Rising monitoring red umbrella. when starting the program, the system prompts that comres. dll cannot be found.

Source: Internet
Author: User
Tags sha1

Rising monitoring red umbrella. when starting the program, the system prompts that comres. dll cannot be found.

 

Original endurer

2008-02-11 1st

 

A user's computer encountered a problem recently: rising real-time monitoring icon turned red umbrella; when the rising program was started, it was prompted that comres. dll could not be found. Please help me solve the problem.

 

Download hijackthis to scan logs and analyze the logs. The following suspicious items are found:

 

Logfile of Trend Micro hijackthis v2.0.2
Scan saved at 17:51:06, on
Platform: Windows XP SP2 (winnt 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot Mode: normal

 

Running Processes:
C:/Windows/system32/wsctf.exe

F2-Reg: system. ini: userinit.exe, EXPLORER. EXE

O2-BHO: (No Name)-{6a8d34d7-08d7-421f-aff6-956a0bd6f0bf}-C:/program files/Internet Explorer/powernent. ONZ
O2-BHO: (No Name)-{BE9DEA3A-893C-43F3-BC33-99574575A9F0}-C:/program files/Internet Explorer/powerdn. rel
O4-hkcu/../run: Invalid wsctf.exe] wsctf.exe
O4-hkcu/../run: [EXPLORER. EXE] EXPLORER. EXE
O9-extra button: (No Name)-{09ba8f6d-cb54-108b-839c-c2a6c8e6b436}-(no file)
O20-appinit_dlls: C:/Windows/system32/comres. dll, kmon. dll
O21-ssodl: 06243afc-{06243afc-5200-4470-8154-dd6adaae0a85}-C:/Windows/system32/gmikjafc. dll
O21-ssodl: 0054be98-{0054be98-b4a4-40af-a8e2-72d6afb5136f}-C:/Windows/system32/gglkbepo. dll
O21-ssodl: e4f231e7-{E4F231E7-02D9-44E4-B0CB-0EED03B56725}-C:/Windows/system32/ekfijhen. dll
O21-ssodl: 5209c918-{5209c918-495d-4276-9bb8-ab395bf7e40c}-C:/Windows/system32/ligpcpho. dll
O21-ssodl: 6e6ed4f9-{6e6ed4f9-31b7-486e-9c40-3e9e2c2dcd22}-C:/Windows/system32/memedkfp. dll
O21-ssodl: 8ecfca6e-{8ecfca6e-0b46-4870-83bf-2333b4b4a68c}-C:/Windows/system32/oecfcame. dll
O21-ssodl: 710d76ba-{710d76ba-dd8a-45e9-a48c-caa1a337ada3}-C:/Windows/system32/nhgdnmba. dll
O21-ssodl: 582dee04-{582dee04-c487-4408-a0c5-fe77c6f93dad}-C:/Windows/system32/loideegk. dll
O21-ssodl: c09d8047-{C09D8047-F30A-485D-BEB1-4223219734A1}-C:/Windows/system32/cgpdogkn. dll
O21-ssodl: cf9e7e35-{CF9E7E35-11BA-4F18-8B86-4B67BAC6F739}-C:/Windows/system32/cfpenejl. dll
O21-ssodl: b3ef55b0-{B3EF55B0-52C9-42EF-90E7-12D570A1905D}-C:/Windows/system32/bjefllbg. dll
O21-ssodl: f72898c9-{F72898C9-7CF8-4939-94E0-7C94E7C9EEEE}-C:/Windows/system32/fniopocp. dll

 

 

It seems that the virus replaced the System File comres. dll and was killed by rising. Therefore, the problem that comres. dll cannot be found occurs.

 

Download bat_do from the http://purpleendurer.ys168.com.

Use bat_do to package and back up wsctf.exe, delete it in a delayed manner, change the selected file name, and delete it in a delayed manner.

Fix all the issues except o20.

 

Run the Kaka Security Assistant to delete C:/Windows/system32/comres. dll from o20.

 

Fix and install rising.

 

Use winrarto view all disks, find wsctf.exe, and use bat_do to handle the problem.

 

Copy comres. dll from C:/Windows/system32/dllcache to C:/Windows/system32

 

Restart the computer, and the rising monitoring icon is restored to a green umbrella. When rising is started, the system no longer prompts that comres. dll cannot be found.

 

Upgrade the anti-virus software to completely scan for viruses.

