�� esetnod32.ru [��: �� ]

��

Sat, 27 Jul 2019 00:09:05 +0300

��  � �� .

====quote====
Jamshid Abdullaev ��:
� �� KMS ��?
=============

�� Malwarebytes - �� > �� > ��

====quote====
Jamshid Abdullaev ��:
�� (�� )?
=============
��.
27.07.2019 00:09:05, RP55 RP55.

��

Sat, 27 Jul 2019 00:03:00 +0300

��  � �� .
� �� KMS ��?
�� (�� )?
27.07.2019 00:03:00, Jamshid Abdullaev.

��

Fri, 26 Jul 2019 23:27:59 +0300

��  � �� .

====quote====
KMSAuto, �� .
=============
�� - �� .
------
�� - �� .
26.07.2019 23:27:59, RP55 RP55.

��

Fri, 26 Jul 2019 23:14:26 +0300

��  � �� .
�� !
�� ?
� �� ?
�� .txt
�� .txt
26.07.2019 23:14:26, Jamshid Abdullaev.

��

Thu, 25 Jul 2019 23:37:03 +0300

��  � �� .
��.
----------------
�� (�� ) �� Malwarebytes
http://forum.esetnod32.ru/forum9/topic10688/

�� : �� .
�� ( � �� ).
�� .txt ( �� )
25.07.2019 23:37:03, RP55 RP55.

��

Thu, 25 Jul 2019 22:34:32 +0300

��  � �� .
�� !
USER765-��_2019-07-26_00-25-38_v4.1.6.7z
TDSSKiller.txt
25.07.2019 22:34:32, Jamshid Abdullaev.

��

Thu, 25 Jul 2019 19:51:09 +0300

��  � �� .
1) �� .

CVE-2017-0144
https://www.comss.ru/download/page.php?id=4017
https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2017/ms17-010

2) �� - �3

3) �� - � �� .
uVS: start.exe, �� , ��, �� - �� .
�� , �� !
�� : �� !
�� : �� !

====code====

;uVS v4.1.6 [http://dsrt.dyndns.org:8888]
;Target OS: NTv6.1
v400c
OFFSGNSAVE
regt 26
deltmp
restart
;---------command-block---------
delwmi WMI:\\.\ROOT\SUBSCRIPTION\.[FUCKYOUMM3]
delref {23E5D772-327A-42F5-BDEE-C65C6796BB2A}\[CLSID]
delref {177AFECE-9599-46CF-90D7-68EC9EEB27B4}\[CLSID]
delref {CEF51277-5358-477B-858C-4E14F0C80BF7}\[CLSID]
delref {59116E30-02BD-4B84-BA1E-5D77E809B1A2}\[CLSID]
delref %SystemRoot%\SYSWOW64\TBSSVC.DLL
delref %SystemRoot%\SYSWOW64\PEERDISTSVC.DLL
delref %SystemRoot%\SYSWOW64\DRIVERS\NDIS.SYS
delref %SystemRoot%\SYSWOW64\UMPO.DLL
delref %SystemRoot%\SYSWOW64\IPHLPSVC.DLL
delref %SystemRoot%\SYSWOW64\CSCSVC.DLL
delref %SystemRoot%\SYSWOW64\DRIVERS\RDVGKMD.SYS
delref %SystemRoot%\SYSWOW64\PNRPSVC.DLL
delref %SystemRoot%\SYSWOW64\DRIVERS\PACER.SYS
delref %SystemRoot%\SYSWOW64\LSM.EXE
delref {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}\[CLSID]
delref {166B1BCA-3F9C-11CF-8075-444553540000}\[CLSID]
delref {233C1507-6A77-46A4-9443-F871F945D258}\[CLSID]
delref {4063BE15-3B08-470D-A0D5-B37161CFFD69}\[CLSID]
delref {88D969C0-F192-11D4-A65F-0040963251E5}\[CLSID]
delref {88D969C1-F192-11D4-A65F-0040963251E5}\[CLSID]
delref {88D969C2-F192-11D4-A65F-0040963251E5}\[CLSID]
delref {88D969C3-F192-11D4-A65F-0040963251E5}\[CLSID]
delref {88D969C4-F192-11D4-A65F-0040963251E5}\[CLSID]
delref {88D969C5-F192-11D4-A65F-0040963251E5}\[CLSID]
delref {8AD9C840-044E-11D1-B3E9-00805F499D93}\[CLSID]
delref {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA}\[CLSID]
delref {D1E7CBDA-E60E-4970-A01C-37301EF7BF98}\[CLSID]
delref {D27CDB6E-AE6D-11CF-96B8-444553540000}\[CLSID]
delref %SystemRoot%\SYSWOW64\WIN32K.SYS
delref {1FBA04EE-3024-11D2-8F1F-0000F87ABD16}\[CLSID]
delref %SystemRoot%\SYSWOW64\BLANK.HTM
delref {E6FB5E20-DE35-11CF-9C87-00AA005127ED}\[CLSID]
delref %Sys32%\DRIVERS\RDVGKMD.SYS
delref %Sys32%\BLANK.HTM
delref HELPSVC\[SERVICE]
delref MS10000APP\[SERVICE]
delref SACSVR\[SERVICE]
delref VMMS\[SERVICE]
delref MESSENGER\[SERVICE]
delref RDSESSMGR\[SERVICE]
delref %SystemRoot%\TEMP\CPUZ138\CPUZ138_X64.SYS
delref %Sys32%\PSXSS.EXE
delref %SystemDrive%\PROGRAM FILES (X86)\SAM CODEC PACK\FILTERS\G2MWMPPLUGIN64.DLL
delref %Sys32%\SHAREMEDIACPL.CPL
apply

=============

��

4) �� (�� ),
�� tdsskiller
�� tdsskiller ��:
http://support.kaspersky.ru/viruses/disinfection/5350
�� MBR, �� ,
�� ,
��

5) �� tdsskiller
� ��
25.07.2019 19:51:09, RP55 RP55.

��

Thu, 25 Jul 2019 19:14:08 +0300

��  � �� .
�� ! �� !
USER765-��_2019-07-25_21-07-42_v4.1.6.7z
25.07.2019 19:14:08, Jamshid Abdullaev.

��

Sun, 21 Jul 2019 14:09:37 +0300

��  � �� .
��
21.07.2019 14:09:37, santy.

��

Sun, 21 Jul 2019 08:43:08 +0300

��  � �� .
�� NOD �� "Win32/TrojanDownloader.Delf.BTT" �� !
21.07.2019 08:43:08, Jamshid Abdullaev.

����� esetnod32.ru [����: ������ ��� ������� �� �� ������]

������ ��� ������� �� �� ������

������ ��� ������� �� �� ������

������ ��� ������� �� �� ������

������ ��� ������� �� �� ������

������ ��� ������� �� �� ������

������ ��� ������� �� �� ������

������ ��� ������� �� �� ������

������ ��� ������� �� �� ������

������ ��� ������� �� �� ������

������ ��� ������� �� �� ������

�� esetnod32.ru [��: �� ]

��

��

��

��

��

��

��

��

��

��