TrojanDownloader.Stantinko � ��

Fri, 26 Oct 2018 09:43:13 +0300

TrojanDownloader.Stantinko � ��  � �� .

====quote====
�� :
��.. � �� .
=============
��, �� .
�� ,
�� .
26.10.2018 09:43:13, santy.

TrojanDownloader.Stantinko � ��

Fri, 26 Oct 2018 09:23:31 +0300

TrojanDownloader.Stantinko � ��  � �� .

====quote====
santy ��:
��
http://forum.esetnod32.ru/forum9/topic1408/
=============
��.. � �� .
26.10.2018 09:23:31, �� .

TrojanDownloader.Stantinko � ��

Fri, 26 Oct 2018 08:29:34 +0300

TrojanDownloader.Stantinko � ��  � �� .
��
http://forum.esetnod32.ru/forum9/topic1408/
26.10.2018 08:29:34, santy.

TrojanDownloader.Stantinko � ��

Fri, 26 Oct 2018 08:24:14 +0300

TrojanDownloader.Stantinko � ��  � �� .
�� start.exe?
2018-10-25_14-00-09_log.txt
26.10.2018 08:24:14, �� .

TrojanDownloader.Stantinko � ��

Thu, 25 Oct 2018 15:37:29 +0300

TrojanDownloader.Stantinko � ��  � �� .
�� ,
�� -�� , �� svchost.exe
25.10.2018 15:37:29, santy.

TrojanDownloader.Stantinko � ��

Thu, 25 Oct 2018 15:23:31 +0300

TrojanDownloader.Stantinko � ��  � �� .
�� . �� , �� .
�� -�� .
WIN-2U47ACCS8GL_2018-10-25_14-37-08_v4.1.1.7z
25.10.2018 15:23:31, �� .

TrojanDownloader.Stantinko � ��

Thu, 25 Oct 2018 13:39:51 +0300

TrojanDownloader.Stantinko � ��  � �� .
1. ��

2. �� uVS:
- �� ;
- �� uVS(start.exe), �� : �� , �� - �� - �� ;
- �� ;
�� - �� _�� "��"
====code====


;uVS v4.1.1 [http://dsrt.dyndns.org]
;Target OS: NTv6.1
v400c
OFFSGNSAVE
icsuspend
;------------------------autoscript---------------------------

delref {D5FEC983-01DB-414A-9456-AF95AC9ED7B5}\[CLSID]
delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DLIFBCIBLLHKDHOAFPJFNLHFPFGNPLDFL%26INSTALLSOURCE%3DONDEMAND%26UC
delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DNNNHMFLJNHOODGDIJCBOMAKIMDNECOHD%26INSTALLSOURCE%3DONDEMAND%26UC
delref %Sys32%\WSAUDIO.DLL
apply

