Win32.loader. C, Trojan. psw. win32.gameonline, Trojan. psw. win32.asktao, etc. 2
EndurerOriginal
1Version
Check that the last modification time of the EXE file on other disks except drive C is similar, and the file size increases, such as hijackthis 1.99.1 English version. The normal size is 218,112 bytes, the 223,585 byte after infection should be infected. No wonder the firewall prompts the program to access the network during running.
Use rising online free scan, go to http://endurer.ys168.com to download Rising Antivirus assistant, save scan results as follows (Omitted ):
/=
Rising anti-virus Assistant
Windows XP Service Pack 2 (5.1.2600)
File Name virus name
EXPLORER. EXE> C:/Windows/system32/55551.dllTrojan. psw. win32.gameonline. AIB
EXPLORER. EXE> C:/Windows/system32/csdoor1.dllTrojan. psw. win32.gameonline. AIF
EXPLORER. EXE> C:/Windows/system32/wgdoor0.dllTrojan. psw. win32.wlonline. jjq
EXPLORER. EXE> C:/Windows/system32/rxdoor0.dllTrojan. psw. win32.gameonline. Yi
Rundll32.exe> C:/Windows/system32/55551.dllTrojan. psw. win32.gameonline. AIB
Wscntfy.exe> C:/Windows/system32/55551.dllTrojan. psw. win32.gameonline. AIB
Ylive.exe> C:/Windows/system32/55551.dllTrojan. psw. win32.gameonline. AIB
Yeclipse.exe> C:/Windows/system32/55551.dllTrojan. psw. win32.gameonline. AIB
Rundll32.exe> C:/Windows/system32/55551.dllTrojan. psw. win32.gameonline. AIB
Notepad.exe> C:/Windows/system32/55551.dllTrojan. psw. win32.gameonline. AIB
Notepad.exe> C:/Windows/system32/rxdoor0.dllTrojan. psw. win32.gameonline. Yi
Notepad.exe> C:/Windows/system32/wgdoor0.dllTrojan. psw. win32.wlonline. jjq
Notepad.exe> C:/Windows/system32/csdoor1.dllTrojan. psw. win32.gameonline. AIF
Notepad.exe> C:/Windows/system32/55551.dllTrojan. psw. win32.gameonline. AIB
Notepad.exe> C:/Windows/system32/rxdoor0.dllTrojan. psw. win32.gameonline. Yi
Notepad.exe> C:/Windows/system32/wgdoor0.dllTrojan. psw. win32.wlonline. jjq
Notepad.exe> C:/Windows/system32/csdoor1.dllTrojan. psw. win32.gameonline. AIF
C:/Windows/system32/dllcache/svchost.exe> upx_cTrojan. psw. win32.gameonline. aaq
C:/Windows/system32/wodoor0.dllTrojan. psw. win32.gameonline. YL
C:/Windows/system32/55550.dllTrojan. psw. win32.gameonline. ym
C:/Windows/system32/csdoor0.dllTrojan. psw. win32.woool.
C:/Windows/system32/wldoor0.dllTrojan.ps?win32.roconline.cn
C:/Windows/system32/wgdoor0.dllTrojan. psw. win32.wlonline. jjq
C:/Windows/system32/dadoor0.dllTrojan. psw. win32.xyonline. RG
C:/Windows/system32/dh3oor0. dllTrojan. psw. win32.xyonline. rk
C:/Windows/system32/qjdoor0.dllTrojan. psw. win32.gameonline. AAR
C:/Windows/system32/rxdoor0.dllTrojan. psw. win32.gameonline. Yi
C:/Windows/system32/wddoor0.dllTrojan. psw. win32.asktao. EI
C:/Windows/system32/tldoor0.dllTrojan. psw. win32.gameonline. YJ
C:/Windows/system32/zxdoor0.dllTrojan. psw. win32.wlonline. JJP
C:/Windows/system32/mydoor0.dllTrojan. psw. win32.roconline. Ho
C:/Windows/system32/qhdoor0.dllTrojan. psw. win32.gameonline. YF
C:/Windows/system32/cqdoor0.dllTrojan. psw. win32.shanda.
