Home > Others

In the event of vchelp.exe, videodevice.dll, swchost.exe, I %e32.sys, etc. 2

Source: Internet
Author: User
Tags crc32
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

In the event of vchelp.exe, videodevice.dll, swchost.exe, I %e32.sys, etc. 2
 
EndurerOriginal
1Version

(Step 1)
Some projects in log are

Trojan. psw. win32.gameonline, Trojan. psw. win32.qqpass, etc.
Http://endurer.bokee.com/6538972.html
Http://blog.csdn.net/Purpleendurer/archive/2007/11/20/1895534.aspx
Http://blog.nnsky.com/blog_view_230360.html
Http://blog.sina.com.cn/s/blog_49926d9101000cal.html

.

Download fileinfo and bat_do to the http://purpleendurer.ys168.com.

Use fileinfo to extract the file information and use bat_do to package the backup.

Add the virus file to bat_do, select all, and delete it in a delayed manner.

Uninstall the General website and Chinese website.

Use WinRAR to delete windows temporary folders, ie temporary folders, and files that can be deleted in D:/Windows/prefetch.

Download and install the iov cc Security Assistant.

Restart your computer to safe mode,
Run the Security Assistant of Rising Star card and then go to [basic functions]-> [scan and kill malicious and rogue software] to scan and clean up rogue software.
Then, in [advanced functions]-> [plug-in management and uninstallation], uninstall the O2 and o24 items.
In [advanced functions]-> [system enable item management], click [logon item] on the left, find the project corresponding to the O4 item on the right, right-click, select Delete from the pop-up menu;
Find and double-click the project corresponding to F2. In the open registry editor, double-click the shell item on the right to change: assumer.exe vchelp.exe to: assumer.exe;
Click [service items] and [Driver] on the left, find the o23 project on the right, right-click it, and choose delete from the pop-up menu;
Click [Application hijacking items] on the left, find the O26 items on the right, right-click, and choose delete from the pop-up menu.
In [advanced functions]-> [IE and system repair], the o10 and HKLM/showall values are not 1.
.

Restart your computer ......

Partial file information:

File description:C:/conime.exe
Attribute: ---
An error occurred while obtaining the file version information!
Creation Time: 2000-10-22
Modification time: 2000-10-22
Access time:
Size: 18432 bytes, 18.0 KB
MD5: 339e5d40f73d292bde58e1a6c36a85c5
Sha1: c6f855abd664294a9f6c204d36d83f17085bb77b
CRC32: 9bb82159

Kaspersky reportsTrojan-PSW.Win32.OnLineGames.dokThe rising report isTrojan. psw. win32.shanda. AA

File description:C:/pegefile. pif
Property:-sh-
An error occurred while obtaining the file version information!
Creation Time: 12:12:50
Modification time:
Access time:
Size: 16942 bytes, 16.558 KB
MD5: b4b405e1b972b9f620b527ddf4a7a6c6
Sha1: 4c1b7833f8d92925dd5715c5ed13fd10078c08db
CRC32: 10208436

Kaspersky reportsWorm. win32.qqpass. cThe rising report isTrojan. psw. win32.agent. VCD

D:/pegefile. pif,E:/pegefile. pif,F:/pegefile. PIF is the same as C:/pegefile. PIF.

File description:D:/myplayer.com
Property:-SHR
An error occurred while obtaining the file version information!
Creation Time: 13:11:46
Modification time: 13:11:26
Access time:
Size: 98148 bytes, 95.868 KB
MD5: d3055a4958066901169daca4a49e60d8
Sha1: 0372868a5b2bd8a1511e4d0ec95387ff5c85ac89
CRC32: 201b61c4

File description:D:/sos.exe
Property:-SHR
An error occurred while obtaining the file version information!
Creation Time: 2000-11-10 17:39:40
Modification time: 17:34:40
Access time:
Size: 27136 bytes, 26.512 KB
MD5: e57dba78545e79d99653f38c34ee0a28
Sha1: 8830626696df74d9578d37af8671403dc89c13b8
CRC32: ae94a949

Kaspersky reportsTrojan-Downloader.Win32.Liha. BThe rising report isWorm. win32.agent. zbi

E:/Sos.exe,F:/sos.exe is the same as D:/sos.exe.

