Auto.exe, hack. arpcheater. A (ARP spoofing tool), Trojan. psw. zhengtu, etc. 2

Auto.exe, hack. arpcheater. A (ARP spoofing tool), Trojan. psw. zhengtu, etc. 2

EndurerOriginal
1Version

It is strange that at noon today, a netizen's computer encountered something similar to this. In the pe_xscan log, o21_o41_o231_o24both exist, and auto.exe is also available on different disks, but one more: o20-appinit_dlls: mybpri. DLL, which is more difficult to fix ......

Let's talk about the processing process of yesterday:

Disable System Restoration

Stop and disable services: windowsdown (windows_systemdown)

Use the task manager to terminate the process tree: C:/program files/Internet Explorer/msvcrt. Bak

Download and install the rising star Kaka Security Assistant, select [advanced functions], and terminate the process in [Process Management]: C:/Windows/system32/Drivers/smss.exe

In [plug-in management and uninstallation], remove the O2 and o24 items,

In [IE and system repair], fix the section in Red: The HKLM/showall value is not 1.

In [system startup Item Management], right-click the items corresponding to o23 and choose delete from the pop-up menu.

Download freedll, bat_do, and fileinfo to the http://purpleendurer.ys168.com.

Use freedll to detach msvcrt. dll and relive. dll from all processes. Fortunately, those in the O4 group are not started, or they will be busy ......

Fileinfo extracts file information, uses bat_do to package and back up suspicious files, uses delayed deletion, generates and deletes the properties, and executes the command, and then runs the command at the next startup.

Use WinRAR to delete autorun. inf and auto.exe under each disk.

Go to "add and delete programs" on the Control Panel to uninstall: chinsearch and Alexa.

Download hijackthis from http://endurer.ys168.com, fix o8, o11.

Use WinRAR to delete windows temporary folders, ie temporary folders, and files that can be deleted in D:/Windows/prefetch.

Restart your computer, and then use the Security Assistant of rising Kaka to check [advanced functions]-> [plug-in management and uninstallation]. If the projects in o24 remain, uninstall them again.

File Description: C:/Windows/system32/smss.exe
Attribute :----
An error occurred while obtaining the file version information!
Creation Time: 19:57:27
Modification time: 19:57:56
Access time:
Size: 103403 bytes, 100.1003 KB
MD5: c31c8d307884ab5c3e7e7a10fa72d2e6

Kaspersky reportsHacktool. win32.agent. beThe rising report isHack. arpcheater. A (ARP spoofing tool)

File Description: C:/Windows/system32/visin.exe
Attribute :----
Language: Chinese (China)
File version: 5.1.2600.0
Note: Microsoft wisin Control
Copyright: Microsoft Corporation. All rights reserved.
Note:
Product Version: 5.1.2600.0
Product Name: Microsoft (r) Windows (r) Operating System
Company Name: Microsoft Corporation
Legal trademark:
Internal name: wisin
Source File Name: wisin.exe
Creation Time: 22:37:51
Modification time:
Access time:
Size: 25639 bytes, 25.39 KB
MD5: 3c02316b557dcb8dda8f6fe21340e748

Kaspersky reportsTrojan-Downloader.Win32.Small.excThe rising report isTrojan. psw. win32.agent. Qi

File Description: C:/Windows/system32/servet.exe
Attribute :----
An error occurred while obtaining the file version information!
Creation Time:
Modification time: 16:23:22
Access time:
Size: 16613 bytes, 16.229 KB
MD5: e42e9b5ccb602214271c1fb924a00ecc

Kaspersky reportsVirus. win32.autorun. auThe rising report isTrojan. DL. mnless. AKB

File Description: D:/auto.exe
Attribute: ---
Language: English (USA)
File version: 1. 0. 0. 0
Note: Microsoft drivers
Copyright:
Note:
Product Version: 0.0.0.0
Product Name:
Company Name: Microsoft
Legal trademark:
Internal Name:
Source File Name:
Creation Time: 15:19:39
Modification time: 11:20:52
Access time:
Size: 150814 bytes, 147.286 KB
MD5: a%e1fd%17c0f225a30d49861c478

The icon is a white cat or mouse.

File Description: C:/Windows/system32/2.jpg
Attribute: ---
An error occurred while obtaining the file version information!
Creation Time: 15:19:32
Modification time: 16:23:30
Access time:
Size: 473257 bytes, 462.169 KB
MD5: a782f4f92fbf415703872f1562e0ec34
Release:
Drivers/auto.txt
Drivers/csrss.exe
Drivers/drivers.exe
Drivers/NPF. sys
Drivers/smss.exe
Packet. dll
Wanpacket. dll
Wpcap. dll

C:/Windows/system32/Drivers/csrss.exe is the same as auto.exe.