C:/Windows/system32/fydoor0.dllTrojan. psw. win32.gameonline. Ye
C:/Windows/system32/mhdoor1.dllTrojan. psw. win32.wsgame. BF
C:/Windows/system32/qqdoor1.dllTrojan. psw. win32.gameonline. YH
C:/Windows/system32/mhdoor0.dllTrojan. psw. win32.xyonline. Su
C:/Windows/system32/wodoor1.dllTrojan. psw. win32.gameonline. AIC
C:/Windows/system32/55551.dllTrojan. psw. win32.gameonline. AIB
C:/Windows/system32/csdoor1.dllTrojan. psw. win32.gameonline. AIF
C:/Windows/system32/mydoor1.dllTrojan. psw. win32.roconline. Ho
C:/Windows/system32/qhdoor1.dllTrojan. psw. win32.qqhx. trz
C:/Windows/system32/cqdoor1.dllTrojan. psw. win32.gameonline. Aho
C:/Windows/system32/fydoor1.dllTrojan. psw. win32.fyonline. Dr
C:/Windows/system32/qqdoor0.dllTrojan. psw. win32.qqhx. TSA
C:/program files/common files/fjos0r. dllTrojan. psw. win32.delf. pnw
C:/program files/Internet Explorer/onlo0r. dllTrojan. psw. win32.gameonline. aiy
C:/program files/Internet Explorer/onlo0r. OBKTrojan. psw. win32.delf. pnw
C:/program files/Internet Explorer/onlo0r. Bak> upx_cTrojan. psw. win32.gameonline. aaq
C:/system volume information/_ restore {7f7817cf-db12-42a3-ae12-e8184d22c999}/rp9/Snapshot/MFEX-7.DATTrojan. psw. win32.delf. pnw
C:/system volume information/_ restore {7f7817cf-db12-42a3-ae12-e8184d22c999}/rp9/a424733.exeHack. win32.agent. CW
C:/system volume information/_ restore {7f7817cf-db12-42a3-ae12-e8184d22c999}/rp9/a424845.dllTrojan. psw. win32.wsgame. BF
C:/system volume information/_ restore {7f7817cf-db12-42a3-ae12-e8184d22c999}/rp9/a424859.dllTrojan. psw. win32.gameonline. AAS
C:/system volume information/_ restore {7f7817cf-db12-42a3-ae12-e8184d22c999}/rp10/Snapshot/MFEX-1.DATTrojan. psw. win32.gameonline. aiy
D:/system volume information/_ restore {7f7817cf-db12-42a3-ae12-e8184d22c999}/rp142/a0023547.exeWin32.loader. c
... (Omitted )...
===/
Download fileinfo and bat_do to the http://purpleendurer.ys168.com.
Use fileinfo to extract the file information and use bat_do to package the backup.
Add the xxyxyjk.exe, autorun. inf, and Windows. SCR files on drive C to bat_do, select all files, and delete files in a delayed manner.
Uninstall Yahoo assistant, Chinese Internet access, and Baidu.
Use WinRAR to delete windows temporary folders, ie temporary folders, and files that can be deleted in D:/Windows/prefetch.
Restart your computer ......
To http://www.ikaka.com/2008/down.asp? T = ravz & Action = rising download can be free to use 3 months of Rising Star 2008 installation program for installation, after the installation is complete, restart the computer.
Run the Security Assistant of Rising Star card and then go to [basic functions]-> [scan and kill malicious and rogue software] to scan and clean up rogue software.
Then, in [advanced functions]-> [plug-in management and uninstallation], uninstall the O2 and o24 items.
In [advanced functions]-> [system enable item management], click [logon item] on the left, find the project corresponding to the O4 item on the right, right-click, select Delete from the pop-up menu.
In [advanced functions]-> [system enable item management], click [service items] and [Driver] on the left, find the project corresponding to o23 on the right, right-click, select Delete from the pop-up menu; click [Application hijacking items] on the left, find the items corresponding to O26 items on the right, right-click, and choose delete from the pop-up menu.
Upgrade the anti-virus software of rising star, and then thoroughly scan and kill viruses ......
