Home > Others

Worm. Agent. wk, Trojan. psw. OnlineGames. Caw, etc. that are subject to image hijacking 2

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

EndurerOriginal
1Version

(Continued)

The O26 items in the pe_xscan log list are image hijacking. The hijackthis, Kaka Security Assistant, and drug overlord programs are listed on the list.

In addition, WinRAR will be shut down after it is opened. When the computer is restarted, the host restarts directly in safe mode.

Since regedit.exe is not hijacked by an image, you can directly open it and delete the O26 (image hijacking) project and o23 project in the registry.

Download Dr. Web cureit! After one scan, several DLL injected into the system process will be cured after reboot.

Run freedll.
Download icesword to the http://endurer.ys168.com and rename it to run, unload the suspicious DLL module injected into [system process] * 0, and then use freedll to unload the suspicious DLL module from all processes.

Use bat_do to delete suspicious files and autorun. inf and 06b4d0bf.exe on D, E, and F disks.

Re-download and install the Kaka Security Assistant to process O4, o24, and 025.

Due to the time relationship, only some of the suspicious files are sent to the mailbox, Dr. Web cureit! The scan log file is not sent to the mailbox.

File Description: C:/Windows/kvsc3.exe
Attribute :----
An error occurred while obtaining the file version information!
Creation Time: 18:35:26
Modification time: 7:59:28
Access time:
Size: 5448 bytes, 5.328 KB
MD5: fb952bb5c32fa9b8cef8e46da750a928

Kapsersky reportsTrojan-PSW.Win32.OnLineGames.twThe rising report isTrojan. psw. OnlineGames. BNR

File Description: C:/Windows/system32/000.exe
Attribute :----
An error occurred while obtaining the file version information!
Creation Time: 18:22:21
Modification time: 10:13:30
Access time:
Size: 16652 bytes, 16.268 KB
MD5: 07c7128add5aed0197d66a15a59960d7

Kapsersky reportsTrojan-Downloader.Win32.Delf.bjyThe rising report isTrojan. DL. Small. VAX

File Description: C:/program files/common files/Microsoft shared/msinfo/06b4d0bf. dll
Property:-SHR
An error occurred while obtaining the file version information!
Creation Time: 12:57:44
Modification time: 12:57:46
Access time:
Size: 46675 bytes, 45.595 KB
MD5: 7face3453c0f9e1d4c541daeed12058a

Kapsersky reportsWorm. win32.delf. CCThe rising report isWorm. Agent. wk

File Description: C:/progra ~ 1/common ~ 1/micros ~ 1/msinfo/06b4d0bf. dat
Property:-SHR
An error occurred while obtaining the file version information!
Creation Time: 12:57:44
Modification time: 12:56:22
Access time:
Size: 33363 bytes, 32.595 KB
MD5: a785a2729bfbb5af9ba644d578b8eecc

Kapsersky reportsWorm. win32.delf. CCThe rising report isWorm. Agent. wk

File Description: C:/Windows/system32/msdebug. dll
Attribute :----
An error occurred while obtaining the file version information!
Creation Time: 7:59:44
Modification time: 7:59:46
Access time:
Size: 19456 bytes, 19.0 KB
MD5: 6023cb050eca231c1329cf46b8d7fadc

File Description: C:/Windows/system32/lyloader.exe
Attribute: ---
An error occurred while obtaining the file version information!
Creation Time: 7:59:19
Modification time: 7:59:20
Access time:
Size: 10336 bytes, 10.96 KB
MD5: c92163fc0a87d4091f8e099d93916599
Kapsersky reportsTrojan-PSW.Win32.OnLineGames.nnThe rising report isTrojan. psw. xyonline. QE

File Description: C:/Windows/system32/lyloadmr.exe
Attribute: ---
An error occurred while obtaining the file version information!
Creation Time:
Modification time: 20:13:18
Access time:
Size: 8048 bytes, 7.880 KB
MD5: cbe55415ba598b685f5d9152f643b0eb

Kapsersky reportsTrojan-PSW.Win32.OnLineGames.teThe rising report isTrojan. psw. OnlineGames. CCY

File Description: F:/06b4d0bf.exe
Attribute :----
An error occurred while obtaining the file version information!
Creation Time: 12:57:54
Modification time: 12:56:22
Access time:
Size: 33363 bytes, 32.595 KB
MD5: a785a2729bfbb5af9ba644d578b8eecc

