Всем привет. Стояла бетта 5 и с каждым обновлением все больше тормозило комп. Потом в синий экран падать начал, странички открывает долго из за сканирования и т.д.
Короче снес его. Поставил 4.44, а он пишет:
08-12-2008 15:15:01 [BG] (PID = 2612) C:WINDOWSsystem32vmmreg32.dll - инфицирован Trojan.MulDrop.28837
08-12-2008 15:15:08 [BG] (PID = 2612) C:WINDOWSsystem32vmmreg32.dll - ошибка удаления
08-12-2008 15:15:08 [BG] (PID = 2612) C:WINDOWSsystem32vmmreg32.dll - доступ к файлу запрещен
08-12-2008 15:15:09 [BG] (PID = 2612) C:WINDOWSSYSTEM32VIDEO.sys - инфицирован Trojan.Siggen.1351
08-12-2008 15:15:13 [BG] (PID = 2612) C:WINDOWSSYSTEM32VIDEO.sys - ошибка удаления
08-12-2008 15:15:13 [BG] (PID = 2612) C:WINDOWSSYSTEM32VIDEO.sys - доступ к файлу запрещен
08-12-2008 15:15:13 [BG] (PID = 0004) C:WINDOWSsystem32winhelp32.exe - инфицирован Trojan.MulDrop.28838
08-12-2008 15:15:17 [BG] (PID = 0004) C:WINDOWSsystem32winhelp32.exe - ошибка удаления
08-12-2008 15:15:17 [BG] (PID = 0004) C:WINDOWSsystem32winhelp32.exe - доступ к файлу запрещен
Вот такие пироги.
Бета 5 пропускает троянов
Автор
zbugz
, дек 08 2008 15:23
4 ответов в этой теме
#2
v.martyanov
-
- Virus Analysts
-
- 8 308 Сообщений:
Guru
Отправлено 08 Декабрь 2008 - 15:26
Пришлите, пожалуйста, подозрительный файл (файлы) через форму http://vms.drweb.com/sendvirus/ , указав категорию "Вирус, не определяемый Dr.Web" и свой e-mail. На указанный адрес придет письмо с номером тикета, который опубликуйте в этой ветке.
#3
Borka
-
- Members
- 19 512 Сообщений:
Забанен за флуд
Отправлено 08 Декабрь 2008 - 15:39
http://wiki.drweb.com/index.php/SpIDer_Guard%C2%AEВот такие пироги.
Какие настройки спайдера?
---
С уважением,
Borka.
#4
zbugz
-
- Posters
- 158 Сообщений:
Member
Отправлено 09 Декабрь 2008 - 09:30
Уже все грохнул 4.44 :( А то компьютер в синий экран падал, а работать нужно было.
#5
zbugz
-
- Posters
- 158 Сообщений:
Member
Отправлено 09 Декабрь 2008 - 09:34
Настройки были такие же как и в 4.44, щас опять уже не скажу, удалил его. На работе тестить тяжко просто.
Настройки 5 беты такие же как и 4.44:
Грохать все без запроса, проверять все что можно, единственное что я никогда не ставлю эврестический анализ, а то тормозит.
Настройки 4.44 аля такие же как и в бета 5:
[SpIDerGuardNT]
LngFileName = "Ru-drweb.DWL"
FilesTypes = EXE,COM,DLL,SYS,VXD,OV?,BAT,BIN,DRV,PRG,BOO,SCR,CMD,386,FON,DO?
FilesTypes = XL?,WIZ,RTF,CL*,HT*,VB*,JS*,INF,PP?,OBJ,LIB,PIF,HLP,MD?,INI,MBR
FilesTypes = IMG,CSC,CPL,MBP,SH,SHB,SHS,SHT*,CHM,REG,XML,PRC,ASP,LSP,MSO,OBD
FilesTypes = THE*,NWS,SWF,MPP,OCX,VS*,DVB,CPY,BMP,AR?,ZIP,R??,GZ,Z,TGZ,TAR,TAZ
FilesTypes = CAB,LHA,LZH,BZ2,MSG,EML,7Z,PDF,TBB
UserMasks = "*.EXE","*.COM","*.DLL","*.SYS","*.VXD","*.OV?","*.BAT","*.BIN"
UserMasks = "*.DRV","*.PRG","*.BOO","*.SCR","*.CMD","*.386","*.FON","*.DO?"
