�� esetnod32.ru [��: �� . CVE-2017-0144_eternalblue]

�� . CVE-2017-0144_eternalblue

Sat, 13 May 2017 03:03:39 +0300

�� . CVE-2017-0144_eternalblue CVE-2017-0144_eternalblue � �� .

====quote====
�� :
�� , �� , �� , �� ...
�� .

�� , �� .

��.
=============
��, �� , � ��, � �� WannaDecryptor
https://www.bleepingcomputer.com/news/security/wana-decrypt0r-ransomware-using-nsa-exploit-leaked-by-shadow-brokers-is-on-a-rampage/
---------
�� , �� , �� .

13.05.2017 03:03:39, santy.

�� . CVE-2017-0144_eternalblue

Fri, 12 May 2017 23:54:51 +0300

�� . CVE-2017-0144_eternalblue CVE-2017-0144_eternalblue � �� .

====quote====
RP55 RP55 ��:
��.
�� .
�� .
=============
�� )
12.05.2017 23:54:51, �� .

�� . CVE-2017-0144_eternalblue

Fri, 12 May 2017 23:53:50 +0300

�� . CVE-2017-0144_eternalblue CVE-2017-0144_eternalblue � �� .
�� , �� . �� ) �� ...
12.05.2017 23:53:50, �� .

�� . CVE-2017-0144_eternalblue

Fri, 12 May 2017 23:53:30 +0300

�� . CVE-2017-0144_eternalblue CVE-2017-0144_eternalblue � �� .
��.
�� .
�� .
12.05.2017 23:53:30, RP55 RP55.

�� . CVE-2017-0144_eternalblue

Fri, 12 May 2017 23:32:13 +0300

�� . CVE-2017-0144_eternalblue CVE-2017-0144_eternalblue � �� .
�� Google �� Google(�� gmail) � �� .
Fixlog.txt
12.05.2017 23:32:13, �� .

�� . CVE-2017-0144_eternalblue

Fri, 12 May 2017 23:14:38 +0300

�� . CVE-2017-0144_eternalblue CVE-2017-0144_eternalblue � �� .
1) � �� Google
��: http://my-chrome.ru/2013/05/kak-pravilno-otklyuchit-sinxronizaciyu-v-google-chrome/

2) �� fixlist.txt � �� Farbar Recovery Scan Tool:
...
�� FRST � �� Fix � ��.

====code====

  

Task: {0F424104-52D4-46BF-B2B6-DC26505F486A} - \Microsoft\Windows\Media Center\SqlLiteRecoveryTask -> No File <==== ATTENTION
Task: {2B947199-1322-426B-B22C-22CFEE15F7B4} - \Microsoft\Windows\Media Center\MediaCenterRecoveryTask -> No File <==== ATTENTION
Task: {39252D8C-AB8A-45B7-84C2-CE54134EB930} - \Microsoft\Windows\Media Center\ObjectStoreRecoveryTask -> No File <==== ATTENTION
Task: {CC71900D-AF76-48F2-9239-2C7A81989CB7} - \Microsoft\Windows\Media Center\PvrScheduleTask -> No File <==== ATTENTION
HKLM-x32\...\Run: [] => [X]

EmptyTemp:
Reboot:

=============
�� FRST �� -�� (Fixlog.txt). ��, �� !
��, �� ...
�
�� _�� .
12.05.2017 23:14:38, RP55 RP55.

�� . CVE-2017-0144_eternalblue

Fri, 12 May 2017 23:04:28 +0300

�� . CVE-2017-0144_eternalblue CVE-2017-0144_eternalblue � �� .
��
AdwCleaner[S0].txt
AdwCleaner[C0].txt
Addition.txt
FRST.txt
12.05.2017 23:04:28, �� .

�� . CVE-2017-0144_eternalblue

Fri, 12 May 2017 22:38:27 +0300

�� . CVE-2017-0144_eternalblue CVE-2017-0144_eternalblue � �� .
1) � Malwarebytes - ��.

2) �� AdwCleaner
http://forum.esetnod32.ru/forum9/topic7084/

�� :
�� Mail.Ru � Yandex �� ( �� )
�� :
�� (Folders) �� Mail.Ru � Yandex �� [V]

�� AdwCleaner �� (Clean), ��
� ��

3) �� FRST: http://forum.esetnod32.ru/forum9/topic2798/
12.05.2017 22:38:27, RP55 RP55.

