Modify the Trojan-Downloader.Win32.Agent.rjq2 of System Calendar replace assumer.exe

Modify the Trojan-Downloader.Win32.Agent.rjq2 of System Calendar replace assumer.exe
EndurerOriginal version 2008-06-19 1st
(Step 1)
Download fileinfo and bat_do to the http://purpleendurer.ys168.com.
In bat_do, enter the following command:
Ren C:/Windows/explorer.exe. bakcopy C:/Windows/system32/explorer.exe C:/Windows
Run.
In this case, the Windows system will prompt that the file is replaced. You must insert the Windows XP disc and click Cancel.
Use fileinfo to extract the information of the red files in the pe_xscan log. Use bat_do to package the backup, delete the files in a delayed manner, change the selected file name, and delete the files in a delayed manner.
Download and install the rising Card Security Assistant and switch to [advanced functions]-> [system startup Item Management].
Then select [advanced functions]-> [plug-in management and uninstallation] To unmount items O2 and o24.
Click [logon items] on the left, find the project corresponding to the O4 item on the right, right-click, and select Delete from the pop-up menu.
Click [Application initialization dynamic Connection Library] on the left, find the corresponding o20 items on the right, right-click, and choose delete from the pop-up menu.
Click [service items] and [Driver] on the left, find the corresponding items in the o23 group, right-click, and choose delete from the pop-up menu.
Click [Application hijacking items] on the left, find the O26 items on the right, right-click, and choose delete from the pop-up menu.
Open Registry Editor regedit and delete the o21 project.
Run the scheduled task and delete the ddd_install_program.job.
Use WinRAR to delete windows temporary folders, ie temporary folders, and files that can be deleted in C:/Windows/prefetch.
Restart your computer ~
The computer is working properly now.
Some virus file information is attached:
File Description: C:/Windows/cmder.exe properties: A---M $ Signature: No PE file: Yes Creation Time: 21:21:53 modification time: 21:21:56 size: 977920 bytes 955.0 kbmd5: 939c19ccc1f5290cef910c1f2ca44c6esha1: d8f3049911f81b34d129be02b303d0e3c17499crc32: d74da4c2
Kaspersky daily for Trojan-Downloader.Win32.Agent.rjq
File Description: C:/docume ~ 1/lnh/locals ~ 1/temp/1. tmp attribute: A --- An error occurred while obtaining the file version information! Creation Time: 2000-6-13 21:39:30 modification time: 2000-6-13 21:39:32 size: 420 bytes MD5: 1ed3da33f09ab356de924677703920.1sha1: pushed: 9a92bff1
 
Csdn blog get worse, it does not support line feed, too lazy to manually modify, to see the good, please go to: http://endurer.bokee.com/6741773.html
File Description: C:/Windows/system32/Drivers/larjphk. sys attribute: A --- language: Chinese (China) file version: 1, 0, 1, 3 Note: SYS application copyright: Copyright (c) 2006 Product Version: 1, 0, 1, 3 product name: SYS application Company Name: Beijing three seven two one technology company limited internal name: SYS source file name: sys.exe Creation Time: 1:36:21 modification time: 1:36:22 size: 41984 bytes 41.0 kb MD5: e9950dc00dcc456675895eccd6d59e41 sha1: fcec8e847eae9c20b5f7739a93ed3f75ec8087db CRC32: f8f654e9
File Description: C:/Windows/system32/rfdswc. dll properties: A-H-Get file version information size failed! Creation Time: 2000-6-13 modification time: 2000-6-14 size: 254464 bytes 248.512 kb MD5: e79e7ff86e9cdd06bb8ae93eb23e3e95 sha1: javascrc32: b0d6a843
File Description: C:/Windows/system32/ddserh. dll properties: A-H-Get file version information size failed! Creation Time: 2000-6-13 modification time: 2000-6-14 size: 261632 bytes 255.512 kb MD5: ca1d27b563f6537498011c0d5ec032c5 sha1: javascrc32: 39ab9467
File Description: C:/Windows/system32/zefdst. dll properties: A-H-Get file version information size failed! Creation Time: modification time: 2000-6-14 size: 232960 bytes 227.512 kb MD5: abbb96dcb1d7e333af2f5973729412ce sha1: javascrc32: 8798adf3