UserMasks = "*.XL?","*.WIZ","*.RTF","*.CL*","*.HT*","*.VB*","*.JS*","*.INF"
UserMasks = "*.PP?","*.OBJ","*.LIB","*.PIF","*.HLP","*.MD?","*.INI","*.MBR"
UserMasks = "*.IMG","*.CSC","*.CPL","*.MBP","*.SH","*.SHB","*.SHS","*.SHT*"
UserMasks = "*.CHM","*.REG","*.XML","*.PRC","*.ASP","*.LSP","*.MSO","*.OBD"
UserMasks = "*.THE*","*.NWS","*.SWF","*.MPP","*.OCX","*.VS*","*.DVB","*.CPY"
UserMasks = "*.BMP","*.AR?","*.ZIP","*.R??","*.GZ","*.Z","*.TGZ","*.TAR"
UserMasks = "*.TAZ","*.CAB","*.LHA","*.LZH","*.BZ2","*.MSG","*.EML","*.7Z"
UserMasks = "*.PDF","*.TBB"
ScanFiles = ByType
HeuristicAnalysis = No
CheckPackedFiles = Yes
CheckArchives = Yes
CheckEMailFiles = Yes
InfectedFiles = Delete
SuspiciousFiles = Delete
IncurableFiles = Delete
ActionAdware = Delete
ActionDialers = Delete
ActionJokes = Delete
ActionRiskware = Delete
ActionHacktools = Delete
ActionInfectedArchive = Report
ActionInfectedMail = Report
ActionInfectedContainer = Delete
ActionIfRenameFailed = Delete
ActionIfMoveFailed = Rename
ActionIfDeleteFailed = Lock
ActionIfReportFailed = Lock
RenameFilesTo = #??
MoveFilesTo = "infected.!!!"
ExcludePaths =
ExcludeFiles =
VirusBase = "*.vdb"
LogToFile = Yes
OverwriteLog = Yes
LogScanned = Yes
LogPacked = Yes
LogArchived = Yes
LogFormat = ANSI
TestMemory = Yes
TestStartup = Yes
PromptOnAction = Yes
PlaySounds = Yes
UseDiskForSwap = Yes
LimitLog = Yes
MaxLogSize = 10240
RestoreAccessDate = No
UpdateFlags = "drwtoday.vdb"
UpdatePeriod = 1m
GuardMode = Smart
ScanBootOnShutDown = Yes
LogStatistics = Yes
Acknowledge = Yes
AllowWildcards = No
AllowRelativeFileNames = No
DisableEnhancedProtection = No
EnableDeleteArchiveAction = No
DisableHotReconfigure = No
LogFileName = "C:Program FilesDrWebspidernt.log"
[Windows]
LngFileName = "C:Program FilesDrWebru-drweb.dwl"
ScanFiles = All
FilesTypes = EXE,COM,DLL,SYS,VXD,OV?,BAT,BIN,DRV,PRG,BOO,SCR,CMD,386,FON,DO?
FilesTypes = XL?,WIZ,RTF,CL*,HT*,VB*,JS*,INF,PP?,OBJ,LIB,PIF,HLP,MD?,INI,MBR
FilesTypes = IMG,CSC,CPL,MBP,SH,SHB,SHS,SHT*,CHM,REG,XML,PRC,ASP,LSP,MSO,OBD
FilesTypes = THE*,NWS,SWF,MPP,OCX,VS*,DVB,CPY,BMP,RPM,ISO,DEB,AR?,ZIP,R??,GZ
FilesTypes = Z,TGZ,TAR,TAZ,CAB,LHA,LZH,BZ2,MSG,EML,7Z,CPIO,TBB
UserMasks = "*.EXE","*.COM","*.DLL","*.SYS","*.VXD","*.OV?","*.BAT","*.BIN"
UserMasks = "*.DRV","*.PRG","*.BOO","*.SCR","*.CMD","*.386","*.FON","*.DO?"