�� . CVE-2017-0144_eternalblue

Fri, 12 May 2017 22:32:48 +0300

�� . CVE-2017-0144_eternalblue CVE-2017-0144_eternalblue � �� .
�� Malwarebytes �� CVE-2017-0144_eternalblue
��.txt
12.05.2017 22:32:48, �� .

�� . CVE-2017-0144_eternalblue

Fri, 12 May 2017 22:14:55 +0300

�� . CVE-2017-0144_eternalblue CVE-2017-0144_eternalblue � �� .
�� , �� , �� , �� ...
�� .

�� , �� .

��.
12.05.2017 22:14:55, ��.

�� . CVE-2017-0144_eternalblue

Fri, 12 May 2017 22:12:28 +0300

�� . CVE-2017-0144_eternalblue CVE-2017-0144_eternalblue � �� .

====quote====
�� :
�� ?
=============

�� .
� �� : OVGORSKIY.RU, �� , �� .
�� .
12.05.2017 22:12:28, RP55 RP55.

�� . CVE-2017-0144_eternalblue

Fri, 12 May 2017 22:09:25 +0300

�� . CVE-2017-0144_eternalblue CVE-2017-0144_eternalblue � �� .
�� - � �� .
uVS: start.exe, �� , ��, �� - �� .
�� , �� !
�� : �� !

