�� esetnod32.ru [��: tr.Carberp]

tr.Carberp

Wed, 23 Nov 2011 23:27:10 +0400

tr.Carberp � �� .
�� .

�� !
23.11.2011 23:27:10, zloyDi.

tr.Carberp

Wed, 23 Nov 2011 23:10:52 +0400

tr.Carberp � �� .
+ ��
http://forum.esetnod32.ru/forum9/topic682/
23.11.2011 23:10:52, santy.

tr.Carberp

Wed, 23 Nov 2011 22:34:14 +0400

tr.Carberp � �� .
�� ! �� !
� �� ). . .

��
23.11.2011 22:29:20 �� C:\DOCUMENTS AND SETTINGS\ADMIN\�� \��\UVS_V371\ZOO\IGFXTRAY.EXE._1382CAF69C40D102378157FAC8502BFF3B16C9AD �� Win32/Kryptik.VWF �� - �� NT AUTHORITY\SYSTEM �� , �� : C:\Documents and Settings\Admin\�� \��\uvs_v371\deufkj.

��:
��
�� : 6654 (20111123)
�a�a: 23.11.2011 ��: 22:37:32
�� , �� : C:\�� ;C:\
C:\pagefile.sys - �� [4]
C:\Documents and Settings\Admin\Application Data\Sun\Java\Deployment\cache\6.0\52\719ceaf4-7f144180 - �� Win32/Kryptik.VWF �� - �� - �� [1]
C:\Documents and Settings\Admin\Application Data\Sun\Java\Deployment\cache\6.0\54\74799436-7001930b - �� Win32/Kryptik.VWF �� - �� - �� [1]
C:\Documents and Settings\Admin\Local Settings\Application Data\Identities\{F735698A-EAAF-494D-9748-21C0F78EFF6B}\Microsoft\Outlook Express\��.dbx � DBX - � O� (�� )�� : 223963
�� : 2
�� : 2
�� : 22:52:23 �� : 891 ��. (00:14:51)

��:
[1] �� , �� .
[4] �� . �� .
mbam-log-2011-11-23 (23-09-10).txt
23.11.2011 22:34:14, iiyama.

tr.Carberp

Wed, 23 Nov 2011 22:09:24 +0400

tr.Carberp � �� .
�.�. �� uVS ��
-------------
��
�� uVS
�� - �� - ��

====code====


;uVS v3.72 script [http://dsrt.dyndns.org]

addsgn 79132211B9EBA07E01D4AE3A61E0024425893CC540739A707D3C3ABF995FFC08DEE83C04B59414CCE77B7B6010158173F07F1E8DAA8D93E406BF97F4ECCEABEE 8 a variant of Win32/Kryptik.VWF [NOD32]

zoo %SystemDrive%\DOCUMENTS AND SETTINGS\ADMIN\������� ����\���������\������������\IGFXTRAY.EXE
bl DBE13E194916B88646B0446C3E9CF1BF 175104
delall %SystemDrive%\DOCUMENTS AND SETTINGS\ADMIN\������� ����\���������\������������\IGFXTRAY.EXE
fixvbr C: 5
deltmp
delnfr
restart

=============
��, �� .
23.11.2011 22:09:24, santy.

tr.Carberp

Wed, 23 Nov 2011 22:05:55 +0400

tr.Carberp � �� .
��, � �� IPL

====quote====
�� IPL NTFS [C:]
�� IPL NTFS [C:]
��. �� ?��? ��

www.virustotal.com 2011-11-18 [2011-11-18]
AntiVir RKIT/Book.Cidox.A

��
��
�� 7680 ��

��. ��
SHA1 BC08C44FF2E799BEDEA045D0B9251AB375929474

=============
�
�� .

====quote====
�� : C:\DOCUMENTS AND SETTINGS\ADMIN\�� \��\��\IGFXTRAY.EXE
=============

23.11.2011 22:05:55, santy.

tr.Carberp

Wed, 23 Nov 2011 20:57:32 +0400

tr.Carberp � �� .
�� !

� �� (UVS), �� , ��

� ��

�� , �� !

====code====

;uVS v3.72 script [http://dsrt.dyndns.org]

fixvbr C: 5
deltmp
delnfr
restart

=============
� �� .

�� .
��.
23.11.2011 20:57:32, zloyDi.

tr.Carberp

Wed, 23 Nov 2011 20:14:19 +0400

tr.Carberp � �� .
�� !
http://forum.esetnod32.ru/forum9/topic2687/
23.11.2011 20:14:19, zloyDi.

tr.Carberp

Wed, 23 Nov 2011 20:12:58 +0400

tr.Carberp � �� .
23.11.2011 19:53:59 �� , �� explorer.exe(672) �� Win32/Carberp.A �� MICROSOF-F003F2\Admin

23.11.2011 19:52:48 �� , �� explorer.exe(856) �� Win32/Carberp.A �� MICROSOF-F003F2\Admin

23.11.2011 18:01:18 �� , �� explorer.exe(848) �� Win32/Carberp.A ��

23.11.2011 17:57:36 �� , �� explorer.exe(848) �� Win32/Carberp.A �� MICROSOF-F003F2\Admin

23.11.2011 15:55:25 �� , �� explorer.exe(848) �� Win32/Carberp.A �� MICROSOF-F003F2\Admin

23.11.2011 15:04:04 �� , �� explorer.exe(864) �� Win32/Carberp.A ��

23.11.2011 15:03:16 �� , �� explorer.exe(864) �� Win32/Carberp.A �� MICROSOF-F003F2\Admin

23.11.2011 12:50:05 �� , �� explorer.exe(840) �� Win32/Carberp.A �� MICROSOF-F003F2\Admin

23.11.2011 6:43:11 �� , �� explorer.exe(860) �� Win32/Carberp.A �� MICROSOF-F003F2\Admin

22.11.2011 21:33:13 �� , �� explorer.exe(828) �� Win32/TrojanDownloader.Carberp.AF ��
MICROSOF-F003F2_2011-11-23_20-02-21.rar
mbam-log-2011-11-23 (20-18-06).txt
avz_log.txt
avz_log 2.txt
23.11.2011 20:12:58, iiyama.

����� esetnod32.ru [����: tr.Carberp]

tr.Carberp

tr.Carberp

tr.Carberp

tr.Carberp

tr.Carberp

tr.Carberp

tr.Carberp

tr.Carberp

�� esetnod32.ru [��: tr.Carberp]