Rootkit. win32.gamehack. Gen, Trojan. psw. win32.gameol. Gen, and rootkit. win32.mnless

Source: Internet
Author: User
Tags driver manager

Rootkit. win32.gamehack. Gen, Trojan. psw. win32.gameol. Gen, and rootkit. win32.mnless

EndurerOriginal
2008-03-051Version

Today, a netizen said that his computer suddenly became very slow yesterday afternoon, so he had to force the shutdown. Today, there was a black window flashing when he started the system. He detected some viruses with rising, but the system response was still slow, let me help with the repair.

With the help of QQ Remote Assistance, check rising's antivirus logs (fragments) first ):

/===
Virus name processing result scan method path File
Rootkit. win32.gamehack. GFA deleted successfully. C:/Windows/system32/drivers mselk. sys
Rootkit. win32.gamehack. gen deleted successfully. File monitoring: C:/Windows/system32/drivers msyecp. sys
Rootkit. win32.gamehack. gen deleted successfully. File Monitor C:/Windows/system32 mseion. sys
Virus name processing result scan method path file virus source
Rootkit. win32.mnless. Hz deleted successfully. manual scan for C:/Windows/system32/drivers msosfpids32.sys Local Machine
Trojan. psw. win32.gameol. gen is deleted and manually scanned for C:/Windows/system32 2.exe>> upack0.32 Local Machine
Rootkit. win32.gamehack. gen after restarting the computer, delete the file and manually scan C:/Windows/system32 gnolnait. dll> upack0.34 Local Machine
Trojan. psw. win32.xyonline. ABx deleted successfully manually scanning C:/Windows/system32 msosmhfp00.dll> upack0.34 Local Machine
Trojan. psw. win32.gamesonline. FZ deleted successfully. Manually scanning C:/Windows/system32 10.exe>> upack0.39 Local Machine
Rootkit. win32.gamehack. gen after restarting the computer, delete the file and manually scan C:/Windows/system32 laixuhz. dll> upack0.34 Local Machine
Trojan. psw. win32.gameol. MGW restart the computer and delete the files. manually scan C:/Windows/system32 xjxr. dll> upack0.34 Local Machine
Trojan. psw. win32.gamesonline. Oz after restarting the Computer, delete the file and manually scan C:/Windows/system32 SVE. dll> upack0.34 Local Machine
Trojan. psw. win32.sunonline. Ma deleted successfully manually scanning C:/Windows/system32 otaw.awow. dll> upack0.34 Local Machine
Trojan. psw. win32.sunonline. Ma deleted successfully. Manually scanning C:/Windows/system32 hhhcompress. dll> upx_c Local Machine
Trojan. psw. win32.gameol. MFV after restarting the Computer, delete the file and manually scan C:/Windows/system32 kiluw. dll> upack0.34 Local Machine
Trojan. psw. win32.gameol. lvx after restarting the Computer, delete the file and manually scan C:/Windows/system32 tsqc. dll> upack0.34 Local Machine
Trojan. psw. win32.gameol. lxr restart the computer and delete the files. manually scan C:/Windows/system32 jhrcar. dll> upack0.34 Local Machine
Trojan. psw. win32.gameol. MGB restarts the computer and deletes the file. Manually scans C:/Windows/system32 knaixnauhuoyizqq. dll> upack0.34 Local Machine
Trojan. psw. win32.sunonline. mk is deleted successfully. Manually scanning C:/Windows/system32 oubivagdj. dll> upack0.34 Local Machine
Trojan. psw. win32.sunonline. mk is deleted and manually scanned for C:/Windows/system32 msmmmdj32.dll> upx_c Local Machine
Trojan. psw. win32.gameol. MGM restart the computer and delete the file manually scanning C:/Windows/system32 oaijihzeuyouhz. dll> upack0.34 Local Machine
Trojan. psw. win32.fyonline. EI after restarting the Computer, delete the file and manually scan C:/Windows/system32 duygnef. dll> upack0.34 Local Machine
Trojan. psw. win32.zeroonline. Do After restarting the Computer, delete the file and manually scan C:/Windows/system32 pahzij. dll> upack0.34 Local Machine
Trojan. psw. win32.gameol. MGD after restarting the Computer, delete the file and manually scan C:/Windows/system32 bchib. dll> upack0.34 Local Machine
Trojan. psw. win32.so2online. Au after restarting the computer, delete the file and manually scan C:/Windows/system32 tzm. dll> upack0.34 Local Machine
Rootkit. win32.gamehack. gen deleted successfully. manual scan for C:/Windows/system32 mseion. sys Local Machine
Trojan. psw. win32.gameol. MGA after restarting the Computer, delete the file and manually scan C:/Windows/system32 xptyj. dll> upack0.34 Local Machine
Trojan. psw. win32.gameol. mgk restarts the computer and deletes the file. Manually scans C:/Windows/system32 jemnaw. dll> upack0.34 Local Machine
Rootkit. win32.gamehack. GFA deleted successfully. Manually scanning C:/Windows/temp tmp10.tmp Local Machine
Trojan. psw. win32.lmir. YZR deleted successfully. manual scan of C:/Windows 49400MM. dll Local Machine
Trojan. psw. win32.gameol. gen is successfully deleted and manually scanned for C:/Windows gwsmhxuq.exe> upack0.32 Local Machine
Trojan. psw. win32.hxonline. FP is deleted successfully. Manually scanning C:/Windows shaproc.exe> upack0.32 Local Machine
Trojan. psw. win32.gameol. gen is successfully deleted and manually scanned for C:/Windows wsockdrv32.exe> upack0.32 Local Machine
===/
There are many viruses ~
Download pe_xscan to scan logs and analyze the logs. The following suspicious items are found:
/=