deltmp
delref F:\ADWCLEANER_7.2.4.0.EXE
delref %SystemDrive%\PROGRAM FILES\COMMON FILES\ADOBE\OOBE\PDAPP\UWA\UPDATERSTARTUPUTILITY.EXE
delref {23E5D772-327A-42F5-BDEE-C65C6796BB2A}\[CLSID]
delref {177AFECE-9599-46CF-90D7-68EC9EEB27B4}\[CLSID]
delref {CEF51277-5358-477B-858C-4E14F0C80BF7}\[CLSID]
delref {59116E30-02BD-4B84-BA1E-5D77E809B1A2}\[CLSID]
delref %Sys32%\GWX\GWX.EXE
delref %Sys32%\GWX\GWXCONFIGMANAGER.EXE
delref %SystemDrive%\USERS\�������\DOWNLOADS\ONLINERECOVERY_V1.0.0.53.EXE
delref F:\HTCDRIVERINSTALLER.EXE
delref %SystemDrive%\USERS\�������\DOWNLOADS\JXPIINSTALL(1).EXE
delref %SystemDrive%\USERS\�������\DOWNLOADS\JXPIINSTALL(4).EXE
delref %SystemDrive%\����������\PC-BANKING.EXE
delref %SystemDrive%\USERS\�������\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\BDP1FQ4X\JAVASETUP8U171 (1).EXE
delref %SystemDrive%\USERS\�������\DOWNLOADS\JXPIINSTALL(8).EXE
delref %SystemDrive%\USERS\�������\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\BDP1FQ4X\JRE-8U161-WINDOWS-I586.EXE
delref %SystemDrive%\PROGRAM FILES\GOOGLE\DRIVE\CONTEXTMENU32.DLL
delref {0B0EFF97-C750-462C-9488-B10E7D87F1A6}\[CLSID]
delref %Sys32%\DRIVERS\RDVGKMD.SYS
delref {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}\[CLSID]
delref {0D012ABD-CEED-11D2-9C76-00105AA73033}\[CLSID]
delref {166B1BCA-3F9C-11CF-8075-444553540000}\[CLSID]
delref {233C1507-6A77-46A4-9443-F871F945D258}\[CLSID]
delref {4063BE15-3B08-470D-A0D5-B37161CFFD69}\[CLSID]
delref {444785F1-DE89-4295-863A-D46C3A781394}\[CLSID]
delref {56A58823-AE99-11D5-B90B-0050DACD1F75}\[CLSID]
delref %SystemDrive%\PROGRAM FILES\GOOGLE\UPDATE\1.3.33.17\NPGOOGLEUPDATE3.DLL
delref {CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA}\[CLSID]
delref {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBC}\[CLSID]
delref {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA}\[CLSID]
delref {E01D1C6A-4F40-11D3-8958-00105A272DCF}\[CLSID]
delref %Sys32%\MSSPELLCHECKINGFACILITY.DLL
delref %SystemDrive%\PROGRAM FILES\GOOGLE\PICASA3\NPPICASA3.DLL
delref {1FBA04EE-3024-11D2-8F1F-0000F87ABD16}\[CLSID]
delref {E0DD6CAB-2D10-11D2-8F1A-0000F87ABD16}\[CLSID]
delref %Sys32%\BLANK.HTM
delref {E6FB5E20-DE35-11CF-9C87-00AA005127ED}\[CLSID]
delref {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}\[CLSID]
delref HELPSVC\[SERVICE]
delref SACSVR\[SERVICE]
delref VMMS\[SERVICE]
delref MESSENGER\[SERVICE]
delref RDSESSMGR\[SERVICE]
delref %SystemDrive%\PROGRAM FILES\GOOGLE\UPDATE\GOOGLEUPDATE.EXE
delref %SystemDrive%\PROGRAM FILES\GOOGLE\COMMON\GOOGLE UPDATER\GOOGLEUPDATERSERVICE.EXE
delref %Sys32%\DRIVERS\TAPHSS6.SYS
delref %SystemDrive%\PROGRAM FILES\ANVIR TASK MANAGER\OPENHARDWAREMONITOR\OPENHARDWAREMONITORLIB.SYS
delref %Sys32%\PSXSS.EXE
delref %SystemDrive%\PROGRAM FILES\GOOGLE\UPDATE\1.3.26.9\PSMACHINE.DLL
delref %SystemDrive%\PROGRAM FILES\GOOGLE\UPDATE\1.3.21.145\PSMACHINE.DLL
delref %SystemDrive%\PROGRAM FILES\GOOGLE\UPDATE\1.3.22.5\PSMACHINE.DLL
delref %SystemDrive%\PROGRAM FILES\GOOGLE\UPDATE\1.3.33.17\GOOGLEUPDATEONDEMAND.EXE
delref %SystemDrive%\PROGRAM FILES\OPENOFFICE.ORG
delref %SystemDrive%\PROGRAM FILES\GOOGLE\UPDATE\1.3.32.7\PSMACHINE.DLL
delref %SystemDrive%\PROGRAM FILES\GOOGLE\UPDATE\1.3.33.17\PSMACHINE.DLL
delref %SystemDrive%\PROGRAM FILES\GOOGLE\UPDATE\1.3.21.165\PSMACHINE.DLL
delref %SystemDrive%\PROGRAM FILES\GOOGLE\UPDATE\1.3.27.5\PSMACHINE.DLL
delref %SystemDrive%\PROGRAM FILES\GOOGLE\UPDATE\1.3.33.5\PSMACHINE.DLL
delref %SystemDrive%\PROGRAM FILES\GOOGLE\UPDATE\1.3.21.153\PSMACHINE.DLL
delref %SystemDrive%\PROGRAM FILES\GOOGLE\UPDATE\1.3.33.17\GOOGLEUPDATEBROKER.EXE
delref %SystemDrive%\PROGRAM FILES\GOOGLE\UPDATE\1.3.33.7\PSMACHINE.DLL
delref %SystemDrive%\PROGRAM FILES\GOOGLE\UPDATE\1.3.25.11\PSMACHINE.DLL
delref %SystemDrive%\PROGRAM FILES\GOOGLE\UPDATE\1.3.21.135\PSMACHINE.DLL
delref %SystemDrive%\PROGRAM FILES\GOOGLE\UPDATE\1.3.33.3\PSMACHINE.DLL
delref %SystemDrive%\PROGRAM FILES\GOOGLE\UPDATE\1.3.23.9\PSMACHINE.DLL
delref %SystemDrive%\PROGRAM FILES\GOOGLE\UPDATE\1.3.21.149\PSMACHINE.DLL
delref %SystemDrive%\PROGRAM FILES\GOOGLE\UPDATE\1.3.24.7\PSMACHINE.DLL
delref %SystemDrive%\PROGRAM FILES\GOOGLE\UPDATE\1.3.25.5\PSMACHINE.DLL
delref %Sys32%\GWX\GWXUI.DLL
delref %Sys32%\GWX\GWXUX.EXE
delref %SystemDrive%\PROGRAM FILES\GOOGLE\UPDATE\1.3.29.5\PSMACHINE.DLL
delref %SystemDrive%\PROGRAM FILES\GOOGLE\UPDATE\1.3.31.5\PSMACHINE.DLL
delref %SystemDrive%\PROGRAM FILES\GOOGLE\UPDATE\1.3.30.3\PSMACHINE.DLL
delref %SystemDrive%\PROGRAM FILES\GOOGLE\UPDATE\1.3.22.3\PSMACHINE.DLL
delref %SystemDrive%\PROGRAM FILES\GOOGLE\UPDATE\1.3.24.15\PSMACHINE.DLL
delref F:\HTC_SYNC_MANAGER_PC.EXE
delref H:\HTC_SYNC_MANAGER_PC.EXE
delref G:\AUTORUN.EXE
delref %SystemDrive%\PROGRAM FILES\GOOGLE\PICASA3\PICASA3.EXE
delref %SystemDrive%\PROGRAM FILES\GRETECH\GOMPLAYER\GOMWIZ.EXE
delref %SystemDrive%\PROGRAM FILES\GOOGLE\DRIVE\GOOGLEDRIVESYNC.EXE
delref %SystemDrive%\PROGRAM FILES\K-LITE CODEC PACK\FFDSHOW\FFDSHOW.AX
delref %SystemDrive%\PROGRAM FILES\GOOGLE\PICASA3\PICASAPHOTOVIEWER.EXE
delref %SystemDrive%\PROGRAM FILES\GOOGLE\PICASA3\UNINSTALL.EXE
;-------------------------------------------------------------

