Eset �� Win64/Adware.PBot

Wed, 19 Dec 2018 18:17:50 +0300

Eset �� Win64/Adware.PBot � �� .
+
�� uVS:
- �� ;
- �� uVS(start.exe), �� : �� , �� - �� - �� ;
- �� ;
�� - �� _�� "��"
====code====


;uVS v4.1.2 [http://dsrt.dyndns.org]
;Target OS: NTv6.1
v400c
OFFSGNSAVE
;------------------------autoscript---------------------------

delref LOAD.PYC
delall %SystemDrive%\USERS\RUSLAN\APPDATA\ROAMING\YOUTUBEDOWNLOADER_UPD\PYTHON\PYTHONW.EXE
delall %SystemDrive%\USERS\RUSLAN\APPDATA\ROAMING\YOUTUBEDOWNLOADER\PYTHON\PYTHONW.EXE
delref START.PYC
delall %SystemDrive%\PROGRA~3\04A85E~1\SYSTEM~1.EXE
delref %SystemDrive%\USERS\RUSLAN\APPDATA\ROAMING\YOUTUBEDOWNLOADER\PYTHON\PYTHON.EXE
delref %SystemDrive%\USERS\RUSLAN\APPDATA\ROAMING\KODOBI\PYTHON\PYTHONW.EXE
delref HTTP://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DGNDELHFHCFBDHNDFPCINEBIJFCJPMPEC%26INSTALLSOURCE%3DONDEMAND%26UC
delref HTTP://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DJDFONANKHFNHIHDCPAAGPABBAOCLNJFP%26INSTALLSOURCE%3DONDEMAND%26UC
delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DNLADLJMABBOANHIHFKJACNNKGJHNOKHJ%26INSTALLSOURCE%3DONDEMAND%26UC
delref %SystemDrive%\USERS\RUSLAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\MDHPACFHLJHCOMBKALCMKAHKHODPKBIM\15.1.13.1_0\����� MAIL.RU
delref HTTP://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DDHDGFFKKEBHMKFJOJEJMPBLDMPOBFKFO%26INSTALLSOURCE%3DONDEMAND%26UC
delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DGNDOICAPFDALDIOKBCDNLLFHNAPOKCBK%26INSTALLSOURCE%3DONDEMAND%26UC
delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DIKPCPGKLMEFNCBFGBDIFKAPHBAAPGAFH%26INSTALLSOURCE%3DONDEMAND%26UC
delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DMDHPACFHLJHCOMBKALCMKAHKHODPKBIM%26INSTALLSOURCE%3DONDEMAND%26UC
delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DMJBEPBHONBOJPOAENHCKJOCCHGFIAOFO%26INSTALLSOURCE%3DONDEMAND%26UC
apply

