Home > Others

649453.sys/adware. CDN/hacktool. Rootkit

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

649453.sys/adware. CDN/hacktool. Rootkit

EndurerOriginal
1Version

A netizen said that his computer has been working very slowly recently, so that he can use QQ for remote assistance.

Download pe_xscan to scan logs and analyze the logs. Only one suspicious item is found:
/=
Pe_xscan 07-08-30 by Purple endurer
2007-9-4 20:58:58
Windows XP Service Pack 2 (5.1.2600)
Administrator user group

O23-service: 649453 (649453)-system32/Drivers/649453.sys( pilot)
===/

File Description: C:/Windows/system32/Drivers/649453.sys
Attribute: ---
An error occurred while obtaining the file version information!
Creation Time: 11:32:58
Modification time:
Access time:
Size: 19968 bytes, 19.512 KB
MD5: aaa3f5cf09cbdd013844ecf3764e1466
Hsa1: ac835fab36f34fcb4b05a94803c588952e04f964

Google, no information about this file ~

Upload to virustotal for scan. The result is as follows:

File 649453.sys received at 15:16:53 (CET)
Current status: Completed

Result: 10/32 (31.25%)

Anti-Virus engine Version Last update Scan results
AhnLab-V3 2007.9.4.1 2007.09.04 -
AntiVir 7.4.1.66 2007.09.04 TR/rootkit. gen
Authentium 4.93.8 2007.09.04 -
Avast 4.7.1029.0 2007.09.04 -
AVG 7.5.0.20. 2007.09.04 -
BitDefender 7.2 2007.09.04 Adware. CDN
Cat-quickheal 9.00 2007.09.03 -
ClamAV 0.91.2 2007.09.04 -
Drweb 4.33 2007.09.04 -
Esafe 7.0.15.0 2007.09.03 Win32.hacktool
ETrust-vet 31.1.5107 2007.09.04 -
Ewido 4.0 2007.09.04 Adware. CDN
Fileadvisor 1 2007.09.04 -
Fortinet 3.11.0.0 2007.09.04 -
F-Prot 4.3.2.48 2007.09.04 -
F-Secure 6.70.13030.0 2007.09.04 -
Ikarus T3.1.1.12 2007.09.04 Virus. win32.agent. khp
Kaspersky 4.0.2.24 2007.09.04 -
McAfee 5111 2007.09.03 -
Microsoft 1.2803 2007.09.04 Virtool: winnt/protmin. Gen! B
Nod32v2 2502 2007.09.04 -
Norman 5.80.02 2007.09.04 -
Panda 9.0.0.4 2007.09.04 Adware/goodsearchnow
Prevx1 V2 2007.09.04 -
Rising 19.39.12.00 2007.09.04 -
Sophos 4.21.0 2007.09.04 -
Sunbelt 2.2.907.0 2007.08.31 Hacktool. Rootkit
Symantec 10 2007.09.04 Hacktool. Rootkit
Thehacker 6.1.9.177 2007.09.04 -
Vba32 3.12.2.3 2007.09.03 -
Virusbuster 4.3.26: 9 2007.09.04 -
Webcycler-Gateway 6.0.1 2007.09.04 Trojan. rootkit. gen

Additional information

File Size: 19968 bytes

MD5: aaa3f5cf09cbdd013844ecf3764e1466

Sha1: ac835fab36f34fcb4b05a94803c588952e04f964

Download auto_del from http://ndurer.ys168.com and add C:/Windows/system32/Drivers/649453.sys to the list of files to be deleted.

Use Regedit to delete the corresponding service item.

Continue to check and find that disk C has very little space. There are more than N files in the Temporary Folder ~

Let the netizens start with --> program --> attachment --> system tool --> disk cleanup to clear the C disk, and use WinRAR to clear the C:/Windows/prefetch

Scan disk C to clear disk fragments ~

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
rootkit download malwarebytes rootkit rootkit symptoms rootkit malware rootkit arsenal rootkit book rootkit detector

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More