restart

=============
��, �� .
------------
+
��
+

�� AudioDrv

pid=392 C:\Windows\System32\svchost.exe -k AudioDrv
(!) ��: �� C:\WINDOWS\SYSTEM32\SVCHOST.EXE [392], tid=2376
25.10.2018 13:39:51, santy.

TrojanDownloader.Stantinko � ��

Thu, 25 Oct 2018 12:45:08 +0300

TrojanDownloader.Stantinko � ��  � �� .
�� . �� , �� , �� , adwcleaner, �� , �� . �� Win32/TrojanDownloader.Stantinko.EE � SVCHOST.exe (392)
�� Windows 7. �� .
�� uVS
WIN-2U47ACCS8GL_2018-10-25_12-03-04_v4.1.1.7z
25.10.2018 12:45:08, �� .

����� esetnod32.ru [����: TrojanDownloader.Stantinko � ����������� ������]

TrojanDownloader.Stantinko � ����������� ������

TrojanDownloader.Stantinko � ����������� ������

TrojanDownloader.Stantinko � ����������� ������

TrojanDownloader.Stantinko � ����������� ������

TrojanDownloader.Stantinko � ����������� ������

TrojanDownloader.Stantinko � ����������� ������

TrojanDownloader.Stantinko � ����������� ������

TrojanDownloader.Stantinko � ����������� ������

�� esetnod32.ru [��: TrojanDownloader.Stantinko � �� ]

TrojanDownloader.Stantinko � ��

TrojanDownloader.Stantinko � ��

TrojanDownloader.Stantinko � ��

TrojanDownloader.Stantinko � ��

TrojanDownloader.Stantinko � ��

TrojanDownloader.Stantinko � ��

TrojanDownloader.Stantinko � ��

TrojanDownloader.Stantinko � ��