EndurerOriginal
2005.11.24 No.3The version supplements Kaspersky's response to the three gray pigeon files.
2005.11.192Supplement Rising's reply to the file C:/Windows/system.exe of the suspicious service cryptographic servicesini.
2005.11.16 th1Version
I went to a friend's house tonight and used his computer to access the Internet. Before opening QQ, I often use anti-virus software to scan the memory and Windows system folders (this is a good habit of _ ^ ). This computer uses Windows XP SP1, which is equipped with the rising star card I sent. As a result, gray pigeons and other viruses are detected in the memory! As shown in (to get a virus sample, I set "Ignore" in the settings of rising to "detect a virus").
Rising anti-virus AssistantThis friend told me that rising's real-time monitoring occupies a large amount of system resources. Therefore, the real-time monitoring module was not installed when rising was installed. Then, check the "boot scan" item in "custom task" in the detailed settings of rising. "Scan boot guide area at system startup" and "scan system memory at system startup" are not selected. My friend said that rising started slowly, so he didn't use this item.
On a Windows 2000/XP computer, the gray pigeon usually has a system service startup Item.
Using hijackthis scan (you can download hijackthis in http://endurer.ys168.com's tools/system analysis and fixes), you found a suspicious system service item (did rising not report it ?) :
O23-service: cryptographic servicesini-unknown owner-C:/Windows/system.exe
* 2005.11.192Supplement: Rising's reply to the file C:/WINDOS/system. EXE of the suspicious service cryptographic servicesini:
| Sender: | Send@rising.net.cn | Sent at: 11:49:35 |
Dear customer!
Your email has been received. Thank you for your support for rising.
We have analyzed your problems and files in detail. The following are the analysis results of the files you uploaded:
1. File Name: system.exe
:) Virus name: Backdoor. gpigeon. tkf
We will solve the problem in a newer version of 17.54.0. Please upgrade your rising software to 17.54.0 and turn on the monitoring center for full anti-virus. If a problem is found during the test, we will postpone the upgrade from version 1 to version 2.
Stop and disable it. For more information, see [system repair series] How to stop system services
Start to find a virus sample. First, set the system to display all files and folders without hiding the extensions of known files. For more information, see [System Recovery series] how to display all files and folders.
Pack and back up virus samples
However
EXPLORER. EXE> C:/Windows/EXPLORER. EXE worm. Mail. fanbot
The virus file in is the Windows Shell ---- C:/Windows/EXPLORER. EXE. How can it be a virus, strange.
Manually delete viruses. You can delete all C:/Windows/system_hook.dll files.
To delete C:/Windows/system_hook.dll, we can try tools such as killbox, however, I used the "modify all file names" and "delete at next startup" function of "Rising Antivirus assistant" to solve this problem. (Both of them can be downloaded from the http://endurer.ys168.com ).
Clear the temporary ie folder. For more information, see [System Recovery series] how to clear temporary ie folders
Disable system restoration. For more information, see [System Recovery series] how to disable or enable Windows XP System Restoration
Restart the computer, and then scan the system with rising stars. No virus is detected.
* 2005.11.24 No.3Version supplement: Kaspersky's response to the three gray pigeon files:
System.exe is backdoor. win32.hupigon. nz.
System. dll and system_dll.dll are backdoor. win32.hupigon. scsi.
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
