Is iemnaw. dll an invalid image? Is drug overlord missing? It turns out to be win32.logogo, rootkit. win32.hidefile, etc. 2

Is iemnaw. dll an invalid image? Is drug overlord missing? It turns out to be win32.logogo, rootkit. win32.hidefile, etc. 2

Original endurer
2008-04-19 th1Version

(Continued 1)

Start fixing ~

Restart your computer to secure mode with network connection

Download bat_do and fileinfo to the http://endurer.ys168.com.

Use fileinfo to extract the red-marked file information in the log, use bat_do to package and back up the red-marked files in the log, and delete the files in a delayed manner.

Download icesword backup to http://purpleendurer.ys168.com.

Download from http://tool.ikaka.com and install rising Kaka Security Assistant.

Run regedit.exe to delete the project corresponding to O26-ifeo: ras.exe-> ntsd-D.

Then, start the rising Card Security Assistant, scan and kill three rogue software, and switch

In [advanced functions]-> [plug-in management and uninstallation], remove items O2 and o24.
Switch to [system enable item management]
Click [logon items] on the left, find the project corresponding to the O4 item on the right, right-click, and select Delete from the pop-up menu.
Click [Application initialization dynamic Connection Library] on the left, find the corresponding o20 items on the right, right-click, and choose delete from the pop-up menu.
Click [service items] and [Driver] on the left, find the project corresponding to o23 on the right, right-click, and choose delete from the pop-up menu.
Click [Application hijacking items] on the left, find the O26 items on the right, right-click, and choose delete from the pop-up menu.

Use WinRAR to delete autorun.inf,ntldr.exe, Windows Temporary Folder, ie temporary folder, and files that can be deleted in C:/Windows/prefetch.

Avp.exe is found in C:/and deleted.

Restart your computer and go to security mode to check whether the red files in the log are still running. Also, use icesword to delete the files.

Restart the computer and start properly. Rising prompts registration. do not register first.

After entering the desktop, Kingsoft drug overlord and 360 guard's monitoring icons are all displayed.

As the drug overlord can be upgraded, the drug overlord can be removed temporarily and used again.
 

Appendix: Some Virus File Information

File Description: C:/ntldr.exe
Property:-sh-
An error occurred while obtaining the file version information!
Created at: 20:16:31
Modification time:
Access time:
Size: 18489 bytes, 18.57 KB
MD5: 2ff9fcac74e9825b905a1476b495bc0f
Sha1: 8f9ef0df5c8ce0122e3c0c1dee6db056f5ab7830
CRC32: 5206 efde

The Kaspersky report is Worm. win32.anilogo. f, and the rising star report is win32.logogo..

File Description: C:/Windows/system32/Drivers/Phy. sys
Attribute: ---
An error occurred while obtaining the file version information!
Created at: 17:52:35
Modification time: 17:52:36
Access time:
Size: 1536 bytes, 1.512 KB
MD5: 08c585d04512eada0914a2043eb6dc6d
Sha1: eb55b29d65f3c461f88224cdacc399445ff34dcb
CRC32: e34394b7

Kaspersky reports Trojan-Downloader.Win32.Apher.y, rising reports Trojan. win32.undef. bxv

File Description: C:/Windows/system32/Drivers/msosfpids32.sys
Property: ash-
An error occurred while obtaining the file version information!
Creation Time: 20:42:25
Modification time: 10:22:30
Access time:
Size: 3072 bytes, 3.0 kb
MD5: 9ff85f7951616d5b96ad73ed9957c94a
Sha1: 36fc854331939a12be4a62254617ff03145aabe1
CRC32: 17544bf4

Kaspersky reported rootkit. win32.agent. ABQ, and rising reported rootkit. win32.mnless. Hz.

File Description: C:/Windows/system32/Drivers/msosmsfpfis64.sys
Property: ash-
An error occurred while obtaining the file version information!
Created at: 20:17:23
Modification time: 20:17:38
Access time:
Size: 3072 bytes, 3.0 kb
MD5: 0d50a72b789ee6cf5921a8433ef9e631
Sha1: 192e938f19f5867e3e9ec5c4c6c153e3ac81e8f6
CRC32: 9a715030

Kaspersky reported as Trojan-PSW.Win32.OnLineGames.aadr, rising reported as rootkit. win32.hidefile. c

