In addition, Trojan. psw. win32.qqpass, Trojan. psw. win32.gameol, etc. 2
EndurerOriginal 2008-06-161Version
(Step 1)
Download fileinfo, bat_do from the http://purpleendurer.ys168.com.
Use fileinfo to extract the information of the red files in the log, add or drag the red files in the log into bat_do, select all, use RAR to compress the backup, delay the deletion, and change the file name, delayed deletion.
Download and install the rising Card Security Assistant and clear 18 rogue software,
Switch to [advanced functions]-> [IE and system repair], and click the repair button to repair o6.
Switch to [advanced functions]-> [plug-in management and uninstallation], find the corresponding items of O2 and o24 groups by file name, and uninstall them;
Switch to [advanced functions]-> [system startup Item Management],
Click [logon items] on the left, find the project corresponding to the O4 item on the right, right-click, and select Delete from the pop-up menu.
Click [Application initialization dynamic Connection Library] on the left, find the corresponding o20 items on the right, right-click, and choose delete from the pop-up menu.
Click [service items] and [Driver] on the left, find the corresponding items in the o23 group, right-click, and choose delete from the pop-up menu.
Click [Application hijacking items] on the left, find the O26 items on the right, right-click, and choose delete from the pop-up menu.
Use WinRAR to delete windows temporary folders, ie temporary folders, and files that can be deleted in C:/Windows/prefetch.
Restart the computer to safe mode, and then check for suspicious files and items. If there are any residual items, follow the above method to continue processing, restart the computer, enter safe mode, and then check again, until files and projects are no longer displayed.
Some Virus File Information:
File Description: C:/Windows/system32/sysdajchv. DLL property: A --- Digital Signature: No PE file: Language: Chinese (Chinese) file version: 5.1.2600.3099 Description: Windows XP msplay api dll copyright: (c) Microsoft Corporation. all rights resad. note: Product Version: 5.1.2600.3099 (xpsp_sp2_gdr.070308-0222) Product Name: Microsoft (r) Windows (r) Operating System Company Name: Microsoft Corporation Legal trademark: Microsoft internal name: msplay32 source file name: msplay32 Creation Time: 10:24:47 modification time: Size: 21515 bytes 21.11 kbmd5: 5aeb73a45194df8305d06b26b38f417fsha1: pushed: 5015d72c
File Description: C:/Windows/system32/msosptfs01.dll attribute: ash-Digital Signature: No PE file: failed to get file version information size! Creation Time: modification time: Size: 11093 bytes 10.853 kbmd5: c7daa3b0cb9a65fb94220b49e55e5c3esha1: pushed: c15efe24
File Description: C:/Windows/system32/msoscqet01.dll attribute: ash-Digital Signature: No PE file: failed to get file version information size! Creation Time: modification time: Size: 6977 bytes 6.833 kbmd5: d9b668354f7caf9cc57184e0ecd06b29sha1: pushed: 6c833147
The Kaspersky report is Trojan. win32.agent. RCN, and the rising report is Trojan. psw. win32.gameol. nyg.
File Description: C:/Windows/system32/msosfasq01.dll attribute: ash-Digital Signature: No PE file: failed to get file version information size! Creation Time: 10:24:37 modification time: 10:24:37 size: 8219 bytes 8.27 kbmd5: 1894a215ef00375717c7756c56c450dcsha1: pushed: 42816eea
File Description: C:/Windows/system32/msosping01.dll attribute: ash-Digital Signature: No PE file: failed to get file version information size! Creation Time: 10:24:17 modification time: Size: 6924 bytes 6.780 kbmd5: Fingerprint: f8ace73c5abf3ed414213365f3597b1de3ee11eacrc32: f9f9ef3b
