Encounter online game trojan Trojan Trojan-PSW.Win32.OnLineGames, etc.

EndurerOriginal
1Version

Yesterday, a netizen said his computer in the virus Trojan-PSW.Win32.OnLineGames.jj, Kaspersky 6 can not kill, Let me help handle.

When he arrived at his house, he was using Kaspersky 6 for a comprehensive scan and found some viruses. A prompt box popped up asking him. Before we chose the processing method, he closed it.
After the scan is complete, the system restarts automatically.

Select the security mode with network connection, start Kaspersky 6, and export the killing records as follows:
/---
007-4-1 12:52:50 file C:/syswsj7/ghook. dll: detected Trojan programTrojan-PSW.Win32.OnLineGames.jj
12:52:51 file C:/syswsj7/ghook. dll: not cleared, skipped by the user
12:52:51 file C:/syswm1i/ghook. dll: detected Trojan programTrojan-PSW.Win32.OnLineGames.mf
12:52:51 file C:/syswm1i/ghook. dll: not cleared, skipped by the user
12:52:52 file C:/docume ~ 1/RD/locals ~ 1/temp/lgsy0.dll/UPX: detected Trojan programTrojan-PSW.Win32.OnLineGames.ky
12:52:53 file C:/docume ~ 1/RD/locals ~ 1/temp/lgsy0.dll/UPX: not cleared, skipped by the user
12:52:58 file C:/Windows/system32/wsttrs. dll: detected Trojan programTrojan-PSW.Win32.OnLineGames.es
2007-4-1 12:52:58 file C:/Windows/system32/wsttrs. dll: not cleared, skipped by the user
12:52:59 file C:/Windows/wsttrs.exe: detected Trojan programTrojan-PSW.Win32.OnLineGames.es
12:53:00 file C:/Windows/wsttrs.exe: not cleared, skipped by the user
12:53:01 file C:/Windows/system32/wsttrs. dll: detected Trojan programTrojan-PSW.Win32.OnLineGames.es
2007-4-1 12:53:02 file C:/Windows/system32/wsttrs. dll: not cleared, skipped by the user
12:53:04 file C:/Windows/system32/wsttrs. dll: detected Trojan programTrojan-PSW.Win32.OnLineGames.es
2007-4-1 12:53:04 file C:/Windows/system32/wsttrs. dll: not cleared, skipped by the user
12:53:05 file C:/Windows/system32/wsttrs. dll: detected Trojan programTrojan-PSW.Win32.OnLineGames.es
2007-4-1 12:53:05 file C:/Windows/system32/wsttrs. dll: not cleared, skipped by the user
12:53:10 file C:/syswm1i/svchost.exe: detected Trojan programTrojan-PSW.Win32.OnLineGames.mf
12:53:10 file C:/syswm1i/svchost.exe: not cleared, skipped by the user
12:53:10 file C:/mongox4/svchost.exe: detected Trojan programTrojan-PSW.Win32.OnLineGames.mf
12:53:11 file C:/release X4/svchost.exe: not cleared, skipped by the user
12:53:11 file C:/syswsj7/svchost.exe: detected Trojan programTrojan-PSW.Win32.OnLineGames.mf
12:53:11 file C:/syswsj7/svchost.exe: not cleared, skipped by the user
12:53:28 file C:/Windows/system32/wsttrs. dll: detected Trojan programTrojan-PSW.Win32.OnLineGames.es
2007-4-1 12:53:28 file C:/Windows/system32/wsttrs. dll: not cleared, skipped by the user
12:53:32 file C:/Windows/system32/wsttrs. dll: detected Trojan programTrojan-PSW.Win32.OnLineGames.es
2007-4-1 12:53:33 file C:/Windows/system32/wsttrs. dll: not cleared, skipped by the user
12:53:34 file C:/Windows/system32/wsttrs. dll: Trojan Trojan-PSW.Win32.OnLineGames.es Detected
2007-4-1 12:53:35 file C:/Windows/system32/wsttrs. dll: not cleared, skipped by the user
12:53:48 file C:/Windows/wsttrs.exe: detected Trojan programTrojan-PSW.Win32.OnLineGames.es
12:53:48 file C:/Windows/wsttrs.exe: not cleared, skipped by the user
12:53:49 file C:/Windows/system32/wsttrs. dll: detected Trojan programTrojan-PSW.Win32.OnLineGames.es
2007-4-1 12:53:49 file C:/Windows/system32/wsttrs. dll: not cleared, skipped by the user
12:53:49 file C:/syswm1i/svchost.exe: detected Trojan programTrojan-PSW.Win32.OnLineGames.mf
12:53:49 file C:/syswm1i/svchost.exe: not cleared, skipped by the user
12:53:51 file C:/mongox4/svchost.exe: detected Trojan programTrojan-PSW.Win32.OnLineGames.mf
12:53:51 file C:/release X4/svchost.exe: not cleared, skipped by the user
12:53:51 file C:/syswsj7/svchost.exe: detected Trojan programTrojan-PSW.Win32.OnLineGames.mf
12:53:52 file C:/syswsj7/svchost.exe: not cleared, skipped by the user
12:53:55 file C:/Windows/system32/wsttrs. dll: detected Trojan programTrojan-PSW.Win32.OnLineGames.es
2007-4-1 12:53:55 file C:/Windows/system32/wsttrs. dll: not cleared, skipped by the user
Security threats have been detected at 13:25:25. We recommend that you process them immediately.
13:25:35 file C:/Windows/wsttrs.exe: detected Trojan programTrojan-PSW.Win32.OnLineGames.es
13:25:35 file C:/Windows/wsttrs.exe: not cleared, postponed
13:26:01 file C:/syswm1i/svchost.exe: detected Trojan programTrojan-PSW.Win32.OnLineGames.mf
13:26:01 file C:/syswm1i/svchost.exe: not cleared, postponed
13:26:01 file C:/mongox4/svchost.exe: detected Trojan programTrojan-PSW.Win32.OnLineGames.mf
13:26:01 file C:/release X4/svchost.exe: not cleared, postponed
13:26:01 file C:/syswsj7/svchost.exe: detected Trojan programTrojan-PSW.Win32.OnLineGames.mf
13:26:01 file C:/syswsj7/svchost.exe: not cleared, postponed
---/

