�� esetnod32.ru [��: svchost.exe - �� Win32/Spy.Ranbyus.J �� ]

svchost.exe - �� Win32/Spy.Ranbyus.J ��

Sun, 14 Apr 2013 20:14:09 +0400

svchost.exe - �� Win32/Spy.Ranbyus.J ��  � �� .
��
14.04.2013 20:14:09, ��.

svchost.exe - �� Win32/Spy.Ranbyus.J ��

Sun, 14 Apr 2013 13:24:56 +0400

svchost.exe - �� Win32/Spy.Ranbyus.J ��  � �� .
�� .
�� . �� 250 �� , � �� , �� (��, ��, ��).
�� (�� ). �� (�� ?).

��
light_image_resizer4_setup_4.1.1.5_linkular.exe = INNO = {tmp}\PowerPack.exe = NSIS = Script.nsi - Win32/Adware.Linkular.AB ��

.
�� ...
14.04.2013 13:24:56, Mister.

svchost.exe - �� Win32/Spy.Ranbyus.J ��

Sat, 13 Apr 2013 20:43:06 +0400

svchost.exe - �� Win32/Spy.Ranbyus.J ��  � �� .
� ��

====quote====
C:\WINDOWS\KMService.exe (RiskWare.Tool.CK) -> 808 -> �� .

�� : 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer|NoSMHelp (PUM.Hijack.Help) -> ��: (1) ��: (0) -> �� .
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> ��: (1) ��: (0) -> �� .

�� : 2
C:\WINDOWS\KMService.exe (RiskWare.Tool.CK) -> �� .
=============

�� . �� . �� .

+ �� .
�� .

��
http://forum.esetnod32.ru/forum9/topic3998/

�� .
13.04.2013 20:43:06, zloyDi.

svchost.exe - �� Win32/Spy.Ranbyus.J ��

Sat, 13 Apr 2013 20:39:06 +0400

svchost.exe - �� Win32/Spy.Ranbyus.J ��  � �� .
�� MBAM:[FILE ID=61360]

��: �� C:\WINDOWS\system32\ntlog\ ? �� , � �� ...
MBAM-log-2013-04-13 (21-35-41).txt
13.04.2013 20:39:06, Mister.

svchost.exe - �� Win32/Spy.Ranbyus.J ��

Sat, 13 Apr 2013 20:18:02 +0400

svchost.exe - �� Win32/Spy.Ranbyus.J ��  � �� .
�� !

� �� UVS �� script.cmd
�� , �� ,
�� �� �� �� � �� .
�� , �� !

====code====

;uVS v3.77.8 script [http://dsrt.dyndns.org]
;Target OS: NTv5.1

zoo %Sys32%\NTLOG\CSRSS.EXE
; C:\WINDOWS\SYSTEM32\NTLOG\CSRSS.EXE
bl 4DA2155A683838F6D2FF544437FB76C8 184320
delall %Sys32%\NTLOG\CSRSS.EXE
zoo %Sys32%\NTLOG\SVCHOST.EXE
; C:\WINDOWS\SYSTEM32\NTLOG\SVCHOST.EXE
bl A41884F043ADEE2EC3F3A8F0A9DB5DB8 254649
delall %Sys32%\NTLOG\SVCHOST.EXE
delref HTTP://NIGHTWAREZ.RU/
delref HTTP://SEXYDOLL.RU/
delref HTTP://WWW.APEHA.RU
zoo %Sys32%\MACHINEUPPER32.EXE
; C:\WINDOWS\SYSTEM32\MACHINEUPPER32.EXE
bl 495D58DF63E846BA20AD5D17F3A8D661 132096
delall %Sys32%\MACHINEUPPER32.EXE
exec C:\PROGRAM FILES\MAIL.RU\GUARD\GUARDMAILRU.EXE /UNINSTALL
regt 3
regt 18
deltmp
delnfr
restart

============= � �� ��.
��
�� .

� �� UVS �� zoo, �� , �� virus � �� sendvirus2011@gmail.com

��(�� ) �� MBAM
http://forum.esetnod32.ru/forum9/topic682/
�� �� . ��
13.04.2013 20:18:02, zloyDi.

svchost.exe - �� Win32/Spy.Ranbyus.J ��

Sat, 13 Apr 2013 20:09:47 +0400

svchost.exe - �� Win32/Spy.Ranbyus.J ��  � �� .
��.
� 11.04.2013 �� . �� . �� ?
��: �� (�� ...):
C:\WINDOWS\system32\ntlog\
conn.exe
svchost.exe
start.exe
radreg.reg
hidcon.exe
network.cfg
sleep.exe
ntsvc.exe
csrss.exe
AdmDll.dll
raddrv.dll

�� uVS:
[FILE ID=61359]
BARON_2013-04-13_20-48-53.rar
13.04.2013 20:09:47, Mister.

����� esetnod32.ru [����: svchost.exe - ���������������� Win32/Spy.Ranbyus.J ��������� ���������]

svchost.exe - ���������������� Win32/Spy.Ranbyus.J ��������� ���������

svchost.exe - ���������������� Win32/Spy.Ranbyus.J ��������� ���������

svchost.exe - ���������������� Win32/Spy.Ranbyus.J ��������� ���������

svchost.exe - ���������������� Win32/Spy.Ranbyus.J ��������� ���������

svchost.exe - ���������������� Win32/Spy.Ranbyus.J ��������� ���������

svchost.exe - ���������������� Win32/Spy.Ranbyus.J ��������� ���������

�� esetnod32.ru [��: svchost.exe - �� Win32/Spy.Ranbyus.J �� ]

svchost.exe - �� Win32/Spy.Ranbyus.J ��

svchost.exe - �� Win32/Spy.Ranbyus.J ��

svchost.exe - �� Win32/Spy.Ranbyus.J ��

svchost.exe - �� Win32/Spy.Ranbyus.J ��

svchost.exe - �� Win32/Spy.Ranbyus.J ��

svchost.exe - �� Win32/Spy.Ranbyus.J ��