EndurerOriginal
2Anti-Virus Software supplement
1Version
This morning, a netizen's computer used Windows XP SP2. After Entering windows, a command prompt window pops up prompting him to stop Windows Firewall. Please help me check.
Download and run the "rising registry Repair Tool" on the rising website, and find that the EXE file association is changed to svch0st. EXE. Repair!
Download hijackthis scan log from http://endurer.ys168.com and find the following suspicious processes and items:
-------------
C:/Windows/help/ztpass.exe
C:/Windows/system32/svch0st. EXE (Note: The number between H and S in the file name is 0)
C:/Windows/system32/scanregw.exe
C:/Windows/system32/scanregw.exe
C:/Windows/system32/svohost.exe
O4-HKLM/../run: [soundmam] C:/Windows/system32/svohost.exe
O4-HKLM/../run: [scanregistry] scanregw.exe
O4-HKLM/../runservices: [svchost] C:/Windows/system32/svch0st. exe
O4-hkcu/../run: [meimeimei.exe] C:/Windows/system32/meimeimeii.exe
O23-service: Microsoft winshell-unknown owner-C:/Windows/Microsoft winshell.exe
O23-service: zt Massacre (ztmassacre)-unknown owner-C:/Windows/help/ztpass.exe
-------------
Stop and disable system services:
Microsoft winshell
ZT Massacre (ztmassacre)
Downloading procview to the http://endurer.ys168.com terminates suspicious processes.
Use WinRAR to find the following suspicious files, package the backup, and add the. Del extension:
-------------
C:/Windows/Microsoft winshell.exe (the value of Kaspersky isBackdoor. win32.hupigon. BWT)
**************************************** ********
Virus report email analysis result-flow Ticket No.: 3126011
Dear customer!
Your email has been received. Thank you for your support for rising.
We have analyzed your problems and files in detail. The following are the analysis results of the files you uploaded:
1. File Name: Microsoft winshell.exe
Virus Name:Backdoor. gpigeon. FEV
We will solve the problem in the newer version 18.38.11. Please upgrade your rising software to version 18.38.11 and open the monitoring center for full anti-virus. If a problem is found during the test, we will postpone the upgrade from version 1 to version 2.
**************************************** ********
C:/Windows/help/ztpass.exe (the value of Kaspersky isTrojan-PSW.Win32.Lmir.ayt)
C:/Windows/help/zthook. dll (the value of Kaspersky isTrojan-PSW.Win32.Lmir.awjThe rising report isTrojan. psw. zhengtu. BN)
C:/Windows/system32/meimeimei.exe (Kaspersky reportsTrojan-Dropper.Win32.Small.qnThe rising report isWorm. flowdy. B)
C:/Windows/system32/meimeimei. dll (Kaspersky reportedTrojan-Dwonloader.Win32.Delf.asfThe rising report isWorm. flowdy.)
C:/Windows/system32/winscok. dll (the value of Kaspersky isTrojan-PSW.Win32.QQPass.jg, Reported by rising)
C:/Windows/system32/ntdll32.dll (the value of Kaspersky isTrojan-PSW.Win32.QQPass.hdThe rising report isTrojan. psw. mmthief. g)
C:/Windows/system32/rxpass.exe (the value of Kaspersky isTrojan-PSW.Win32.Gamec.ag)
**************************************** ********
Virus report email analysis result-flow Ticket No.: 3127632
Dear customer!
Your email has been received. Thank you for your support for rising.
We have analyzed your problems and files in detail. The following are the analysis results of the files you uploaded:
1. File Name: rxpass.exe
Virus Name:Trojan. psw. wowar. Gn
We will solve the problem in the newer version 18.38.20. Please upgrade your rising software to version 18.38.20 and open the monitoring center to completely eliminate the virus. If a problem is found during the test, we will postpone the upgrade from version 1 to version 2.
**************************************** ********
C:/Windows/system32/svch0st. EXE (Note: The number between H and S in the file name is 0, and the value of Kaspersky isTrojan-Spy.Win32.Agent.ct)
**************************************** ********
Virus report email analysis result-flow Ticket No.: 3127476
Dear customer!
Your email has been received. Thank you for your support for rising.
We have analyzed your problems and files in detail. The following are the analysis results of the files you uploaded:
1. File Name: svch0st. exe
Virus Name:Trojan. psw. mmthief. v
We will solve the problem in the newer version 18.38.11. Please upgrade your rising software to version 18.38.11 and open the monitoring center for full anti-virus. If a problem is found during the test, we will postpone the upgrade from version 1 to version 2.
**************************************** ********
C:/Windows/system32/scanregw.exe (the value of Kaspersky isTrojan-Downloader.Win32.PakesThe rising report isWorm. flowdy.)
C:/Windows/system32/svohost.exe (the value of Kaspersky isTrojan-PSW.Win32.QQPass.jg)
**************************************** ********
Virus report email analysis result-flow Ticket No.: 3126223
Dear customer!
Your email has been received. Thank you for your support for rising.
