EndurerOriginal
2006-10-051Version
There was a netizen's computer. When the computer was turned on recently, rising reported that it was stubborn gray pigeons.Backdoor. gpigeon. uql
Download hijackthis to the http://endurer.ys168.com to scan logs and find suspicious items:
/-----------
O23-NT Service: Remote packet capture protocol v.0 (experimental) (rpcapd) -Unknown owner-% ProgramFiles %/Winpcap/rpcapd.exe "-D-F" % ProgramFiles %/Winpcap/rpcapd. INI (file missing)
O23-NT Service: systempigeo (system)-unknown owner-C:/Windows/win32.exe
-----------/
(For the operation methods in the following repair work, refer to [system repair series] basic operation index.
Http://endurer.blogchina.com/2591241.html)
Restart to safe Mode
Start -- set -- control panel -- Management Tools -- service, stop and disable the service:
/-----------
Systempigeo (system)
Remote packet capture protocol v.0 (experimental) (rpcapd)
-----------/
Find the file with WinRAR:
/-----------
C:/Windows/win32.exe (using bjfnt 1.1b->: Marquis: Shelling .)
C:/Windows/system32/Drivers/INF/soconfig.exe (Kaspersky reportsNot-a-virus: adware. win32.bho. AC, Drweb reportsTrojan. downloader.6847)
C:/Windows/system32/Drivers/INF/socfg. dll (it is actually a text file that stores information in the pop-up window)
-----------/
Compress, package, and backup files, and delete them.
Close all browser windows and folder windows, use hijackthis scan again to check the suspicious items listed above, and then click [Fix] (fix ).
Clear temporary ie folders