�� MSIL/CoinMiner.BLB �� ...

Fri, 06 Aug 2021 13:54:04 +0300

�� MSIL/CoinMiner.BLB �� ... �� eset �� , �� . � �� .
��, ��

====quote====
��;�� ;�� ;��;��;��;��;��;��;��
06.08.2021 17:51:29;�� ;��;G:\DATA\image\��\hashcalc\ZOO_2021-08-06_08-37-18\STEAMAPILIB.DLL._CEF5AA279F639D500F83F51AE3BB846A2908019D;�� MSIL/Agent.URR �� ;�� ;-�� : C:\Program Files\Mozilla Firefox\firefox.exe (8288CDC1F6AB89A159E5A1A17A22F4AEB7838A61).;CEF5AA279F639D500F83F51AE3BB846A2908019D;06.08.2021 12:42:51

=============

06.08.2021 13:54:04, santy.

�� MSIL/CoinMiner.BLB �� ...

Fri, 06 Aug 2021 13:48:09 +0300

�� MSIL/CoinMiner.BLB �� ... �� eset �� , �� . � �� .
��, �� ,
�� , ��
06.08.2021 13:48:09, santy.

�� MSIL/CoinMiner.BLB �� ...

Fri, 06 Aug 2021 13:44:40 +0300

�� MSIL/CoinMiner.BLB �� ... �� eset �� , �� . � �� .
�� uVS:
- �� ;
- �� uVS(start.exe), �� : �� , �� - �� - �� ;
- �� ;
�� - �� _�� "��"
====code====



;uVS v4.11.8 [http://dsrt.dyndns.org:8888]
;Target OS: NTv10.0
v400c
OFFSGNSAVE
;------------------------autoscript---------------------------

hide %Sys32%\OPENSSH\SSH-AGENT.EXE
delall %SystemDrive%\USERS\WIN10\APPDATA\ROAMING\MICROSOFT\HASHCALC\MD5\HASHCALC.EXE

chklst
delvir

delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DCALJGKLBBFBCJJANAIJLACGNCAFPEGLL%26INSTALLSOURCE%3DONDEMAND%26UC
delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DCCBPBKEBODCJKKNKFKPMFECIINHIDAEH%26INSTALLSOURCE%3DONDEMAND%26UC
delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DFLLIILNDJEOHCHALPBBCDEKJKLBDGFKK%26INSTALLSOURCE%3DONDEMAND%26UC
apply

