My computer icon has changed? Originally, trojan-downloader.win32.agent.mkjreplaced assumer.exe 2.

My computer icon has changed? Originally, trojan-downloader.win32.agent.mkjreplaced assumer.exe 2.

EndurerOriginal
2008-04-12 1st

(Continued 1)

Rename C:/Windows/system32/dllcache/EXPLORER. EXE first
Rename C:/Windows/assumer.exe.
Copy C:/Windows/system32/EXPLORER. EXE to C:/windows. In this case, the Windows system will prompt that the file is replaced. You must insert the Windows XP disc and click Cancel.

Then, bat_do is used to package and back up suspicious files, delaying deletion.

Restart your computer. Now avast! No virus is reported.

Next, open the Registry Editor and delete the o23-service: mhfp (mhfp) project to fix non-DWORD types of HKLM/showall (For details, refer: system Recovery series: how to display all files and folders
Http://endurer.blogchina.com/2590659.html
BTW, the Security Assistant of rising Kaka can detect and fix this item ).

Run WinRAR to check the suspicious files: C:/tmp. dat (including URLs of some virus program files) and C:/Windows/system32/e2.exe.

The malware cleanup assistant reported the folder created by the robot dog immunization program of guard 360:

C:/Windows/system32/drivers> DIR/AD
The volume in drive C is the system disk.
The serial number of the volume is 322d-40bd.
C:/Windows/system32/DRIVERS directory
<Dir>.
<Dir> ..
<Dir> etc
<Dir> disdn
2008-02-07 13:43 <dir> pcibus. sys
2008-02-07 13:43 <dir> pcidisk. sys
<Dir> pcihdd. sys
<Dir> Phy. sys
2008-02-07 13:43 <dir> puid. sys
<Dir> usb32k. sys
<Dir> msaclue. sys
0 files, 0 bytes
9,201,577,984 available bytes in 11 Directories

Use WinRAR to delete windows temporary folders, ie temporary folders, and files that can be deleted in C:/Windows/prefetch.

Restore the "my computer" icon on the desktop by right-clicking the blank area on the desktop and selecting "properties" from the pop-up menu. In the displayed Properties dialog box, select the "desktop" tab and click the "Custom desktop" button. In the "desktop project" dialog box that appears, click the "my computer" icon on the "options" tab, click "Restore Default icon" and "OK ......

File Description: C:/Windows/EXPLORER. EXE
Attribute: ---
An error occurred while obtaining the file version information!
Creation Time:
Modification time:
Access time:
Size: 976896 bytes, 954.0 KB
MD5: 3d1ac1ae5b34d01e2b7743568180eac0
Sha1: d147634c91030f36e4c3c8f0280b46aa55489ed0
CRC32: 2abccd63

Kapsersky reported as Trojan-Downloader.Win32.Agent.mkj

C:/Documents and Settings/Administrator/doctorweb/quarantine/ctfmon.exe is the same as C:/Windows/EXPLORER. EXE.

File Description: C:/Documents and Settings/Administrator/doctorweb/quarantine/e0.exe
Attribute: ---
An error occurred while obtaining the file version information!
Creation Time: 10:14:25
Modification time: 10:14:26
Access time:
Size: 17015 bytes, 16.631 KB
MD5: 82c8194144b1b68d09cc22d9a07cd0a3
Sha1: fca56801d306b17fb4e629f96dafdcc858a1f970
CRC32: 768ea800

Drweb reports backdoor. Trojan

File Description: C:/Documents and Settings/Administrator/doctorweb/quarantine/1[1cmd.exe
Attribute: ---
An error occurred while obtaining the file version information!
Creation Time: 10:14:25
Modification time: 10:14:26
Access time:
Size: 17748 bytes, 17.340 KB
MD5: 7099b92e645701fd5e8329df91dd2fbd
Sha1: 43ebd40925c8921528faee4371ec1e472344d4ff
CRC32: 4f18021c

File Description: C:/Windows/system32/e2.exe
Attribute: ---
An error occurred while obtaining the file version information!
Creation Time:
Modification time: 10:29:18
Access time:
Size: 17015 bytes, 16.631 KB
MD5: eb73052f62d121a4336b8775b19bd3da
Sha1: d13fd8d992b1000b198cb5d004153f48631bbe3c
CRC32: 47951e74

Rising to Packer. win32.upack.