We have analyzed your problems and files in detail. The following are the analysis results of the files you uploaded:
1. File Name: svohost.exe
Virus Name:Trojan. psw. qqpass. poz
We will solve the problem in the newer version 18.38.11. Please upgrade your rising software to version 18.38.11 and open the monitoring center for full anti-virus. If a problem is found during the test, we will postpone the upgrade from version 1 to version 2. **************************************** ********
C:/Windows/temp/gezi.exe (the value of Kaspersky isBackdoor. win32.hupigon. BWT)
**************************************** ********
Virus report email analysis result-flow Ticket No.: 3126053
Dear customer!
Your email has been received. Thank you for your support for rising.
We have analyzed your problems and files in detail. The following are the analysis results of the files you uploaded:
1. File Name: gezi.exe
Virus Name:Backdoor. gpigeon. FEV
We will solve the problem in the newer version 18.38.11. Please upgrade your rising software to version 18.38.11 and open the monitoring center for full anti-virus. If a problem is found during the test, we will postpone the upgrade from version 1 to version 2.
**************************************** ********
C:/Windows/temp/hw.exe
C:/Windows/temp/jianghu.exe
C:/Windows/temp/menghuan.exe
C:/Windows/temp/zhengtu.exe (the value of Kaspersky isTrojan-PSW.Win32.Lmir.ayt) **************************************** ********
Virus report email analysis result-flow Ticket No.: 3127866
Dear customer!
Your email has been received. Thank you for your support for rising.
We have analyzed your problems and files in detail. The following are the analysis results of the files you uploaded:
1. File Name: zhengtu.exe
Virus Name:Trojan. psw. zhengtu. CQ
We will solve the problem in the newer version 18.38.11. Please upgrade your rising software to version 18.38.11 and open the monitoring center for full anti-virus. If a problem is found during the test, we will postpone the upgrade from version 1 to version 2.
**************************************** ********
C:/program files/Internet Explorer/ie2.exe (the value of Kaspersky isTrojan. win32.pakes)
C:/program files/Internet Explorer/plugins/system. sys (the Kaspersky report isTrojan-PSW.Win32.QQRob.gd)
**************************************** ********
Virus report email analysis result-flow Ticket No.: 3126269
Dear customer!
Your email has been received. Thank you for your support for rising.
We have analyzed your problems and files in detail. The following are the analysis results of the files you uploaded:
1. File Name: system. sys
Virus Name:Trojan. psw. qqpass. FQ
We will solve the problem in the newer version 18.38.11. Please upgrade your rising software to version 18.38.11 and open the monitoring center for full anti-virus. If a problem is found during the test, we will postpone the upgrade from version 1 to version 2.
**************************************** ********
-------------
Go to http://endurer.ys168.com to download Rising Antivirus assistant, use rising online free scan, the results are as follows:
-------------
10:54:47 Rising anti-virus Assistant
Windows XP Service Pack 2 (5.1.2600)
File Name virus name
C:/Windows/system32/scanregw.exe. DELTrojan. psw. powerspider. bm(Kaspersky reportsTrojan-Downloader.Win32.Pakes)
C:/Windows/system32/aclayer.exeTrojan. DL. Agent. VP
C:/Windows/system32/aclayer. dllTrojan. DL. Agent. VP
C:/Windows/system32/yangyang. dllTrojan. psw. powerspider. bm
C:/Windows/system32/meimeimei.exe. DELWorm. flowdy. B(Kaspersky reportsTrojan-Dropper.Win32.Small.qn)
C:/Windows/system32/meimeimei. dll. DELWorm. flowdy.(Kaspersky reportsTrojan-Dwonloader.Win32.Delf.asf)
C:/Windows/system32/ntdll32.dll. DELTrojan. psw. mmthief. g(Kaspersky reportsTrojan-PSW.Win32.QQPass.hd)
C:/Windows/help/zthook. dll. DELTrojan. psw. zhengtu. BN(Kaspersky reportsTrojan-PSW.Win32.Lmir.awj)
-------------
We used the Rising Antivirus assistant to solve the problem.
Use Kaspersky for free online scanning. The results are as follows:
-------------
C:/Windows/temp/gezi.exe. Del infected:Backdoor. win32.hupigon. BWTSkipped
C:/Windows/system32/winscok. dll. Del infected:Trojan-PSW.Win32.QQPass.jgSkipped
C:/Windows/system32/svohost.exe. Del infected:Trojan-PSW.Win32.QQPass.jgSkipped
C:/Windows/Microsoft winshell.exe. Del infected:Backdoor. win32.hupigon. BWTSkipped
C:/program files/Internet Explorer/plugins/system. SYS. Del infected:Trojan-PSW.Win32.QQRob.gdSkipped
C:/recycled/dc2755.exe infected:Backdoor. win32.hupigon. BWTSkipped
-------------
Except C:/Windows/system32/winscok. dll can not be directly deleted, with the "next start to delete files" (you can download to the http://endurer.ys168.com) program to solve the problem, other infected files are packaged backup and deleted.
Clear the temporary ie folder.