File Description: C:/Windows/system32/msoscqit00.dll attribute: ash-Digital Signature: No PE file: failed to get file version information size! Creation Time: 11:29:26 modification time: Size: 6963 bytes 6.819 kbmd5: 755090b2639060725c978c4d0311d089sha1: Signature: a26561e7
File Description: C:/Windows/system32/msosjtio00.dll attribute: ash-Digital Signature: No PE file: failed to get file version information size! Creation Time: 11:32:36 modification time: 15:21:49 size: 8537 bytes 8.345 kbmd5: 1be14da3d80e6e23b6fa5633c1784ef0sha1: pushed: 878cda75
File Description: C:/Windows/system32/msosfmsq01.dll attribute: ash-Digital Signature: No PE file: failed to get file version information size! Creation Time: 15:58:15 modification time: Size: 8221 bytes 8.29 kbmd5: d30aa2ee3c8a77acea4d9a303a6e4030sha1: Authorization: 0546cde4
Kaspersky report for Trojan-PSW.Win32.OnLineGames.alpo, rising for Trojan. psw. win32.gameol. nyc
File Description: C:/Windows/system32/msosjtfo01.dll attribute: ash-Digital Signature: No PE file: failed to get file version information size! Creation Time: 10:24:57 modification time: 10:24:56 size: 8548 bytes 8.356 kbmd5: 00e896dfe689c74dba715f2daf48701bsha1: large: 8c364ab8
File Description: C:/Windows/system32/msosdrop00.dll attribute: ash-Digital Signature: No PE file: failed to get file version information size! Creation Time: 17:29:21 size: 14025 bytes 13.713 kbmd5: 9952d12f94f4eab7875288b99b30f11esha1: pushed: 54bd1224
File Description: C:/Windows/system32/ytewcxzsw. dll attribute: A --- Digital Signature: No PE file: failed to get file version information size! Creation Time: modification time: Size: 41244 bytes 40.284 kbmd5: e8acecc0046812316209eede9a743afcsha1: 5E: 036f76f0
Kaspersky report for Trojan-PSW.Win32.OnLineGames.angp, rising for Trojan. psw. win32.gameol. Nzo
File Description: C:/Windows/system32/wwwwww. dll attribute: A --- Digital Signature: No PE file: failed to get file version information! Creation Time: 10:18:42 modification time: 10:18:42 size: 41244 bytes 40.284 kbmd5: e8acecc0046812316209eede9a743afcsha1: pushed: 036f76f0
File Description: C:/Windows/system32/qqqqqq. dll attribute: A --- Digital Signature: No PE file: failed to get file version information! Creation Time: 16:29:38 modification time: 16:29:38 size: 41244 bytes 40.284 kbmd5: e8acecc0046812316209eede9a743afcsha1: pushed: 036f76f0
File Description: C:/Windows/system32/gggggg. dll attribute: A --- Digital Signature: No PE file: failed to get file version information! Creation Time: 8:11:23 modification time: 8:11:23 size: 41244 bytes 40.284 kbmd5: e8acecc0046812316209eede9a743afcsha1: pushed: 036f76f0
File Description: C:/Windows/system32/kduonz. dll attribute: A --- Digital Signature: No PE file: failed to get file version information size! Creation Time: 8:11:30 modification time: 8:11:30 size: 27948 bytes 27.300 kbmd5: f7e9e1cadc225b23e866c888656575ddsha1: latest: 6014d6e7
File Description: C:/Windows/system32/Oooooooo. dll attribute: A --- Digital Signature: No PE file: failed to get file version information! Creation Time: 14:57:29 modification time: 14:57:29 size: 41244 bytes 40.284 kbmd5: e8acecc0046812316209eede9a743afcsha1: pushed: 036f76f0
File Description: C:/Windows/system32/cccccc. dll attribute: A --- Digital Signature: No PE file: failed to get file version information! Creation Time: modification time: Size: 41244 bytes 40.284 kbmd5: e8acecc0046812316209eede9a743afcsha1: 036f76f0
File Description: C:/Windows/system32/eeeeee. dll attribute: A --- Digital Signature: No PE file: failed to get file version information! Creation Time: modification time: Size: 41244 bytes 40.284 kbmd5: e8acecc0046812316209eede9a743afcsha1: 5E: 036f76f0
Kaspersky report for Trojan-PSW.Win32.OnLineGames.angp, rising for Trojan. psw. win32.gameol. Nzo
