Home > Industries > Computer
Have you installed a Kabbah computer with another card? It turned out to be Trojan-PSW.Win32.QQPass and other theft of Trojan Horse group stem 1
Original endurer
Version 1st
A friend, as a result of a prompt from a QQ doctor, found that he had downloaded Kaspersky 8 from his website and wanted to scan and kill the virus. After the installation was completed, the computer was very stuck and could not be operated ...... Ask him to restart his computer to safe mode with network connection and download drweb cureit! Scan, find out some viruses, start normally, the fault is still ...... Let me help you with troubleshooting ~
Pressing CTRL + ALT + DEL does not respond, as long as you reset the computer, start in safe mode with network connection. Then download the pe_xscan scan log and analyze it. The following suspicious items are found (the same part of the Process Module is omitted ):
Pe_xscan 08-03-27 by Purple endurer
Windows XP Service Pack 2 (5.1.2600)
Administrator user group
Security Mode with network connection
[System process] * 0
C:/Windows/system32/fhdoor1.dll |
C:/Windows/fonts/mndoor0.dll |
C:/Windows/system32/qhdoor1.dll |
C:/Windows/system32/qsdoor0.dll |
C:/Windows/system32/qzdoor0.dll |
C:/Windows/system32/qqdoor0.dll |
C:/Windows/explorer. EXE * 276 | MICROSOFT (r) Windows (r) Operating System | 6.00.2900.3156 | Windows Explorer | (c) Microsoft Corporation. all rights reserved. | 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234) | Microsoft Corporation |? | Explorer | EXPLORER. EXE
C:/Windows/system32/qhdoor1.dll |
C:/program files/Internet Explorer/onlo0r. DLL | 0:36:54 | Microsoft Windows operating system | 6.00.2900.3028 | Microsoft Corporation windows DLL | copyright (c) 2001.01 | 1. 0. 0. 1 | Microsoft Corporation |? | Windows. dll | Windows. dll
C:/Windows/fonts/mndoor0.dll |
C:/Windows/system32/qqdoor0.dll |
C:/Windows/system32/qzdoor0.dll |
C:/Windows/system32/qsdoor0.dll |
C:/Windows/system32/fhdoor1.dll |
O2-BHO-{C2626E66-D21B-E628-C1DF-1DACCFA36ED2}-C:/program files/common files/fjos0r. dll
O23-service: 6to4 (6to4)-C:/Windows/system32/svchost.exe-K netsvcs-> C:/Windows/system32/6to4ex. dll | (automatic)
O23-service: dvhzso26 (dvhzso26)-system32/Drivers/dvhzso26.sys (pilot)
O23-service: lybvrlcy (lybvrlcy)-system32/Drivers/lybvrlcy. sys (pilot)
O23-service: ngaacn74 (ngaacn74)-system32/Drivers/ngaacn74.sys
O23-service: NPF (netgroup Packet Filter)-system32/Drivers/NPF. sys | Winpcap netgroup Packet Filter Driver | 3, 1, 0, 27 | NPF | copyright? 2005 cace technologies. Copyright? 2003-2005 netgroup, Politecnico di Torino. | 3, 1, 0, 27 | cace technologies | NPF + tme | NPF. sys (manual)
O23-service: vhehnzrh (vhehnzrh)-system32/Drivers/vhehnzrh. sys (pilot)
O24 - ShlExecHook: [] - {CC3596CB-D6C1-ECA1-AE51-DEEA63F6C21C} = C:/Program Files/Internet Explorer/OnlO0r.dll
O24 - ShlExecHook: [1] - {3980134C-D24C-4857-973F-3A08BE8D7E41} = C:/WINDOWS/system32/tlsosa1.dll
O24 - ShlExecHook: [D] - {ABD0935D-B35A-47BD-BA9A-81678DDE74DD} = C:/WINDOWS/system32/qhdoor1.dll
O24 - ShlExecHook: [8] - {61C1B9CE-1A6F-4994-B4A4-0E7C99AD4C28} = C:/WINDOWS/Fonts/mndoor0.dll
O24 - ShlExecHook: [F] - {D64AC2E4-95B1-40DD-90D9-0C60F7CA64BF} = C:/WINDOWS/system32/qqdoor0.dll
O24 - ShlExecHook: [7] - {49C496E9-732D-4F5D-BEE9-EC113FAA1C97} = C:/WINDOWS/system32/qzdoor0.dll
O24 - ShlExecHook: [1] - {C26A8AB5-B935-400C-A152-0488714725B1} = C:/WINDOWS/system32/qsdoor0.dll
O24 - ShlExecHook: [3] - {80F15C30-5E9D-4CB9-BE85-F3D5564C6F83} = C:/WINDOWS/system32/fhdoor1.dll
It turns out to be ?? Door ?. DLL-series account theft Trojans are being attacked ......
(To be continued)
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
