Ninsys74.sys, b674a2d4. EXE, 42ae09e4. dll, msavp. dll, avpdj, avpwl. dll, etc.

Source: Internet
Author: User

Ninsys74.sys, b674a2d4. EXE, 42ae09e4. dll, msavp. dll, avpdj. dll, avpwl. dll, etc.

EndurerOriginal
2007-10-121Version

At noon yesterday, I helped two netizens clean up computer viruses.

Recall one of them first.

The netizen's computer is installed with rising 2007 anti-virus software, but it is an expired download version.

The following suspicious items are found in the log downloaded from pe_xscan:
/=
Pe_xscan 07-08-30 by Purple endurer
2007-10-11 13:45:14
Windows XP Service Pack 2 (5.1.2600)
Administrator user group

[System process] * 0
C:/Windows/system32/avpdj. dll | 20:47:10, 2007-9-30
C:/Windows/system32/avpwl. dll |
C:/Windows/system32/avpwm. dll |
C:/Windows/system32/avpms. dll |
C:/Windows/system32/avpdh. dll |
C:/program files/Internet Explorer/plugins/ninsys74.sys | 22:10:38

C:/Windows/system32/csrss.exe * 656 | MICROSOFT? Windows? Operating System | 5.1.2600.2180 | Client Server Runtime process |? Microsoft Corporation. All Rights Reserved. | 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation |? | CSRSS. exe | CSRSS. exe
C:/Windows/system32/42ae09e4. dll | 22:11:46 | MICROSOFT (r) Windows (r) Operating System |? |? | (C) Microsoft Corporation. All Rights Reserved. |? | Microsoft Corporation |? |? |?

C:/Windows/system32/winlogon.exe * 680 | MICROSOFT (r) Windows (r) Operating System | 5.1.2600.2180 | Windows NT logon application | (c) Microsoft Corporation. all rights reserved. | 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation |? | Winlogon. exe
C:/Windows/system32/42ae09e4. dll | 22:11:46 | MICROSOFT (r) Windows (r) Operating System |? |? | (C) Microsoft Corporation. All Rights Reserved. |? | Microsoft Corporation |? |? |?

C:/Windows/system32/services.exe * 724 | MICROSOFT (r) Windows (r) Operating System | 5.1.2600.2180 | services and controller app | (c) Microsoft Corporation. all rights reserved. | 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation |? | Services.exe
C:/Windows/system32/42ae09e4. dll | 22:11:46 | MICROSOFT (r) Windows (r) Operating System |? |? | (C) Microsoft Corporation. All Rights Reserved. |? | Microsoft Corporation |? |? |?

C:/Windows/system32/lsass.exe * 736 | MICROSOFT? Windows? Operating System | 5.1.2600.2180 | LSA shell (export version) |? Microsoft Corporation. All Rights Reserved. | 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation |? | Lsass.exe
C:/Windows/system32/42ae09e4. dll | 22:11:46 | MICROSOFT (r) Windows (r) Operating System |? |? | (C) Microsoft Corporation. All Rights Reserved. |? | Microsoft Corporation |? |? |?

C:/Windows/system32/svchost.exe * 936 | MICROSOFT? Windows? Operating System | 5.1.2600.2180 | generic host process for Win32 services |? Microsoft Corporation. All Rights Reserved. | 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation |? | Svchost.exe
C:/Windows/system32/msavp. dll |
C:/Windows/system32/42ae09e4. dll | 22:11:46 | MICROSOFT (r) Windows (r) Operating System |? |? | (C) Microsoft Corporation. All Rights Reserved. |? | Microsoft Corporation |? |? |?

C:/Windows/explorer. EXE * 1648 | 21:21:56 | MICROSOFT (r) Windows (r) Operating System | 6.00.2900.3156 | Windows Explorer | (c) Microsoft Corporation. all rights reserved. | 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234) | Microsoft Corporation |? | Explorer | EXPLORER. EXE
C:/program files/Internet Explorer/plugins/ninsys74.sys | 22:10:38
C:/Windows/system32/msavp. dll |
C:/Windows/system32/avpdh. dll |
C:/Windows/system32/avpms. dll |
C:/Windows/system32/avpwm. dll |
C:/Windows/system32/avpwl. dll |
C:/Windows/system32/avpdj. dll | 20:47:10, 2007-9-30
C:/Windows/system32/42ae09e4. dll | 22:11:46 | MICROSOFT (r) Windows (r) Operating System |? |? | (C) Microsoft Corporation. All Rights Reserved. |? | Microsoft Corporation |? |? |?