Some Virus File Information:
File Description: C:/Windows/system32/qqdoor0.dll
Attribute: ---
An error occurred while obtaining the file version information!
Creation Time: 0:52:32
Modification time: 0:52:32
Access time:
Size: 15872 bytes, 15.512 KB
MD5: a52a1109fd74dfdec33780e5f57992c2
Sha1: 3dc1e96c6e843225ef846bea93836d66b18beccb
CRC32: 0a773ff2
RisingTrojan. psw. win32.qqhx. TSA
File Description: C:/Windows/system32/fydoor1.dll
Attribute: ---
An error occurred while obtaining the file version information!
Creation Time: 0:52:32
Modification time: 0:52:32
Access time:
Size: 13312 bytes, 13.0 KB
MD5: 85d28bb576c7527d4cc64857c87708f6
Sha1: 52b5b103128fa7e6c5359867513286f51216e798
CRC32: 7582c4ea
RisingTrojan. psw. win32.fyonline. Dr
File Description: C:/Windows/system32/cqdoor1.dll
Attribute: ---
An error occurred while obtaining the file version information!
Creation Time: 0:52:32
Modification time: 0:52:32
Access time:
Size: 16896 bytes, 16.512 KB
MD5: a03292cba461a8f161ce67cee9fd2f99
Sha1: fdf717ccd25127424f8af5d29273038925b224d6
CRC32: 7835f372
RisingTrojan. psw. win32.gameonline. Aho
File Description: C:/Windows/system32/qhdoor1.dll
Attribute: ---
An error occurred while obtaining the file version information!
Creation Time: 0:52:32
Modification time: 0:52:32
Access time:
Size: 15872 bytes, 15.512 KB
MD5: 6b84c2f1df9e0443b6e72ca00f2faafb
Sha1: 39fe2f2583a721c71b05fe6ebc4e488fe5075a37
CRC32: e78255f8
RisingTrojan. psw. win32.gameonline. YF
File Description: C:/Windows/system32/mydoor1.dll
Attribute: ---
An error occurred while obtaining the file version information!
Creation Time: 0:52:32
Modification time: 0:52:32
Access time:
Size: 17920 bytes, 17.512 KB
MD5: 8b8e7e2dc9796960e0e6b0147eae6077
Sha1: a9f8ff6bffcb90514822178ac0797a0d2a951c70
CRC32: 74aa3654
Kaspersky reportsTrojan-PSW.Win32.OnLineGames.hlzThe rising report isTrojan. psw. win32.roconline. Ho
File Description: C:/Windows/system32/zxdoor0.dll
Attribute: ---
An error occurred while obtaining the file version information!
Creation Time: 0:52:32
Modification time: 0:52:32
Access time:
Size: 22528 bytes, 22.0 KB
MD5: 58b64638cd5238a242aa3da38ae0a7e8
Sha1: 2374b07e4b46240b0cea26afaccab4c5801e0fb5
CRC32: 2a703824
Kaspersky reportsTrojan-PSW.Win32.OnLineGames.hjlThe rising report isTrojan. psw. win32.wlonline. JJP
File Description: C:/Windows/system32/tldoor0.dll
Attribute: ---
An error occurred while obtaining the file version information!
Creation Time: 0:52:32
Modification time: 0:52:32
Access time:
Size: 15360 bytes, 15.0 KB
MD5: 50afb80b719fdfc6bee2cf23ad63c3b7
Sha1: 44272d82f7f89b7feabd03c4d750ed718f9fc88c
CRC32: c7f0c205
Kaspersky reportsTrojan-PSW.Win32.OnLineGames.hjiThe rising report isTrojan. psw. win32.gameonline. YJ
File Description: C:/Windows/system32/wddoor0.dll
Attribute: ---
An error occurred while obtaining the file version information!
Creation Time: 0:52:32
Modification time: 0:52:32
Access time:
Size: 15872 bytes, 15.512 KB
MD5: 87433d5e46382410948a23b45ae7fd3e
Sha1: 5dce6aa47e0154c250459a8f6786feb16b96d722
CRC32: ca94ccf7
Kaspersky reportsTrojan-PSW.Win32.OnLineGames.hjjThe rising report isTrojan. psw. win32.asktao. EI
File Description: C:/Windows/system32/rxdoor0.dll
Attribute: ---
An error occurred while obtaining the file version information!