Looking at wsttrs.exe, I think it is similar to Viking. When I open Maxthon and want to download pe_xscan, there is an error ......
Open the resource manager and go to the Jiangmin website to download and run the pandatv killing tool. We found and cleared several viruses ......

Scan with Kaspersky to scan and kill all of them ......

Download the pe_xscan scan log and analyze it on the webpage. The following suspicious items are found:

/---
Pe_xscan 07-03-17 by Purple endurer
2007-4-1 12:56:24
Windows XP Service Pack 2 (5.1.2600)
Administrator user group

O2-BHO-{C64E4E3D-AAA0-4081-B6A7-22A40AFBFD35}-C:/Windows/system32/Rs. OBJ

O4-hkcr/../run: [4hxdww36r] C:/127e ~ 1/user/locals ~ 1/temp/rundl132.exe
O4-hkcr/../run: [d7y2j8c2xj09c] C:/docume ~ 1/user/locals ~ 1/temp/iexpl0re.exe
O4-hkcr/../policies/Explorer/run: [333] C:/syswm1i/svchost.exe
O4-hkcr/../ies/Explorer/run: [TX] C:/release X4/svchost.exe
O4-hkcr/../policies/Explorer/run: [4] C:/syswsj7/svchost.exe

O4-HKLM/../run: [wsttrs] C:/Windows/wsttrs.exe

O23-service: aejghiih (aejghiih)-C:/Windows/system32/Drivers/aejghiih. sys (system)
O23-service: afecehah (afecehah)-C:/Windows/system32/Drivers/afecehah. sys (system)
O23-service: ajghfhfc (ajghfhfc)-C:/Windows/system32/Drivers/ajghfhfc. sys (system)
O23-service: ajhjiicj (ajhjiicj)-C:/Windows/system32/Drivers/ajhjiicj. sys (system)
O23-service: ajjbfbhc (ajjbfbhc)-C:/Windows/system32/Drivers/ajjbfbhc. sys (system)

