Fontsapcum. dll, aaudstum. sys, hbkernel. sys, hev32_c.sys, windows64.sys, etc. 2

Fontsapcum. dll, aaudstum. sys, hbkernel. sys, hev32_c.sys, windows64.sys, etc. 2

Original endurer
2008-07-26 1st

From the pe_xscan log, we can see that the malicious program has hijacked the ctfmon.exe image of the Management Program, that is:

 

O26-ifeo: ctfmon.exe-> soundman.exe

If ctfmon.exe fails to run, the input method icon cannot be displayed.

 

As a friend is eager to use the computer, he will not capture the sample and use the rising Kaka Security Assistant to clear the startup Item directly.

Open the rising Card Security Assistant, automatically detect 9 malware, and clean up.
Switch to [advanced functions]

Select [plug-in management and uninstall] To uninstall items O2 and o24.

Switch to [system startup Item Management], click [service item] and [Driver] on the left, find the corresponding items in the o23 group, right-click, and choose delete from the pop-up menu.

Click [Application hijacking items] on the left, find the O26 items on the right, right-click, and choose delete from the pop-up menu.

Use WinRAR to delete windows temporary folders, ie temporary folders, and files that can be deleted in C:/Windows/prefetch.

Download hijackthis from http://endurer.ys168.com and fix o11.

Check and find that the ctfmon.exe on the computer is missing. Copy one from the other computer and put it under C:/Windows/system32. Then start-> Run and enter ctfmon.exe. OK. The input method icon has finally appeared ~