File description:E:/autorun.exe
Property:-sh-
An error occurred while obtaining the file version information!
Creation Time: 13:16:53
Modification time: 18:12:38
Access time:
Size: 33415 bytes, 32.647 KB
MD5: 4167f923a354c63e5e1583f68a6d934a
Sha1: 753952e1dfe9e24b6e39bfc9c5e48b1dd0ee9771
CRC32: dfc2028a

Kaspersky reportsTrojan-PSW.Win32.QQPass.aljThe rising report isWorm. win32.pabug. DM

File description:C:/program files/Internet Explorer/iw.e32.bbs
Property: ash-
An error occurred while obtaining the file version information!
Creation Time:
Modification time: 20:14:10
Access time:
Size: 29305 bytes, 28.633 KB
MD5: 75d6f6bbe149275f2fdca16b27b4cc76
Sha1: 0300a166d195dc1eb2d83a0c165aee5aedc1191b
CRC32: b4066bae

Kaspersky reportsTrojan-Spy.Win32.Delf.areThe rising report isTrojan. Clicker. win32.agent. YNC

File description:C:/program files/Internet Explorer/iexplore32.dak
Property: ash-
An error occurred while obtaining the file version information!
Creation Time: 20:14:11
Modification time: 20:14:12
Access time:
Size: 30347 bytes, 29.651 KB
MD5: 65871e6e89fef5b19403f4047cc99ce9
Sha1: a8ae7d98816cf5a12280cd372ab258d8777022e3
CRC32: 0023c028

File description:C:/program files/Internet Explorer/iw.e32.dat
Property: ash-
An error occurred while obtaining the file version information!
Creation Time: 1:42:50
Modification time: 19:46:34
Access time:
Size: 35484 bytes, 34.668 KB
MD5: f67cab463e88109c0b83c6cbb8e37248
Sha1: 0906877e9f793f5a9be23dd6e1a0a3352eccee67
CRC32: 5e1609ac

File description:C:/program files/Internet Explorer/iw.e32.ime
Property:-sh-
An error occurred while obtaining the file version information!
Creation Time: 1:32:39
Modification time: 20:14:12
Access time:
Size: 23691 bytes, 23.139 KB
MD5: 1708e8b3c197e930f6f94d9faec68db0
Sha1: 4bda-be00f6dbba278349a85ee8b334076a66c14
CRC32: a3cce36c

File description:C:/program files/Internet Explorer/iw.e32.jmp
Attribute: ---
An error occurred while obtaining the file version information!
Creation Time: 1:42:50
Modification time:
Access time:
Size: 26268 bytes, 25.668 KB
MD5: 8b305a4ee3e3c2d46480c7a9b003c624
Sha1: 411cc470e43d4850e62143177f2fda-f12f6b2
CRC32: f95afbe8

File description:C:/program files/Internet Explorer/iw.e32.new
Property:-sh-
An error occurred while obtaining the file version information!
Creation Time: 1:42:50
Modification time: 20:14:10
Access time:
Size: 23673 bytes, 23.121 KB
MD5: 969b3c672ea520a8cc1_a6be78c836
Sha1: 72b978faa6f7c9945432aa793a3ca177b6132cb6
CRC32: ee5867f1

File description:C:/program files/Internet Explorer/iw.e32.sys
Property: ash-
An error occurred while obtaining the file version information!
Creation Time: 1:32:39
Modification time: 19:46:56
Access time:
Size: 30347 bytes, 29.651 KB
MD5: 65871e6e89fef5b19403f4047cc99ce9
Sha1: a8ae7d98816cf5a12280cd372ab258d8777022e3
CRC32: 0023c028

File description:C:/program files/Internet Explorer/I %e32.tmp
Property: ash-
An error occurred while obtaining the file version information!
Creation Time:
Modification time:
Access time:
Size: 35484 bytes, 34.668 KB
MD5: f67cab463e88109c0b83c6cbb8e37248
Sha1: 0906877e9f793f5a9be23dd6e1a0a3352eccee67
CRC32: 5e1609ac

File description:C:/program files/Internet Explorer/iw.e32.win
Property: ash-
An error occurred while obtaining the file version information!
Creation Time: 1:42:50
Modification time: 19:46:46
Access time:
Size: 29305 bytes, 28.633 KB
MD5: 75d6f6bbe149275f2fdca16b27b4cc76
Sha1: 0300a166d195dc1eb2d83a0c165aee5aedc1191b
CRC32: b4066bae

File description:C:/program files/Internet Explorer/plugins/newtemp. Bak
Property:-sh-
An error occurred while obtaining the file version information!
Creation Time: 12:12:50
Modification time:
Access time:
Size: 16942 bytes, 16.558 KB
MD5: b4b405e1b972b9f620b527ddf4a7a6c6
Sha1: 4c1b7833f8d92925dd5715c5ed13fd10078c08db
CRC32: 10208436