O23-service: bababeid (bababeid)-C:/Windows/system32/Drivers/bababeid. sys (system)
O23-service: bbjgcadd (bbjgcadd)-C:/Windows/system32/Drivers/bbjgcadd. sys (system)
O23-service: bgcefdad (bgcefdad)-C:/Windows/system32/Drivers/bgcefdad. sys (system)
O23-service: bghfbifc (bghfbifc)-C:/Windows/system32/Drivers/bghfbifc. sys (system)
O23-service: bjdjaehj (bjdjaehj)-C:/Windows/system32/Drivers/bjdjaehj. sys (system)
O23-service: cabgbgdg (cabgbgdg)-C:/Windows/system32/Drivers/cabgbgdg. sys (system)
O23-service: cdhcjiig (cdhcjiig)-C:/Windows/system32/Drivers/cdhcjiig. sys (system)
O23-service: cejcgacb (cejcgacb)-C:/Windows/system32/Drivers/cejcgacb. sys (system)
O23-service: cgfcdege (cgfcdege)-C:/Windows/system32/Drivers/cgfcdege. sys (system)

O23-service: clipart (System Administrator)-C:/Windows/system32/svchost.exe-K netsvcs-> C:/Windows/system32/mssapi. dll (automatic)

O23-service: daadcdhg (daadcdhg)-C:/Windows/system32/Drivers/daadcdhg. sys (system)
O23-service: dacihabb (dacihabb)-C:/Windows/system32/Drivers/dacihabb. sys (system)
O23-service: dafecjbi (dafecjbi)-C:/Windows/system32/Drivers/dafecjbi. sys (system)
O23-service: dagjgidg (dagjgidg)-C:/Windows/system32/Drivers/dagjgidg. sys (system)
O23-service: dbafijjb (dbafijjb)-C:/Windows/system32/Drivers/dbafijjb. sys (system)
O23-service: ddfedbff (ddfedbff)-C:/Windows/system32/Drivers/ddfedbff. sys (system)
O23-service: dfceeghb (dfceeghb)-C:/Windows/system32/Drivers/dfceeghb. sys (system)
O23-service: dgdgehec (dgdgehec)-C:/Windows/system32/Drivers/dgdgehec. sys (system)
O23-service: dhdidccf (dhdidccf)-C:/Windows/system32/Drivers/dhdidccf. sys (system)
O23-service: dihhdegj (dihhdegj)-C:/Windows/system32/Drivers/dihhdegj. sys (system)
O23-service: eghhefja (eghhefja)-C:/Windows/system32/Drivers/eghhefja. sys (system)
O23-service: fafdedai (fafdedai)-C:/Windows/system32/Drivers/fafdedai. sys (system)
O23-service: fcaacjfg (fcaacjfg)-C:/Windows/system32/Drivers/fcaacjfg. sys (system)
O23-service: fcfbhieb (fcfbhieb)-C:/Windows/system32/Drivers/fcfbhieb. sys (system)
O23-service: fcfdhbje (fcfdhbje)-C:/Windows/system32/Drivers/fcfdhbje. sys (system)
O23-service: fdjiibej (fdjiibej)-C:/Windows/system32/Drivers/fdjiibej. sys (system)
O23-service: fejfecca (fejfecca)-C:/Windows/system32/Drivers/fejfecca. sys (system)
O23-service: fgjecjib (fgjecjib)-C:/Windows/system32/Drivers/fgjecjib. sys (system)
O23-service: gafdbgfi (gafdbgfi)-C:/Windows/system32/Drivers/gafdbgfi. sys (system)
O23-service: gbdjiihc (gbdjiihc)-C:/Windows/system32/Drivers/gbdjiihc. sys (system)
O23-service: gfjdjggi (gfjdjggi)-C:/Windows/system32/Drivers/gfjdjggi. sys (system)
O23-service: hacjeihb (hacjeihb)-C:/Windows/system32/Drivers/hacjeihb. sys (system)
O23-service: hcfcjeef (hcfcjeef)-C:/Windows/system32/Drivers/hcfcjeef. sys (system)
O23-service: heabeejj (heabeejj)-C:/Windows/system32/Drivers/heabeejj. sys (system)
O23-service: heefjecd (heefjecd)-C:/Windows/system32/Drivers/heefjecd. sys (system)
O23-service: heeghdif (heeghdif)-C:/Windows/system32/Drivers/heeghdif. sys (system)
O23-service: hefceagi (hefceagi)-C:/Windows/system32/Drivers/hefceagi. sys (system)
O23-service: hfdjibij (hfdjibij)-C:/Windows/system32/Drivers/hfdjibij. sys (system)
O23-service: hgahecag (hgahecag)-C:/Windows/system32/Drivers/hgahecag. sys (system)
O23-service: ibfgedig (ibfgedig)-C:/Windows/system32/Drivers/ibfgedig. sys (system)
O23-service: idadigbd (idadigbd)-C:/Windows/system32/Drivers/idadigbd. sys (system)
O23-service: iejdecgb (iejdecgb)-system32/Drivers/iejdecgb. sys (pilot)
O23-service: igghebdb (igghebdb)-C:/Windows/system32/Drivers/igghebdb. sys (system)

