Others

EndurerOriginal2006-10-092The version supplements Kaspersky's response.2006-10-061Version A netizen said that the computer was not working normally and asked me to check it out. Download hijackthis to the http://endurer.ys168.com to scan logs and

Kupqytu. dll/Trojan. win32.undef. fzq, kmwprnp. dll/Trojan. win32.agent. LMO 2 EndurerOriginal2008-06-042Version Use fileinfo to extract file information:   File Description: C:/Windows/system32/{6e8bbb5c-e603-3b58-f714-e60333d4b63d}/kmwprnp.

Malicious recentlyProgramImage hijacking (image_file_execution_options, ifeo) can be used to prevent the running of antivirus programs, firewall software and other system security protection programs, and activate malicious programs. Therefore, you

EndurerOriginal 3The version supplements Rising's response. 22:34:00 2Added the reply from Kaspersky. 1Added at the end of the website homepage Code: /-------- --------/ Hxxp: // www. Race ***** swd.com. **/W ***** M *. htmIs the

EndurerOriginal1Version A netizen's computer, which was reported by rising boot scanning in the past two daysBackdoor. gpigeon. uql. Download hijackthis scan log from http://endurer.ys168.com and find the following suspicious items: /----------

Trojan worm. win32.autorun. Umf mounted on a county agricultural information network   Website homepage includesCode:/------/ #1 hxxp: // W **. 9 * 4sa ** om * m *. com/JS. jsOutput code:/--- ---/   #1.1 hxxp: // W **. c ** 6 * 6f **.

; ; Function: Demo the method to call AutoComplete Function ; Author: Purple endurer ; Devenv: Windows 2000 + masm32 V8 ; ; Log ;------------------------------------------------------- ; 2006.10.11 created! ; Note: ; 1. Need call coinitialize () &

EndurerOriginal 2006-09-231Version A netizen's computer often finds the virus, and manual scanning is not cleaned up.Let me check it out. Download hijackthis scan log from http://endurer.ys168.com and find the following suspicious

EndurerOriginal1Version Yesterday, a friend said that his computer had detected a virus and asked me to help. The pe_xscan scan log is downloaded and analyzed. The following suspicious items are found: Pe_xscan 07-03-17 by Purple endurer2007-5-6 10:3

EndurerOriginal2Added kasersky's response to some suspicious files.1Version Two days ago, a report from a netizen's computer reported thatRootkit. Agent. VaThe file name is ynqcq. sys, but it cannot be cleared. Another Trojan Scan software is used

Infected with assumer.exe, using image hijacking, shellexechook... The AV killer grhsgih. exe2 EndurerOriginal2008-01-201Version From the log of pe_xscan, the tactics used by this AV killer are as follows: Shard

A memory stick carries 5 virus files EndurerOriginal1st-04-01 I found it in my colleagues' memory stick ~ H:/autorun. inf/---[Autorun]Opentracing ravmon.exeShell/open = open (& O)Shell/Open/command#ravmon.exeShell/volume E = Resource Manager (&

Rootkit. win32.kernelbot, rootkit. win32.mnless, Trojan. win32.patched, backdoor. win32.rwx, etc. 1EndurerOriginal2008-07-141VersionA friend recently experienced a slow computer response. When using QQ, he always asked for activation. he suspected

Rootkit. win32.ressdt. O/Trojan-Downloader.Win32.Agent.mjp Original endurerVersion 1st The homepage contains code:/--- ---/ #1 hxxp: // ***. Look *** des ** t **. ***. CN/wmpu/1810.htm? 5918 contains code:/--- ---/ #1.1 hxxp: // ***. Look *** des **

Rootkit. win32.kernelbot, rootkit. win32.mnless, Trojan. win32.patched, backdoor. win32.rwx, etc. 2EndurerOriginal2008-07-16 th1Version(Continued 1)Some projects andSichost.exe, winxphelp.exe, 360up.exe, ravnt.exe, counter.exe, login.jpg.exe,

The real solution to malwareReal-world malware Solutions Author: Chad PerrinAuthor: Chad Perrin   Translation: endurer, 2nd   Category: malware, policy, privacy, securityClassification: malware, policy, privacy, and security Source:

Auto.exe/backdoor. win32.agent. bgu, b8u6bvx912. sys/Trojan-Downloader.Win32.Hmir.don, etc. 2 Original endurer 2008-06-30 1st Download fileinfo and bat_do to the http://purpleendurer.ys168.com. Use fileinfo to extract the information of the red

Agricultural net Trojan Trojan-Downloader.Win32.ACVE.az in a county Original endurer1st- The home page contains code:/------/ #1 hxxp: // ads ***. 2*0 *-1 *** 0.cn/ad/ad.gif? Id = O contains code:/---Document. writeln (" ");---/ #1.1 hxxp: // CC *

Botnets: How to Get rooted in one easy lessonBotNet: Easy course on how to implant computers Author: Michael kassnerBy Michael kassner Translation: endurer, 3rd Category: general, security, botnet, antivirus, NatClassification: regular, security,

Original endurer 1st   Two days ago, a netizen's computer was infected with a virus, and rising and 360 guard could not start up. Please use QQ to help with remote repair.   Open the task manager and find that there is a process named iexplore.exe,