File Description: C:/Windows/system32/Drivers/msyecp. sys
Attribute: ---
An error occurred while obtaining the file version information!
Creation Time: 10:22:33
Modification time: 10:22:34
Access time:
Size: 12800 bytes, 12.512 KB
MD5: 07f19d7fe4c69e5fbf730511ce10bea3
Sha1: 36dda4f1669b1467970b9d53295cb753892eb733
CRC32: 81a7f953

Kaspersky reported as Trojan-PSW.Win32.OnLineGames.rtj, rising as rootkit. win32.gamehack. gen

File Description: C:/Windows/upxdnd.exe
Attribute: ---
An error occurred while obtaining the file version information!
Created at: 20:16:40
Modification time: 20:16:40
Access time:
Size: 19113 bytes, 18.681 KB
MD5: 5ea3717969f8bde70fd4c0d7b06d5073
Sha1: 792ab4bafcceee2560991163c1b7a1a9ba84d949
CRC32: 45ae74df

File Description: C:/Windows/system32/ttkafkaf1060.dll
Attribute: ---
An error occurred while obtaining the file version information!
Created at: 20:17:40
Modification time: 20:17:42
Access time:
Size: 7303 bytes, 7.135 KB
MD5: 8458787426846d6f758b3e8375a9cdce
Sha1: 32e8edbc607fe8ffa12449e9c8e60e7b7905f958
CRC32: 75189254

File Description: C:/Windows/system32/ttqacqac1035.dll
Attribute: ---
An error occurred while obtaining the file version information!
Created at: 20:17:35
Modification time: 20:17:36
Access time:
Size: 7277 bytes, 7.109 KB
MD5: 10f9425523f04b35a71d68bacd3332a8
Sha1: 20fde5a117ffbfb6fffc5391bcff878102f3f462
CRC32: 5ea29b0e

File Description: C:/Windows/system32/tthadhad1_1.dll
Attribute: ---
An error occurred while obtaining the file version information!
Created at: 20:16:54
Modification time: 20:16:56
Access time:
Size: 7220 bytes, 7.52 KB
MD5: 63ac75f1969e9b4d3effbaabd938d132
Sha1: 8851fb725ef12e17502b07443fda-b13160d5ef5
CRC32: c22c237c

File Description: C:/Windows/system32/ttvufvuf1011.dll
Attribute: ---
An error occurred while obtaining the file version information!
Created at: 20:16:51
Modification time: 20:16:52
Access time:
Size: 6800 bytes, 6.656 KB
MD5: 8d205bb9873ab5311349a69c4e7ce02e
Sha1: e1f65ff138e34a7b737fde4858298ec40fb69c33
CRC32: ddbd495d

File Description: C:/program files/Internet Explorer/iyune32.win
Property: ash-
An error occurred while obtaining the file version information!
Creation Time: 21:11:50
Modification time: 19:51:40
Access time:
Size: 29817 bytes, 29.121 KB
MD5: 9ed241e5b520c5f0cf060bc9fa93b0e5
Sha1: 9c12eb2306b00f4a255e3cbcca568de2f01ca397
CRC32: 18d9048c

File Description: C:/program files/Internet Explorer/iw.e32.dat
Property: ash-
An error occurred while obtaining the file version information!
Creation Time: 21:11:50
Modification time: 19:51:38
Access time:
Size: 35996 bytes, 35.156 KB
MD5: ec7a7779472d5fb109f028601a17aba1
Sha1: 3ace2dca4471e8fe320cc1d4dfef56a69a2c2206
CRC32: 0ec568b9

File Description: C:/program files/Internet Explorer/iyune32.sys
Property: ash-
An error occurred while obtaining the file version information!
Creation Time: 21:11:51
Modification time: 19:51:44
Access time:
Size: 30347 bytes, 29.651 KB
MD5: 950fa40a0f7617ca5640296a51633e78
Sha1: c3efe7e7b38331eea6da45a8de7a844e822953bd
CRC32: 06141304

File Description: C:/docume ~ 1/admini ~ 1/locals ~ 1/temp/tmp67.tmp
Attribute: ---
An error occurred while obtaining the file version information!
Created at: 20:46:40
Modification time: 20:17:32
Access time:
Size: 9850 bytes, 9.634 KB
MD5: 9452363c8c52251ca802c7d3d86633c6
Sha1: b6d59cc8c611d6cbfb63528156a481ebe4d000068
CRC32: bc8b92b9

File Description: C:/Windows/system32/Drivers/askd. AHC
Attribute: ---
An error occurred while obtaining the file version information!
Created at: 18:48:44
Modification time: 17:32:48
Access time:
Size: 18048 bytes, 17.640 KB
MD5: 9852d8551c766491d8cee5aadb0834da
Sha1: eff523c64e9da4123dce01bbda274d4011edea61
CRC32: 97559883