deltmp
delref %Sys32%\DRIVERSTORE\FILEREPOSITORY\NV_DISPI.INF_AMD64_D71D3F5EA7618CBB\DISPLAY.NVCONTAINER\NVDISPLAY.CONTAINER.EXE -S NVDISPLAY.CONTAINERLOCALSYSTEM -F C:\PROGRAMDATA\NVIDIA\NVDISPLAY.CONTAINERLOCALSYSTEM.LOG -L 3 -D C:\WINDOWS\SYSTEM32\DRIVERSTORE\FILEREPOSITORY\NV_DISPI.INF_AMD64_D71D3F5EA7618CBB\DISPLAY.NVCONTAINER\PLUGINS\LOCALSYSTEM -R -P 30000 -CFG NVDISPLAY.CONTAINERLOCALSYSTEM\LOCALSYSTEM
delref %SystemDrive%\PROGRAM FILES\NVIDIA CORPORATION\FRAMEVIEWSDK\FRAMEVIEW.CSV
delref {1FBA04EE-3024-11D2-8F1F-0000F87ABD16}\[CLSID]
delref {E0DD6CAB-2D10-11D2-8F1A-0000F87ABD16}\[CLSID]
delref %SystemRoot%\SYSWOW64\BLANK.HTM
delref {BFD98515-CD74-48A4-98E2-13D209E3EE4F}\[CLSID]
delref %Sys32%\PWCREATOR.EXE
delref %SystemDrive%\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\PLUGINS\NPFOXITREADERPLUGIN.DLL
delref %Sys32%\BLANK.HTM
delref {45AC2688-0253-4ED8-97DE-B5370FA7D48A}\[CLSID]
delref %Sys32%\DRIVERSTORE\FILEREPOSITORY\NV_DISPI.INF_AMD64_D71D3F5EA7618CBB\DISPLAY.NVCONTAINER\NVDISPLAY.CONTAINER.EXE -S NVDISPLAY.CONTAINERLOCALSYSTEM -F %PROGRAMDATA%\NVIDIA\NVDISPLAY.CONTAINERLOCALSYSTEM.LOG -L 3 -D C:\WINDOWS\SYSTEM32\DRIVERSTORE\FILEREPOSITORY\NV_DISPI.INF_AMD64_D71D3F5EA7618CBB\DISPLAY.NVCONTAINER\PLUGINS\LOCALSYSTEM -R -P 30000 -CFG NVDISPLAY.CONTAINERLOCALSYSTEM\LOCALSYSTEM
delref %SystemDrive%\USERS\WIN10\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JRYZUO5B.DEFAULT-RELEASE\EXTENSIONS\VB@YANDEX.RU.XPI
delref %SystemDrive%\PROGRAM FILES (X86)\MOZILLA FIREFOX\BROWSER\FEATURES\FORMAUTOFILL@MOZILLA.ORG.XPI
delref %SystemDrive%\PROGRAM FILES (X86)\MOZILLA FIREFOX\BROWSER\FEATURES\SCREENSHOTS@MOZILLA.ORG.XPI
delref %SystemDrive%\PROGRAM FILES (X86)\MOZILLA FIREFOX\BROWSER\FEATURES\WEBCOMPAT-REPORTER@MOZILLA.ORG.XPI
delref %SystemDrive%\PROGRAM FILES (X86)\MOZILLA FIREFOX\BROWSER\FEATURES\WEBCOMPAT@MOZILLA.ORG.XPI
delref %SystemDrive%\PROGRAM FILES\CFOSSPEED\CFOSSPEED.EXE
delref %SystemDrive%\PROGRAM FILES (X86)\INTERNET DOWNLOAD MANAGER\IDMIECC64.DLL
delref %SystemRoot%\ARKINO12\JSDRIVER64.DLL
delref %SystemRoot%\ARKINO12\JSPAGESTD64.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\PLUGINS\FOXITREADERBROWSERAX.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\INTERNET DOWNLOAD MANAGER\DOWNLWITHIDM64.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\INTERNET DOWNLOAD MANAGER\IDMGETALL64.DLL
delref D:\PROGRAMMS\PREMIERE PRO 2019\ADOBE\ADOBE PREMIERE PRO CC 2019\WMENCODINGHELPER.EXE
delref %SystemDrive%\PROGRAM FILES (X86)\MICROSOFT\EDGEUPDATE\1.3.143.45\PSMACHINE_64.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\MICROSOFT\EDGEUPDATE\1.3.139.65\PSMACHINE_64.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\BLACKMAGIC DESIGN\DAVINCI CONTROL PANELS\API\FAIRLIGHTPANELAPI.DLL
delref %SystemRoot%\USB VIBRATION\DR100&110\807EZFRD64.DLL
delref %SystemRoot%\USB VIBRATION\DR100&110\811EZFRD64.DLL
delref %SystemRoot%\USB VIBRATION\DR100&110\813EZFRD64.DLL
delref %SystemRoot%\USB VIBRATION\DR100&110\807FCVAP64.DLL
delref %SystemRoot%\USB VIBRATION\DR100&110\811FCVAP64.DLL
delref %SystemRoot%\USB VIBRATION\DR100&110\813FCVAP64.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\INTERNET DOWNLOAD MANAGER\IDMIECC.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\INTERNET DOWNLOAD MANAGER\IDMFSA.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\MOZILLA FIREFOX\ACCESSIBLEMARSHAL.DLL
delref %SystemRoot%\SYSWOW64\PERCEPTIONSIMULATIONEXTENSIONS.DLL
delref %SystemRoot%\ARKINO12\JSDRIVER32.DLL
delref %SystemRoot%\ARKINO12\JSPAGESTD32.DLL
delref %SystemRoot%\SYSWOW64\MAPSCSP.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\INTERNET DOWNLOAD MANAGER\DOWNLWITHIDM.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\INTERNET DOWNLOAD MANAGER\IDMGETALL.DLL
delref %SystemRoot%\SYSWOW64\DRIVERSTORE\FILEREPOSITORY\NV_DISPI.INF_AMD64_D71D3F5EA7618CBB\NVENCMFTH264.DLL
delref %SystemRoot%\SYSWOW64\ESCLWIADRIVER.DLL
delref %SystemDrive%\PROGRA~2\COMMON~1\WONDER~1\WONDER~1\WSHELPER.EXE
delref %SystemRoot%\SYSWOW64\DRIVERSTORE\FILEREPOSITORY\NV_DISPI.INF_AMD64_D71D3F5EA7618CBB\NVDECMFTMJPEG.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\MICROSOFT\EDGEUPDATE\1.3.143.45\PSMACHINE.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\MICROSOFT\EDGEUPDATE\1.3.139.65\PSMACHINE.DLL
delref %SystemRoot%\SYSWOW64\DRIVERSTORE\FILEREPOSITORY\NV_DISPI.INF_AMD64_D71D3F5EA7618CBB\NVENCMFTHEVC.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\INTERNET DOWNLOAD MANAGER\IDMAN.EXE
delref %SystemDrive%\PROGRAM FILES (X86)\INTERNET DOWNLOAD MANAGER\IDMBROKER.EXE
;-------------------------------------------------------------
czoo
restart