====code====



;uVS v4.0.2 [http://dsrt.dyndns.org]
;Target OS: NTv6.1
v400c
OFFSGNSAVE
deltmp
;---------command-block---------
delref HTTP://OVGORSKIY.RU
delref HTTP://WWW.GOOGLE.RU/SEARCH?HL=RU&Q={SEARCHTERMS}&BTNG=%D0%9F%D0%BE%D0%B8%D1%81%D0%BA+%D0%B2+GOOGLE&LR=
delall %SystemDrive%\USERS\ANASTASIA\APPDATA\LOCAL\TEMP\HYD19C8.TMP.1469390034\HTA\3RDPARTY\OCCOMSDK.DLL
delref %SystemDrive%\USERS\ANASTASIA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\HANJIAJGNONAOBDLKLNCDJDMPBOMLHOA\3.2.32_0\MUSICSIG ��� ��������� (VKONTAKTE)
delref {23E5D772-327A-42F5-BDEE-C65C6796BB2A}\[CLSID]
delref {177AFECE-9599-46CF-90D7-68EC9EEB27B4}\[CLSID]
delref {CEF51277-5358-477B-858C-4E14F0C80BF7}\[CLSID]
delref {59116E30-02BD-4B84-BA1E-5D77E809B1A2}\[CLSID]
delref %SystemRoot%\SYSWOW64\PEERDISTSVC.DLL
delref %SystemRoot%\SYSWOW64\DRIVERS\NDIS.SYS
delref %SystemRoot%\SYSWOW64\UMPO.DLL
delref %SystemRoot%\SYSWOW64\IPHLPSVC.DLL
delref %SystemRoot%\SYSWOW64\CSCSVC.DLL
delref %SystemRoot%\SYSWOW64\PNRPSVC.DLL
delref %SystemRoot%\SYSWOW64\DRIVERS\PACER.SYS
delref %SystemRoot%\SYSWOW64\LSM.EXE
delref {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}\[CLSID]
delref {166B1BCA-3F9C-11CF-8075-444553540000}\[CLSID]
delref {233C1507-6A77-46A4-9443-F871F945D258}\[CLSID]
delref {4063BE15-3B08-470D-A0D5-B37161CFFD69}\[CLSID]
delref {88D969C0-F192-11D4-A65F-0040963251E5}\[CLSID]
delref {88D969C1-F192-11D4-A65F-0040963251E5}\[CLSID]
delref {88D969C2-F192-11D4-A65F-0040963251E5}\[CLSID]
delref {88D969C3-F192-11D4-A65F-0040963251E5}\[CLSID]
delref {88D969C4-F192-11D4-A65F-0040963251E5}\[CLSID]
delref {88D969C5-F192-11D4-A65F-0040963251E5}\[CLSID]
delref {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA}\[CLSID]
delref %SystemRoot%\SYSWOW64\WIN32K.SYS
delref {1FBA04EE-3024-11D2-8F1F-0000F87ABD16}\[CLSID]
delref D:\PROGRAM FILES (X86)\WINDOWS MAIL\WINMAIL.EXE
delref %SystemRoot%\SYSWOW64\BLANK.HTM
delref {E6FB5E20-DE35-11CF-9C87-00AA005127ED}\[CLSID]
delref %Sys32%\DRIVERS\TPM.SYS
delref D:\PROGRAM FILES (X86)\CISCO\CISCO LEAP MODULE\CISCOEAPLEAP.DLL
delref D:\PROGRAM FILES (X86)\CISCO\CISCO EAP-FAST MODULE\CISCOEAPFAST.DLL
delref D:\PROGRAM FILES (X86)\CISCO\CISCO PEAP MODULE\CISCOEAPPEAP.DLL
delref %Sys32%\MSSPELLCHECKINGFACILITY.DLL
delref D:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPENH.EXE
delref %Sys32%\BLANK.HTM
delref D:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPCPL.DLL
delref HELPSVC\[SERVICE]
delref SACSVR\[SERVICE]
delref TBS\[SERVICE]
delref VMMS\[SERVICE]
delref MESSENGER\[SERVICE]
delref RDSESSMGR\[SERVICE]
delref %Sys32%\PSXSS.EXE
delref %Sys32%\IGFXCFG.EXE
delref %Sys32%\SHAREMEDIACPL.CPL
delref D:\PROGRAM FILES (X86)\COMMON FILES\MICROSOFT SHARED\DAO\DAO360.DLL
delref D:\PROGRAM FILES (X86)\COMMON FILES\SYSTEM\ADO\MSADO15.DLL
delref D:\PROGRAM FILES (X86)\COMMON FILES\SYSTEM\WAB32.DLL
delref D:\PROGRAM FILES (X86)\COMMON FILES\SYSTEM\OLE DB\MSDAPS.DLL
delref D:\PROGRAM FILES (X86)\COMMON FILES\SYSTEM\OLE DB\SQLOLEDB.DLL
delref D:\PROGRAM FILES (X86)\COMMON FILES\SYSTEM\OLE DB\MSXACTPS.DLL
delref D:\PROGRAM FILES (X86)\COMMON FILES\SYSTEM\OLE DB\OLEDB32.DLL
delref D:\PROGRAM FILES (X86)\COMMON FILES\SYSTEM\MSADC\MSDAREM.DLL
delref D:\PROGRAM FILES (X86)\WINDOWS MAIL\WABFIND.DLL
delref D:\PROGRAM FILES (X86)\COMMON FILES\SYSTEM\MSADC\MSADCE.DLL
delref D:\PROGRAM FILES (X86)\COMMON FILES\SYSTEM\MSADC\MSDAPRST.DLL
delref D:\PROGRAM FILES (X86)\COMMON FILES\SYSTEM\ADO\MSADRH15.DLL
delref D:\PROGRAM FILES (X86)\COMMON FILES\SYSTEM\MSADC\MSADCF.DLL
delref D:\PROGRAM FILES (X86)\COMMON FILES\SYSTEM\MSADC\MSDFMAP.DLL
delref D:\PROGRAM FILES (X86)\COMMON FILES\SYSTEM\MSADC\MSADCO.DLL
delref D:\PROGRAM FILES (X86)\COMMON FILES\SYSTEM\OLE DB\MSDASQL.DLL
delref D:\PROGRAM FILES (X86)\COMMON FILES\SYSTEM\ADO\MSJRO.DLL
delref D:\PROGRAM FILES (X86)\COMMON FILES\SYSTEM\OLE DB\MSDAOSP.DLL
delref D:\PROGRAM FILES (X86)\COMMON FILES\SYSTEM\OLE DB\SQLXMLX.DLL
delref D:\PROGRAM FILES (X86)\WINDOWS NT\TABLETEXTSERVICE\TABLETEXTSERVICE.DLL
delref D:\PROGRAM FILES (X86)\COMMON FILES\SYSTEM\OLE DB\MSDAORA.DLL
delref D:\EDITOR.EXE
delref D:\REPORTER.EXE
delref D:\SCRIPTMAKER.EXE
delref D:\TESTER.EXE
delref D:\TESTDESK2.URL
apply

restart

=============

+
�� (�� ) �� Malwarebytes
http://forum.esetnod32.ru/forum9/topic10688/

�� : �� .
�� ( � �� ).
�� .txt ( �� )
12.05.2017 22:09:25, RP55 RP55.

