Anymie360.exe, anymie360.dll, b770calcium. sys, beep. sys, msiffei. sys, etc. 2

Anymie360.exe, anymie360.dll, b770calcium. sys, beep. sys, msiffei. sys, etc. 2

 

Original endurer
1st

 

 

(Continued 1)

 

From the pe_xscan log, we can see that:

This virus uses the image hijacking technology to prevent anti-virus software, task manager, and other programs from starting.

Replace beep. sys with C:/Windows/system32/RPCSS. dll with C:/Windows/system32/spcss. dll.

Download fileinfo and bat_do to the http://purpleendurer.ys168.com.

Use fileinfo to extract the information of the red files in the pe_xscan log. Use bat_do to package the backup, delete the files in a delayed manner, change the selected file name, and delete the files in a delayed manner.

Rename spcss. dll under C:/Windows/system32 to RPCSS. dll.

Restart your computer, Run registry editor regedit, and delete the O26 items that prevent the Kaka security team from starting.

Start Kaka security team to clear the virus startup Item and uninstall the anti-virus software.

Restart your computer and download and install rising again ......

 

 

C:/Windows/system32/sfc_ OS .dll
C:/Windows/system32/mswsock. dll
C:/Windows/system32/dnsapi. dll

 

They have not passed digital signature authentication, but cannot find the file replacement.

 

Appendix

 

Some Virus File Information:

 

File Description: C:/Windows/system32/jklgkjfl. dll
Attribute: ---
Digital Signature: No
PE file: Yes
An error occurred while obtaining the file version information!
Creation Time:
Modification time:
Size: 30208 bytes, 29.512 KB
MD5: 98cedb865c0b0a2baae45070e31e9416
Sha1: febc4f1f5074be1368f741c3d1f9fe2c19c9c1ce
CRC32: 7ca75d5e
 
Kaspersky report for: Trojan-GameThief.Win32.OnLineGames.unbm, rising for: Trojan. win32.gameol. AM
 
File Description: C:/Windows/system32/poihnjmn. dll
Attribute: ---
Digital Signature: No
PE file: Yes
An error occurred while obtaining the file version information!
Creation Time:
Modification time:
Size: 29696 bytes, 29.0 KB
MD5: 98a7522ae4f1e7342e8a48e6fcd6f058
Sha1: 96ee65a5885d0d8b3b0cf8a8d82e6271cd03bbac
CRC32: 93dc8515
 
Kaspersky Report: Trojan-GameThief.Win32.OnLineGames.bkpd, rising Report: Trojan. psw. win32.gameol. TTL
 
File Description: C:/Windows/system32/lbddfjfl. dll
Attribute: ---
Digital Signature: No
PE file: Yes
An error occurred while obtaining the file version information!
Creation Time:
Modification time:
Size: 36864 bytes, 36.0 KB
MD5: 0e2472a1c82ed1def80503098047e398
Sha1: 19af54d44e62939d695b5da-65e27c775d310f4
CRC32: d8fd3cf2
 
Kaspersky Report: Trojan-GameThief.Win32.OnLineGames.ulur, rising Report: Trojan. psw. win32.gameol. tyy
 
File Description: C:/Windows/system32/opehnmaa. dll
Attribute: ---
Digital Signature: No
PE file: Yes
An error occurred while obtaining the file version information!
Creation Time:
Modification time:
Size: 47104 bytes, 46.0 KB
MD5: 893fac61c7ed0471a556ac53759b15b0
Sha1: ebcd81d8437707cf70c1362051b3730b415f9792
CRC32: f62afad0
 
Kaspersky Report: Trojan-GameThief.Win32.OnLineGames.uiwr, rising Report: Trojan. psw. win32.gameol. TTL
 
File Description: C:/Windows/system32/bjoligli. dll
Attribute: ---
Digital Signature: No
PE file: Yes
An error occurred while obtaining the file version information!
Creation Time:
Modification time:
Size: 36864 bytes, 36.0 KB
MD5: 77813848fdeb362306d54d5520b29fb4
Sha1: 766cca54bee5d3b15da34ebbb66bdab0b83e746e
CRC32: 663e7a60
 
Kaspersky Report: Trojan-GameThief.Win32.OnLineGames.unuh, rising Report: Trojan. psw. win32.gameol. udx
 