File Description: C:/Windows/system32/mmmmmm. dll attribute: A --- Digital Signature: No PE file: failed to get file version information! Creation Time: 10:29:38 modification time: 10:29:38 size: 41244 bytes 40.284 kbmd5: e8acecc0046812316209eede9a743afcsha1: pushed: 036f76f0
File Description: C:/Windows/system32/tttttt. dll attribute: A --- Digital Signature: No PE file: failed to get file version information! Creation Time: 15:26:26 modification time: 15:26:26 size: 41244 bytes 40.284 kbmd5: e8acecc0046812316209eede9a743afcsha1: pushed: 036f76f0
File Description: C:/Windows/system32/xxxxxx. dll attribute: A --- Digital Signature: No PE file: failed to get file version information! Creation Time: 8:14:16 modification time: 8:14:16 size: 41244 bytes 40.284 kbmd5: e8acecc0046812316209eede9a743afcsha1: pushed: 036f76f0
Kaspersky report for Trojan-PSW.Win32.OnLineGames.angp, rising for Trojan. psw. win32.gameol. Nzo
File Description: C:/Windows/ssssss.exe attribute: A --- Digital Signature: No PE file: Is to get the file version information size failed! Creation Time: 10:17:28 modification time: 10:18:41 size: 20252 bytes 19.796 kbmd5: d79fdd120cda8beeaec9bcf2bada0bdesha1: pushed: b5c5ecc0
Kaspersky report for Trojan-PSW.Win32.OnLineGames.angb, rising report for Trojan. psw. win32.gameol. NZJ
File Description: C:/Windows/juejwcx.exe attribute: A --- Digital Signature: No PE file: failed to get file version information! Creation Time: 10:12:36 modification time: 10:22:27 size: 21780 bytes 21.276 kbmd5: 7148091c01094668e5f623642191f98dsha1: 5E: 7d3f381e
Kaspersky report for Trojan-PSW.Win32.OnLineGames.anga, rising report for Trojan. psw. win32.gameol. NZJ
File Description: C:/Windows/isscs32.exe attribute: A --- Digital Signature: No PE file: failed to get file version information! Creation Time: modification time: Size: 19744 bytes 19.288 kbmd5: 35ab9cc1fa8a38c8beaf1227caf6a1a4sha1: 6a91e601
Kaspersky report for Trojan-PSW.Win32.OnLineGames.aoaj, rising for Trojan. psw. win32.gameol. NYT
File Description: C:/Windows/dbhlp32.exe attribute: A --- Digital Signature: No PE file: failed to get file version information! Creation Time: 11:30:13 modification time: 10:21:11 size: 18613 bytes 18.181 kbmd5: c382aa3fafe688986f88109a2519dddbsha1: Signature: cd9d245b
Kaspersky report for Trojan-PSW.Win32.OnLineGames.almz, rising for Trojan. psw. win32.gameol. NVB
File Description: C:/Windows/rktdwvur.exe attribute: A --- Digital Signature: No PE file: failed to get file version information! Creation Time: 11:30:34 modification time: 10:21:39 size: 19732 bytes 19.276 kbmd5: 3661c0a8878c7895ea52e64f3f9fa685sha1: pushed: 79cf3530
Kaspersky report for Trojan-PSW.Win32.OnLineGames.aods, rising for Trojan. psw. win32.gameol. NXL
File Description: C:/Windows/ptshell.exe attribute: A --- Digital Signature: No PE file: The file version size cannot be obtained! Creation Time: 11:30:43 modification time: 10:21:55 size: 18945 bytes 18.513 kbmd5: 1600e2bc8b48b7b4044d668d3f32d756sha1: 5E: a01473f0
Kaspersky report for Trojan-PSW.Win32.OnLineGames.ajsr, rising for Trojan. psw. win32.gameol. nsq
File Description: C:/Windows/tciocp64.exe attribute: A --- Digital Signature: No PE file: failed to get file version information! Creation Time: 18:30:19 modification time: Size: 19744 bytes 19.288 kbmd5: 12a3b7171c483335cb3e880172634e0bsha1: pushed: 3ae69d45
Kaspersky report for Trojan-PSW.Win32.OnLineGames.ampd, rising for Trojan. psw. win32.gameol. NXL
File Description: C:/Windows/wrew2ds.exe attribute: A --- Digital Signature: No PE file: failed to get file version information! Creation Time: 10:24:27 modification time: Size: 19736 bytes 19.280 kbmd5: f2ff4608a5d9471b86f0cc0cb04683e3sha1: 05428349
Kaspersky report for Trojan-PSW.Win32.OnLineGames.amzo, rising report for Trojan. psw. win32.gameol. NZJ
