EndurerOriginal
2006-12-20 th1Version
An Internet friend sent an email saying that he met
Trojan-PSW.Win32.WOW.ms, Trojan. psw. lmir. LNV and other Trojans
Similar issues with the concise log of hijackthis scan, unfortunately there is no procview process list.
The following suspicious items are found in the log:
/------
Logfile of hijackthis v1.99.1
Platform: Windows XP SP2 (winnt 5.01.2600)
C:/Windows/system32/scvhsot.exe
C:/docume ~ 1/YU/locals ~ 1/temp/wincabb.exe
O4-HKLM/../run: [qqkav] C:/Windows/system32/sCVHsot.exe
O4-hkcu/../run: [myzt] C:/Windows/East/SVCH0St. exe
O4-hkcu/../run: [SVC] C:/docume ~ 1/YU/locals ~ 1/temp/wmcony.exe
O20-appinit_dlls: 235780m. BMP
O23-service: mgafgexe-matrox Graphics Inc.-C:/Windows/system32/mgafg.exe
------/
Repair suggestions:
For the following operations, refer to [System Restoration series] basic operation index.
Http://endurer.blogchina.com/2591241.html
Restart your computer to safe Mode
Disable System Restoration
Use WinRAR to find the following files, package the backup, and delete the files:
/------
C:/Windows/system32/scvhsot.exe (Note: svchost.exe is not used)
C:/Windows/East/svch0st. exe
C:/Documents and Settings/YU/Local Settings/temp/wincabb.exe
C:/Documents and Settings/YU/Local Settings/temp/wmcony.exe
235780m. BMP (generally in C:/Windows)
------/
Use WinRAR to find the file C:/Windows/system32/mgafg.exe, package the backup, but do not delete it.
Close all folders and IE Windows and use hijackthis to fix the following items:
/------
O4-HKLM/../run: [qqkav] C:/Windows/system32/scvhsot.exe
O4-hkcu/../run: [myzt] C:/Windows/East/svch0st. exe
O4-hkcu/../run: [SVC] C:/docume ~ 1/YU/locals ~ 1/temp/wmcony.exe
O20-appinit_dlls: 235780m. BMP
------/
Clear the temporary ie folder.
Restart the computer to the normal model, the first package of the file scvhsot.exe and so on as an e-mail attachment to the endurer@163.com.