�� esetnod32.ru [��: �� ]

��

Sun, 13 Mar 2011 07:05:47 +0300

��  � �� .
�� hosts, ��

====quote====
210.51.166.253 vkontakte.ru
210.51.166.253 www.vkontakte.ru
210.51.166.253 odnoklassniki.ru
210.51.166.253 www.odnoklassniki.ru
210.51.166.253 odnoklasniki.ru
210.51.166.253 www.odnoklasniki.ru
=============
�� Persistent routes, �� :

====quote====
212.59.118.0,255.255.255.0,192.168.1.0,1
195.222.17.0,255.255.255.0,192.168.1.0,1
74.55.143.0,255.255.255.0,192.168.1.0,1
81.176.230.0,255.255.255.0,192.168.1.0,1
194.67.52.0,255.255.255.0,192.168.1.0,1
184.84.67.0,255.255.255.0,192.168.1.0,1
80.239.197.0,255.255.255.0,192.168.1.0,1
38.117.98.0,255.255.255.0,192.168.1.0,1

=============
�� uVS,
�� ,

�� , �� .
http://forum.esetnod32.ru/forum9/topic751/
script4.txt
13.03.2011 07:05:47, santy.

��

Fri, 11 Mar 2011 15:22:10 +0300

��  � �� .
�� , �� !
11.03.2011 15:22:10, �� .

��

Fri, 11 Mar 2011 14:48:29 +0300

��  � �� .

====quote====
�� :
�� , �� , �� , �� , �� ?
=============
�� .

�� (� �� ) �� ,
�� , � �� .
---
�� uVS ��, �� sohanad_vir, �� ,
�� .

uVS �� , �� , �� .
11.03.2011 14:48:29, santy.

��

Fri, 11 Mar 2011 14:39:26 +0300

��  � �� .
�� , �� , �� , �� , �� ?
DIREKTOR_2011-03-11_14-34-35.rar
11.03.2011 14:39:26, �� .

��

Fri, 11 Mar 2011 14:32:21 +0300

��  � �� .
�� , � �� - � �� .
��?
11.03.2011 14:32:21, santy.

��

Fri, 11 Mar 2011 14:27:57 +0300

��  � �� .
�� , �� .
11.03.2011 14:27:57, santy.

��

Fri, 11 Mar 2011 14:27:12 +0300

��  � �� .

====quote====
�� :
�� , ��
�� ?
=============
��, ��,
�� - �� , � ��
11.03.2011 14:27:12, santy.

��

Fri, 11 Mar 2011 14:26:16 +0300

��  � �� .
�� uVS
�� , �� .
script3.txt
11.03.2011 14:26:16, santy.

��

Fri, 11 Mar 2011 14:24:49 +0300

��  � �� .
�� , ��
�� ?
11.03.2011 14:24:49, �� .

��

Fri, 11 Mar 2011 14:20:46 +0300

��  � �� .
�� ? �� ?
11.03.2011 14:20:46, santy.

��

Fri, 11 Mar 2011 14:14:20 +0300

��  � �� .
��
DIREKTOR_2011-03-11_14-10-02.rar
11.03.2011 14:14:20, �� .

��

Fri, 11 Mar 2011 13:59:02 +0300

��  � �� .
�� , �� , �� ,

�� - �� .

�� uVS, �� .
11.03.2011 13:59:02, santy.

��

Fri, 11 Mar 2011 13:54:59 +0300

��  � �� .
� uVS �� , �� , ��
11.03.2011 13:54:59, �� .

��

Fri, 11 Mar 2011 13:47:39 +0300

��  � �� .
��, �� uVS,
�� , �� .
�� , �� ,
�� (�� ), � �� ,

�� .
script1.txt
11.03.2011 13:47:39, santy.

��

Fri, 11 Mar 2011 13:44:10 +0300

��  � �� .
��
DIREKTOR_2011-03-11_13-23-09.rar
11.03.2011 13:44:10, �� .

��

Fri, 11 Mar 2011 13:38:42 +0300

��  � �� .
�� uVS, ��
11.03.2011 13:38:42, santy.

��

Fri, 11 Mar 2011 13:37:15 +0300

��  � �� .
�� , �� , ��...
11.03.2011 13:37:15, santy.

��

Fri, 11 Mar 2011 13:27:48 +0300

��  � �� .
��
SysInspector-DIREKTOR-110311-1227.zip
DIREKTOR_2011-03-11_13-23-09.txt
11.03.2011 13:27:48, �� .

��

Fri, 11 Mar 2011 13:27:48 +0300

��  � �� .

====quote====
�� :
�� , ��
=============
�� :

====quote====
The following registry entries are set, disabling system software:

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System
DisableTaskMgr
1

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System
DisableRegistryTools
1

The following registry entry is also set:

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
NofolderOptions
1
=============
�.�. �� regedit, �� , �� ...
11.03.2011 13:27:48, santy.