File Description: C:/Windows/system32/Drivers/auto.txt
Attribute: ---
An error occurred while obtaining the file version information!
Creation Time: 15:19:38
Modification time: 20:26:36
Access time:
Size: 137 bytes
MD5: 895cd66a288ec2b170af35a18800411e
The content is the same as autorun. inf:
/---
[Autorun]
Opentracing auto.exe
Shell/open = open (& O)
Shell/Open/command#auto.exe
Hell/explore = Resource Manager (& X)
Shell/cmde/command = "auto.exe"
---/

File Description: C:/Windows/system32/nwizzhuxians.exe
Attribute :----
An error occurred while obtaining the file version information!
Creation Time: 8:12:40
Modification time:
Access time:
Size: 46895 bytes, 45.815 KB
MD5: dda372cd5e1c47b8cb4fe18d8e76af79

Kaspersky reportsTrojan-PSW.Win32.OnLineGames.fqThe rising report isPacker. mian007

File Description: C:/Windows/system32/Drivers/drivers.exe
Attribute: ---
Language: English (USA)
File version: 1. 0. 0. 0
Note: Microsoft drivers
Copyright:
Note:
Product Version: 0.0.0.0
Product Name:
Company Name: Microsoft
Legal trademark:
Internal Name:
Source File Name:
Creation Time: 15:19:39
Modification time: 11:20:52
Access time:
Size: 150814 bytes, 147.286 KB
MD5: a%e1fd%17c0f225a30d49861c478

RisingTrojan. DL. win32.agent. wys

File Description: C:/Documents and Settings/user/Local Settings/temp/woso.exe
Attribute: ---
An error occurred while obtaining the file version information!
Creation Time: 9:18:32
Modification time: 17:56:12
Access time:
Size: 9500 bytes, 9.284 KB
MD5: cfa2db081308b1dcb345635c8b51b038

File Description: C:/Documents and Settings/user/Local Settings/temp/ztso.exe
Attribute: ---
An error occurred while obtaining the file version information!
Creation Time: 5:26:37
Modification time: 17:56:12
Access time:
Size: 8832 bytes, 8.640 KB
MD5: 91d3add55a71de8da-f72c8bca7f0a30

Kaspersky reportsTrojan-PSW.Win32.Small.cfThe rising report isTrojan. psw. zhengtu. jzd

File Description: D:/PE/tools/virus/daso.exe
Attribute :----
An error occurred while obtaining the file version information!
Creation Time:
Modification time: 17:56:28
Access time:
Size: 7952 bytes, 7.784 KB
MD5: 50c231feac49deaa1_ea4e542bbd2b0

Kaspersky reportsTrojan-PSW.Win32.OnLineGames.nwThe rising report isTrojan. psw. win32.xyonline.

File Description: C:/Documents and Settings/user/Local Settings/temp/daso0.dll
Attribute: ---
An error occurred while obtaining the file version information!
Creation Time:
Modification time: 16:17:44
Access time:
Size: 7168 bytes, 7.0 KB
MD5: 3e3729eb7afc9055a3d398452c98ffd8

Kaspersky reportsTrojan-PSW.Win32.OnLineGames.nwThe rising report isTrojan. psw. win32.xyonline. AQ

C:/Documents and Settings/user/Local Settings/temp/daso1.dll is the same as daso0.dll

File Description: C:/Documents and Settings/user/Local Settings/temp/fyso0.dll
Attribute: ---
An error occurred while obtaining the file version information!
Creation Time: 15:18:15
Modification time: 16:17:40
Access time:
Size: 11264 bytes, 11.0 KB
MD5: 20d1484e9bdb1612589b8e2ca0e89b58

Kaspersky reportsTrojan-PSW.Win32.OnLineGames.abiThe rising report isTrojan. psw. OnlineGames. BHW

C:/Documents and Settings/user/Local Settings/temp/fyso1.dll is the same as fyso0.dll

File Description: C:/Documents and Settings/user/Local Settings/temp/woso0.dll
Attribute: ---
An error occurred while obtaining the file version information!
Creation Time: 15:18:14
Modification time: 16:17:40
Access time:
Size: 12800 bytes, 12.512 KB
MD5: 9f66799e7da-a1bc57b6db8a60498837

Kaspersky reportsTrojan-PSW.Win32.Small.cfThe rising report isTrojan. psw. win32.wowar. SL

C:/Documents and Settings/user/Local Settings/temp/woso1.dll is the same as woso0.dll

File Description: C:/Documents and Settings/user/Local Settings/temp/ztso0.dll
Attribute: ---
An error occurred while obtaining the file version information!
Creation Time: 15:18:14
Modification time: 16:17:40
Access time:
Size: 10240 bytes, 10.0 kb
MD5: 5ccb031fdad450c9e39c3e45ee048ddc

Kaspersky reportsTrojan-PSW.Win32.Nilage.bjpThe rising report isTrojan. psw. win32.onlinegames. DFH

C:/Documents and Settings/user/Local Settings/temp/ztso1.dll is the same as ztso0.dll