File Description: C:/Windows/system32/fmschif. dll attribute: ---- An error occurred while obtaining the file version information! Creation Time: 2000-6-14 modification time: 2000-6-14 size: 41240 bytes 40.280 kb MD5: 51a8d3e38fda9ddbeb67a3ba190622d4 sha1: javascrc32: bbfda674
File Description: C:/Windows/system32/fewqickd. dll attribute: ---- An error occurred while obtaining the file version information! Creation Time: 2000-6-14 modification time: 2000-6-14 size: 41244 bytes 40.284 kb MD5: d79095abdfff601ebf2851499615bc48 sha1: javascrc32: fc297902
File Description: C:/Windows/system32/fmcbbqi. dll attribute: ---- An error occurred while obtaining the file version information! Creation Time: 2000-6-14 modification time: 2000-6-14 size: 41244 bytes 40.284 kb MD5: d91a29fccedb2f48d501a38fc42dd6 sha1: javascrc32: 20fa1914
File Description: C:/Windows/system32/ioliuacd. dll attribute: ---- An error occurred while obtaining the file version information! Creation Time: 2000-6-14 modification time: 2000-6-14 size: 41236 bytes 40.276 kb MD5: 5c0c3bc4b450ff7c6c158a31703542f9 sha1: javascrc32: dac57106
File Description: C:/Windows/conime.exe attribute: A --- Digital Signature: No PE file: it is an error occurred while obtaining the file version information! Creation Time: 8:45:58 modification time: 21:21:56 size: 977920 bytes 955.0 kb MD5: 939c19ccc1f5290cef910c1f2ca44c6e sha1: javascrc32: d74da4c2
File Description: C:/Windows/system32/svkp. sys attribute: A --- language: English (United States) file version: 4.00 Description: svkp driver for NT copyright: Copyright (c) Microsoft Corp. 1981-1999 Product Version: 1.00 Product Name: svkp driver for NT Company Name: anticracking internal name: svkp. sys source file name: svkp. sys Creation Time: 22:58:29 modification time: 22:58:30 size: 2368 bytes 2.320 kb MD5: f05028b163b92c302a74409d683ac9b0 sha1: javascrc32: 3002 Edda
File Description: C:/Windows/system32/ycar26.exe attribute: A --- An error occurred while obtaining the file version information! Creation Time: 2000-6-13 22:17:51 modification time: 2000-6-13 22:17:52 size: 19736 bytes 19.280 kb MD5: 9daf0422dfaaa90345f313604df54042 sha1: javascrc32: ebb1db71
File Description: C:/Windows/fmschif.exe and C:/Windows/system32/ycar26.exe
File Description: C:/Windows/system32/zkqm30.exe attribute: A --- An error occurred while obtaining the file version information! Creation Time: 2000-6-13 modification time: 2000-6-13 size: 19021 bytes 18.589 kb MD5: 871a2b8965ecdb42b9355428ba0a9dcb sha1: javascrc32: a429a706
File Description: C:/Windows/system32/zwkj10.exe attribute: A --- An error occurred while obtaining the file version information! Creation Time: 2000-6-13 modification time: 2000-6-13 size: 19220 bytes 18.788 kb MD5: 2093338489e98d88ea090f068f099d4d sha1: javascrc32: 29189c4a
File Description: C:/program files/Internet Explorer/plugins/dossys32.jmp attributes: A --- Digital Signature: No PE file: no creation time: 21:23:17 modification time: 2000-6-14 11:10:26 size: 30835 bytes 30.115 kb MD5: 957efb72785c0fdbcde792feb63cf4 sha1: 5186a00d671_1b6ded2e725d6f6bb7b6563261e CRC32: 72db9c7f
File Description: C:/program files/Internet Explorer/plugins/unixsys32.jmp attributes: A --- Digital Signature: No PE file: no creation time: 2000-6-13 21:20:10 modification time: 2000-6-13 size: 30837 bytes 30.117 kb MD5: 04bbc611cf71662c1775108a9837d981 sha1: 5d1021d5904cc6ff81c98ea71bcc3098bed0f26d CRC32: a09ada1c
File Description: C:/Windows/fmcbbqi.exe attribute: A --- Digital Signature: No PE file: failed to get file version information! Creation Time: 21:22:33 modification time: 2000-6-14 size: 19228 bytes 18.796 kb MD5: 8ea26de245d6ce8bb4d2a76835a86b09 sha1: javascrc32: 84e71753
File Description: C:/Windows/fewqickd.exe attribute: A --- Digital Signature: No PE file: failed to get file version information! Creation Time: 21:22:53 modification time: 2000-6-14 size: 19740 bytes 19.284 kb MD5: 8660eaafb450549d176f56ad57c6530c sha1: javascrc32: ac3156c1
(End)