C:/program files/rising/rav/ravstub.exe * 2012 | 19:39:36 | ravstub application | 19, 0, 0, 4 | rising ravstub | copyright (c) 1998-2005 rising Corp. | 19, 0, 0, 4 | Beijing rising Technology Co ., ltd. | ravstub | ravstub.exe
C:/Windows/system32/42ae09e4. dll | 22:11:46 | MICROSOFT (r) Windows (r) Operating System |? |? | (C) Microsoft Corporation. All Rights Reserved. |? | Microsoft Corporation |? |? |?

C:/Windows/system32/rundll32.exe * 340 | MICROSOFT (r) Windows (r) Operating System | 5.1.2600.2180 | run a DLL as an app | (c) Microsoft Corporation. all rights reserved. | 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation |? | Rundll. exe
C:/Windows/system32/avpdj. dll | 20:47:10, 2007-9-30
C:/Windows/system32/avpwl. dll |
C:/Windows/system32/avpwm. dll |
C:/Windows/system32/avpms. dll |
C:/Windows/system32/avpdh. dll |
C:/program files/Internet Explorer/plugins/ninsys74.sys | 22:10:38
C:/Windows/system32/42ae09e4. dll | 22:11:46 | MICROSOFT (r) Windows (r) Operating System |? |? | (C) Microsoft Corporation. All Rights Reserved. |? | Microsoft Corporation |? |? |?

C:/Windows/system32/ctfmon.exe * 1904 | MICROSOFT? Windows? Operating System | 5.1.2600.2180 | CTF loader |? Microsoft Corporation. All Rights Reserved. | 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation |? | Ctfmon. exe
C:/Windows/system32/avpdj. dll | 20:47:10, 2007-9-30
C:/Windows/system32/avpwl. dll |
C:/Windows/system32/avpwm. dll |
C:/Windows/system32/avpms. dll |
C:/Windows/system32/avpdh. dll |
C:/program files/Internet Explorer/plugins/ninsys74.sys | 22:10:38
C:/Windows/system32/42ae09e4. dll | 22:11:46 | MICROSOFT (r) Windows (r) Operating System |? |? | (C) Microsoft Corporation. All Rights Reserved. |? | Microsoft Corporation |? |? |?

C:/program files/Tencent/QQ/timplatform.exe * 3232 | 16:34:46 | QQ |, | timplatform | copyright? 2005 bytes 2007 Tencent Inc. All Rights Reserved |, | Tencent | timplatform | timplatform.exe
C:/Windows/system32/avpdj. dll | 20:47:10, 2007-9-30
C:/Windows/system32/avpwl. dll |
C:/Windows/system32/avpwm. dll |
C:/Windows/system32/avpms. dll |
C:/Windows/system32/avpdh. dll |
C:/program files/Internet Explorer/plugins/ninsys74.sys | 22:10:38

C:/program files/Tencent/QQ/qq.exe * 3512 | QQ | 1998, 2007, | QQ | copyright (c)-Tencent Inc. all rights reserved | 7,0, 365, 1701 | Tencent | comqqd | qq.exe
C:/Windows/system32/avpdj. dll | 20:47:10, 2007-9-30
C:/Windows/system32/avpwl. dll |
C:/Windows/system32/avpwm. dll |
C:/Windows/system32/avpms. dll |
C:/Windows/system32/avpdh. dll |
C:/program files/Internet Explorer/plugins/ninsys74.sys | 22:10:38
C:/Windows/system32/msavp. dll |

C:/program files/Internet Explorer/iw.e. EXE * 3948 | MICROSOFT (r) Windows (r) Operating System | 6.00.2900.2180 | Internet Explorer | (c) Microsoft Corporation. all rights reserved. | 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation |? | Iexplore. exe
C:/Windows/system32/avpdj. dll | 20:47:10, 2007-9-30
C:/Windows/system32/avpwl. dll |
C:/Windows/system32/avpwm. dll |
C:/Windows/system32/avpms. dll |
C:/Windows/system32/avpdh. dll |
C:/program files/Internet Explorer/plugins/ninsys74.sys | 22:10:38
C:/Windows/system32/msavp. dll |

O2-BHO-{00000aa9-a363-466e-bef5-9bb68697aa7f }-

O4-hkcu/../run: [bgswitch] C:/Windows/system32/bgswitch.exe
O4-HKLM/../run: [diskman32] C:/Windows/diskman32.exe
O4-HKLM/../run: [avpsrv] C:/Windows/avpsrv.exe
O4-HKLM/../run: [kVp] C:/Windows/system32/Drivers/svchost.exe