deltmp
delref %SystemDrive%\USERS\RUSLAN\APPDATA\LOCAL\{904D3770-E09F-441C-9AEC-A43930831E8A}
delref %SystemDrive%\PROGRAMDATA\B7C4B71B-7753-1\B7C4B71B-7753-1.D
delref %SystemDrive%\PROGRAMDATA\B7C4B71B-16A5-0\B7C4B71B-16A5-0.D
delref %SystemDrive%\USERS\ADMINISTRATOR\APPDATA\LOCAL\YANDEX\YANDEXBROWSER\APPLICATION\BROWSER.EXE
delref %SystemDrive%\USERS\RUSLAN\APPDATA\LOCAL\MAIL.RU\MAILRUUPDATER.EXE
delref {23E5D772-327A-42F5-BDEE-C65C6796BB2A}\[CLSID]
delref {177AFECE-9599-46CF-90D7-68EC9EEB27B4}\[CLSID]
delref {CEF51277-5358-477B-858C-4E14F0C80BF7}\[CLSID]
delref {59116E30-02BD-4B84-BA1E-5D77E809B1A2}\[CLSID]
delref %SystemRoot%\SYSWOW64\TBSSVC.DLL
delref %SystemRoot%\SYSWOW64\PEERDISTSVC.DLL
delref %SystemRoot%\SYSWOW64\DRIVERS\NDIS.SYS
delref %SystemRoot%\SYSWOW64\UMPO.DLL
delref %SystemRoot%\SYSWOW64\IPHLPSVC.DLL
delref %SystemRoot%\SYSWOW64\CSCSVC.DLL
delref %SystemRoot%\SYSWOW64\DRIVERS\RDVGKMD.SYS
delref %SystemRoot%\SYSWOW64\PNRPSVC.DLL
delref %SystemRoot%\SYSWOW64\DRIVERS\PACER.SYS
delref %SystemRoot%\SYSWOW64\LSM.EXE
delref %SystemDrive%\PROGRAMDATA\QUOTEEX\SOLDAX.DLL
delref {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}\[CLSID]
delref {166B1BCA-3F9C-11CF-8075-444553540000}\[CLSID]
delref {233C1507-6A77-46A4-9443-F871F945D258}\[CLSID]
delref {4063BE15-3B08-470D-A0D5-B37161CFFD69}\[CLSID]
delref {88D969C0-F192-11D4-A65F-0040963251E5}\[CLSID]
delref {88D969C1-F192-11D4-A65F-0040963251E5}\[CLSID]
delref {88D969C2-F192-11D4-A65F-0040963251E5}\[CLSID]
delref {88D969C3-F192-11D4-A65F-0040963251E5}\[CLSID]
delref {88D969C4-F192-11D4-A65F-0040963251E5}\[CLSID]
delref {88D969C5-F192-11D4-A65F-0040963251E5}\[CLSID]
delref {8AD9C840-044E-11D1-B3E9-00805F499D93}\[CLSID]
delref {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA}\[CLSID]
delref {D27CDB6E-AE6D-11CF-96B8-444553540000}\[CLSID]
delref %SystemRoot%\SYSWOW64\WIN32K.SYS
delref %SystemRoot%\SYSWOW64\BLANK.HTM
delref {E6FB5E20-DE35-11CF-9C87-00AA005127ED}\[CLSID]
delref %Sys32%\BLANK.HTM
delref %Sys32%\DRIVERS\RDVGKMD.SYS
delref HELPSVC\[SERVICE]
delref SACSVR\[SERVICE]
delref VMMS\[SERVICE]
delref MESSENGER\[SERVICE]
delref RDSESSMGR\[SERVICE]
delref %Sys32%\PSXSS.EXE
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.32.7\PSMACHINE_64.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.33.17\PSMACHINE_64.DLL
delref %Sys32%\SHAREMEDIACPL.CPL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.32.7\PSMACHINE.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.33.17\PSMACHINE.DLL
delref G:\ASRSETUP.EXE
delref {2318C2B1-4965-11D4-9B18-009027A5CD4F}\[CLSID]
delref {AA58ED58-01DD-4D91-8333-CF10577473F7}\[CLSID]
delref {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\[CLSID]
delref D:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE
;-------------------------------------------------------------

restart

=============
��, �� .
------------
��,
��
http://forum.esetnod32.ru/forum9/topic10688/
19.12.2018 18:17:50, santy.

Eset �� Win64/Adware.PBot

Wed, 19 Dec 2018 18:15:20 +0300

Eset �� Win64/Adware.PBot � �� .
@�� ,

�� http://virstotal.com � ��

C:\WINDOWS\SYSWOW64\APPINIT641.DLL
C:\PROGRAMDATA\EMPC\CORE64.DLL
19.12.2018 18:15:20, santy.

Eset �� Win64/Adware.PBot

Wed, 19 Dec 2018 18:02:38 +0300

Eset �� Win64/Adware.PBot � �� .
Eset �� Win64/Adware.PBot �� uVS
RUSLAN-PC_2018-12-19_16-44-56_v4.1.2.7z
19.12.2018 18:02:38, �� .

����� esetnod32.ru [����: Eset ������� Win64/Adware.PBot]

Eset ������� Win64/Adware.PBot

Eset ������� Win64/Adware.PBot

Eset ������� Win64/Adware.PBot

�� esetnod32.ru [��: Eset �� Win64/Adware.PBot]

Eset �� Win64/Adware.PBot

Eset �� Win64/Adware.PBot

Eset �� Win64/Adware.PBot