Od danas mi se pojavilo ukupno 11 svchost procesa od toga 2 netowork service, 1 local service i 8 sistemskih, iako ih je do juce bilo 9
sinoc mi je jedan u toku rada iznenadno počeo da koristi 70-80% CPU USAGE i zagrejava procesor sto je izazvalo maksimalno brzinu rada ventilatora, jutros seto nije desavalo.
danas mi se pojavio wuaucldt virus koje je umnožavao te procese, njega sam izlecio pokretanjem skripta iz AVZ pomocu koda:
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
TerminateProcessByName('c:\windows\system32\wmicvrts.exe');
QuarantineFile('C:\WINDOWS\system32\wmicvrts.exe','');
QuarantineFile('C:\WINDOWS\system32\wuaucldt.exe','');
QuarantineFile('C:\WINDOWS\system32\implayok.exe','');
QuarantineFile('c:\windows\system32\wuaucldt.exe','');
QuarantineFile('c:\documents and settings\networkservice\wuaucldt.exe','');
QuarantineFile('c:\documents and settings\mtisiz\wuaucldt.exe','');
QuarantineFile('C:\Documents and Settings\NetworkService\imPlayok.exe','');
QuarantineFile('c:\windows\system32\wmicvrts.exe','');
DeleteFile('c:\windows\system32\wmicvrts.exe');
DeleteFile('C:\Documents and Settings\NetworkService\imPlayok.exe');
DeleteFile('c:\documents and settings\mtisiz\wuaucldt.exe');
DeleteFile('c:\documents and settings\networkservice\wuaucldt.exe');
DeleteFile('c:\windows\system32\wuaucldt.exe');
DeleteFile('C:\WINDOWS\system32\implayok.exe');
DeleteFile('C:\WINDOWS\system32\wuaucldt.exe');
DeleteFile('C:\WINDOWS\system32\wmicvrts.exe');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','syncman');
RegKeyParamDel('HKEY_USERS','.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run','syncman');
RegKeyParamDel('HKEY_USERS','S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run','syncman');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','syncman');
RegKeyParamDel('HKEY_USERS','.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run','imPlayok');
RegKeyParamDel('HKEY_USERS','S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run','imPlayok');
BC_ImportALL;
ExecuteSysClean;
BC_Activate;
ExecuteRepair(9);
ExecuteRepair(13);
ExecuteWizard('TSW',2,2,true);
RebootWindows(true);
end.
I sada je uredu sto se tice tog virusa skenirao sam avastom, ali dalje ostaje 11 svchost procesa bez obzira na restartovanje racunara.
Sta rade toliki svchost procesi ?
[Ovu poruku je menjao adrrij dana 11.08.2010. u 18:49 GMT+1]