Trojan. DL. win32.autorun. yuz, Trojan. win32.inject. gh, Trojan. win32.agent. zsq, etc.

Source: Internet
Author: User
Tags crc32

Trojan. DL. win32.autorun. yuz, Trojan. win32.inject. gh, Trojan. win32.agent. zsq, etc.

EndurerOriginal
2007-10-231Version

Pe_xscan 07-08-30 by Purple endurer
2007-10-22 13:13:44
Windows XP Service Pack 2 (5.1.2600)
Administrator user group

C:/Windows/system32/winlogon.exe * 604 | MICROSOFT (r) Windows (r) Operating System | 5.1.2600.2180 | Windows NT logon application | (c) Microsoft Corporation. all rights reserved. | 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation |? | Winlogon. exe
C:/Windows/system32/winlib. dll
C:/Windows/system32/msplrct. dll

C:/Windows/explorer. EXE * 224 | 21:21:56 | MICROSOFT (r) Windows (r) Operating System | 6.00.2900.3156 | Windows Explorer | (c) Microsoft Corporation. all rights reserved. | 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234) | Microsoft Corporation |? | Explorer | EXPLORER. EXE
C:/Windows/downlo ~ 1/zux. DLL | 9:26:58 | MICROSOFT (r) Windows (r) Operating System | 5, 3, 2600,218 0 | MICROSOFT directmusic interactive engine | copyright (c) 2007 | 5, 3, 2600,218 0 | Microsoft Corporation | MICROSOFT directmusic interactive engine | minidll. DLL
C:/Windows/downlo ~ 1/FAP. DLL | 11:19:40 | MICROSOFT (r) Windows (r) Operating System | 5, 3, 2600,218 0 | MICROSOFT directmusic interactive engine | copyright (c) 2007 | 5, 3, 2600,218 0 | Microsoft Corporation | MICROSOFT directmusic interactive engine | minidll. DLL
C:/Windows/downlo ~ 1/khy. DLL | 11:19:40 | MICROSOFT (r) Windows (r) Operating System | 5, 3, 2600,218 0 | MICROSOFT directmusic interactive engine | copyright (c) 2007 | 5, 3, 2600,218 0 | Microsoft Corporation | MICROSOFT directmusic interactive engine | minidll. DLL
C:/Windows/system32/2b41. DLL | 11:21:46 | iehpr module | 1, 0, 0, 2 | iehpr module | Copyright 2007 | 1, 0, 0, 2 | iehpr. DLL

C:/Windows/system32/rundll32.exe * 1096 | MICROSOFT (r) Windows (r) Operating System | 5.1.2600.2180 | run a DLL as an app | (c) Microsoft Corporation. all rights reserved. | 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation |? | Rundll. exe
C:/Windows/system32/wincheck071013.dll | 9:31:38

C:/scktsrvr.exe * 1440 | 9:40:34 | Borland socket server | 7.0 | Borland socket server | copyright? 1997-2001 Borland Software Corporation | 7.0.4.453 | Borland Software Corporation | scktsrvr. exe

C:/docume ~ 1/New/locals ~ 1/temp/rundll.exe * 3280 |
C:/Documents and Settings/all users/Application Data/Microsoft/office/system/loader. DLL | 9:35:58 | loader | 3.0.4 | System Event loader | MICROSOFT. all rights reserved. | 3.0.4 | MICROSOFT |? | Loader. dll | loader. dll

C:/program files/ocins/idnsvr.exe * 4072 | 9:37:22 | 2, 6, 0, 0 | international domain name support module | copyright CNNIC 2006-2007 | 2, 6, 0, 0 | China Internet Information Center (CNNIC) | idnsvr | idnsvr.exe
C:/program files/ocins/idnsvr.exe | 9:37:22 | 2, 6, 0, 0 | international domain name support module | copyright CNNIC 2006-2007 | 2, 6, 0, 0 | China Internet Information Center (CNNIC) | idnsvr | idnsvr.exe

C:/Windows/system32/rundll32.exe * 2300 | MICROSOFT (r) Windows (r) Operating System | 5.1.2600.2180 | run a DLL as an app | (c) Microsoft Corporation. all rights reserved. | 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation |? | Rundll. exe
C:/Windows/system32/winsys16_071017.dll | 9:39:30

C:/program files/Internet Explorer/iexplore.exe * 3852 | MICROSOFT (r) Windows (r) Operating System | 6.00.2900.2180 | Internet Explorer | (c) Microsoft Corporation. all rights reserved. | 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation |? | Iexplore. exe
C:/Windows/system32/winsys32_071017.dll | 9:41:22

C:/ah.exe * 14452 | 19:54:54

C:/Windows/system32/b4591.exe * 15012 | 10:11:28 | MICROSOFT (r) Windows (r) Operating System | 5.1.2600.2180 | Windows progman group converter | copyright zhongsou (c) 2005 | 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation |? | Maid |?