Creation Time: 0:52:32
Modification time: 0:52:32
Access time:
Size: 15872 bytes, 15.512 KB
MD5: 872c9ed2aa1_c9%e3e884d8263c7
Sha1: 78a876319f5c%e3bac4e2c0420fc28caebd3c0
CRC32: 0ff2119b
Kaspersky reportsTrojan-PSW.Win32.OnLineGames.hjhThe rising report isTrojan. psw. win32.gameonline. Yi
File Description: C:/Windows/system32/qjdoor0.dll
Attribute: ---
An error occurred while obtaining the file version information!
Creation Time: 0:52:32
Modification time: 0:52:32
Access time:
Size: 23040 bytes, 22.512 KB
MD5: 49360a574d8918f4cd7a817b04576b67
Sha1: 5b7611e7398d7be67c3b8e6effef4f3ec69c544f
CRC32: 9daa7156
Kaspersky reportsTrojan-Downloader.Win32.Agent.fbcThe rising report isTrojan. psw. win32.gameonline. AAR
File Description: C:/Windows/system32/dh3oor0. dll
Attribute: ---
An error occurred while obtaining the file version information!
Creation Time: 0:52:32
Modification time: 0:52:32
Access time:
Size: 15360 bytes, 15.0 KB
MD5: 4d28e010062eae4b0664a0878cc422ea
Sha1: c55735f127280cc583453e56268e13b427146c78
CRC32: 7d567d6e
Kaspersky reportsTrojan-PSW.Win32.OnLineGames.hjcThe rising report isTrojan. psw. win32.xyonline. rk
File Description: C:/Windows/system32/dadoor0.dll
Attribute: ---
An error occurred while obtaining the file version information!
Creation Time: 0:52:32
Modification time: 0:52:32
Access time:
Size: 14336 bytes, 14.0 KB
MD5: 44aa674d04dc698e55dfeceda2aa8215
Sha1: d953758eb8cbce787e794e61378d45f06b1c630a
CRC32: 5706f79e
Kaspersky reportsTrojan-PSW.Win32.OnLineGames.hjbThe rising report isTrojan. psw. win32.xyonline. RG
File Description: C:/Windows/system32/wgdoor0.dll
Attribute: ---
An error occurred while obtaining the file version information!
Creation Time: 0:52:32
Modification time: 0:52:32
Access time:
Size: 24576 bytes, 24.0 KB
MD5: 95336d0e0b8d18dad8ba8870ee2915f1
Sha1: fda6a85cd29db5f953d1d38cde709c04ed004063
CRC32: 078656f1
Kaspersky reportsTrojan-PSW.Win32.OnLineGames.hncThe rising report isTrojan. psw. win32.wlonline. jjq
File Description: C:/Windows/system32/wldoor0.dll
Attribute: ---
An error occurred while obtaining the file version information!
Creation Time: 0:52:32
Modification time: 0:52:32
Access time:
Size: 22528 bytes, 22.0 KB
MD5: 12920baeff5c8056654f80cf31e78cb8
Sha1: 253fc0b6cda8b09af7e161ee649af0e97e797d9a
CRC32: 7b06a554
Kaspersky reportsTrojan-PSW.Win32.OnLineGames.hmcThe rising report isTrojan.ps?win32.roconline.cn
File Description: C:/Windows/system32/csdoor1.dll
Attribute: ---
An error occurred while obtaining the file version information!
Creation Time: 0:52:32
Modification time: 0:52:32
Access time:
Size: 14848 bytes, 14.512 KB
MD5: c90f614bf473a9775619aa1f15fcf844
Sha1: bda-388caf6915066287ff23afd3d2bc3d5a3f85
CRC32: 858e0c85
File Description: C:/Windows/system32/55551.dll
Attribute: ---
An error occurred while obtaining the file version information!
