�� WIn32/Kryptik.FOIB ��

Wed, 14 Jun 2017 18:06:36 +0300

�� WIn32/Kryptik.FOIB ��  � �� .
�� ,
�� (4.0.5) �� uVS ��,
http://chklst.ru/data/uVS%20latest/uvs_latest.zip

� �� .
14.06.2017 18:06:36, santy.

�� WIn32/Kryptik.FOIB ��

Wed, 14 Jun 2017 16:06:17 +0300

�� WIn32/Kryptik.FOIB ��  � �� .
�� , �� :

"�� , �� uVS, �� ."
14.06.2017 16:06:17, �� .

�� WIn32/Kryptik.FOIB ��

Wed, 14 Jun 2017 13:34:54 +0300

�� WIn32/Kryptik.FOIB ��  � �� .
�� uVS:
- �� ;
- �� uVS(start.exe), �� : �� , �� - �� - �� ;
- �� ;
�� - �� _�� "��"
====code====


;uVS v4.0.5 [http://dsrt.dyndns.org]
;Target OS: NTv5.1
v400c
OFFSGNSAVE
;------------------------autoscript---------------------------

deldirex %SystemDrive%\PROGRAM FILES\CONDUIT\COMMUNITY ALERTS

delref %SystemDrive%\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\CIS30.EXE
delref %SystemDrive%\DOCUMENTS AND SETTINGS\ADMIN\APPLICATION DATA\{74AABF24-45E2-FA1E-B28C-350799EDCD80}\D9156FBB.EXE
delref F:\AUTORUN.EXE
delref G:\AUTORUN.EXE
delref HTTP://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DDHDGFFKKEBHMKFJOJEJMPBLDMPOBFKFO%26INSTALLSOURCE%3DONDEMAND%26UC
delref HTTP://SEARCH.CONDUIT.COM/RESULTSEXT.ASPX?Q={SEARCHTERMS}&SEARCHSOURCE=4&CTID=CT2475029
apply