C:/Windows/system32/rundll32.exe * 15192 | MICROSOFT (r) Windows (r) Operating System | 5.1.2600.2180 | run a DLL as an app | (c) Microsoft Corporation. all rights reserved. | 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation |? | Rundll. exe
C:/Windows/system32/921.dll | 11:21:46 | player dynamic link library | 1, 0, 0, 3 | player dynamic link library | copyright (c) 2006 | 1, 0, 0, 3 |? | Player. dll

O2-BHO cadlogic object-{11f09afd-75ad-4e51-ab43-e09e9351ce16}-C:/program files/common files/cpush/cpush0.dll
O2-BHO info cache-{export ab8c6-fb22-4d17-8834-064e2ba0a6f0}-C:/Documents and Settings/all users/Application Data/Microsoft/pctools. dll
O2-BHO invoke class-{42a3a616-ff3c-4713-a5c2-4f1b566cef51}-C:/Windows/system32/2b41. dll
O2-BHO ieaux class-{7605cc7c-00fd-4a5f-bafd-828342de6279}-C:/progra ~ 1/ocins/ieaux. dll
O2-bho ff class-{B9751A53-4494-4d7c-9732-AE3058D8145F}-C:/Windows/system32/2b41. dll
O2-BHO windows browser-{C86488AF-13D5-4FEF-9DDF-9FB88698CFC1}-C:/Documents and Settings/all users/Application Data/Microsoft/office/userdata/a5euwxqfyu. dll

O4-hkcu/../policies/Explorer/run: [mscheck] rundll32.exe C:/Windows/system32/wincheck071013.dll mymain
O4-HKLM/../run: [igfxpers] C:/Windows/system32/igfxpers.exe
O4-HKLM/../run: [idnsvr] C:/program files/ocins/idnsvr.exe
O4-HKLM/../policies/Explorer/run: [userinit] rundll32.exe C:/Windows/system32/winsys16_071017.dll start
O4-HKLM/../policies/Explorer/run: [melove] C:/Windows/system32/dream.exe
O4-HKLM/../policies/Explorer/run: [Dream] C:/Windows/system32/dream.exe
O4-HKLM/../policies/Explorer/run: [khy] rundll32 "C:/Windows/downlo ~ 1/khy. dll ", run

O4-Global startup: scktsrvr. lnk-> C:/scktsrvr.exe

Export procauto = D:/myplay.exe

C:/autorun. inf
/-----
[Autorun]
Opentracing ah.exe
Shellexecuteappsah.exe
Shell/auto/command#ah.exe
Shell = open
-----/
D:/autorun. inf
/-----
[Autorun]
Opentracing ah.exe
Shellexecuteappsah.exe
Shell/auto/command#ah.exe
Shell = open
-----/
E:/autorun. inf
/-----
[Autorun]
Opentracing ah.exe
Shellexecuteappsah.exe
Shell/auto/command#ah.exe
Shell = open
-----/
F:/autorun. inf
/-----
[Autorun]
Opentracing ah.exe
Shellexecuteappsah.exe
Shell/auto/command#ah.exe
Shell = open
-----/
O8-ie shortcut menu additional items: & access general website-C:/program files/ocins/cnrbtn.html
O8-ie right-click the menu and add items: eBay shopping-C:/program files/ad4all/link1/eachlink.htm

O23-service: 1ot8pminre (1ot8pminre)-C:/Windows/system32/Drivers/1ot8pminre. sys | (automatic)

O23-service: acpidisk (acpidisk)-C:/Windows/system32/Drivers/acpidisk. sys | (automatic)

O23-service: cnprov (cnprov)-system32/Drivers/cnprov. sys | official Chinese Version | 2, 6, 0, 0 | auxiliary international domain name module | copyright (c ). all rights reserved. | 2.6.0.0 | China Internet Network Information Center (CNNIC) |? | Cnprov. sys | cnprov. sys (pilot)

O23-service: idnaux (idnaux)-system32/Drivers/idnaux. sys | CNNIC idnaux | 2, 6, 0, 0 | international domain name support module | copyright? 2005 | 2, 6, 0, 0 | China Internet Network Information Center (CNNIC) | idnaux. sys (automatic)

O23-service: lcyi7wceil (lcyi7wceil)-system32/Drivers/lcyi7wceil. sys (pilot)