�� . CVE-2017-0144_eternalblue

Fri, 12 May 2017 22:04:36 +0300

�� . CVE-2017-0144_eternalblue CVE-2017-0144_eternalblue � �� .

====quote====
RP55 RP55 ��:
CVE-2017-014
�� Microsoft Windows: ��
=============
�� ?
12.05.2017 22:04:36, �� .

�� . CVE-2017-0144_eternalblue

Fri, 12 May 2017 21:52:46 +0300

�� . CVE-2017-0144_eternalblue CVE-2017-0144_eternalblue � �� .
��
ANASTASIA-PC_2017-05-12_21-43-45.7z
12.05.2017 21:52:46, �� .

�� . CVE-2017-0144_eternalblue

Fri, 12 May 2017 21:52:02 +0300

�� . CVE-2017-0144_eternalblue CVE-2017-0144_eternalblue � �� .
CVE-2017-014
�� Microsoft Windows: ��
12.05.2017 21:52:02, RP55 RP55.

�� . CVE-2017-0144_eternalblue

Fri, 12 May 2017 21:37:18 +0300

�� . CVE-2017-0144_eternalblue CVE-2017-0144_eternalblue � �� .
�� uVS
http://forum.esetnod32.ru/forum9/topic2687/
12.05.2017 21:37:18, RP55 RP55.

�� . CVE-2017-0144_eternalblue

Fri, 12 May 2017 21:30:51 +0300

�� . CVE-2017-0144_eternalblue CVE-2017-0144_eternalblue � �� .
��, 12.05.2017, � �� ESET Smart Security �� . �� . �� NETBYNET(�� Puzzle � �� ). �� . �� , �� ? �� ? �� , �� )

12.05.2017 21:30:51, �� .

����� esetnod32.ru [����: ������� ������ �������������. CVE-2017-0144_eternalblue]

������� ������ �������������. CVE-2017-0144_eternalblue

������� ������ �������������. CVE-2017-0144_eternalblue

������� ������ �������������. CVE-2017-0144_eternalblue

������� ������ �������������. CVE-2017-0144_eternalblue

������� ������ �������������. CVE-2017-0144_eternalblue

������� ������ �������������. CVE-2017-0144_eternalblue

������� ������ �������������. CVE-2017-0144_eternalblue

������� ������ �������������. CVE-2017-0144_eternalblue

������� ������ �������������. CVE-2017-0144_eternalblue

������� ������ �������������. CVE-2017-0144_eternalblue

������� ������ �������������. CVE-2017-0144_eternalblue

������� ������ �������������. CVE-2017-0144_eternalblue

������� ������ �������������. CVE-2017-0144_eternalblue

������� ������ �������������. CVE-2017-0144_eternalblue

������� ������ �������������. CVE-2017-0144_eternalblue

������� ������ �������������. CVE-2017-0144_eternalblue

������� ������ �������������. CVE-2017-0144_eternalblue

�� esetnod32.ru [��: �� . CVE-2017-0144_eternalblue]

�� . CVE-2017-0144_eternalblue

�� . CVE-2017-0144_eternalblue

�� . CVE-2017-0144_eternalblue

�� . CVE-2017-0144_eternalblue

�� . CVE-2017-0144_eternalblue

�� . CVE-2017-0144_eternalblue

�� . CVE-2017-0144_eternalblue

�� . CVE-2017-0144_eternalblue

�� . CVE-2017-0144_eternalblue

�� . CVE-2017-0144_eternalblue

�� . CVE-2017-0144_eternalblue

�� . CVE-2017-0144_eternalblue

�� . CVE-2017-0144_eternalblue

�� . CVE-2017-0144_eternalblue

�� . CVE-2017-0144_eternalblue

�� . CVE-2017-0144_eternalblue

�� . CVE-2017-0144_eternalblue