EndurerOriginal
2006-12-25 th1Version
Help me remotely via QQ today
I also received questions about Gray pigeon backdoor. gpigeon. uql.
Http://endurer.bokee.com/5950832.html
Http://blog.csdn.net/Purpleendurer/archive/2006/12/12/1440184.aspx
Processed by netizens.
Check the history of the anti-virus software and find the following information:
/-----
Virus name processing result scan method path file virus source
Backdoor. gpigeon. uql is cleared successfully. screensaver scans iexplore. EXE> C:/program files/Internet Explorer/iexplore. EXE Local Machine
-----/
Use hijackthis to scan logs and find the following suspicious items:
/--------
O21-ssodl: policime-{724c75f1-b757-408d-a50a-4cf99da35d73}-(no file)
O21-ssodl: themeadp-{64274c93-3ce7-4663-9c8d-cd2dc8a3590b}-C:/Windows/system32/themeadp. dll
O23-NT Service: hpdj-unknown owner-C:/docume ~ 1/Acer/locals ~ 1/temp/hpdj.exe (file missing)
O23-NT Service: wondwewew (zookeeper Service)-unknown owner-C:/Windows/pinsewe.com.cn. ini
--------/
It is not similar to the project found by the log sent by the netizens. The solution is similar
I also received questions about Gray pigeon backdoor. gpigeon. uql.
Http://endurer.bokee.com/5950832.html
Http://blog.csdn.net/Purpleendurer/archive/2006/12/12/1440184.aspx
Same.
C:/docume ~ 1/Acer/locals ~ 1/temp/hpdj.exe
Is the file of the HP printer.
C:/Windows/system32/themeadp. dll
Kaspersky reportsNot-a-virus: adware. win32.themeadp.
C:/Windows/pinsewe.com.cn. ini
Kaspersky reportsBackdoor. win32.hupigon. cda