . �� , �� . ��, ��.
DENIS-SKAT_2016-11-06_17-47-49.7z
06.11.2016 16:10:17, �� .

����� esetnod32.ru [����: ��������� ����� � �.�.]

��������� ����� � �.�.

��������� ����� � �.�.

��������� ����� � �.�.

��������� ����� � �.�.

��������� ����� � �.�.

��������� ����� � �.�.

��������� ����� � �.�.

��������� ����� � �.�.

��������� ����� � �.�.

��������� ����� � �.�.

��������� ����� � �.�.

��������� ����� � �.�.

��������� ����� � �.�.

��������� ����� � �.�.

��������� ����� � �.�.

�� esetnod32.ru [��: �� .�.]

�� .�.

�� .�.

�� .�.

�� .�.

�� .�.

�� .�.

�� .�.

�� .�.

�� .�.

�� .�.

�� .�.

�� .�.

�� .�.

�� .�.

�� .�.