File Description: C:/Windows/system32/dbghlp32.dll
Attribute: ---
An error occurred while obtaining the file version information!
Creation Time: 10:22:31
Modification time: 16:38:32
Access time:
Size: 26892 bytes, 26.268 KB
MD5: 836ec4515b142d7a929b56480849d6a9
Sha1: 9a8b830060d0ae445c3d0698dc1_afd835dccc5
CRC32: c5ff3133

File Description: C:/Windows/system32/upxdnd. dll
Attribute: ---
An error occurred while obtaining the file version information!
Created at: 20:16:40
Modification time: 16:38:32
Access time:
Size: 29964 bytes, 29.268 KB
MD5: b6f24030d54f61effd8315f940270a61
Sha1: e68a4de1a7052cfb6fa2c6d27bfcac168188f569
CRC32: b26626ad

File Description: C:/Windows/system32/msccrt. dll
Attribute: ---
An error occurred while obtaining the file version information!
Created at: 20:16:46
Modification time: 16:38:32
Access time:
Size: 27908 bytes, 27.260 KB
MD5: ca7332162b2aba28166eba7a4964c7c6
Sha1: e220f5a4a49acf70c324e18f6de444ebd2cc06ef
CRC32: 3a4f760a

File Description: C:/Windows/system32/tfrbmknh. dll
Attribute: ---
An error occurred while obtaining the file version information!
Created at: 9:10:29
Modification time: 16:38:32
Access time:
Size: 31232 bytes, 30.512 KB
MD5: e0872d44d13078b8e52c03c1e0f523be
Sha1: 8d5dfa7725520943053074378900a6bafe743aa9
CRC32: e360595b

File Description: C:/Windows/system32/wsockdrv32.dll
Attribute: ---
An error occurred while obtaining the file version information!
Created at: 20:16:43
Modification time: 16:38:34
Access time:
Size: 31500 bytes, 30.780 KB
MD5: 195058bff0e69d2c7c844e746c834dd7
Sha1: 1d7db109a469c81666a9602155548ea83927e088
CRC32: 12735bcf

File Description: C:/Windows/system32/cmdbcs. dll
Attribute: ---
An error occurred while obtaining the file version information!
Created at: 20:16:48
Modification time: 16:38:38
Access time:
Size: 27404 bytes, 26.780 KB
MD5: ee1a024186b38700c2a52b7fc854c3ee
Sha1: 529b7fe88bf142136611846df1567086de24317c
CRC32: 2393afb9

File Description: C:/Windows/system32/avpsrv. dll
Attribute: ---
An error occurred while obtaining the file version information!
Created at: 20:17:11
Modification time: 16:38:40
Access time:
Size: 29964 bytes, 29.268 KB
MD5: 842b50fe0f73561dbfd12fdd719c2355
Sha1: 8e9f17564f98f33ff8a6c5ddded04616a4ebd939
CRC32: 0e19d071

File Description: C:/Windows/system32/lotushlp. dll
Attribute: ---
An error occurred while obtaining the file version information!
Created at: 20:17:24
Modification time: 16:38:44
Access time:
Size: 27404 bytes, 26.780 KB
MD5: a3f4b6c7d66004130acb45dd3521f1cd
Sha1: 78cc8789c2fdec44f15c30bea97b871afa473327
CRC32: 0d0fbe72

File Description: C:/Windows/system32/mfchlp32.dll
Attribute: ---
An error occurred while obtaining the file version information!
Created at: 20:17:26
Modification time: 16:38:46
Access time:
Size: 30208 bytes, 29.512 KB
MD5: f22c6e7bda9a62f563ddce00db3ae081
Sha1: 9964bb557233beb785e1e0c29c4c724afd239e65
CRC32: d1e3e0f9

File Description: C:/Windows/fonts/syn00-1A-4D-04-42-EF/system/inudhya. dll
Attribute: ---
An error occurred while obtaining the file version information!
Created at: 20:16:37
Modification time: 16:38:52
Access time:
Size: 95744 bytes, 93.512 KB
MD5: 43b43c3f4df21581693325fefb6badbb
Sha1: de31fa3bbdac8c97efc6f22555f1c9ce4a4b400b
CRC32: f7e92e9e