Creation Time: 0:52:32
Modification time: 0:52:32
Access time:
Size: 15872 bytes, 15.512 KB
MD5: 006331654f665f76cf270784174ef563
Sha1: 2d1bd53358d4159210f09b61bc3f8faa142f14c4
CRC32: c8284a78
Kaspersky reportsTrojan-PSW.Win32.OnLineGames.ifiThe rising report isTrojan. psw. win32.gameonline. AIB
File Description: C:/Windows/system32/wodoor1.dll
Attribute: ---
An error occurred while obtaining the file version information!
Creation Time: 0:52:32
Modification time: 0:52:32
Access time:
Size: 26112 bytes, 25.512 KB
MD5: 25da-c9ba9b5dbd974d0ee51bebae3f4
Sha1: 3ce1e236071c86a8fd978adf494a0952e2825453
CRC32: 9cfbd8d9
Kaspersky reportsTrojan-PSW.Win32.OnLineGames.ijrThe rising report isTrojan. psw. win32.gameonline. YL
File Description: C:/Windows/system32/mhdoor0.dll
Attribute: ---
An error occurred while obtaining the file version information!
Creation Time: 0:52:32
Modification time: 0:52:32
Access time:
Size: 15360 bytes, 15.0 KB
MD5: d36d63624d45f67ea88ef61c87b2b7f0
Sha1: b8019ff4ccd780883a48e43832a7e18abd9e7c2b
CRC32: 35976595
RisingTrojan. psw. win32.xyonline. Su
File Description: C:/program files/Internet Explorer/onlo0r. dll
Property: ash-
Language: Chinese (China)
File version: 1. 0. 0. 1
Note: Microsoft Corporation windows DLL
Copyright: Copyright (c) 2001.01
Note:
Product Version: 6.00.2900.3028
Product Name: Microsoft Windows Operating System
Company Name: Microsoft Corporation
Legal trademark:
Internal name: Windows. dll
Source File Name: Windows. dll
Creation Time: 11:33:46
Modification time: 15:23:24
Access time:
Size: 29231 bytes, 28.559 KB
MD5: 666a8d0c0a08e9fd26308907513867d0
Sha1: f44bc0113567d4b8c6dcbf25fa6a91bbb4e6dd18
CRC32: 53b000085
Kaspersky reportsTrojan-PSW.Win32.OnLineGames.hlzThe rising report isTrojan. psw. win32.gameonline. aiy
File Description: F:/Windows. scr
Property: ash-
An error occurred while obtaining the file version information!
Creation Time:
Modification time: 11:33:44
Access time:
Size: 29743 bytes, 29.47 KB
MD5: 663fee4d50f624ac0b7c316e72ea84d1
Sha1: 6f94fa55441f06d421010b5ee07be747a922f779
CRC32: 4de8d2e2
Kaspersky reportsTrojan-PSW.Win32.Delf.aheThe rising report isTrojan. psw. win32.gameonline. aaq"Upx_c
File Description: D:/xxyxyjk.exe
Property: ash-
An error occurred while obtaining the file version information!
Creation Time:
Modification time: 16:13:24
Access time:
Size: 32097 bytes, 31.353 KB
MD5: 4e0dfa218e7624ef01822e2b6b8f480c
Sha1: 881d2840f41e7c5b22dd914b479f35f636b947d6
CRC32: 2fca6eb1
Kaspersky reportsVirus. win32.downloader. QThe rising report isWin32.loader. c
File Description: C:/program files/common files/fjos0r. dll
Property: ash-
Language: Chinese (China)
File version: 1. 0. 0. 1
Note: Microsoft Corporation windows DLL
Copyright: Copyright (c) 2001.01
Note:
Product Version: 6.00.2900.3028
Product Name: Microsoft Windows Operating System
Company Name: Microsoft Corporation
Legal trademark:
Internal name: Windows. dll
Source File Name: Windows. dll
Creation Time: 11:33:46
Modification time: 11:33:48
Access time:
Size: 35887 bytes, 35.47 KB
MD5: f3769529b003f02af4d3217667a72eab
Sha1: 759ea0ecebeb7874d85159909831eaf06ec73225
CRC32: ada819f9
Kaspersky reportsTrojan-PSW.Win32.Delf.ahgThe rising report isTrojan. psw. win32.delf. pnw
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