; Conduit Engine
exec C:\PROGRA~1\CONDUI~1\ConduitEngineUninstall.exe
; Java(TM) 6 Update 27
exec MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216027FF} /quiet
deltmp
delref %SystemDrive%\PROGRAM FILES\HACKER ELIMINATOR\HESHELL.DLL
delref {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}\[CLSID]
delref {166B1BCA-3F9C-11CF-8075-444553540000}\[CLSID]
delref {233C1507-6A77-46A4-9443-F871F945D258}\[CLSID]
delref {4063BE15-3B08-470D-A0D5-B37161CFFD69}\[CLSID]
delref {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\[CLSID]
delref %SystemDrive%\PROGRAM FILES\CONDUITENGINE\PRXCONDUITENGINE.DLL
delref %SystemDrive%\PROGRAM FILES\MYASHAMPOO\PRXTBMYAS.DLL
delref {CA8A9780-280D-11CF-A24D-444553540000}\[CLSID]
delref {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBC}\[CLSID]
delref {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA}\[CLSID]
delref %SystemDrive%\PROGRA~1\REALTEK\REALTE~1\IR_SERVER.EXE
delref %SystemDrive%\PROGRAM FILES\COMMON FILES\WONDERSHARE\WONDERSHARE HELPER COMPACT\WSHELPER.EXE
delref %Sys32%\BLANK.HTM
delref {42071714-76D4-11D1-8B24-00A0C9068FF3}\[CLSID]
delref {764BF0E1-F219-11CE-972D-00AA00A14F56}\[CLSID]
delref {853FE2B1-B769-11D0-9C4E-00C04FB6C6FA}\[CLSID]
delref {FAC3CBF6-8697-43D0-BAB9-DCD1FCE19D75}\[CLSID]
delref %SystemDrive%\PROGRAM FILES\COMMON FILES\ARCSOFT\CONNECTION SERVICE\BIN\ACSERVICE.EXE
delref %Sys32%\DRIVERS\CHANGER.SYS
delref %Sys32%\DRIVERS\DGIVECP.SYS
delref %Sys32%\DRIVERS\EWUSBNET.SYS
delref %Sys32%\DRIVERS\EW_HWUSBDEV.SYS
delref %Sys32%\DRIVERS\EW_JUBUSENUM.SYS
delref %Sys32%\DRIVERS\EWUSBMDM.SYS
delref %Sys32%\DRIVERS\I2OMGMT.SYS
delref %Sys32%\DRIVERS\LBRTFDC.SYS
delref %Sys32%\DRIVERS\MASSFILTER.SYS
delref %Sys32%\DRIVERS\PCIDUMP.SYS
delref %Sys32%\DRIVERS\PDCOMP.SYS
delref %Sys32%\DRIVERS\PDFRAME.SYS
delref %Sys32%\DRIVERS\PDRELI.SYS
delref %Sys32%\DRIVERS\PDRFRAME.SYS
delref %SystemDrive%\PROGRAM FILES\PEERGUARDIAN2\PGFILTER.SYS
delref %SystemDrive%\PROGRA~1\RETINA\MODULES\RETINA\SCANNER\RET45.SYS
delref %Sys32%\DRIVERS\SSPORT.SYS
delref %Sys32%\DRIVERS\USBCAMCL.SYS
delref %Sys32%\DRIVERS\VBOXNETFLT.SYS
delref %Sys32%\DRIVERS\WDICA.SYS
delref %Sys32%\DRIVERS\ZTEUSBMDM6K.SYS
delref %Sys32%\DRIVERS\ZTEUSBNMEA.SYS
delref %Sys32%\DRIVERS\ZTEUSBSER6K.SYS
delref %Sys32%\PSXSS.EXE
delref %SystemDrive%\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\DAO\DAO350.DLL
delref %Sys32%\MCL2AE.AX
delref %SystemDrive%\PROGRAM FILES\GOOGLE\UPDATE\1.3.28.1\PSMACHINE.DLL
delref %Sys32%\MCM2VE.AX
delref %Sys32%\EAPA3HST.DLL
delref %SystemDrive%\PROGRAM FILES\GOOGLE\UPDATE\1.3.28.15\PSMACHINE.DLL
delref %SystemDrive%\PROGRAM FILES\GOOGLE\UPDATE\1.3.32.7\PSMACHINE.DLL
delref %SystemDrive%\PROGRAM FILES\USB 2.0 PC CAMERA\VANFILTER.DLL
delref %SystemDrive%\PROGRAM FILES\CONDUIT\COMMUNITY ALERTS\ALERT.DLL
delref %SystemDrive%\PROGRA~1\NETSUR~1\NETSUR~1.OCX
delref %SystemDrive%\PROGRA~1\MARS_1~1\MARS18SERVERPS.DLL
delref %Sys32%\EAPAHOST.DLL
delref %SystemDrive%\PROGRAM FILES\GOOGLE\UPDATE\1.3.29.1\PSMACHINE.DLL
delref %Sys32%\MCMPEG2MUX.AX
delref %SystemDrive%\PROGRA~1\COMMON~1\WONDER~1\WONDER~1\WSHELPER.EXE
delref %SystemDrive%\PROGRA~1\MARS_1~1\ICOMMONPS.DLL
delref %SystemDrive%\PROGRAM FILES\DVR_UTIL\EMERGENCYAGENT\MIDAS.DLL
delref %SystemDrive%\PROGRAM FILES\COMODO\COMODO INTERNET SECURITY\CMDAGENT.EXE
delref %SystemDrive%\PROGRAM FILES\GOOGLE\UPDATE\1.3.29.5\PSMACHINE.DLL
delref D:\GAMES\WORLD_~1\WOTTWE~1.EXE
delref F:\LG_PC_PROGRAMS.EXE
delref F:\HTC_SYNC_MANAGER_PC.EXE
delref {16A017B9-6CB4-47C7-8E81-6E9396FAC2B6}\[CLSID]
delref {30F9B915-B755-4826-820B-08FBA6BD249D}\[CLSID]
delref {A1E75A0E-4397-4BA8-BB50-E19FB66890F4}\[CLSID]
delref Z:\CONS.EXE
;-------------------------------------------------------------

restart

=============
��, �� .
----------
��,
��
http://forum.esetnod32.ru/forum9/topic10688/
14.06.2017 13:34:54, santy.

�� WIn32/Kryptik.FOIB ��

Wed, 14 Jun 2017 12:51:34 +0300

�� WIn32/Kryptik.FOIB ��  � �� .
�� : �� -�� -�� . �� /documents and settings/admin/appdata/roaming �� win32/Kryptik.FOIB, ��, ��. �� . �� , �� . �� -�� .

�� .
HAK2_2017-06-14_12-15-04.7z
14.06.2017 12:51:34, �� .

����� esetnod32.ru [����: ����� WIn32/Kryptik.FOIB ����� ������]

����� WIn32/Kryptik.FOIB ����� ������

����� WIn32/Kryptik.FOIB ����� ������

����� WIn32/Kryptik.FOIB ����� ������

����� WIn32/Kryptik.FOIB ����� ������

�� esetnod32.ru [��: �� WIn32/Kryptik.FOIB �� ]

�� WIn32/Kryptik.FOIB ��

�� WIn32/Kryptik.FOIB ��

�� WIn32/Kryptik.FOIB ��

�� WIn32/Kryptik.FOIB ��