�� esetnod32.ru [��: �� (�)]

�� (�)

Mon, 29 Jan 2018 16:03:33 +0300

�� (�) � �� .
+
��
http://forum.esetnod32.ru/forum9/topic1408/
�� , �� , �� .
29.01.2018 16:03:33, santy.

�� (�)

Mon, 29 Jan 2018 13:56:34 +0300

�� (�) � �� .

====quote====
�� :
�� (�� )
=============

�� - ��, �� .

�� Autoruns
http://download.sysinternals.com/files/Autoruns.zip
29.01.2018 13:56:34, RP55 RP55.

�� (�)

Mon, 29 Jan 2018 13:47:06 +0300

�� (�) � �� .
�� (�� )

�� . � �� . �.�. �� (�� ).

� �� ?
29.01.2018 13:47:06, �� .

�� (�)

Mon, 29 Jan 2018 13:01:16 +0300

�� (�) � �� .
�� ESET ��
��: Crystal Security; herdprotect.com ; threatinfo.net ; reasoncoresecurity.com

uVS - �� . ( � �� )

�� ?
29.01.2018 13:01:16, RP55 RP55.

�� (�)

Mon, 29 Jan 2018 12:54:18 +0300

�� (�) � �� .
�� - �� , �� . �� UVS � �� - � �� . �� ?
29.01.2018 12:54:18, �� .

�� (�)

Mon, 29 Jan 2018 12:49:44 +0300

�� (�) � �� .

====quote====
�� :
�� .
=============
�� , �� . � �� .
� �� , �� .
29.01.2018 12:49:44, santy.

�� (�)

Mon, 29 Jan 2018 12:46:57 +0300

�� (�) � �� .
� �� .

�� (https://otvet.mail.ru/question/45610186), �� , �� . �� (https://www.solvusoft.com/en/malware/viruses/joke-scrnfly/).

� �� ESET �� , �� . �� , �� -�� . �� . �� (� �.�. ��), �� . �� (�� ) �� . �� (� �� ) �� (��) ��. �� (�� ), �� Virus Total �� (https://www.virustotal.com/en/file/32fe96645278d1c8f0d072d819a6d41f1b03cfd4fa84832b6ec839b696d35d27/...)

�� , �� . �� . �� .
29.01.2018 12:46:57, �� .

�� (�)

Sun, 28 Jan 2018 21:15:53 +0300

�� (�) � �� .
�� fixlist.txt � �� Farbar Recovery Scan Tool:
...
�� FRST � �� Fix � ��.

====code====

  

AlternateDataStreams: C:\Program Files\Outlook Express:9uItbiGYxOy3B4jnKLHTT55I [2050]
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\Microsoft:Gk3OwlFjfgfp6SYGHKUT [2424]
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\Microsoft:osgJw8E4egs1nf6iceqhCJmLiHrJQ [2246]
GroupPolicy: Restriction ? <==== ATTENTION
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File
FF Extension: (No Name) - E:\Internet-browsers\K-Meleon\browser\extensions\{899DF1F8-2F43-4394-8315-37F6744E6319}.xpi [not found]
EmptyTemp:
Reboot:

=============
�� FRST �� -�� (Fixlog.txt). ��, �� !
��, �� ...
�
�� _�� .
28.01.2018 21:15:53, RP55 RP55.

�� (�)

Sun, 28 Jan 2018 18:42:42 +0300

�� (�) � �� .
http://rgho.st/private/8Xnmz7RQL/a4dc8c7cbf932af221e114b6d5284c40
http://rgho.st/private/6k22kVwNf/0b5dbca1d982e33b1747b7ed058dcd98
28.01.2018 18:42:42, �� .

�� (�)

Sun, 28 Jan 2018 18:33:45 +0300

�� (�) � �� .
�� . �� , �� , �� , �, ��, �� .

�� FRST.txt � Addition.txt ��.
28.01.2018 18:33:45, �� .

�� (�)

Sun, 28 Jan 2018 18:19:27 +0300

�� (�) � �� .
�� ,

��,

�� FRST
http://forum.esetnod32.ru/forum9/topic2798/
28.01.2018 18:19:27, santy.

�� (�)

Sun, 28 Jan 2018 17:51:45 +0300

�� (�) � �� .
�� UVS ��. �� . �� (item.dat, lsmosee.exe) �� . �� , �� . �� ? (�� )
MalwarebytesLog.txt
28.01.2018 17:51:45, �� .