File description:C:/program files/Internet Explorer/plugins/newtemp. dll
Property: ash-
An error occurred while obtaining the file version information!
Creation Time: 12:12:50
Modification time: 0:29:34
Access time:
Size: 10798 bytes, 10.558 KB
MD5: 8ef8d4e224ecd20b99b49b3d30dc5abd
Sha1: fa7813a7949bf265db2152fde63f323b7b8787d0
CRC32: 452a9db4

File description:C:/program files/Internet Explorer/plugins/ninsys74.sys
Property: ash-
An error occurred while obtaining the file version information!
Creation Time: 12:13:39
Modification time: 0:29:56
Access time:
Size: 45167 bytes, 44.111 KB
MD5: 51c8ec3a7415172d2311fc2599f7015f
Sha1: 5b2d3729d7e5876ef546c7bbbb27180c1b5380eb
CRC32: a3a4f250

RisingWorm. win32.pabug. BC

File description:C:/program files/Internet Explorer/plugins/nvsys74.sys
Property: ash-
An error occurred while obtaining the file version information!
Creation Time: 2000-10-20 20:26:22
Modification time: 0:30:14
Access time:
Size: 45165 bytes, 44.109 KB
MD5: 94ac40bd24975a8c3741a2a6a29d7c76
Sha1: c68100b21855917295c763e40146afc12bfd81
CRC32: 2876216d

File description:C:/program files/Internet Explorer/plugins/nvwin75.jmp
Attribute: ---
An error occurred while obtaining the file version information!
Creation Time: 2000-10-20 20:26:22
Modification time: 2000-10-22
Access time:
Size: 32365 bytes, 31.621 KB
MD5: 53ee797e07614ab9dec5d84df38c9a77
Sha1: 46bd1abcb3fe16c12d02e357737423cd87d2d8f5
CRC32: 3ee1bb19

File description:C:/program files/Internet Explorer/plugins/nyswin75.jmp
Attribute: ---
An error occurred while obtaining the file version information!
Creation Time: 12:13:39
Modification time: 23:36:14
Access time:
Size: 32367 bytes, 31.623 KB
MD5: 62f8deb281aba5a48af67431d7ceba7f
Sha1: 9c8348dea2f5fa843381e57c50cae22860bf472b
CRC32: c81c9f27

File description:C:/Windows/svchost.exe
Property: -- h-
An error occurred while obtaining the file version information!
Creation Time: 23:35:23
Modification time: 23:35:24
Access time:
Size: 45056 bytes, 44.0 KB
MD5: 31ff10f4537757a9940ad43722019826
Sha1: 71ae75669cb32e7fde7fa9000cef3d534cb3df3b
CRC32: ae09d7b2

Kaspersky reportsWorm. win32.downloader. BThe rising report isBackdoor. win32.agent. yjx

File description:C:/Windows/zgpqna.exe
Attribute: ---
An error occurred while obtaining the file version information!
Creation Time: 23:37:50
Modification time: 23:35:48
Access time:
Size: 19456 bytes, 19.0 KB
MD5: 815b954fb528dc95f844694cb8e34e85
Sha1: 04a1aafcd7ca27715be413f16b3b90bc2bb05b0b
CRC32: 7979191e

File description:C:/Windows/agexcx.exe
Attribute: ---
An error occurred while obtaining the file version information!
Creation Time: 23:37:50
Modification time: 20:26:16
Access time:
Size: 15360 bytes, 15.0 KB
MD5: d8e8cbf63a725154cef1842904191c2d
Sha1: 054b101e8fda-ad6a0a130adac33b03a296d8d93
CRC32: 36868106

File description:C:/Windows/winform.exe
Attribute: ---
An error occurred while obtaining the file version information!
Creation Time: 12:13:37
Modification time: 2000-10-22
Access time:
Size: 18432 bytes, 18.0 KB
MD5: 1dec133239203263e8c2620bb3e83c45
Sha1: 20171000020e875409ad71f65cb5cfd059e14ccfe2d
CRC32: d6f1663a

File description:C:/Windows/upxdnd.exe
Attribute: ---
An error occurred while obtaining the file version information!
Creation Time: 12:13:36
Modification time: 2000-10-22
Access time:
Size: 26112 bytes, 25.512 KB
MD5: f94677b2337c0add3e9293b9eb3c874d
Sha1: 5414cb00f5f7eee861da7953ce849d75bb1b884c
CRC32: 441f2456