O23-service: ms_2fax (ms_2fax)-C:/Windows/system32/b4591.exe | 10:11:28 | MICROSOFT (r) Windows (r) operating System | 5.1.2600.2180 | Windows progman group converter | copyright zhongsou (c) 2005 | 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation |? | Maid |? (Automatic)

O23-service: mxdispdr (mxdispdr)-C:/Windows/system32/Drivers/mxdispdr. sys | 20:18:14 (automatic)

O23-service: sysloader (System Event loader)-"C: /Documents and Settings/all users/Application Data/Microsoft/office/system/sysloader.exe "| 10:18:48 | sysloader | 3.0.4 | System Event loader | MICROSOFT. all rights reserved. | 3.0.4 | MICROSOFT |? | Sysloader.exe (automatic)

O23-service: yiqilai (music Assistant)-"C:/program files/yiqilai/WMP/Audio" | 10:15:40 | yiqilailyrics | 1.0.1 | yiqilailyrics | yiqilai. all rights reserved. | 1.0.1 | yiqilai |? | Yiqilailyrics.exe (automatic)

File description:C:/a.exe
Attribute: ---
An error occurred while obtaining the file version information!
Creation Time: 16:56:33
Modification time:
Access time:
Size: 102356 bytes, 99.980 KB
MD5: 7ed8ee6a124e1b69581b0e38435c123c
Sha1: a873cbffc796e8d211684de509bb951bbead3c64
CRC32: dbf1a17a

Rising news:Trojan. Clicker. win32.pophot. CG
Kaspersky has detected: Trojan programTrojan-Spy.Win32.Agent.aflFile: D:/test/a.exe.rar/a.exe/pe_patch/upack

D:/myplay.exeSame as C:/a.exe

File description:C:/ah.exe
Property:-sh-
An error occurred while obtaining the file version information!
Creation Time:
Modification time: 19:54:54
Access time:
Size: 18432 bytes, 18.0 KB
MD5: b329e5d20a1636f2a7eb7051a8ed55a1
Sha1: 4aae08cb65bfbcc0f5f086aedb3042ed16332f2f
CRC32: 8300cea6

Rising news:Trojan. DL. win32.autorun. yuz

Kaspersky reports:Virus. win32.autorun. OG

File description:C:/Windows/system32/dream.exeSame as C:/ah.exe.

File description:C:/scktsrvr.exe
Attribute :----
Language: English (USA)
File version: 7.0.4.453
Notes: Borland socket server
Copyright: copyright? 1997-2001 Borland Software Corporation
Note:
Product: 7.0
Product Name: Borland socket server
Company: Borland Software Corporation
Legal trademark:
Internal name: scktsrvr
Source File Name: scktsrvr. exe
Creation Time:
Modification time: 9:40:34
Access time:
Size: 725504 bytes, 708.512 KB
MD5: c3ef0622b13655bc68cef169e52afb6a
Sha1: 9457f32e964f4040580d8b82b1ac512e96640673
CRC32: 30ec29d7

File description:C:/Documents and Settings/all users/Application Data/Microsoft/office/userdata/a5euwxqfyu. dll
Attribute: ---
Language: English (USA)
File version: 3, 0, 6, 0
Description: MSN Browser
Copyright: Copyright 2006
Note:
Product Version: 3, 0, 6, 0
Product Name: MSN Browser
Company Name: Microsoft Corporation
Legal trademark:
Internal name: webbrowser
Source File Name: webbrowser. dll
Creation Time: 9:41:59
Modification time:
Access time:
Size: 170496 bytes, 166.512 KB
MD5: df8ff7499023477733bb020473625618
Sha1: f9117d64f0f47109fd49539eac0cc826d1cc76f9
CRC32: 0e45cf62

Subject: Re :[?? Probable spam] a5euwxqfyu. dll [KLAB-3146835]
Sender: "" <Newvirus@kaspersky.com>
Sent at: 12:35:37

Hello,
A5euwxqfyu. dll-Not-a-virus: adware. win32.iehlpr. AI
This file is an advertizing tool, it's detection will be encoded in the next
Update of extended databases set. See more info about
Extended databases here: http://www.kaspersky.com/extraavupdates
Please quote all when answering.
--
Best regards, Denis maslennikov
Virus analyst, Kaspersky Lab.

