выполняем скрипт в uVS
- скопировать содержимое кода в буфер обмена;
- стартуем uVS(start.exe), далее выбираем: текущий пользователь, меню - скрипты - выполнить скрипт из буфера обмена;
- закрываем все браузеры перед выполнением скрипта;
при деинсталляции программ - соглашаемся на деинсталляцию_удаление подтверждаем "да"
Код:
;uVS v3.87.9 [http://dsrt.dyndns.org]
;Target OS: NTv6.1
OFFSGNSAVE
zoo %SystemDrive%\PROGRAMDATA\UCKT\_@DLUCK00000000.TMP.DAT.EXE
addsgn 1AEC069A5583338CF42BFB3A8837070184C8FC9C8859B319C6C32D5725D671B3561F2BD74B559DCA162CE5DC461610A308D78273BD0BC52C2D2ECC26C306E29B 8 Trojan:Win32/Chuckenit.A [Microsoft]
addsgn 453C3F9A55ED93DEBB1401FA7F791905FEA957C04FC81F7885C3D3DC5FE675958975C2CBA257B6894E80849F46A45DB02EA6C36909E7B929EB607FA939E84C0A 8 Win32/Obfuscated
zoo %SystemDrive%\PROGRAMDATA\GUNSHIP\GUNSHIP.EXE
;------------------------autoscript---------------------------
chklst
delvir
delref HTTP://SERCLHIS-NAUTI.RU
delref THEURVC.DLL
delref HTTP://API.SUIBIANMAIMAICOM.COM/HITACHIXHTS545025B9A300_100412PBN204ASJ0SELMX.DAT
delref %SystemDrive%\PROGRAM FILES\LIBASARAMING\_ALLOWDEL_4CA0382\GUBED.EXE
del %SystemDrive%\PROGRAM FILES\LIBASARAMING\_ALLOWDEL_4CA0382\GUBED.EXE
delref {D5FEC983-01DB-414A-9456-AF95AC9ED7B5}\[CLSID]
deldirex %SystemDrive%\USERS\1\APPDATA\LOCALLOW\UNITY\WEBPLAYER\LOADER
delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DAHNPHCMHMHCJJCJHMNNJJLBMAELJECGA%26INSTALLSOURCE%3DONDEMAND%26UC
delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DBGKNPFANCPEAMEJMCOOEDLJJNADDLDHG%26INSTALLSOURCE%3DONDEMAND%26UC
delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DCEGDOMHOCAEOEDBDPFOLMGJKJAIJFOMO%26INSTALLSOURCE%3DONDEMAND%26UC
delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DDHNGKPGDBPBKOPNDLPKICFAIFFPHDKBO%26INSTALLSOURCE%3DONDEMAND%26UC
delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DEIODDFAEPDOEIFBHJPHFEFGIPCJCDIEO%26INSTALLSOURCE%3DONDEMAND%26UC
delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DEOFCBNMAJMJMPLFLAPAOJJNIHCJKIGCK%26INSTALLSOURCE%3DONDEMAND%26UC
delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DGDKNICMNHBAAJDGLBINPAHHAPGHPAKCH%26INSTALLSOURCE%3DONDEMAND%26UC
delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DGNDACICECCGAPJHPNIECKNJLMMLANAEM%26INSTALLSOURCE%3DONDEMAND%26UC
delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DGOMEKMIDLODGLBBMALCNEEGIEACBDMKI%26INSTALLSOURCE%3DONDEMAND%26UC
delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DHCNCJPGANFOCBFOENAEMAGJJOPKKINDP%26INSTALLSOURCE%3DONDEMAND%26UC
delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DIFLPPBJNPNEIIGCBDFJPNKEBIDMKJMOI%26INSTALLSOURCE%3DONDEMAND%26UC
delref HTTP://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DJDKIHDHLEGCDGGKNOKFEKOEMKJJNJHGI%26INSTALLSOURCE%3DONDEMAND%26UC
delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DJEDELKHANEFMCNPAPPFHACHBPNLHOMAI%26INSTALLSOURCE%3DONDEMAND%26UC
delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DJGGBJBMNFMIPGCANIDAMJFPECHDEEKOI%26INSTALLSOURCE%3DONDEMAND%26UC
delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DKPPACDMMDDEDIAHKLMCGKGDHHOOJEMMD%26INSTALLSOURCE%3DONDEMAND%26UC
delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DLANABBPAHPJNALJEBNPGKJEMCBKEPIAK%26INSTALLSOURCE%3DONDEMAND%26UC
delref HTTP://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DMDELDJOLAMFBCGNNDJMJJIINNHBNBNLA%26INSTALLSOURCE%3DONDEMAND%26UC
delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DODKMEDFOMGHPHDNMMEMHKPOANGGCFBBE%26INSTALLSOURCE%3DONDEMAND%26UC
delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DOELPKEPJLGMEHAJEHFEICFBJDIOBDKFJ%26INSTALLSOURCE%3DONDEMAND%26UC
delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DPGANLGLBHGFJFGOPIJBHEMCPBEHJNPIA%26INSTALLSOURCE%3DONDEMAND%26UC
delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DPLDBIENODKPGKCCOCELIDINMCIEDJDOK%26INSTALLSOURCE%3DONDEMAND%26UC
delref %Sys32%\DRIVERS\BDENHANCEBOOST.SYS
del %Sys32%\DRIVERS\BDENHANCEBOOST.SYS
delref %SystemDrive%\USERS\1\APPDATA\LOCAL\TEMP\BK8F0C.TMP\P1481714921AM.SYS
delref %SystemDrive%\USERS\1\APPDATA\ROAMING\WINSNARE\WINSNARE.DLL
del %SystemDrive%\USERS\1\APPDATA\ROAMING\WINSNARE\WINSNARE.DLL
deldirex %SystemDrive%\PROGRAM FILES\WINZIPPER
delref %SystemDrive%\USERS\1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\CHROMEDEFAULTDATA\EXTENSIONS\AHNPHCMHMHCJJCJHMNNJJLBMAELJECGA\12.0.8_0\ПОИСК MAIL.RU
delref %SystemDrive%\USERS\1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\CHROMEDEFAULTDATA\EXTENSIONS\EIODDFAEPDOEIFBHJPHFEFGIPCJCDIEO\7.0.25_0\ПОИСК MAIL.RU
delref %SystemDrive%\USERS\1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\CHROMEDEFAULTDATA\EXTENSIONS\JDKIHDHLEGCDGGKNOKFEKOEMKJJNJHGI\1.0.3_0\СТАРТОВАЯ — ЯНДЕКС
delref %SystemDrive%\USERS\1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\CHROMEDEFAULTDATA\EXTENSIONS\LANABBPAHPJNALJEBNPGKJEMCBKEPIAK\2.0.25_0\ПОИСК MAIL.RU
deldirex %SystemDrive%\PROGRAM FILES\TORRENT SEARCH\IEEF
deldirex %SystemDrive%\PROGRAM FILES\BAIDU\BAIDUSD\1.8.0.1255
deldirex %SystemDrive%\PROGRAM FILES\COMMON FILES\BAIDU\BDDOWNLOAD\107
delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DFCFENMBOOJPJINHPGGGODEFCCIPIKBPD%26INSTALLSOURCE%3DONDEMAND%26UC
delref HTTP://YAMDEX.NET/?SEARCHID=1&L10N=RU&FROMSEARCH=1&IMSID=FC4110F7B451FBC3D6A6215D43AF9818&TEXT={SEARCHTERMS}
del %SystemDrive%\PROGRAMDATA\FATPDAKQGFMD\PBMYGBEEHT3.BAT
deldirex %SystemDrive%\USERS\1\APPDATA\LOCAL\UNITY\WEBPLAYER
delref HTTP:\\WWW.AMISITES.COM\?TYPE=SC&TS=1481024593&Z=C9762303037EDBBF20E1D53G9Z5BCGCECO2ZEW9B8T&FROM=CHE0812&UID=HITACHIXHTS545025B9A300_100412PBN204ASJ0SELMX
deldirex %SystemDrive%\PROGRAM FILES\FLVPLAYER
deldirex %SystemDrive%\PROGRAM FILES\FLVPLAYER\UNINSTALL
delref HTTP:\\WWW.STARTPAGEING123.COM\?TYPE=SC&TS=1489583644&Z=B0F242634D161B8AF22CCFCG0Z7B8TCW6B2C9QDC5T&FROM=CHE0812&UID=HITACHIXHTS545025B9A300_100412PBN204ASJ0SELMX
delref HTTP:\\WWW.AMISITES.COM\?TYPE=SC&TS=1484820126&Z=F044E95A1591A1AF7D6B431G6ZCB4Z4BEOEE2G1GFT&FROM=CHE0812&UID=HITACHIXHTS545025B9A300_100412PBN204ASJ0SELMX
delref HTTP:\\YAMDEX.NET\?IS
regt 28
regt 29
deltmp
delnfr
;-------------------------------------------------------------
restart
czoo
перезагрузка, пишем о старых и новых проблемах.
----------
далее,
выполните сканирование (угроз) в Malwarebytes