The virus (backdoor) DoublePulsar and miner (WINSec.exe/msiexev.exe)

just need the system to download the official and not build any,will pump itself build and then cry

Daidjer
Yeah. Yeah. ;)
Pak utilities automation through the day itself in the registry, memory, et cetera + the Casper.
I'm talking about personal searches" and connection mixed artillery from the Internet
The inspection was justified) a Small a bunch inactive stuff found + a couple of Chinese.

LenivyiBob
I'm all clear. PAH-PAH. I forgot what the miners, Trojans and dirtiest. And Yes. I litsuha win 7 PE x64 clean without any updates.
And again. The downloaded software, games, and other things, can be advertising a program, which are not visible like, but they all can leak into the system.
LenivyiBob wrote:
Pak utilities automation through the day itself in the registry
Care system I do in manual mode.
))) This is only my advice and there at will. )))

rambling
Something I don't understand. After a full disk format and install clean Windows it appears out of thin air? Or is it something with the old system tolerated, there are other connected non-system drives, Windows from a flash drive (already infected) and TP As if hard with a clean Windows it is actually a new computer.
I'm all clear since then, but I found the body of the virus. The virus can be picked up much earlier and stayed in the browser cache, and activated on may 1st, what more just like.

GG4
Well, about the license of Windows it's a fairy tale for children. Licensing Windows by itself doesn't protect, if the user runs the virus (unknowingly and inadvertently). I work on the laptop with the licenses and antivirals, and it is currently cling to a bunch of different stuff. It's either to curtail the rights to run only allowed programs and the prohibition of the browser that is not always feasible, or to increase vigilance and allow only large portals Ala mail.ru, Yandex, etc

oscarbin wrote:
Something I don't understand. After a full disk format and install clean Windows it appears out of thin air? Or is it something from the old system transferred
Out of thin air. The virus appears before I install any programs/software/runtime and our.

oscarbin wrote:
there are other connected non-system drives, Windows from a flash drive (already infected), etc
There, but the virus appears itself before I first connect any of them. And the stick I formatnul and rearranged on it Windows a year ago - making it on the other computer.

oscarbin wrote:
Matter how hard pure Windows it is actually a new computer
Not really. A quick format can not erase the virus. Completely erase hard, you need at least wipe all hard zeros. What I will do tomorrow.
It looks like this: http://i.ebayimg.com/00/s/MTIwMFgxNjAw/z/tfkAAOxyGStRtKj-/$(KGrHqR,!rQFGtVSq-mSBRtKj-PwWw~~60_1.JPG

Sonic268 wrote:
just need the system to download the official and not build any,will pump itself build and then cry
I no the Assembly is not pumping. Windows cleaner baby ass. And please stop post here kindergarten advice like don't use Repack, don't go on suspicious sites, do not download build. It's long been known. Only clog up the topic.

Daidjer wrote:
You're still prog Dr.Web CureIt scan is necessary. Go to the AppData - Roaming uTorrent, and remove the traces of torrents. And the Temp folders and Prefetch should be cleaned regularly
This explains the emergence of the virus in a clean system after a format? Have you ever read the topic. To remove all this happiness we have learned. Now the question is where it hides the source.

rambling wrote:
This explains the emergence of the virus in a clean system after a format?
The virus without problems survive the formatting, if it is in the MBR sector of the disk, which starts the download of the Windows.
To solve such problems, it is best not formatting, but removing all partitions and creating a new one (this creates a new MBR). And theoretically, can help convert the partition to FAT32 then back to NTFS.

Hard some kind of virus so to delete it is necessary to make so much fuss. Probably it was created in secret laboratories wily Russian hackers to hack the Pentagon, but something went wrong and the virus fled to the computers of ordinary users)

Profiction wrote:
The virus without problems survive the formatting, if it is in the MBR sector of the disk
You are absolutely right. That is why today I'll buy a flash drive, install the Webroot Eraser and completely wipe your hard as already wrote above. View will appear after that. Although maybe the truth is just carry a section. But to wipe I would feel better.
This decision I've put off due to the fact that at first wanted to make sure that the virus is not in my files, the firmware, and not on the flash drive with Windows.

caught like a miner on a laptop 1.5 years ago. Now, that it was downloaded from air bullshit. He goes with the left software.
He, too, could not kill this stuff after a while payables again. And the most popular - the Windows reinstallation gave nothing. All these vaunted anti-viruses ignore it. In the end, still managed to kill him, disabling the Internet, and on disk D found a bat file which controls the process of downloading this shit. Took a lot of time and nerves

Dead Note wrote:
that it was downloaded from air bullshit
You misunderstood me. I talked about the fact that after a format it comes back out of nowhere. What I first thing it is downloaded, it's understandable. Thanks for the idea, now go through all disks in search of a batch file.