File description:C:/Windows/wnplfs.exe
Attribute: ---
An error occurred while obtaining the file version information!
Creation Time:
Modification time: 2000-10-22
Access time:
Size: 16896 bytes, 16.512 KB
MD5: 5d68bfd0cb35b329071faa48859eb3bd
Sha1: a9097ec2de792fae2a677c8485c404545fe77c9e
CRC32: 7c49e411

File description:C:/Windows/lyngig.exe
Attribute: ---
An error occurred while obtaining the file version information!
Creation Time: 19:38:15
Modification time: 2000-10-22
Access time:
Size: 15360 bytes, 15.0 KB
MD5: d8e8cbf63a725154cef1842904191c2d
Sha1: 054b101e8fda-ad6a0a130adac33b03a296d8d93
CRC32: 36868106

File description:C:/Windows/msimms32.exe
Attribute: ---
An error occurred while obtaining the file version information!
Creation Time: 12:13:38
Modification time: 2000-10-22
Access time:
Size: 18432 bytes, 18.0 KB
MD5: 339e5d40f73d292bde58e1a6c36a85c5
Sha1: c6f855abd664294a9f6c204d36d83f17085bb77b
CRC32: 9bb82159

File description:C:/Windows/avpsrv.exe
Attribute: ---
An error occurred while obtaining the file version information!
Creation Time: 12:13:42
Modification time: 2000-10-22
Access time:
Size: 17920 bytes, 17.512 KB
MD5: c4103c3746d8c5002f36e8047e2b3ed1
Sha1: 8afe46aee24e37f2618f46e6a188f73167a91486
CRC32: 7d585f04

File description:C:/Windows/kvsc3.exe
Attribute: ---
An error occurred while obtaining the file version information!
Creation Time: 12:13:38
Modification time: 2000-10-22
Access time:
Size: 17408 bytes, 17.0 KB
MD5: 77893004a58b25790627ce9a8ee0bc78
Sha1: 0c8e1f48f1be807231dd1555752aec47519a9232
CRC32: 3334db06

File description:C:/Windows/igm.exe
Property:-sh-
An error occurred while obtaining the file version information!
Creation Time: 12:13:37
Modification time: 2000-10-22
Access time:
Size: 40753 bytes, 39.817 KB
MD5: bee13f2491305ce7193232d088761c86
Sha1: 7a1215eaa2d82fe4fbcea1d6d34fe01e10e16edb
CRC32: 242e107d

File description:C:/Windows/storm.exe
Attribute: ---
An error occurred while obtaining the file version information!
Creation Time: 0:19:27
Modification time: 0:19:28
Access time:
Size: 93184 bytes, 91.0 KB
MD5: bad2ccc70ac3dc4d63ee6ca28f5b20ec
Sha1: d42ed6a9690c0c509af801f909b5a0da8cdde20e
CRC32: 157cfa04

File description:C:/Windows/qqtoolsetup.exe
Attribute: ---
An error occurred while obtaining the file version information!
Creation Time: 0:19:58
Modification time: 2000-10-22
Access time:
Size: 46592 bytes, 45.512 KB
MD5: fa18822154ee63eaab71f1ee96df684a
Sha1: 7252256f858d04d937da-5db5076871441d3f29f
CRC32: 17485a1e

File description:C:/Windows/swchost.exe
Property:-sh-
An error occurred while obtaining the file version information!
Creation Time: 2000-10-22
Modification time: 0:32:32
Access time:
Size: 97073 bytes, 94.817 KB
MD5: 7e550aba8ae176d41321b628a9a55641
Sha1: 8e000077fd61ac16240f200008411cdf6aef56a7c
CRC32: bdf78e5c

Kaspersky reportsTrojan-PSW.Win32.OnLineGames.ftdThe rising report isTrojan. psw. win32.gameonline. HH

File description:C:/Windows/igw.exe
Attribute: ---
An error occurred while obtaining the file version information!
Creation Time: 0:32:39
Modification time: 0:32:40
Access time:
Size: 70449 bytes, 68.817 KB
MD5: 6e3eaa0de1709dea3d4dab2a5d0d0a60
Sha1: df3f7cd80ac083618423aca7819a58b09559651e
CRC32: 7e04dd32