File description:C:/Windows/system32/2b41. dll
Properties: A--R
Language: English (USA)
File version: 1, 0, 0, 2
Description: iehpr Module
Copyright: Copyright 2007
Note:
Product Version: 1, 0, 0, 2
Product Name: iehpr Module
Company Name:
Legal trademark:
Internal name: iehpr
Source File Name: iehpr. dll
Creation Time: 11:22:36
Modification time: 11:21:46
Access time:
Size: 53248 bytes, 52.0 KB
MD5: 7dd94ef20e40e0de728112675904811a
Sha1: b41e790374214a54c147cba26736f0ba8e265022
CRC32: 2445c774

Subject: Re :[?? Probable spam] 2b41. dll [KLAB-3146836]
Sender: "" <Newvirus@kaspersky.com>
Sent at: 12:44:09

Hello,

2b41. dll-Not-a-virus: adware. win32.bho. ih
This file is an advertizing tool, it's detection will be encoded in the next
Update of extended databases set. See more info about
Extended databases here: http://www.kaspersky.com/extraavupdates
Please quote all when answering.
--
Best regards, Denis maslennikov
Virus analyst, Kaspersky Lab.

File description:C:/Documents and Settings/all users/Application Data/Microsoft/office/system/sysloader.exe
Attribute: ---
Language: English (USA)
File version: 3.0.4
Note: System Event Loader
Copyright: Microsoft. All rights reserved.
Note:
Product Version: 3.0.4
Product Name: sysloader
Company Name: Microsoft
Legal trademark:
Internal name: sysloader.exe
Source File Name: sysloader.exe
Creation Time: 10:18:48
Modification time: 10:18:48
Access time:
Size: 357376 bytes, 349.0 KB
MD5: c18ceab29fac37d5701_a12436d9c8b
Sha1: cb4744b9841b5f9c21cba1039a46fce1eaf6e3cd
CRC32: 348f2431

Rising news:Trojan. win32.inject. gh

Subject: Re: sysloader.exe [KLAB-3146870]
Sender: "" <Newvirus@kaspersky.com>
Sent at: 12:48:10

Hello.
New malicious software was found in the attached file.Trojan-Downloader.Win32.Agent.eky
It's detection will be removed in the next update. Thank you for your help.
Please quote all when answering. Do not forget to include you registration data.
-----------------
Regards, maslennikov Denis
Virus analyst, Kaspersky Lab.

File description:C:/Windows/downlo ~ 1/khy. dll
Properties: A--R
Language: Chinese (China)
File version: 5, 3, 2600,218 0
Description: Microsoft directmusic interactive Engine
Copyright: Copyright (c) 2007
Note: directmusic
Product Version: 5, 3, 2600,218 0
Product Name: Microsoft (r) Windows (r) Operating System
Company Name: Microsoft Corporation
Legal trademark:
Internal name: Microsoft directmusic interactive Engine
Source File Name: minidll. dll
Creation Time: 14:46:33
Modification time: 11:19:40
Access time:
Size: 49152 bytes, 48.0 KB
MD5: 3d6d8766c8436ea20457123a7363095d
Sha1: c93850c662823c02f596f80e129995ec93cf5cf1
CRC32: f5a4e191

Subject: Re: khy. dll [KLAB-3146872]
Sender: "" <Newvirus@kaspersky.com> Sent at: 12:49:41

Hello,

Khy. dll-Trojan-Downloader.Win32.Agent.ekz
New malicious software was found in this file. It's detection will be added in the next update. Thank you for your help.
Please quote all when answering.
--
Best regards, Denis maslennikov
Virus analyst, Kaspersky Lab.

File description:C:/Windows/system32/winsys16_071017.dll
Property:-SHR
An error occurred while obtaining the file version information!
Creation Time: 9:34:39
Modification time: 9:39:30
Access time:
Size: 24576 bytes, 24.0 KB
MD5: bd5ad170a8b0fec28e972b314c8668e0
Sha1: 408cb216c2a27187c841a0f9acaf319bbbec2d0d
CRC32: a9647ec5

Rising news:Trojan. win32.agent. zsq
Kaspersky has detected: Trojan programTrojan-Spy.Win32.Agent.agaFile: D:/test/winsys16_071017.dll.rar/winsys16_071017.dll

File description:C:/Windows/system32/wincheck071013.dll
Property:-SHR
An error occurred while obtaining the file version information!
Creation Time: 9:31:37
Modification time: 9:31:38
Access time:
Size: 27648 bytes, 27.0 KB
MD5: eb5929a3a390a519729d1e4dea37d34f
Sha1: 31a75b68cc4a03a7be1a0265ab0df271af3f1887
CRC32: 697c1572

Rising news:Trojan. DL. win32.mydown. h

 

Subject: Re: wincheck071013.dll [KLAB-3146878]
Sender: "" <Newvirus@kaspersky.com>
Sent:

Hello.
New malicious software was found in the attached file.Trojan. win32.delf. ajt
It's detection will be removed in the next update. Thank you for your help.
Please quote all when answering. Do not forget to include you registration data.
-----------------
Regards, maslennikov Denis
Virus analyst, Kaspersky Lab.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.