File Description: D:/test/jh1_1cmd.exe
Attribute :----
An error occurred while obtaining the file version information!
Creation Time:
Modification time: 7:59:44
Access time:
Size: 18320 bytes, 17.912 KB
MD5: 4cc8a79ad42427deac582d5cd74680ae

Kapsersky reportsTrojan-Proxy.Win32.Small.duThe rising report isTrojan. psw. OnlineGames. Caw

File Description: C:/Windows/system32/nwiztlbu.exe
Attribute :----
An error occurred while obtaining the file version information!
Creation Time: 22:13:53
Modification time: 7:59:48
Access time:
Size: 10260 bytes, 10.20 KB
MD5: 66c45db57837d5d3f779ecda9c5018c4

Kapsersky reportsTrojan-PSW.Win32.OnLineGames.rcThe rising report isTrojan. psw. OnlineGames. cfg

File Description: D:/test/bpakwh. dll
Attribute :----
An error occurred while obtaining the file version information!
Creation Time: 22:18:37
Modification time:
Access time:
Size: 13824 bytes, 13.512 KB
MD5: 85dd0607cd69ab0773b58e0dbc7bb498

Kapsersky reportsTrojan-PSW.Win32.OnLineGames.rtThe rising report isTrojan. psw. wowar. Ahn

File Description: D:/test /~ Tmp6334.exe
Attribute :----
Language: English (USA)
File version:
Note:
Copyright: (c) Microsoft Corporation. All rights reserved.
Note:
Product Version:
Product Name: Microsoft (r) Windows (r) Operating System
Company Name: Microsoft Corporation
Legal trademark:
Internal Name:
Source File Name:
Creation Time: 22:21:29
Modification time: 17:13:30
Access time:
Size: 17789 bytes, 17.381 KB
MD5: 1f96f269d4c3ab049cf039ee5092511d

Kapsersky reportsBackdoor. win32.agent. ahjThe rising report isTrojan. immsg. tbmsg. FF

File Description: D:/test/rising747.exe
Attribute :----
An error occurred while obtaining the file version information!
Creation Time: 22:25:51
Modification time: 17:13:28
Access time:
Size: 52620 bytes, 51.396 KB
MD5: e44cac970a9a82c39880124c24093ce2

Kapsersky reportsTrojan-PSW.Win32.OnLineGames.fqThe rising report isTrojan. mnless. LXV

In addition, C:/Documents and Settings/Administrator found that:

C:/Documents and Settings/Administrator/msinfo. vbs content:
/---
Set shell = Createobject ("wscript. Shell ")
Shell. Run ("msinfo.exe ")
Set shell = nothing
---/

File Description: C:/Documents ents and settings/Administrator/msinfo.exe
Attribute: ---
An error occurred while obtaining the file version information!
Creation Time: 8:50:55
Modification time:
Access time:
Size: 17254 bytes, 16.870 KB
MD5: e2fc361009ee1ea92eb5f0626e13b620

Status: finishedcomplete scanning result of "msinfo.exe", received in virustotal at 06.10.2007, 16:20:52 (CET ).

 

Antivirus Version Update Result
AhnLab-V3 2007.6.9.0 06.08.2007 Win-Trojan/hupigon. gen
AntiVir 7.4.0.32 06.09.2007 No virus found
Authentium 4.93.8 05.23.2007 Cocould be a temporary upted Executable File
Avast 4.7.997.0 06.09.2007 No virus found
AVG 7.5.0.467 06.09.2007 No virus found
BitDefender 7.2 06.10.2007 Trojan. Downloader. Delf. nry
Cat-quickheal 9.00 06.09.2007 Trojandownloader. Delf. BJY
ClamAV Devel-20070416 06.10.2007 No virus found
Drweb 4.33 06.10.2007 Win32.hllw. creater
Esafe 7.0.15.0 06.06.2007 Suspicious Trojan/Worm
ETrust-vet 30.7.3707 06.09.2007 No virus found
Ewido 4.0 06.10.2007 Downloader. Delf. BJY

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
virus worm trojan horse trojan worm virus removal how to stop browser hijacking etc to utc how to get rid of worm virus how to fish san juan worm how to remove zeus trojan

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More