��

Fri, 11 Mar 2011 13:22:01 +0300

��  � �� .
�� , ��
11.03.2011 13:22:01, �� .

��

Fri, 11 Mar 2011 13:14:37 +0300

��  � �� .

====quote====
�� :
�� , �� , �� , � �� , �� (
=============
�� , �� ,
� �� , ��, ��, �� uVS, �� , �� ,

��
11.03.2011 13:14:37, santy.

��

Fri, 11 Mar 2011 13:12:41 +0300

��  � �� .

====quote====
santy ��:
�� .

��

C:\autorun.inf INF/Autorun �� NT AUTHORITY\SYSTEM �� .
11.03.2011 10:15:00 �� C:\SSVICHOSST.exe Win32/Sohanad.NAK �� - �� NT AUTHORITY\SYSTEM �� .
11.03.2011 10:14:59 �� C:\New Folder.exe Win32/Sohanad.NAK �� - �� NT AUTHORITY\SYSTEM �� .

http://www.sophos.com/security/analys...hanar.html

�� ?
=============

�� , �� , �� , � �� , �� (
11.03.2011 13:12:41, �� .

��

Fri, 11 Mar 2011 13:12:41 +0300

��  � �� .

====quote====
�� :

��
=============

�� uVS �� IP ��, �� IP, �� (�� )
� �� ,
(�� , �� )
script.txt
11.03.2011 13:12:41, santy.

��

Fri, 11 Mar 2011 13:07:04 +0300

��  � �� .

====quote====
santy ��:
��, �� .

��

;uVS v3.51 script [http://dsrt.jino-net.ru | http://dsrt.dyndns.org]

delall C:\autorun.inf
DELALL C:\SSVICHOSST.exe
cmd /c "REG ADD HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon /v Shell /t REG_SZ /d Explorer.exe /f"
cmd /c "HKCU\Software\Microsoft\Windows\CurrentVersion\Ru n /v Yahoo Messengger /f"
restart

=============

��
11.03.2011 13:07:04, �� .

��

Fri, 11 Mar 2011 13:05:13 +0300

��  � �� .
�� , �� , ��. �� , � �� . � �� , �� , �� , ��, �� . �� , �� , �� . �� ?
11.03.2011 13:05:13, �� .

��

Fri, 11 Mar 2011 13:03:28 +0300

��  � �� .
��, �� .

====quote====
;uVS v3.51 script [http://dsrt.jino-net.ru | http://dsrt.dyndns.org]

delall C:\autorun.inf
DELALL C:\SSVICHOSST.exe
cmd /c "REG ADD HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon /v Shell /t REG_SZ /d Explorer.exe /f"
cmd /c "REG DELETE HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v Yahoo Messengger /f"
restart

=============

script.txt
11.03.2011 13:03:28, santy.

��

Fri, 11 Mar 2011 12:32:31 +0300

��  � �� .
��, ��

====quote====
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Yahoo Messengger
\SSVICHOSST.exe

The following registry entry is changed to run SSVICHOSST.exe on startup:

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Shell
Explorer.exe SSVICHOSST.exe
=============

11.03.2011 12:32:31, santy.

��

Fri, 11 Mar 2011 12:29:07 +0300

��  � �� .
�� , �� , �� , �� , �� .
11.03.2011 12:29:07, santy.

��

Fri, 11 Mar 2011 12:26:36 +0300

��  � �� .
�� .

====quote====
C:\autorun.inf INF/Autorun �� NT AUTHORITY\SYSTEM �� .
11.03.2011 10:15:00 �� C:\SSVICHOSST.exe Win32/Sohanad.NAK �� - �� NT AUTHORITY\SYSTEM �� .
11.03.2011 10:14:59 �� C:\New Folder.exe Win32/Sohanad.NAK �� - �� NT AUTHORITY\SYSTEM �� .

=============
http://www.sophos.com/security/analyses/viruses-and-spyware/w32sohanar.html

�� ?
11.03.2011 12:26:36, santy.

��

Fri, 11 Mar 2011 12:21:51 +0300

��  � �� .
�� ,
��, � �� C �� . �� , �� - �� , �� , �� (��) �� .
11.03.2011 12:21:51, santy.

����� esetnod32.ru [����: ������� �����]

������� �����

������� �����

������� �����

������� �����

������� �����

������� �����

������� �����

������� �����

������� �����

������� �����

������� �����

������� �����

������� �����

������� �����

������� �����

������� �����

������� �����

������� �����

������� �����

������� �����

������� �����

������� �����

������� �����

������� �����

������� �����

������� �����

������� �����

������� �����

������� �����

������� �����

�� esetnod32.ru [��: �� ]

��

��

��

��

��

��

��

��

��

��

��

��

��

��

��

��

��

��

��

��

��

��

��

��

��

��

��

��

��

��