File Description: C:/program files/Internet Explorer/msvcrt. Bak
Property:-sh-
An error occurred while obtaining the file version information!
Creation Time: 15:26:34
Modification time: 15:27:26
Access time:
Size: 23087 bytes, 22.559 KB
MD5: 39cedb7e898215555e0dc800932dac71

Kaspersky reportsVirus. win32.autorun. BKThe rising report isWorm. win32.delf. ysw

File Description: C:/program files/Internet Explorer/hijack. Bak
Property:-sh-
An error occurred while obtaining the file version information!
Creation Time: 9:55:18
Modification time: 9:55:20
Access time:
Size: 22069 bytes, 21.565 KB
MD5: 3c184e788ed31c18931b0e05ddf1_1f

File Description: C:/program files/Internet Explorer/hijack. dll
Property: ash-
Language: Chinese (China)
File version: 1. 0. 0. 1
Note: Microsoft Corporation windows DLL
Copyright: Copyright (c) 2006.6
Note:
Product Version: 5.00.1.0.1
Product Name: Microsoft (r) Windows (r) System
Company Name: Microsoft Corporation
Legal trademark:
Internal name: System
Source File Name: system. dll
Creation Time: 9:55:18
Modification time:
Access time:
Size: 14389 bytes, 14.53 KB
MD5: aeb8522ad07bb0a1e04ba20496b45451

File Description: C:/program files/Internet Explorer/romdrivers. Bak
Property:-sh-
An error occurred while obtaining the file version information!
Creation Time:
Modification time: 9:16:48
Access time:
Size: 22066 bytes, 21.562 KB
MD5: 93ddd394c7d36ccf069141ad84585f57

Kaspersky reportsVirus. win32.autorun. AMThe rising report isTrojan. psw. Agent. KBG"Upx_c

File Description: C:/program files/Internet Explorer/romdrivers. dll
Property: ash-
Language: Chinese (China)
File version: 1. 0. 0. 1
Note: Microsoft Corporation windows DLL
Copyright: Copyright (c) 2006.6
Note:
Product Version: 5.00.1.0.1
Product Name: Microsoft (r) Windows (r) System
Company Name: Microsoft Corporation
Legal trademark:
Internal name: System
Source File Name: system. dll
Creation Time:
Modification time:
Access time:
Size: 14898 bytes, 14.562 KB
MD5: 5e12658d4dec4c3f9df782a23d179c5d

Kaspersky reportsVirus. win32.autorun. AMThe rising report isTrojan. psw. Agent. KBG"Upx_c

File Description: C:/program files/Internet Explorer/msvcrt. ebk
Property: ash-
Language: Chinese (China)
File version: 1. 0. 0. 1
Note: Microsoft Corporation windows DLL
Copyright: Copyright (c) 2001.01
Note:
Product Version: 6.00.2900.3028
Product Name: Microsoft Windows Operating System
Company Name: Microsoft Corporation
Legal trademark:
Internal name: Windows. dll
Source File Name: Windows. dll
Creation Time: 16:17:36
Modification time:
Access time:
Size: 14895 bytes, 14.559 KB
MD5: 8ae7f8988a5bfb7b5fb4d2a648cb1c16

Kaspersky reportsVirus. win32.autorun. BKThe rising report isWorm. win32.delf. ysw"Upx_c

File Description: C:/program files/Internet Explorer/msvcrt. dll
Attribute :----
Language: Chinese (China)
File version: 1. 0. 0. 1
Note: Microsoft Corporation windows DLL
Copyright: Copyright (c) 2001.01
Note:
Product Version: 6.00.2900.3028
Product Name: Microsoft Windows Operating System
Company Name: Microsoft Corporation
Legal trademark:
Internal name: Windows. dll
Source File Name: Windows. dll
Creation Time:
Modification time:
Access time:
Size: 14895 bytes, 14.559 KB
MD5: 8ae7f8988a5bfb7b5fb4d2a648cb1c16

File Description: C:/program files/Internet Explorer/plugins/hijack. Bak
Property:-sh-
An error occurred while obtaining the file version information!
Creation Time: 5:20:19
Modification time: 5:20:20
Access time:
Size: 18997 bytes, 18.565 KB
MD5: 45680654f7e984aa1781fbee26603042

File Description: C:/program files/Internet Explorer/plugins/hijack. dll
Attribute :----
Language: Chinese (China)
File version: 1. 0. 0. 1
Note: Microsoft Corporation windows DLL
Copyright: Copyright (c) 2006.6
Note:
Product Version: 5.00.1.0.1
Product Name: Microsoft (r) Windows (r) System
Company Name: Microsoft Corporation
Legal trademark:
Internal name: System
Source File Name: system. dll
Creation Time: 16:56:54
Modification time: 16:59:14
Access time:
Size: 12341 bytes, 12.53 KB
MD5: f3d36c0a5bac3eae2a28063cac087102

Kaspersky reportsTrojan-Downloader.Win32.Agent.bmoThe rising report isTrojan. Hijack. c