�� (�)

Sun, 28 Jan 2018 17:15:05 +0300

�� (�) � �� .
�� uVS:
- �� ;
- �� uVS(start.exe), �� : �� , �� - �� - �� ;
- �� ;
�� - �� _�� "��"
====code====


;uVS v4.0.10 [http://dsrt.dyndns.org]
;Target OS: NTv5.1
v400c
OFFSGNSAVE
;------------------------autoscript---------------------------

zoo %SystemRoot%\HELP\LSMOSEE.EXE
addsgn 1A04C99A5583D98CF42B627DA804DEC9E946303A45364AF36994933725DAFA01339CBE5FB59416982846BF61301E7202725D487355DA31D5AD77A42FB51AA14E 8 Win32/Packed.Armadillo 7

chklst
delvir

deldirex %SystemDrive%\DOCUMENTS AND SETTINGS\A\LOCAL SETTINGS\APPLICATION DATA\UNITY\WEBPLAYER\LOADER

delref %SystemRoot%\DEBUG\ITEM.DAT
delref WMI_ACTIVESCRIPTEVENTCONSUMER\FUCKYOUMM2_CONSUMER.[FUCKYOUMM2_FILTER]
apply

; Java(TM) 6 Update 26
exec MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216026FF} /quiet
deltmp
delref %SystemDrive%\DOCUMENTS AND SETTINGS\A\LOCAL SETTINGS\APPLICATION DATA\UNITY\WEBPLAYER\LOADER\UNITYWEBPLUGINAX.OCX
delref %Sys32%\BLANK.HTM
delref %Sys32%\PSXSS.EXE
delref E:\INTERNET-BROWSERS\FIREFOX\BROWSER\FEATURES\AUSHELPER@MOZILLA.ORG.XPI
delref E:\INTERNET-BROWSERS\FIREFOX\BROWSER\FEATURES\E10SROLLOUT@MOZILLA.ORG.XPI
delref E:\INTERNET-BROWSERS\FIREFOX\BROWSER\FEATURES\FIREFOX@GETPOCKET.COM.XPI
delref E:\INTERNET-BROWSERS\FIREFOX\BROWSER\FEATURES\WEBCOMPAT@MOZILLA.ORG.XPI
delref E:\INTERNET-BROWSERS\FIREFOX\BROWSER\EXTENSIONS\{972CE4C6-7E08-4474-A285-3208198CE6FD}.XPI
delref %SystemDrive%\DOCUMENTS AND SETTINGS\A\LOCAL SETTINGS\APPLICATION DATA\UNITY\WEBPLAYER\LOADER\NPUNITY3D32.DLL
;-------------------------------------------------------------

restart

=============
��, �� .
------------
��,
(�� )
��
http://forum.esetnod32.ru/forum9/topic10688/
28.01.2018 17:15:05, santy.

�� (�)

Sun, 28 Jan 2018 17:12:09 +0300

�� (�) � �� .
��
28.01.2018 17:12:09, �� .

�� (�)

Sun, 28 Jan 2018 17:06:18 +0300

�� (�) � �� .
�� .

�� .
A-D69390334C484_2018-01-28_15-56-22.7z
28.01.2018 17:06:18, �� .

�� (�)

Sun, 28 Jan 2018 16:53:50 +0300

�� (�) � �� .

====quote====
�� :
�� .� �� (� �� LSMOSEE.EXE). �� ?
=============
�� .
�� . �� , � �� .

====quote====
1. �� , �� uVS
http://chklst.ru/data/uVS%20latest/uvs_latest.zip
(�� , �� uVS �� , �� , � �� )

2. ��
��
WindowsXP-KB4012598-x86-Custom-RUS.exe
https://www.microsoft.com/ru-ru/download/details.aspx?id=55245
(��, �� , � �� )
=============

28.01.2018 16:53:50, santy.

�� (�)

Sun, 28 Jan 2018 16:52:46 +0300

�� (�) � �� .
�� .

� �� (� �� LSMOSEE.EXE). �� ?
28.01.2018 16:52:46, �� .

�� (�)

Sun, 28 Jan 2018 16:48:29 +0300

�� (�) � �� .
�� ,

1. �� , �� uVS
http://chklst.ru/data/uVS%20latest/uvs_latest.zip
(�� , �� uVS �� , �� , � �� )

2. ��
��
WindowsXP-KB4012598-x86-Custom-RUS.exe
https://www.microsoft.com/ru-ru/download/details.aspx?id=55245
(��, �� , � �� )

�� .
28.01.2018 16:48:29, santy.

�� (�)

Sun, 28 Jan 2018 16:43:05 +0300

�� (�) � �� .
�� UVS (� �� ), �� Malwarebytes. �� .

�� .

P.S. �� MS-2017-010 �� .
MalwarebytesLog.txt
28.01.2018 16:43:05, �� .

