�� esetnod32.ru [��: �� MSIL/CoinMiner.BLB]

�� MSIL/CoinMiner.BLB

Fri, 06 Aug 2021 04:05:21 +0300

�� MSIL/CoinMiner.BLB � �� .
�� ZOO** �� safety@chklst.ru � �� infected
+
�� :
C:\USERS\****\APPDATA\ROAMING\STEAMAPI\
06.08.2021 04:05:21, santy.

�� MSIL/CoinMiner.BLB

Thu, 05 Aug 2021 21:44:55 +0300

�� MSIL/CoinMiner.BLB � �� .
�� : fixlist.txt � �� Farbar Recovery Scan Tool:

�� FRST � �� Fix � ��.

�� FRST �� -�� (Fixlog.txt). ��, �� !
----------

�� .

----------
fixlist.txt
05.08.2021 21:44:55, RP55 RP55.

�� MSIL/CoinMiner.BLB

Thu, 05 Aug 2021 21:32:51 +0300

�� MSIL/CoinMiner.BLB � �� .
�� - � �� .
uVS: start.exe, �� , ��, �� - �� .
�� , �� !
�� : �� !

====code====

;uVS v4.11.8 [http://dsrt.dyndns.org:8888]
;Target OS: NTv10.0
v400c
OFFSGNSAVE
zoo %SystemDrive%\USERS\GOODWIN\APPDATA\ROAMING\STEAMAPI\CHARTTABLE\GAMESLIST\STEAMAPILIB.DLL
czoo
deltmp
restart
;---------command-block---------
delall %SystemDrive%\USERS\GOODWIN\APPDATA\ROAMING\STEAMAPI\CHARTTABLE\GAMESLIST\STEAMAPILIB.DLL
delref %SystemDrive%\PROGRAMDATA\NVIDIA\NVCONTAINERUSER%D.LOG
delref %SystemDrive%\PROGRAMDATA\NVIDIA\NVCONTAINERUSER%DSPUSER.LOG
delref %SystemDrive%\USERS\GOODWIN\APPDATA\LOCAL\TEMP\CHROME_BITS_15192_1359890357\KIABHABJDBKJDPJBPIGFODBDJMBGLCOO_2021.08.05.01_ALL_ADKIS54SM7H2UJFYA4OUVNBULQYQ.CRX3
delref %SystemRoot%\SYSWOW64\BLANK.HTM
delref %Sys32%\BLANK.HTM
delref HTTP://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DLDGPJDIADOMHINPIMGCHMEEMBBGOJNJK%26INSTALLSOURCE%3DONDEMAND%26UC
delref HTTP://GAMEZONA.ORG/
delref HTTP://LIVELENTA.COM/KAK-IZMENIT-STARTOVUYU-STRANICU-V-GOOGLE-CHROME.HTML
delref HTTP://WW1.LIKETOUR.ORG/?SUB1=70655EA6-F077-11E8-90C7-04FF7F46109D
delref HTTP://WWW.BING.COM/SEARCH?Q={SEARCHTERMS}&SRC=IE-SEARCHBOX&FORM=IESR02
delref HTTP=127.0.0.1:56508;HTTPS=127.0.0.1:56508
apply

=============

+
��

2) �� uVS; (� �� , �� ,
��: ZOO_2021-00-20_18-49-40.rar/7z)
... �� safety@chklst.ru ;
*** �� , �� Zoo � �� infected

3) �� AdwCleaner ( �� 3 )
http://forum.esetnod32.ru/forum9/topic7084/

�� :
�� Mail.Ru � Yandex �� ( �� )
�� :
�� (Folders) �� Mail.Ru � Yandex �� [V]

�� AdwCleaner �� (Clean), ��
� ��
05.08.2021 21:32:51, RP55 RP55.

�� MSIL/CoinMiner.BLB

Thu, 05 Aug 2021 21:23:11 +0300

�� MSIL/CoinMiner.BLB � �� .
�� :
Addition.txt
FRST.txt
GOODWIN-��_2021-08-05_22-17-27.rar
05.08.2021 21:23:11, �� .

�� MSIL/CoinMiner.BLB

Thu, 05 Aug 2021 18:08:36 +0300

�� MSIL/CoinMiner.BLB � �� .
�� uVS
http://forum.esetnod32.ru/forum9/topic2687/
�� uVS 4.11.8
https://www.dropbox.com/s/w3pagxu3ys4jewr/uvs_latest.zip?dl=0
+
�� FRST: http://forum.esetnod32.ru/forum9/topic2798/
�� FRST �� : FRST.txt � Addition.txt
05.08.2021 18:08:36, RP55 RP55.

�� MSIL/CoinMiner.BLB

Thu, 05 Aug 2021 15:12:19 +0300

�� MSIL/CoinMiner.BLB � �� .
�� , ��, �� . NOD �� , �� .
AdwCleaner[S20].txt
SysInspector-GOODWIN-��-210805-155751.zip
05.08.2021 15:12:19, �� .

����� esetnod32.ru [����: ���������������� MSIL/CoinMiner.BLB]

���������������� MSIL/CoinMiner.BLB

���������������� MSIL/CoinMiner.BLB

���������������� MSIL/CoinMiner.BLB

���������������� MSIL/CoinMiner.BLB

���������������� MSIL/CoinMiner.BLB

���������������� MSIL/CoinMiner.BLB

�� esetnod32.ru [��: �� MSIL/CoinMiner.BLB]

�� MSIL/CoinMiner.BLB

�� MSIL/CoinMiner.BLB

�� MSIL/CoinMiner.BLB

�� MSIL/CoinMiner.BLB

�� MSIL/CoinMiner.BLB

�� MSIL/CoinMiner.BLB