MSIL/CoinMiner.BLB

Sun, 08 Aug 2021 02:55:41 +0300

MSIL/CoinMiner.BLB � �� .
�� .
08.08.2021 02:55:41, santy.

MSIL/CoinMiner.BLB

Sat, 07 Aug 2021 23:31:52 +0300

MSIL/CoinMiner.BLB � �� .
��, �� . ��
07.08.2021 23:31:52, �� .

MSIL/CoinMiner.BLB

Sat, 07 Aug 2021 16:07:32 +0300

MSIL/CoinMiner.BLB � �� .
�� uVS:
- �� ;
- �� uVS(start.exe), �� : �� , �� - �� - �� ;
- �� ;
�� - �� _�� "��"
====code====


;uVS v4.11.8 [http://dsrt.dyndns.org:8888]
;Target OS: NTv10.0
v400c
OFFSGNSAVE
hide %Sys32%\OPENSSH\SSH-AGENT.EXE
;------------------------autoscript---------------------------

zoo %SystemDrive%\USERS\DOK44\APPDATA\ROAMING\STEAMAPI\CHARTTABLE\GAMESLIST\STEAMAPILIB.DLL
addsgn BA4D77BA55EA4D720BD4515164C81205258AFCF689FA1F7885C3C5BC50D6714C2317C3573E559D492B80849F461649FA7DDFE87255DAB02C2D77A42FC7062273 64 MSIL/Agent.TPR [ESET-NOD32] 7

chklst
delvir

apply

deltmp
delref %SystemDrive%\USERS\DOK44\APPDATA\LOCAL\TEMP\WCT8483.TMP
delref %SystemDrive%\PROGRAM FILES\NVIDIA CORPORATION\NVIDIA RTX VOICE\NVIDIA RTX VOICE.EXE
delref %Sys32%\REMOTEFXVGPUDISABLEMENT.EXE
delref %SystemDrive%\PROGRAM FILES (X86)\RADMIN VPN\RVRVPNGUI.EXE
delref %SystemRoot%\SYSWOW64\BLANK.HTM
delref %SystemDrive%\PROGRAM FILES (X86)\MICROSOFT\EDGE\APPLICATION\90.0.818.66\MSEDGE.DLL
delref %Sys32%\PWCREATOR.EXE
delref %Sys32%\BLANK.HTM
delref BROWSER\[SERVICE]
delref %Sys32%\DRIVERS\ENE.SYS
delref %SystemDrive%\PROGRAM FILES (X86)\RADMIN VPN\RVCONTROLSVC.EXE
delref %Sys32%\DRIVERS\VBAUDIO_VMAUXVAIO64_WIN10.SYS
delref %Sys32%\DRIVERS\VBAUDIO_VMVAIO64_WIN10.SYS
delref %SystemDrive%\PROGRAM FILES (X86)\MICROSOFT\EDGEUPDATE\1.3.143.57\PSMACHINE_64.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\MICROSOFT\EDGEUPDATE\1.3.145.49\PSMACHINE_64.DLL
delref D:\TV\TEAMVIEWER.EXE
delref %Sys32%\VAILAUDIOPROXY.EXE
delref %SystemRoot%\SYSWOW64\UPDATEDEPLOYMENTPROVIDER.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\MICROSOFT\EDGEUPDATE\1.3.143.57\PSMACHINE.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\MICROSOFT\EDGEUPDATE\1.3.145.49\PSMACHINE.DLL
delref F:\HISUITEDOWNLOADER.EXE
delref %SystemDrive%\PROGRAM FILES (X86)\WINDSCRIBE\WINDSCRIBE.EXE
delref %SystemDrive%\USERS\DOK44\DESKTOP\TOR BROWSER\BROWSER\FIREFOX.EXE
delref D:\STEAM\STEAMAPPS\COMMON\CRY OF FEAR\COF.EXE
delref %SystemDrive%\PROGRAM FILES\IMAGE-LINE\FL STUDIO 20\FL64.EXE
delref %SystemDrive%\PROGRAM FILES (X86)\MICROSOFT VISUAL STUDIO\SHARED\PYTHON37_64\PYTHONW.EXE
delref %SystemDrive%\PROGRAM FILES (X86)\MICROSOFT VISUAL STUDIO\SHARED\PYTHON37_64\LIB\IDLELIB\IDLE.PYW
delref %SystemDrive%\PROGRAM FILES (X86)\MICROSOFT VISUAL STUDIO\SHARED\PYTHON37_64\PYTHON.EXE
;-------------------------------------------------------------
czoo

restart

=============
��, �� .
------------
��,
��
http://forum.esetnod32.ru/forum9/topic10688/
07.08.2021 16:07:32, santy.

MSIL/CoinMiner.BLB

Sat, 07 Aug 2021 15:06:00 +0300

MSIL/CoinMiner.BLB � �� .
MSIL/CoinMiner.BLB
DESKTOP-LOVD72B_2021-08-07_14-57-45_v4.11.TXT

07.08.2021 15:06:00, �� .

����� esetnod32.ru [����: MSIL/CoinMiner.BLB]

MSIL/CoinMiner.BLB

MSIL/CoinMiner.BLB

MSIL/CoinMiner.BLB

MSIL/CoinMiner.BLB

�� esetnod32.ru [��: MSIL/CoinMiner.BLB]