�� (�)

Sat, 27 Jan 2018 06:46:34 +0300

�� (�) � �� .
�� ,
� �� - �� .
https://chklst.ru/discussion/1596/maynery-kriptovalyut-ispolzuyut-eternalblue-doublepulsar#latest

�� uVS
�� WMI �� uVS �� 4.0.0
27.01.2018 06:46:34, santy.

�� (�)

Sat, 27 Jan 2018 00:31:35 +0300

�� (�) � �� .
rundll32.exe c:\windows\debug\item.dat,ServiceMain aaaa

� �� uVS - 4.0.
�� 4.0.10
http://forum.esetnod32.ru/forum9/topic2687/
http://chklst.ru/data/uVS%20latest/uvs_latest.zip

--------

�� :
https://technet.microsoft.com/en-us/library/security/ms17-010.aspx

====quote====
��
WindowsXP-KB4012598-x86-Custom-RUS.exe
https://www.microsoft.com/ru-ru/download/details.aspx?id=55245
=============

27.01.2018 00:31:35, RP55 RP55.

�� (�)

Fri, 26 Jan 2018 20:27:40 +0300

�� (�) � �� .
��, ��, ��, �� UVS. �� , � �� .

�� , �� , ��. �� , �� . � �� .

��.
A-D69390334C484_2018-01-26_19-05-53.7z
26.01.2018 20:27:40, �� .

�� (�)

Fri, 26 Jan 2018 14:12:00 +0300

�� (�) � �� .

====quote====
�� :
� ��
=============
�� - �� .
�� : %SystemRoot%\HELP\LSMOSEE.EXE
26.01.2018 14:12:00, RP55 RP55.

�� (�)

Fri, 26 Jan 2018 13:10:07 +0300

�� (�) � �� .
��
WindowsXP-KB4012598-x86-Custom-RUS.exe
https://www.microsoft.com/ru-ru/download/details.aspx?id=55245
26.01.2018 13:10:07, santy.

�� (�)

Fri, 26 Jan 2018 10:43:28 +0300

�� (�) � �� .
1) � �� , �� : Unity, DU METER, �� Chrome � K-Meleon, � �� MS Office. �� ?

2) � �� MS-2017-010 � �� Microsoft �� Windows XP, �� .
26.01.2018 10:43:28, �� .

�� (�)

Fri, 26 Jan 2018 00:59:10 +0300

�� (�) � �� .

====quote====
�� :
�� c:\windows\debug\item.dat
=============
+
�� , �� .
�� MS-2017-010 �� .

====quote====
Microsoft Security Bulletin MS17-010 - Critical
Security Update for Microsoft Windows SMB Server (4013389)

Published: March 14, 2017

https://technet.microsoft.com/en-us/library/security/ms17-010.aspx
=============

26.01.2018 00:59:10, santy.

�� (�)

Thu, 25 Jan 2018 23:32:14 +0300

�� (�) � �� .
�� - � �� .
uVS: start.exe, �� , ��, �� - �� .
�� , �� !
�� : �� !
�� : �� !