File Description: C:/Windows/system32/msepbe. dll
Property: ash-
An error occurred while obtaining the file version information!
Creation Time: 23:54:26
Modification time: 23:54:26
Access time:
Size: 3450 bytes, 3.378 KB
MD5: c28e98aef7e1e187862b7dc67109908c
Sha1: 4bcfcc6e6c586f2ef6f5db59faa435ed7183b334
CRC32: 6751ace3

File Description: C:/Windows/system32/lariytrz. dll
Property:-sh-
An error occurred while obtaining the file version information!
Creation Time: 23:54:26
Modification time: 23:54:26
Access time:
Size: 12197 bytes, 11.933 KB
MD5: af2b9f317b0ba883a40240fb3b296017
Sha1: c490c4861bb0bde0caf22a13400c464f9b5e252d
CRC32: d16afd36

File Description: C:/Windows/system32/crugd. dll
Property:-sh-
An error occurred while obtaining the file version information!
Creation Time: 23:54:26
Modification time: 23:54:26
Access time:
Size: 17195 bytes, 16.811 KB
MD5: fdaf47c5b65d64ea37eb3ac6fdcfbe14
Sha1: 95024945df166d95557f42a06f6c8d23db6f2425
CRC32: 37d01da0

File Description: C:/Windows/system32/ektvm. dll
Property:-sh-
An error occurred while obtaining the file version information!
Creation Time: 23:54:26
Modification time: 23:54:26
Access time:
Size: 14677 bytes, 14.341 KB
MD5: 670b7c198b67460e6868ff3f8fba318e
Sha1: 9dd9ed78d583fa2519e29b0b457f4f51d4244962
CRC32: 05fcd019

File Description: C:/Windows/system32/bjrvm. dll
Property:-sh-
An error occurred while obtaining the file version information!
Creation Time: 23:54:26
Modification time: 23:54:26
Access time:
Size: 19549 bytes, 19.93 KB
MD5: 2c489caa06c16bd0b26bec290b662f9d
Sha1: 03319ebfdc95205c1dbd04bee3e74ab520d5bfbb
CRC32: 3b536589

File Description: C:/Windows/system32/fjyjy. dll
Property:-sh-
An error occurred while obtaining the file version information!
Creation Time: 23:54:26
Modification time: 23:54:26
Access time:
Size: 10888 bytes, 10.648 KB
MD5: ffffbf590963a1167412db4357167ddd
Sha1: 7113a68d8858dcd3cb1dc86bad9e44b4558840af
CRC32: 6c032731

File Description: C:/Windows/system32/RHS. dll
Property:-sh-
An error occurred while obtaining the file version information!
Creation Time: 23:54:26
Modification time: 23:54:26
Access time:
Size: 12267 bytes, 11.1003 KB
MD5: fe08c2bef0b70bfc63d47a5456a0afe8
Sha1: faea8fb086fc7e31a4c21ec1ba40b5d9f15d0607
CRC32: b20fbbef

File Description: C:/Windows/system32/ijatnaw. dll
Attribute :----
An error occurred while obtaining the file version information!
Created at: 20:17:30
Modification time: 21:46:40
Access time:
Size: 9850 bytes, 9.634 KB
MD5: 9452363c8c52251ca802c7d3d86633c6
Sha1: b6d59cc8c611d6cbfb63528156a481ebe4d000068
CRC32: bc8b92b9

File Description: C:/Windows/system32/oqrthc. dll
Property:-sh-
An error occurred while obtaining the file version information!
Creation Time: 23:54:26
Modification time: 23:54:26
Access time:
Size: 13363 bytes, 13.51 KB
MD5: 121db5e86c605a22808a1afbbe8c06b1
Sha1: cf016c08e9fb0fa6e7f171c6748c70075ec50a55
CRC32: 6f2810ec

File Description: C:/Windows/system32/hfjg. dll
Property:-sh-
An error occurred while obtaining the file version information!
Creation Time: 23:54:26
Modification time: 23:54:26
Access time:
Size: 11719 bytes, 11.455 KB
MD5: b65f90dce41cc70229244a26c393c26c
Sha1: 98b8f1292c2621bf14bdd798d4352a6740b6cf08
CRC32: 2adac558

File Description: C:/Windows/system32/xgnfn. dll
Property:-sh-
An error occurred while obtaining the file version information!
Created at: 20:16:55
Modification time: 20:16:56
Access time:
Size: 10657 bytes, 10.417 KB
MD5: 8c21c2e55702c8a8c5d62cd51ad17a04
Sha1: 64fb7334d1124ba253b55c79997281ba41afb829
CRC32: 8472f760