�� esetnod32.ru [��: �� ]

��

Mon, 16 Apr 2012 13:29:09 +0400

��  �� >>explorer.exe(164) � �� .

====quote====
14:43:34.0171 1004 \Device\Harddisk0\DR0\Partition0 ( Rootkit.Boot.Cidox.b ) - will be cured on reboot
14:43:34.0171 1004 \Device\Harddisk0\DR0\Partition0 - ok
14:43:34.0171 1004 \Device\Harddisk0\DR0\Partition0 ( Rootkit.Boot.Cidox.b ) - User select action: Cure
=============
�� TDSskiller
� Mbam �� :

====quote====
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> ��: (1) ��: (0) -> �� .
HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> ��: (1) ��: (0) -> �� .
HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> ��: (1) ��: (0) -> �� .
=============
��
16.04.2012 13:29:09, ��.

��

Mon, 16 Apr 2012 13:27:16 +0400

��  �� >>explorer.exe(164) � �� .
�� http://files.mail.ru/Y4PO92
��

��
16.04.2012 13:27:16, Ksu_L.

��

Mon, 16 Apr 2012 10:46:37 +0400

��  �� >>explorer.exe(164) � �� .
��
====code====

;uVS v3.74 script [http://dsrt.dyndns.org]
;Target OS: NTv5.1

delref HTTP://WWW.MAIL.RU/CNT/8731
zoo %Sys32%\VSMVHK.DLL
bl 57F17E1E102247CA3C887E081F9688A2 74240
delall %Sys32%\ACTIVEDSE.EXE
bl D70F5B6AA8A782085949FC9C01C4E1F3 165376
delall %SystemDrive%\DOCUMENTS AND SETTINGS\USER.COMP3\������� ����\���������\������������\XX7H8K9UWTX.EXE
deltmp
delnfr
exec "C:\PROGRAM FILES\MAIL.RU\GUARD\GUARDMAILRU.EXE" /UNINSTALL
exec C:\PROGRAM FILES\MAIL.RU\SPUTNIK\MAILRUSPUTNIK.EXE UNINSTALL
fixvbr C: 5
czoo
exec cmd /k attrib -r -s -h "%appdata%\igfxtray.dat"&del "%appdata%\igfxtray.dat"&exit
exec cmd /k del "%windir%\system32\ieunitdrf.inf"&exit
sreg
delref %Sys32%\VSMVHK.DLL
areg

=============

�� TDSSkiller
16.04.2012 10:46:37, ��.

��

Mon, 16 Apr 2012 10:43:37 +0400

��  �� >>explorer.exe(164) � �� .
�� - BUH:
�� �� uVS:
- �� , �� (�� . �� );
- �� "��" � �� (�� , �� );
====code====

;;uVS v3.74 script [http://dsrt.dyndns.org]
;Target OS: NTv5.1

deltmp
delnfr
zoo %Sys32%\XTGINA.DLL
zoo %Sys32%\MACHINEUPPER32.EXE
bl 6FC673EFE2A97DA2352EDDDD6FD02E14 151040
delall %Sys32%\MACHINEUPPER32.EXE
zoo %Sys32%\MSAOWTDU.EXE
bl BDF36105F2301EBA2AFF37B639B43DB2 72736
delall %Sys32%\MSAOWTDU.EXE
czoo
regt 12
sreg
delref %Sys32%\XTGINA.DLL
areg

=============
- �� �� - �� ;
- �� . �� , �� ;
- ��  �� (Opera, Mozilla, IE), �� (�� - �� .�.) � �� uVS �� ��;
- �� . �� , �� �� ;
- �� ;
- � ��, �� (uVS), �� - �� 2012-03-09_09-29-00.7z - �� , �� sendvirus2011@gmail.com.
- �� Mbam �� (�� , � �� ). �� .
- �� TDSSkiller. �� . �� (�� ).
16.04.2012 10:43:37, ��.

��

Mon, 16 Apr 2012 09:56:01 +0400

��  �� >>explorer.exe(164) � �� .
��,�� 2� ��:
��: �� >>explorer.exe(164)
��: �� Win32/Trojan Downloader. Carberp. AF ��

�� http://ifolder.ru/29942645
http://ifolder.ru/29942646

� �� ?

;uVS v3.74 script [http://dsrt.dyndns.org]
;Target OS: NTv5.1
addsgn C12C72C6436A4C2780382D5D6837271596CEFC099C93A73C8542E0ACF09271406217C3D2FE9298F98BC4841B681649F5F9CEE872555BAD288D33A44767422240 8 tr.Carberp
zoo %SystemDrive%\DOCUMENTS AND SETTINGS\�� \START MENU\PROGRAMS\STARTUP\RBZSV7KQ1CU.EXE
bl 06A2E7719343C4DDFE42C7A9DC383FF5 176640
delall %SystemDrive%\DOCUMENTS AND SETTINGS\�� \START MENU\PROGRAMS\STARTUP\RBZSV7KQ1CU.EXE
chklst
delvir
deltmp
delnfr
regt 12
CZOO
restart
16.04.2012 09:56:01, Ksu_L.

����� esetnod32.ru [����: ������ ����������� ������]

������ ����������� ������

������ ����������� ������

������ ����������� ������

������ ����������� ������

������ ����������� ������

�� esetnod32.ru [��: �� ]

��

��

��

��

��