O23-service: 29055cf4 (29055cf4)-C:/Windows/system32/b674a2d4. exe-d | 12:11:18 | MICROSOFT (r) Windows (r) Operating System |? |? | (C) Microsoft Corporation. All Rights Reserved. |? | Microsoft Corporation |? |? |? (Automatic)

O24-shlexechook: []-{A263206E-55FF-4BF9-A503-880D801F3226} = C:/program files/Internet Explorer/plugins/winsys74.sys

O24-shlexechook: []-{AAF3B135-E338-491A-B3CB-9D75DA02C5D1} = C:/program files/Internet Explorer/plugins/ninsys74.sys
===/

There is also a service:

O23-service: ptac (Windows ptac runthem)-C:/Windows/system32/svchost.exe-K netsvcs | MICROSOFT? Windows? Operating System | 5.1.2600.2180 | generic host process for Win32 services |? Microsoft Corporation. All Rights Reserved. | 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation |? | Svchost.exe (automatic)

Google: no relevant information is found.

The solution is almost the same, restart to the safe mode with network connection, to the http://purpleendurer.ys168.com to download bat_do and fileinfo, used to extract Suspicious File Information and packaging, delayed deletion.
Download drweb cureit! Scan and use the Kaka Security Assistant to clear the residual startup items.

After restarting the computer, use the Kaka Security Assistant to check whether any residual startup items are found. Download rising 2008, uninstall rising 2007, restart the computer, install rising 2008, and restart the computer, upgrade rising 2008 to the latest version and scan again. Some viruses are detected, mainly in the System Recovery folder.

I was so busy that I forgot to disable the system restoration function and cleared the C drive ~

Attached file information:

File Description: C:/Windows/system32/42ae09e4. dll
Attribute: ---
Language: English (USA)
File version:
Note:
Copyright: (c) Microsoft Corporation. All rights reserved.
Note:
Product Version:
Product Name: Microsoft (r) Windows (r) Operating System
Company Name: Microsoft Corporation
Legal trademark:
Internal Name:
Source File Name:
Creation Time:
Modification time: 22:11:46
Access time:
Size: 36864 bytes, 36.0 KB
MD5: c216dd38c3734f71e1630db8f6fc3f18
Hsa1: 9132dfb817623cc51a6a77f86c108db9993d7cb8

File Description: C:/Windows/system32/b674a2d4. exe
Attribute: ---
Language: English (USA)
File version:
Note:
Copyright: (c) Microsoft Corporation. All rights reserved.
Note:
Product Version:
Product Name: Microsoft (r) Windows (r) Operating System
Company Name: Microsoft Corporation
Legal trademark:
Internal Name:
Source File Name:
Creation Time: 20:47:15
Modification time: 12:11:18
Access time:
Size: 16944 bytes, 16.560 KB
MD5: 1e2a3451e003fde987841bc38448f15c
Hsa1: b72a28a2b94eabdee58c024649709ab4f73b0d99

File Description: C:/program files/Internet Explorer/plugins/syswin75.jmp
Attribute: ---
An error occurred while obtaining the file version information!
Creation Time:
Modification time:
Access time:
Size: 32360 bytes, 31.616 KB
MD5: 509c0946db54252e2bc5588328adac2
Hsa1: c6e2062c415a78d01a743b413762d2a60ecab690

File Description: C:/program files/Internet Explorer/plugins/ninsys74.sys
Property: ash-
An error occurred while obtaining the file version information!
Creation Time: 12:10:55
Modification time: 22:10:38
Access time:
Size: 45178 bytes, 44.122 KB
MD5: 127798cd3eccc1597e46820daed03d17
Hsa1: f5da9ab853bddb510a63108ef1a493509b1f2676

File Description: C:/program files/Internet Explorer/plugins/nyswin75.jmp
Attribute: ---
An error occurred while obtaining the file version information!
Creation Time: 12:10:55
Modification time: 23:13:18
Access time:
Size: 32379 bytes, 31.635 KB
MD5: c702d3c8959dcca8a0a55aef00358a97
Hsa1: 249cce7d1fda11e43e6b7eb8ae17d87376373ce1

File Description: C:/program files/Internet Explorer/plugins/ninsys74.tao
Property: ash-
An error occurred while obtaining the file version information!
Creation Time: 23:13:16
Modification time: 23:13:18
Access time:
Size: 45179 bytes, 44.123 KB
MD5: 74e350f6a1f0d0b11047a932277def16
Hsa1: e60983a06033a4fa81eda8d9d448af98061af371

There is no time to test the soft killer reaction one by one.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.