У меня на компьютере зашифровались почти все файлы и теперь они выглядят примерно так: "ZSRxw3ERPHR-I6LOHIkMbQ6kq0zI4Ar1woHfjQfRTQ5ZbPEjG6R93gN2o53nM25W.xtbl".
Надеюсь на Вашу помощь!
С помощью Malwarebyte's Anti-Malware были найдены и обезврежены опасные файлы.
Лог:
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 07.03.2015
Scan Time: 19:07:33
Logfile: log2.txt
Administrator: Yes
Version: 2.00.4.1028
Malware Database: v2015.03.07.03
Rootkit Database: v2015.02.25.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: Anton
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 301085
Time Elapsed: 9 min, 59 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 1
Trojan.MSIL.ED, C:\ProgramData\Windows\csrss.exe, 3536, Delete-on-Reboot, [dcd3053d90fa0b2b19cea57849b9a15f]
Modules: 0
(No malicious items detected)
Registry Keys: 4
Trojan.Proxy, HKLM\SOFTWARE\CLASSES\CLSID\{C379EAD1-CB34-4B09-AF6B-7E587F8BCD80}, Quarantined, [882742004e3c8caae075b95c13f04bb5],
Trojan.Proxy, HKLM\SOFTWARE\CLASSES\Kkhl_2014.DynamicNS, Quarantined, [882742004e3c8caae075b95c13f04bb5],
PUP.Optional.SpeedChecker.A, HKLM\SOFTWARE\Speedchecker Limited, Quarantined, [a609fd45573356e0b8d901b1966d50b0],
Backdoor.Bifrose, HKLM\SOFTWARE\System32, Quarantined, [6b446bd70e7c43f35bbcd9ad62a20af6],
Registry Values: 1
Trojan.MSIL.ED, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Client Server Runtime Subsystem, "C:\ProgramData\Windows\csrss.exe", Quarantined, [dcd3053d90fa0b2b19cea57849b9a15f]
Registry Data: 0
(No malicious items detected)
Folders: 2
PUP.Optional.BlockAndSurf.A, C:\Program Files\ver1BlockAndSurf, Quarantined, [129d350db6d469cda1ead4b2a1621ce4],
PUP.Optional.BlockAndSurf.A, C:\Program Files\ver1BlockAndSurf\x86, Quarantined, [129d350db6d469cda1ead4b2a1621ce4],
Files: 9
Trojan.MSIL.ED, C:\ProgramData\Windows\csrss.exe, Delete-on-Reboot, [dcd3053d90fa0b2b19cea57849b9a15f],
PUP.Hacktool.Patcher, C:\$Recycle.Bin\S-1-5-21-2834902281-255136700-410660451-1000\$RKMN9YL.exe, Quarantined, [c4ebdd6532588aac5db65ea8e71926da],
Trojan.MSIL.ED, C:\Users\Anton\AppData\Local\Temp\6D9E.tmp, Quarantined, [feb11929f09aaf8724c59a83aa58649c],
Trojan.MSIL.ED, C:\Users\Anton\AppData\Local\Temp\7168.tmp, Quarantined, [2c83053d424854e2b037f528dd25ec14],
PUP.Optional.Vitruvian.A, C:\Users\Anton\AppData\Local\Temp\vitruvian-installer-install-v0003, Quarantined, [04abef534842989e15c21e13a0655aa6],
PUP.Optional.Vitruvian.A, C:\Users\Anton\AppData\Local\Temp\vitruvian-installer-processes-v0002, Quarantined, [7c3363df4c3e91a51bbc89a8bc4914ec],
PUP.Optional.Vitruvian.A, C:\Users\Anton\AppData\Local\Temp\vitruvian-installer-scheduledtasks-v0001, Quarantined, [05aa54eecdbd75c103d4ee43030234cc],
PUP.Optional.Vitruvian.A, C:\Users\Anton\AppData\Local\Temp\vitruvian-installer-softwareregkeys-v0002, Quarantined, [b1fefc468ffbc96dc314c36ed332c33d],
PUP.Optional.BlockAndSurf.A, C:\Program Files\ver1BlockAndSurf\x86\WdfCoInstaller01009.dll, Quarantined, [129d350db6d469cda1ead4b2a1621ce4],
Physical Sectors: 0
(No malicious items detected)
(end)
Так же была проведена проверка с помошью DrWeb CureIt!. Но ничего не обнаружено