====code====


;uVS v4.0.9 [http://dsrt.dyndns.org]
;Target OS: NTv5.1
v400c
OFFSGNSAVE
delref HTTP://NIGHTWAREZ.RU/INDEX.PHP?STORY={SEARCHTERMS}&DO=SEARCH&SUBACTION=SEARCH
delref HTTP://PRICE.RU/ENTER?FROM=OSS&PNAM={SEARCHTERMS}
delref HTTP://XTREME.WS/
delref HTTP://SEARCH.LIVE.COM/RESULTS.ASPX?Q={SEARCHTERMS}&SRC=IE-SEARCHBOX&FORM=IE8SRC
delref HTTP://SEARCH.LIVE.COM/RESULTS.ASPX?Q={SEARCHTERMS}&SRC={REFERRER:SOURCE?}
deldir %SystemDrive%\DOCUMENTS AND SETTINGS\A\LOCAL SETTINGS\APPLICATION DATA\UNITY\WEBPLAYER
bl EBDC2BE63B2FCB8FE22845C75850C9E6 236904
delall %SystemRoot%\HELP\LSMOSEE.EXE
deldir E:\INTERNET-BROWSERS\K-MELEON76 PRO RC\TOOLS\UNBLOCKSURF
uidel C:\Documents and Settings\A\Local Settings\Application Data\Unity\WebPlayer\Uninstall.exe /CurrentUser
deltmp
restart
;---------command-block---------
delref {FB983260-EF64-11D3-8527-00A0CC56BB53}\[CLSID]
delref {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}\[CLSID]
delref {0D012ABD-CEED-11D2-9C76-00105AA73033}\[CLSID]
delref {4063BE15-3B08-470D-A0D5-B37161CFFD69}\[CLSID]
delref {56A58823-AE99-11D5-B90B-0050DACD1F75}\[CLSID]
delref {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\[CLSID]
delref {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBC}\[CLSID]
delref {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA}\[CLSID]
delref {E01D1C6A-4F40-11D3-8958-00105A272DCF}\[CLSID]
delref %Sys32%\BLANK.HTM
delref {764BF0E1-F219-11CE-972D-00AA00A14F56}\[CLSID]
delref {853FE2B1-B769-11D0-9C4E-00C04FB6C6FA}\[CLSID]
delref {FAC3CBF6-8697-43D0-BAB9-DCD1FCE19D75}\[CLSID]
delref {B1883831-F0D8-4453-8245-EEAAD866DD6E}\[CLSID]
delref %Sys32%\DRIVERS\CHANGER.SYS
delref E:\INTERNET-DOWNLOAD\DU METER\DU METER\DUM_XP32.SYS
delref %Sys32%\DRIVERS\I2OMGMT.SYS
delref %Sys32%\DRIVERS\LBRTFDC.SYS
delref %Sys32%\DRIVERS\PCIDUMP.SYS
delref %Sys32%\DRIVERS\PDCOMP.SYS
delref %Sys32%\DRIVERS\PDFRAME.SYS
delref %Sys32%\DRIVERS\PDRELI.SYS
delref %Sys32%\DRIVERS\PDRFRAME.SYS
delref %Sys32%\DRIVERS\WDICA.SYS
delref %Sys32%\PSXSS.EXE
delref %SystemDrive%\PROGRAM FILES\GOOGLE\UPDATE\1.3.32.7\PSMACHINE.DLL
delref %SystemDrive%\PROGRAM FILES\GOOGLE\UPDATE\1.3.33.5\PSMACHINE.DLL
delref %SystemDrive%\PROGRAM FILES\GOOGLE\UPDATE\1.3.33.3\PSMACHINE.DLL
delref %Sys32%\CPLDAPU\WEBBROWSERPASSVIEW.EXE
delref %SystemDrive%\PROGRAM FILES\GOOGLE\UPDATE\1.3.31.5\PSMACHINE.DLL
delref F:\CHROME\CHROME\CHROME.EXE
delref E:\OFFICE\MS OFFICE\MS OFFICE\MICROSOFT OFFICE 2007\SETUP.EXE
delref %Sys32%\CPLDAPU\PRODUKEY.EXE
apply

=============

+
�� (�� ) �� Malwarebytes
http://forum.esetnod32.ru/forum9/topic10688/

�� : �� .
�� ( � �� ).
�� .txt ( �� )
25.01.2018 23:32:14, RP55 RP55.

�� (�)

Thu, 25 Jan 2018 20:32:07 +0300

�� (�) � �� .
��.

�� Spyware Process Detector � �� item.dat. �� c:\windows\debug\item.dat, �� . � �� ,�� . �� (�� NOD32 �� 9.0.386.1). �� ESETOnlineScanner. �� .

�� , �� "��" - �� -�� (�� ) �� (�� , �� , �� ). �� F5. �� -�� , � �� - �� item.dat. ��, �� - �� "��" �� .

�� - �� UVS.

�� .

�� .

A-D69390334C484_2018-01-25_21-55-02.7z
25.01.2018 20:32:07, �� .

����� esetnod32.ru [����: �������� ������� �����(�)]

�������� ������� �����(�)

�������� ������� �����(�)

�������� ������� �����(�)

�������� ������� �����(�)

�������� ������� �����(�)

�������� ������� �����(�)

�������� ������� �����(�)

�������� ������� �����(�)

�������� ������� �����(�)

�������� ������� �����(�)

�������� ������� �����(�)

�������� ������� �����(�)

�������� ������� �����(�)

�������� ������� �����(�)

�������� ������� �����(�)

�������� ������� �����(�)

�������� ������� �����(�)

�������� ������� �����(�)

�������� ������� �����(�)

�������� ������� �����(�)

�������� ������� �����(�)

�������� ������� �����(�)

�������� ������� �����(�)

�������� ������� �����(�)

�������� ������� �����(�)

�������� ������� �����(�)

�������� ������� �����(�)

�������� ������� �����(�)

�� esetnod32.ru [��: �� (�)]

�� (�)

�� (�)

�� (�)

�� (�)

�� (�)

�� (�)

�� (�)

�� (�)

�� (�)

�� (�)

�� (�)

�� (�)

�� (�)

�� (�)

�� (�)

�� (�)

�� (�)

�� (�)

�� (�)

�� (�)

�� (�)

�� (�)

�� (�)

�� (�)

�� (�)

�� (�)

�� (�)

�� (�)