O23-service: jabebafa (jabebafa)-C:/Windows/system32/Drivers/jabebafa. sys (system)
O23-service: jacdbidg (jacdbidg)-C:/Windows/system32/Drivers/jacdbidg. sys (system)
O23-service: jaiajbbe (jaiajbbe)-C:/Windows/system32/Drivers/jaiajbbe. sys (system)
O23-service: jchggedh (jchggedh)-C:/Windows/system32/Drivers/jchggedh. sys (system)
O23-service: jdccjadf (jdccjadf)-C:/Windows/system32/Drivers/jdccjadf. sys (system)
O23-service: jffbdggd (jffbdggd)-C:/Windows/system32/Drivers/jffbdggd. sys (system)
O23-service: jffbiaii (jffbiaii)-C:/Windows/system32/Drivers/jffbiaii. sys (system)
O23-service: jhbgchcg (jhbgchcg)-C:/Windows/system32/Drivers/jhbgchcg. sys (system)
O23-service: jjeeceic (jjeeceic)-C:/Windows/system32/Drivers/jjeeceic. sys (system)
O23-service: new0 (new0)-C:/Windows/system32/New. sys | 0:55:22 (automatic)

O23-service: NPF (netgroup Packet Filter)-system32/Drivers/NPF. sys | Winpcap netgroup Packet Filter Driver | 3, 1, 0, 23 | NPF | copyright? 1999-2004 | 3, 1, 0, 23 | netgroup-Politecnico di Torino | NPF + tme | NPF. sys (manual)

O23-service: UpdateService (UpdateService)-C:/Windows/system32/updateservice.exe (disabled)

O23-service: viptray (viptray)-C:/Windows/system32/viptray.exe (disabled)
---/

Download hijackthis from the http://endurer.ys168.com to fix it.

Where

O4-hkcr/../policies/Explorer/run: [333] C:/syswm1i/svchost.exe
O4-hkcr/../ies/Explorer/run: [TX] C:/release X4/svchost.exe
O4-hkcr/../policies/Explorer/run: [4] C:/syswsj7/svchost.exe

Hijackthis 1.99.1 cannot be repaired. You can use the Security Assistant of rising star Kaka to cancel it.

Recently, many viruses are found to search for the inquiry Prompt window after Kaspersky and rising star discover the virus, and send buttons to cancel or skip scanning and killing.

Therefore, it is best to set the setting method when anti-virus software detects viruses to clear them directly.