UserMasks = "*.XL?","*.WIZ","*.RTF","*.CL*","*.HT*","*.VB*","*.JS*","*.INF"
UserMasks = "*.PP?","*.OBJ","*.LIB","*.PIF","*.HLP","*.MD?","*.INI","*.MBR"
UserMasks = "*.IMG","*.CSC","*.CPL","*.MBP","*.SH","*.SHB","*.SHS","*.SHT*"
UserMasks = "*.CHM","*.REG","*.XML","*.PRC","*.ASP","*.LSP","*.MSO","*.OBD"
UserMasks = "*.THE*","*.NWS","*.SWF","*.MPP","*.OCX","*.VS*","*.DVB","*.CPY"
UserMasks = "*.BMP","*.RPM","*.ISO","*.DEB","*.AR?","*.ZIP","*.R??","*.GZ"
UserMasks = "*.Z","*.TGZ","*.TAR","*.TAZ","*.CAB","*.LHA","*.LZH","*.BZ2"
UserMasks = "*.MSG","*.EML","*.7Z","*.CPIO","*.TBB"
HeuristicAnalysis = Yes
CheckArchives = Yes
CheckEMailFiles = Yes
InfectedFiles = Report
SuspiciousFiles = Report
IncurableFiles = Report
ActionAdware = Report
ActionDialers = Report
ActionJokes = Report
ActionRiskware = Report
ActionHacktools = Report
ActionInfectedArchive = Report
ActionInfectedMail = Report
ActionInfectedContainer = Report
RebootMode = Prompt
RenameFilesTo = #??
MoveFilesTo = "infected.!!!"
ExcludePaths =
ExcludeFiles =
VirusBase = "*.vdb"
LogToFile = Yes
OverwriteLog = No
LogScanned = No
LogPacked = No
LogArchived = No
LogFileName = "%USERPROFILE%DoctorWebdrweb32w.log"
LogFormat = ANSI
ShowProgressBar = Yes
ScanPriority = 25
TestMemory = Yes
TestStartup = Yes
AutoSaveSettings = Yes
PromptOnAction = No
PlaySounds = No
UseDiskForSwap = Yes
AlertWav = "alert.wav"
CuredWav = "cured.wav"
DeletedWav = "deleted.wav"
RenamedWav = "renamed.wav"
MovedWav = "moved.wav"
FinishWav = "finish.wav"
ErrorWav = "error.wav"
UpdateAllFiles = No
UpdateVirusBasesOnly = No
OnUpdateRun = ""
UpdateRebootMode = prompt
ScanFDD = No
ScanHDD = Yes
ScanCD = No
ScanNet = No
LimitLog = Yes
MaxLogSize = 512
RestoreAccessDate = No
WaitAfterScan = No
LogStatistics = Yes
EnableDeleteArchiveAction = No
DisableHotReconfigure = No
[DOS]
ScanFiles=All
LngFileName="Ru-drweb.DWL"
[SpIDerMailHome]
HookManual1=7000->pop.mail.ru:110
HookManual2=7001->smtp.mail.ru:25
LngFileName="Ru-drweb.DWL"
Настройки 5 беты такие же как и 4.44:
Грохать все без запроса, проверять все что можно, единственное что я никогда не ставлю эврестический анализ, а то тормозит.
Настройки 4.44 аля такие же как и в бета 5:
[SpIDerGuardNT]
LngFileName = "Ru-drweb.DWL"
FilesTypes = EXE,COM,DLL,SYS,VXD,OV?,BAT,BIN,DRV,PRG,BOO,SCR,CMD,386,FON,DO?