File Description: C:/Windows/system32/boddhlba. dll
Attribute: ---
Digital Signature: No
PE file: Yes
An error occurred while obtaining the file version information!
Creation Time:
Modification time:
Size: 245760 bytes, 240.0 KB
MD5: 99cee89af832660f8d9696c0828bbbbf
Sha1: fda-8aeeda817a6721a352ff1c22e314e6e156bb
CRC32: 19a1c4f6
 
Kaspersky Report: Trojan-GameThief.Win32.OnLineGames.unxp, rising Report: Trojan. psw. win32.gameol. TTL
 
File Description: C:/Windows/system32/idmfgmib. dll
Property: -- h-
Digital Signature: No
PE file: failed to open the file to read
Creation Time: 8:33:17
Modification time: 8:33:17
Size: 0 bytes
 
File Description: C:/Windows/system32/pfjidcok. dll
Attribute: ---
Digital Signature: No
PE file: Yes
An error occurred while obtaining the file version information!
Creation Time:
Modification time:
Size: 245760 bytes, 240.0 KB
MD5: 2855c4e40f0e6334046c302c7f2de709
Sha1: f9bf328b4e15ee9a13b66f76143cad5915b4c538
CRC32: 9fdb890f
 
Kaspersky Report: Trojan-GameThief.Win32.OnLineGames.unyi, rising Report: Trojan. psw. win32.gameol. udx
 
File Description: C:/Windows/system32/dafhlghg. dll
Attribute: ---
Digital Signature: No
PE file: Yes
An error occurred while obtaining the file version information!
Creation Time:
Modification time:
Size: 245760 bytes, 240.0 KB
MD5: c05deeb68cd9cc40fb252199464dc567
Sha1: d2e06f270f2c994d7f3321d7fdf98d3cb17598c0
CRC32: 7f455ed8
 
Kaspersky Report: Trojan-GameThief.Win32.OnLineGames.uncf, rising Report: Trojan. psw. win32.gameol. ugd
 
File Description: C:/Windows/system32/fohdomai. dll
Attribute: ---
Digital Signature: No
PE file: Yes
An error occurred while obtaining the file version information!
Creation Time:
Modification time:
Size: 225280 bytes, 220.0 KB
MD5: 384b32a5b4f3209960c1c7cfb9da3630
Sha1: 1e31dac4c7eaf62d5334a05002ab7ee83f184f26
CRC32: 8f79f88c
 
Kaspersky Report: Trojan-GameThief.Win32.OnLineGames.unal, rising Report: Trojan. psw. win32.gameol. UDN
 
 
File Description: C:/Windows/system32/mpefkedo. dll
Attribute: ---
Digital Signature: No
PE file: Yes
An error occurred while obtaining the file version information!
Creation Time:
Modification time:
Size: 40960 bytes, 40.0 KB
MD5: 4a34f3dddc10979c170bc6c8f3441d09
Sha1: df24c2bb9212a1167a0348348c522ddc6f2523d2
CRC32: 006282df
 
Kaspersky Report: Trojan-GameThief.Win32.OnLineGames.unsp, rising Report: Trojan. psw. win32.gameol. uec
 
File Description: C:/Windows/system32/mcikcpvdf. dll
Attribute: ---
Digital Signature: No
PE file: Yes
An error occurred while obtaining the file version information!
Creation Time:
Modification time:
Size: 40960 bytes, 40.0 KB
MD5: 3967347abb012bca8110b7872d40cd53
Sha1: a37d39998779eb53f07092937686feca5c615c85
CRC32: ee06e526
 
Kaspersky Report: Trojan-GameThief.Win32.OnLineGames.unaj, rising Report: Trojan. psw. win32.gameol. UDN
 
File Description: C:/Windows/system32/hgfoannf. dll
Attribute: ---
Digital Signature: No
PE file: Yes
An error occurred while obtaining the file version information!
Creation Time:
Modification time:
Size: 40960 bytes, 40.0 KB
MD5: 376718f7e1bfd11ca5571728b424614d
Sha1: 64fce36bf0eb34b02f1edf5c609f4f6c49e3fd27
CRC32: javascb963
 