File description:C:/Windows/system32/jfwjoo56.dll
Attribute: ---
Language: Chinese (China)
File version: 1, 1, 1, 1051
Note: c
Copyright:
Note:
Product Version: 1, 1, 1, 1036
Product Name:
Company Name:
Legal trademark:
Internal Name:
Source File Name:
Creation Time: 0:19:56
Modification time: 11:30:10
Access time:
Size: 45056 bytes, 44.0 KB
MD5: bab7910eda37242b16d1dfebbed421ab
Sha1: 7d86c9161bc1f0d14f7241e4b457588340968a63
CRC32: f4b6b268

Kaspersky reportsNot-a-virus: adware. win32.newweb. ABThe rising report isTrojan. win32.agent. ZRs

File description:C:/Windows/system32/jsshow. dll
Attribute: ---
Language: Chinese (China)
File version: 1.1.1.405
Note:
Copyright:
Note:
Product Version: 1.0.0.0
Product Name:
Company Name:
Legal trademark:
Internal Name:
Source File Name:
Creation Time: 0:18:53
Modification time: 10:26:52
Access time:
Size: 1874944 bytes 1.807 MB
MD5: 7d10aff8de2f1a84f71f532edc2f97dd
Sha1: b838cfda1b535037ade342b5151c8453d690c718
CRC32: b832d28b

File description:C:/Windows/system32/jshelp.exe
Attribute: ---
An error occurred while obtaining the file version information!
Creation Time: 0:18:53
Modification time: 10:29:46
Access time:
Size: 376832 bytes, 368.0 KB
MD5: 32a10118d1_f3da5c21e0cc8e18f06e
Sha1: 532bf847b4079fe250609096ef77a70a68c76ddc
CRC32: d2207be6

File description:C:/Windows/system32/tutu130_install_ete.exe
Attribute: ---
An error occurred while obtaining the file version information!
Creation Time: 9:47:16
Modification time: 9:47:16
Access time:
Size: 390470 bytes, 381.326 KB
MD5: 8232535b604a74ea0cab2856db5ae412
Sha1: e98685ce34452b8bd85b2fcd9a98943b44410791
CRC32: 8c87b397

File description:C:/Windows/system32/wieplus. dll
Attribute :----
Language: English (USA)
File version: 1, 0, 0, 1
Description: wieplus Module
Copyright: Copyright 2007
Note:
Product Version: 1, 0, 0, 1
Product Name: wieplus Module
Company Name:
Legal trademark:
Internal name: wieplus
Source File Name: wieplus. dll
Creation Time: 20:23:59
Modification time: 10:29:46
Access time:
Size: 98304 bytes, 96.0 KB
MD5: 0d966a668896d9e2a51d99c115baef0e
Sha1: 74e7e0be9a515ac7c42a5c12a74c9c5bb557a80e
CRC32: d4d2f6fb

RisingAdware. win32.agent. zdl

File description:C:/Windows/system32/vchelp.exe
Attribute: ---
An error occurred while obtaining the file version information!
Creation Time:
Modification time:
Access time:
Size: 373248 bytes, 364.512 KB
MD5: a927c146756cbb1_e137753e55df980
Sha1: f6e27806438da4323f7823477205b0cd2401d246
CRC32: e5388d72

File description:C:/Windows/system32/videodevice. dll
Attribute: ---
An error occurred while obtaining the file version information!
Creation Time: 19:40:39
Modification time: 19:42:50
Access time:
Size: 4549 bytes, 4.453 KB
MD5: 6d11d332296f09cb7f911f0c5429c4b2
Sha1: a5da85930a89186d5402974a6b52537d76f5497c
CRC32: c01edaf7

Kaspersky reportsTrojan-PSW.Win32.OnLineGames.hqlThe rising report isTrojan. psw. win32.qqgame. au

File description:C:/Windows/system32/install.exe
Attribute: ---
Language: English (USA)
File version: 4.53 Beta
Note: 7z setup SFX
Copyright: Copyright (c) 1999-2007 Igor Pavlov
Note:
Product Version: 4.53 Beta
Product Name: 7-zip
Company: Igor Pavlov
Legal trademark:
Internal name: 7zs. SFX
Source File Name: 7zs.sfx.exe
Creation Time: 20:23:10
Modification time:
Access time:
Size: 181382 bytes, 177.134 KB
MD5: ab3e24f102ed6cec5fcc36761e771ae8
Sha1: db6f7fe155323a5837b0fd4dcf9d8951470f7348
CRC32: 7b579616

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
event id 2 identify function of 2 in image table of 2 in php code calculate power of 2 in c button onclick event in php new event in pokemon go button click event in php

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More