Same picked up this stuff,winsec dad is sitting in the folder C:\Windows\Prefetch\secscan.exe this stuff removes like Dr. web but sucks after a reboot,it appears your again,is there no standards which the antivirus was able to remove it once and for all,thanks.

maxired

Even if you delete it, Profiction right, the virus most likely hiding in the MBR sector, so you definitely have to make a bootable USB flash drive if you don't want to sweep the entire section. Don't do this, POPs up again. At least after the format.
I totally jammed hard zeros, respectively, and the Master Boot Record. If it did then I don't know what else to do. Here I sit, waiting, anticipating. :)

What can I say... Demolished all the disk partitions, creating a new. Reflash the BIOS. Reflash the router. Formatted and redid the USB stick with Windows (on another computer).

After this, the virus appeared AGAIN. On absolutely clean system. Is that a fiction?

oscarbin wrote:
Something I don't understand. After a full disk format and install clean Windows it appears out of thin air?
You have after all done by me have any suggestions? I'd love to hear them.

rambling
You with this problem it is necessary to turn to specialized sites not the Playground to look for a solution.
Speak to the people on https://www.comss.ru I think that there is certainly help to solve your problem.
There is a very responsive administration and the people in this matter sensible going.

Here is the exploit used:
https://www.theregister.co.uk/2017/04/21/windows_hacked_nsa_shadow_brokers/

Those who say not to surf the web, don't download the Repack and so let him eat his words. Over the last few days have been infected thousands of servers of different companies around the world, not just the home user machine.
The good news is that I can just patch the install.wim latest update, and judging by the responses, the last updates close the hole. And you still want to find the source. While he found no one, even system administrators of those servers.

Grab ass, guys. You have no miner, and full Backdoor, which is flashing, format and delete partitions. Formanites - check. Miner only a symptom of the problem. What else you will be soon find out.

JUnnAmmED wrote:
I have the same trouble was
Was not. Is. The rest of you unsubscribe. Miner you deleted. In the background there.

Evermus wrote:
Probably it was created in secret laboratories wily Russian hackers to hack the Pentagon, but something went wrong and the virus fled to the computers of ordinary users)
You will be shocked how your joke was spot on. Only leaked this backdoor is not from the Pentagon, and the National Security Agency. Details in the first post.

Browsing this thread I do not pick up this stuff?

rambling
In the case, as the article says update for win 7, I just need the updates to download? and if after the update will have problems with Windows, I can to a restore point to go back, which is going to be created,for example?
Bomber wrote:
Browsing this thread I do not pick up this stuff?
Not yet known source of this crap so as not to catch off the Internet to sit, and not the fact that she is not sitting at the computer) so no need to worry, we'll get through :)

Evermus wrote:
In the case, as the article says update for win 7, I just need the updates to download?
To close an exploit, Yes. The backdoor itself is not clean, but it will be inactive. Therefore it is better to patch the image Windows.

After a sleepless night of tests, I found some very interesting info. Who have ever been infected with this virus, please throw in the topic model, or Hardware ID of the infected hard drive. Better both that, and another. View to confirm whether my theory (based on the statements of the representatives of Casper). Yet, with horror, podtverzhdaetsya. It's not just the batch file and the service which activates the trigger miner (usually disguised as service .NET Framework or Windows Security Service). When I found out where, apparently, hiding in the background, wtf. But I need more information and tests, so long as no statements will not do.
You can help. Throw old. The tests will take at least two days, because of the backdoor becomes active within 24 hours after the installation of Windows. Exactly will know in about four or five days.

Evermus wrote:
Not yet known source of this crap so as not to catch off the Internet to sit, and not the fact that she is not sitting at the computer)
To the point. But if it sits, I think I found out where. Tests, tests, tests... the Problem is that once flowed sources Equation Group in the Network, to attach a virus\miner to this Bandoro any and Sundry. What did.
The miner probably existed before. But this is only in the last ~20 days. Initially, this backdoor has been focused on the contamination of server hardware. But with the availability of sources, it seems it has been adapted and under the most popular model personal hard drives.

Evermus wrote:
and if after the update will have problems with Windows, I can to a restore point to go back, which is going to be created,for example?
Theoretically it is possible. But the exploit will open again. Better to patch the install.wim image Windows. For example, here this:
http://forum.oszone.net/thread-257198.html

It required a bit of skill.

rambling
OK thanks, I will try tomorrow to roll the updates through Windows auto update, just 6 years old the system is, and has been off auto-update, so as not to flew activation) all write that the activation does not interfere with the auto update and it goes,but I didn't want to risk it,and since a system update might help, so it is necessary to spend.
And after that how can I view the data on the hard drive and its ID so you can provide the old? if you can, write in more detail. and if there's a PM that I told you in the PM data was lost? and that thread who I ID still shit through the backdoor distribute =)
I have a program monitoring AIDA64 I found it hard and model ID but I don't know how to look and how it looks(
Manufacturer Seagate
The title of hard disk Barracuda 7200.12 1000DM003

Hi.

If it's any help, my hard: WDC WD5003AZEX-00MK2A0 (Western Digital Black, 500 GB, 7200).

I don't that this stuff does not noticeably manifest itself, but when playing onto.