=============
��, �� .
------------
��,
��
http://forum.esetnod32.ru/forum9/topic10688/
06.08.2021 13:44:40, santy.

�� MSIL/CoinMiner.BLB �� ...

Fri, 06 Aug 2021 13:30:14 +0300

�� MSIL/CoinMiner.BLB �� ... �� eset �� , �� . � �� .
�� https://disk.yandex.ru/d/9FyfedmfvCMcAQ
06.08.2021 13:30:14, �� .

�� MSIL/CoinMiner.BLB �� ...

Fri, 06 Aug 2021 13:25:05 +0300

�� MSIL/CoinMiner.BLB �� ... �� eset �� , �� . � �� .
�� , �� 0 ��
�� , �� 4.11.8, �� , �� .
https://www.dropbox.com/s/w3pagxu3ys4jewr/uvs_latest.zip?dl=0
06.08.2021 13:25:05, santy.

�� MSIL/CoinMiner.BLB �� ...

Fri, 06 Aug 2021 13:16:07 +0300

�� MSIL/CoinMiner.BLB �� ... �� eset �� , �� . � �� .
https://disk.yandex.ru/d/9FyfedmfvCMcAQ
06.08.2021 13:16:07, �� .

�� MSIL/CoinMiner.BLB �� ...

Fri, 06 Aug 2021 11:49:41 +0300

�� MSIL/CoinMiner.BLB �� ... �� eset �� , �� . � �� .
�� uVS
https://www.dropbox.com/s/w3pagxu3ys4jewr/uvs_latest.zip?dl=0
06.08.2021 11:49:41, santy.

�� MSIL/CoinMiner.BLB �� ...

Fri, 06 Aug 2021 11:41:51 +0300

�� MSIL/CoinMiner.BLB �� ... �� eset �� , �� . � �� .
�� Malwarebytes, Eset, HitmanPro, �� (�� : https://ibb.co/094vrC8)
06.08.2021 11:41:51, �� .

����� esetnod32.ru [����: ������ ������ MSIL/CoinMiner.BLB ������ � �����...]

������ ������ MSIL/CoinMiner.BLB ������ � �����...

������ ������ MSIL/CoinMiner.BLB ������ � �����...

������ ������ MSIL/CoinMiner.BLB ������ � �����...

������ ������ MSIL/CoinMiner.BLB ������ � �����...

������ ������ MSIL/CoinMiner.BLB ������ � �����...

������ ������ MSIL/CoinMiner.BLB ������ � �����...

������ ������ MSIL/CoinMiner.BLB ������ � �����...

������ ������ MSIL/CoinMiner.BLB ������ � �����...

�� esetnod32.ru [��: �� MSIL/CoinMiner.BLB �� ...]

�� MSIL/CoinMiner.BLB �� ...

�� MSIL/CoinMiner.BLB �� ...

�� MSIL/CoinMiner.BLB �� ...

�� MSIL/CoinMiner.BLB �� ...

�� MSIL/CoinMiner.BLB �� ...

�� MSIL/CoinMiner.BLB �� ...

�� MSIL/CoinMiner.BLB �� ...

�� MSIL/CoinMiner.BLB �� ...