Kaspersky Report: Trojan-GameThief.Win32.OnLineGames.unbp, rising Report: Trojan. psw. win32.gameol. UDN
 
File Description: C:/Windows/system32/eapjpedk. dll
Attribute: ---
Digital Signature: No
PE file: Yes
An error occurred while obtaining the file version information!
Creation Time:
Modification time:
Size: 29696 bytes, 29.0 KB
MD5: 1d0914c976977dcb050891fe20fa0711
Sha1: 7ac52d1c0785e21d66db04ab9ef78044df142f97
CRC32: 8f638539
 
Kaspersky Report: Trojan-GameThief.Win32.OnLineGames.ujrl, rising Report: Trojan. psw. win32.gameol. TTL
 
File Description: C:/Windows/system32/dfb3dac5. dll
Property: ash-
Digital Signature: No
PE file: Yes
An error occurred while obtaining the file version information!
Creation Time:
Modification time:
Size: 16496 bytes, 16.112 KB
MD5: d50236fda-fc92aeea%f30f2c3ddbf
Sha1: fd4b44bdb80b80fea057dd1d679cef1ddf271425
CRC32: c1a0c6f0
 
Kaspersky Report: Trojan-GameThief.Win32.Magania.anne, rising Report: Trojan. win32.gameol. L
 
File Description: C:/Windows/system32/RPCSS. dll
Attribute: ---
Digital Signature: No
PE file: Yes
An error occurred while obtaining the file version information!
Creation Time:
Modification time:
Size: 28672 bytes, 28.0 KB
MD5: fd97f56384c094254fcad9f43eb676d2
Sha1: a62c0c34c5da4d806f79b79f363dfcd8789097c4
CRC32: 8d6fb445
 
Kaspersky Report: Trojan-Dropper.Win32.Agent.aejk, rising Report: Trojan. psw. win32.gameol. ttq
 
 
File Description: C:/Windows/system32/anymie360.exe
Property:-sh-
Digital Signature: No
PE file: Yes
An error occurred while obtaining the file version information!
Creation Time:
Modification time:
Size: 21636 bytes, 21.132 KB
MD5: 1c0ca868affee745c637f204dc6abda8
Sha1: 92a8fb04202425fb1e23907bbecb5242040dfc80
CRC32: 999f216a
 
Kaspersky Report: Trojan. win32.pakes. mqh -- rising_trojan.ps?win32.lmir.cfs

 

File Description: C:/Windows/system32/b770ca 2. sys
Attribute: ---
Digital Signature: No
PE file: Yes
An error occurred while obtaining the file version information!
Creation Time:
Modification time:
Size: 5504 bytes, 5.384 KB
MD5: 500f2a3d1a7ba9e449c83d2e1e42437e
Sha1: c329329b552094108f49d8fd3e73adff83989149
CRC32: d40ca1aa
 
Kaspersky reports: Trojan-GameThief.Win32.Magania.annh, rising Report: rootkit. win32.agent. EJB
 
File Description: C:/Windows/system32/Drivers/beep. sys
Attribute: ---
Digital Signature: No
PE file: Yes
An error occurred while obtaining the file version information!
Creation Time:
Modification time:
Size: 9728 bytes, 9.512 KB
MD5: e81ad49aa1bcdb5b356c8186ea0084a2
Sha1: 6b634fd9db9e4ba36df27e8d32252810568d0551
CRC32: 0cdbcd9d
 
Kaspersky reported rootkit. win32.small. Cy, and rising reported rootkit. win32.undef. XH.
 

File Description: C:/Windows/system32/a.exe
Attribute: ---
Digital Signature: No
PE file: Yes
Language: Chinese (China)
File version: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description: userinit logon Application
Copyright: (c) Microsoft Corporation. All rights reserved.
Product Version: 5, 1, 2600,218 0
Product Name: Microsoft (r) Windows (r) Operating System
Company Name: Microsoft Corporation
Internal name: USERINIT. exe
Source File Name: userinit.exe
Creation Time: 17:50:39
Modification time: 17:50:39
Size: 16588 bytes, 16.204 KB
MD5: 95c25c1d364ce0a173916595d8025c05
Sha1: 0829224a265636cc921fdb2f91d5ce5edf510aa3
CRC32: d0cd8809