FilesTypes = XL?,WIZ,RTF,CL*,HT*,VB*,JS*,INF,PP?,OBJ,LIB,PIF,HLP,MD?,INI,MBR
FilesTypes = IMG,CSC,CPL,MBP,SH,SHB,SHS,SHT*,CHM,REG,XML,PRC,ASP,LSP,MSO,OBD
FilesTypes = THE*,NWS,SWF,MPP,OCX,VS*,DVB,CPY,BMP,AR?,ZIP,R??,GZ,Z,TGZ,TAR,TAZ
FilesTypes = CAB,LHA,LZH,BZ2,MSG,EML,7Z,PDF,TBB
UserMasks = "*.EXE","*.COM","*.DLL","*.SYS","*.VXD","*.OV?","*.BAT","*.BIN"
UserMasks = "*.DRV","*.PRG","*.BOO","*.SCR","*.CMD","*.386","*.FON","*.DO?"
UserMasks = "*.XL?","*.WIZ","*.RTF","*.CL*","*.HT*","*.VB*","*.JS*","*.INF"
UserMasks = "*.PP?","*.OBJ","*.LIB","*.PIF","*.HLP","*.MD?","*.INI","*.MBR"
UserMasks = "*.IMG","*.CSC","*.CPL","*.MBP","*.SH","*.SHB","*.SHS","*.SHT*"
UserMasks = "*.CHM","*.REG","*.XML","*.PRC","*.ASP","*.LSP","*.MSO","*.OBD"
UserMasks = "*.THE*","*.NWS","*.SWF","*.MPP","*.OCX","*.VS*","*.DVB","*.CPY"
UserMasks = "*.BMP","*.AR?","*.ZIP","*.R??","*.GZ","*.Z","*.TGZ","*.TAR"
UserMasks = "*.TAZ","*.CAB","*.LHA","*.LZH","*.BZ2","*.MSG","*.EML","*.7Z"
UserMasks = "*.PDF","*.TBB"
ScanFiles = ByType
HeuristicAnalysis = No
CheckPackedFiles = Yes
CheckArchives = Yes
CheckEMailFiles = Yes
InfectedFiles = Delete
SuspiciousFiles = Delete
IncurableFiles = Delete
ActionAdware = Delete
ActionDialers = Delete
ActionJokes = Delete
ActionRiskware = Delete
ActionHacktools = Delete
ActionInfectedArchive = Report
ActionInfectedMail = Report
ActionInfectedContainer = Delete
ActionIfRenameFailed = Delete
ActionIfMoveFailed = Rename
ActionIfDeleteFailed = Lock
ActionIfReportFailed = Lock
RenameFilesTo = #??
MoveFilesTo = "infected.!!!"
ExcludePaths =
ExcludeFiles =
VirusBase = "*.vdb"
LogToFile = Yes
OverwriteLog = Yes
LogScanned = Yes
LogPacked = Yes
LogArchived = Yes
LogFormat = ANSI
TestMemory = Yes
TestStartup = Yes
PromptOnAction = Yes
PlaySounds = Yes
UseDiskForSwap = Yes
LimitLog = Yes
MaxLogSize = 10240
RestoreAccessDate = No
UpdateFlags = "drwtoday.vdb"
UpdatePeriod = 1m
GuardMode = Smart
ScanBootOnShutDown = Yes
LogStatistics = Yes
Acknowledge = Yes
AllowWildcards = No
AllowRelativeFileNames = No
DisableEnhancedProtection = No
EnableDeleteArchiveAction = No
DisableHotReconfigure = No
LogFileName = "C:Program FilesDrWebspidernt.log"
[Windows]
LngFileName = "C:Program FilesDrWebru-drweb.dwl"
ScanFiles = All
FilesTypes = EXE,COM,DLL,SYS,VXD,OV?,BAT,BIN,DRV,PRG,BOO,SCR,CMD,386,FON,DO?