File Description: C:/Windows/zsftym.exe attribute: A --- Digital Signature: No PE file: failed to get file version information! Creation Time: 10:29:50 modification time: Size: 20252 bytes 19.796 kbmd5: a6be090dcd0ac42f0062bdfae3fddee0sha1: 5E: 2f5bf502
Kaspersky report for Trojan-PSW.Win32.OnLineGames.amzo, rising for Trojan. psw. win32.gameol. NXL
File Description: C:/Windows/wplbxy.exe attribute: A --- Digital Signature: No PE file: failed to get file version information! Creation Time: 10:30:23 modification time: Size: 20252 bytes 19.796 kbmd5: a6be090dcd0ac42f0062bdfae3fddee0sha1: 5E: 2f5bf502
Kaspersky report for Trojan-PSW.Win32.OnLineGames.amog, rising for Trojan. psw. win32.gameol. NXL
File Description: C:/Windows/uglapz.exe attribute: A --- Digital Signature: No PE file: failed to get file version information! Creation Time: 17:28:20 modification time: 15:20:52 size: 20252 bytes 19.796 kbmd5: a6be090dcd0ac42f0062bdfae3fddee0sha1: 5E: 2f5bf502
Kaspersky report for Trojan-PSW.Win32.OnLineGames.amog, rising for Trojan. psw. win32.gameol. NXL
File Description: C:/Windows/ticisms.exe attribute: A --- Digital Signature: No PE file: The file version size cannot be obtained! Creation Time: 11:31:12 modification time: Size: 21780 bytes 21.276 kbmd5: f24333bc94b7d11108a1be2e06d28b05sha1: pushed: f5cf6a98
Kaspersky report for Trojan-PSW.Win32.OnLineGames.amoh, rising for Trojan. psw. win32.gameol. NXL
File Description: C:/Windows/dndsioc.exe attribute: A --- Digital Signature: No PE file: failed to get file version information! Creation Time: 18:30:36 modification time: 17:29:15 size: 19732 bytes 19.276 kbmd5: 94a11c32ae5f10aa3496662f9a5893b6sha1: 5E: de63567c
Kaspersky report for Trojan-PSW.Win32.OnLineGames.amoy, rising for Trojan. psw. win32.gameol. NXL
File Description: C:/Windows/isndntio.exe attribute: A --- Digital Signature: No PE file: failed to get file version information! Creation Time: 13:14:48 modification time: 10:25:16 size: 17172 bytes 16.788 kbmd5: 1fd74013ee1c0a7ad6edcaf49b5213basha1: pushed: b8afeeec
Kaspersky report for Trojan-PSW.Win32.Agent.aof, rising for Trojan. psw. win32.gameol. NXL
File Description: C:/Windows/wipxcdec.exe attribute: A --- Digital Signature: No PE file: failed to get file version information! Creation Time: 17:29:21 modification time: 17:29:20 size: 19744 bytes 19.288 kbmd5: 8f11c7a1dc7aa733b97cd6b484605d03sha1: Signature: 45fb8852
Kaspersky report for Trojan-PSW.Win32.OnLineGames.aneh, rising report for Trojan. psw. win32.gameol. NZJ
C:/Windows/system32/win. ini contains the list of Trojan URLs to be downloaded.
File Description: C:/program files/Internet Explorer/plugins/dossys08.sys attribute: ash-Digital Signature: No PE file: failed to get the file version information! Creation Time: 17:29:28 modification time: Size: 44669 bytes 43.637 kbmd5: 54262ece2a153c95aed599f657ff70aesha1: large: a031dfb4
Kaspersky report for Trojan-PSW.Win32.QQPass.ccm, rising for Worm. win32.pabug. HL
File Description: C:/program files/Internet Explorer/plugins/dossys16.sys attribute: ash-Digital Signature: No PE file: failed to get the file version information! Creation Time: 18:30:46 modification time: 10:40:26 size: 44668 bytes 43.636 kbmd5: 6905786867e645c401610961a52a288dsha1: pushed: 69213fdd
Kaspersky report for Trojan-PSW.Win32.QQPass.cbk, rising for Worm. win32.pabug. Hi
File Description: C:/program files/Internet Explorer/plugins/dossys16.jmp attributes: A --- Digital Signature: No PE file: failed to get the file version information! Creation Time: 18:30:46 modification time: 17:59:37 size: 30845 bytes 30.125 kbmd5: 37b5f82e4758aecd0b1a3b792ef67091sha1: pushed: 647e1f5c
Kaspersky report for Trojan-PSW.Win32.QQPass.ccl, rising for Trojan. psw. win32.qqpass. dnh