EndurerOriginal
2006-12-121Version
According to an email sent by a bit, his computer has been reported to have detected backdoor. gpigeon. uql each time the system started rising since January 1, December 1, with logs scanned by hijackthis.
The following suspicious items are found in the log:
/---------
C:/Windows/camerafixer.exe
O4-startup Item HKLM // run: [camerafixer] C:/Windows/camerafixer.exe
O21-ssodl: policime-{724c75f1-b757-408d-a50a-4cf99da35d73}-(no file)
O21-ssodl: themeadp-{64274c93-3ce7-4663-9c8d-cd2dc8a3590b}-C:/Windows/system32/themeadp. dll
O23-NT Service: hpdj-unknown owner-C:/docume ~ 1/Acer/locals ~ 1/temp/hpdj.exe (file missing)
O23-NT Service: wondwewew (zookeeper Service)-unknown owner-C:/Windows/pinsewe.com.cn. ini
---------/
The recommended solution is as follows:
Stop and disable the service:
Hpdj
Wondwewew)
Restart your computer to safe Mode
Use WinRAR to find the following files and package them for backup and then delete them:
C:/docume ~ 1/Acer/locals ~ 1/temp/hpdj.exe
C:/Windows/pinsewe.com.cn. ini
C:/Windows/system32/themeadp. dll
In addition, C:/Windows/camerafixer.exe. If you are not sure about its functions/usage, you must package the backup and delete it.
Use hijackthis to repair the items listed above, Where
O4-startup Item HKLM // run: [camerafixer] C:/Windows/camerafixer.exe
This item needs to be determined by yourself.
Clear temporary ie folders and temporary Windows folders
Restart your computer and send the backup file to the endurer@163.com.