FilesTypes = XL?,WIZ,RTF,CL*,HT*,VB*,JS*,INF,PP?,OBJ,LIB,PIF,HLP,MD?,INI,MBR
FilesTypes = IMG,CSC,CPL,MBP,SH,SHB,SHS,SHT*,CHM,REG,XML,PRC,ASP,LSP,MSO,OBD
FilesTypes = THE*,NWS,SWF,MPP,OCX,VS*,DVB,CPY,BMP,RPM,ISO,DEB,AR?,ZIP,R??,GZ
FilesTypes = Z,TGZ,TAR,TAZ,CAB,LHA,LZH,BZ2,MSG,EML,7Z,CPIO,TBB
UserMasks = "*.EXE","*.COM","*.DLL","*.SYS","*.VXD","*.OV?","*.BAT","*.BIN"
UserMasks = "*.DRV","*.PRG","*.BOO","*.SCR","*.CMD","*.386","*.FON","*.DO?"
UserMasks = "*.XL?","*.WIZ","*.RTF","*.CL*","*.HT*","*.VB*","*.JS*","*.INF"
UserMasks = "*.PP?","*.OBJ","*.LIB","*.PIF","*.HLP","*.MD?","*.INI","*.MBR"
UserMasks = "*.IMG","*.CSC","*.CPL","*.MBP","*.SH","*.SHB","*.SHS","*.SHT*"
UserMasks = "*.CHM","*.REG","*.XML","*.PRC","*.ASP","*.LSP","*.MSO","*.OBD"
UserMasks = "*.THE*","*.NWS","*.SWF","*.MPP","*.OCX","*.VS*","*.DVB","*.CPY"
UserMasks = "*.BMP","*.RPM","*.ISO","*.DEB","*.AR?","*.ZIP","*.R??","*.GZ"
UserMasks = "*.Z","*.TGZ","*.TAR","*.TAZ","*.CAB","*.LHA","*.LZH","*.BZ2"
UserMasks = "*.MSG","*.EML","*.7Z","*.CPIO","*.TBB"
HeuristicAnalysis = Yes
CheckArchives = Yes
CheckEMailFiles = Yes
InfectedFiles = Report
SuspiciousFiles = Report
IncurableFiles = Report
ActionAdware = Report
ActionDialers = Report
ActionJokes = Report
ActionRiskware = Report
ActionHacktools = Report
ActionInfectedArchive = Report
ActionInfectedMail = Report
ActionInfectedContainer = Report
RebootMode = Prompt
RenameFilesTo = #??
MoveFilesTo = "infected.!!!"
ExcludePaths =
ExcludeFiles =
VirusBase = "*.vdb"
LogToFile = Yes
OverwriteLog = No
LogScanned = No
LogPacked = No
LogArchived = No
LogFileName = "%USERPROFILE%DoctorWebdrweb32w.log"
LogFormat = ANSI
ShowProgressBar = Yes
ScanPriority = 25
TestMemory = Yes
TestStartup = Yes
AutoSaveSettings = Yes
PromptOnAction = No
PlaySounds = No
UseDiskForSwap = Yes
AlertWav = "alert.wav"
CuredWav = "cured.wav"
DeletedWav = "deleted.wav"
RenamedWav = "renamed.wav"
MovedWav = "moved.wav"
FinishWav = "finish.wav"
ErrorWav = "error.wav"
UpdateAllFiles = No
UpdateVirusBasesOnly = No
OnUpdateRun = ""
UpdateRebootMode = prompt
ScanFDD = No
ScanHDD = Yes
ScanCD = No
ScanNet = No
LimitLog = Yes
MaxLogSize = 512
RestoreAccessDate = No
WaitAfterScan = No
LogStatistics = Yes
EnableDeleteArchiveAction = No
DisableHotReconfigure = No
[DOS]
ScanFiles=All
LngFileName="Ru-drweb.DWL"
[SpIDerMailHome]
HookManual1=7000->pop.mail.ru:110
HookManual2=7001->smtp.mail.ru:25
LngFileName="Ru-drweb.DWL"
Читают тему: 0
0 пользователей, 0 гостей, 0 скрытых