 

File Description: D:/test/wsctf.exe
Attribute: ashr
Digital Signature: No
PE file: Yes
Language: Chinese (China)
File version: 5.2600.2180
Note: generic host service for Win32 services
Copyright: (c) Microsoft Corporation. All rights reserved.
Note: generic host service for Win32 services
Product Version: 5.2600.2180
Product Name: Microsoft Windows Operating System
Company Name: Microsoft Corporation
Internal name: wsctf
Source File Name: wsctf.exe
Created at: 17:37:11
Modification time: 22:18:38
Size: 24576 bytes, 24.0 KB
MD5: cbdcf0ab0561540891a3e466147a4ce4
Sha1: c3ac9edf18a70304de80aeabc0ca86ae9fed64
CRC32: cdcdcf59

Virscan.org scanned report:
Scanned Time: 2009/02/11 17:43:19 (CST)
Negative results: 92% soft killer (34/37) reports detected Virus
File Name: wsctf.exe
File Size: 24576 bytes
File Type: pe32 executable for MS windows (GUI) intel 80386 32-bit
MD5: cbdcf0ab0561540891a3e466147a4ce4
Sha1: c3ac9edf18a70304de80aeabc0ca86ae9fed64
Online Report: http://virscan.org/report/e1105311d62cd0c982efbfc55b38bb0a.html

Internal engine ver sig date time scan result
A-squared 4.0.0.29 20090209183317 2.73 virus. win32.vb. Bu! Ik
Dr. an V3 2009.02.11.01 2009.02.11 2009-02-11 1.17 win-Trojan/vb.24576.c
AntiVir 7.9.0.76 7.1.2.6 2009-02-11 1.93 TR/Vb. Hm
CERT 2.0.18 20090211.2180376 0.12 virus/win32.vb. Bu
Authentium 5.1.1 200902102327 1.08 W32/legendmir. CTS (exact)
Avast! 3.0.1 090210-0 0.00 Win32: looked-B [trj]
AVG 7.5.52.442 270.10.20/1944 2009-02-10 1.89 worm/Vb. AEM
BitDefender 7.81008.2640398 7.23611 2.46 win32.worm. WTC
CA (VET) 9.0.0.143 31.6.6349 2009-02-11 5.30 Win32/jampork. D Worm.
ClamAV 0.94.2 8978 0.01 W32.VB-19
Comodo 3.0 973 0.90 worm. win32.vb. Institutes
CP secure 1.1.0.715 2009.02.11 2009-02-11 6.83 w32.vb. ar
Dr. Web 4.44.0.9170 2009.02.11 2009-02-11 3.99 win32.hllw. WTC
F-Prot 4.4.4.56 20090210 2009-02-10 1.07 W32/legendmir. CTS (exact)
F-Secure 5.51.6100 2009.02.11.02 2009-02-11 2.52 virus. win32.vb. Bu [AVP]
Apsara 2.81-3.117 10.22 0.25 W32/legendmir. CTS! Tr. PWS
Gdata 19.2987/19.220 20090211 3.14 virus. win32.vb. Bu [Engine: A]
ViRobot 20090210 2009.02.10 0.41-
Ikarus t3.1.01.45 2009.02.11.72286 2009-02-11 3.68 virus. win32.vb. Bu
Jiangmin anti-virus 11.0.706 2009.02.11 1.48 Trojan/Vb. Small. Bix
Kaspersky 5.5.10 2009.02.11 2009-02-11 0.02 virus. win32.vb. Bu
Kingsoft drug overlord 2008.9.8.18 2009.2.11.14 2009-02-11 0.61 win32.troj. VB. me.24576
McAfee 5.3.00 5522 5.16 PWS-legmir
Microsoft 1.4306 2009.02.10 2009-02-10 4.32 virus: Win32/Vb. Bu
Mks_vir 2.01 2009.02.09 2.63 worm. HLLW. WTC
Norman 6.00.02 6.00.00 8.01 W32/vbtroj. DVI
Panda guard 9.05.01 2009.02.10 2009-02-10 2.86 trj/Vb. sg
Trend Micro 8.700-1004 5.832.02 0.02 troj_vb.die
Quick heal 10.00 2009.02.11 0.90 trojanpsw. lmir. BFB
Rising 20.0 21.16.21.00 0.91 Trojan. psw. sboy. B
Sophos 2.83.3 4.38 2.34 Troj/VB-DBU
Sunbelt 4804 4804 0.51 Trojan. unclassified. gen
Symantec 1.3.0.24 20090210.003 0.05 Trojan Horse
Nprotect 20090211.01 3120004 4.83 win32.worm. WTC
The hacker 6.3.1.5 v00252 2009-02-10 0.85-
Vba32 3.12.8.12 20090210.1636 1.74 virus. win32.vb. Bu
Virusbuster 4.5.11.10 10.101.9/894841 1.11-

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.