Pe_xscan 08-03-03 by Purple endurer
12:28:31
Windows XP Service Pack 2 (5.1.2600)
Administrator user group
Normal Mode

[System process] * 0
C:/Windows/system32/cuhad. dll | 16:33:14
C:/Windows/system32/Winlogon. EXE * 524 | MICROSOFT (r) Windows (r) Operating System | 5.1.2600.2180 | Windows NT logon application | (c) Microsoft Corporation. all rights reserved. | 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation |? | Winlogon. exe
C:/Windows/system32/cuhad. dll | 16:33:14
C:/Windows/system32/services. EXE * 568 | MICROSOFT (r) Windows (r) Operating System | 5.1.2600.2180 | services and controller app | (c) Microsoft Corporation. all rights reserved. | 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation |? | Services.exe
C:/Windows/system32/cuhad. dll | 16:33:14
C:/Windows/system32/LSASS. EXE * 580 | MICROSOFT? Windows? Operating System | 5.1.2600.2180 | LSA shell (export version) |? Microsoft Corporation. All Rights Reserved. | 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation |? | Lsass.exe
C:/Windows/system32/cuhad. dll | 16:33:14
C:/Windows/system32/SVCHOST. EXE * 724 | MICROSOFT? Windows? Operating System | 5.1.2600.2180 | generic host process for Win32 services |? Microsoft Corporation. All Rights Reserved. | 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation |? | Svchost.exe
C:/Windows/system32/cuhad. dll | 16:33:14
D:/program files/rising/rav/ravstub. EXE * 1340 | 20:10:24 | ravstub application | 19, 0, 0, 4 | rising ravstub | copyright (c) 1998-2005 rising Corp. | 19, 0, 0, 4 | Beijing rising Technology Co ., ltd. | ravstub | ravstub.exe
C:/Windows/system32/cuhad. dll | 16:33:14
C:/Windows/system32/wdfmgr. EXE * 1528 | 13:44:28 | MICROSOFT? Windows? Operating System | 5.2.20.0.1230 | Windows user mode driver manager |? Microsoft Corporation. All Rights Reserved. | 5.2.20.0.1230 built by: dnsrv (bld4act) | Microsoft Corporation |? | Wdfmgr | wdfmgr.exe
C:/Windows/system32/cuhad. dll | 16:33:14
C:/Windows/explorer. EXE * 1952 | 21:21:56 | MICROSOFT (r) Windows (r) Operating System | 6.00.2900.3156 | Windows Explorer | (c) Microsoft Corporation. all rights reserved. | 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234) | Microsoft Corporation |? | Explorer | EXPLORER. EXE
C:/Windows/system32/cuhad. dll | 16:33:14
C:/Windows/system32/ALG. EXE * 496 | MICROSOFT? Windows? Operating System | 5.1.2600.2180 | Application Layer Gateway Service |? Microsoft Corporation. All Rights Reserved. | 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation |? | Alg.exe
C:/Windows/system32/cuhad. dll | 16:33:14
C:/Windows/system32/ctfmon. EXE * 1516 | MICROSOFT? Windows? Operating System | 5.1.2600.2180 | CTF loader |? Microsoft Corporation. All Rights Reserved. | 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation |? | Ctfmon. exe
C:/Windows/system32/cuhad. dll | 16:33:14


O4-HKLM/../run: [winsysm] C:/Windows/49400m. exe
O4-Global startup: atisrv.exe-> invalid lnk file

O20-appinit_dlls: bauhgnem. DLL, eohsom. DLL, fyom. DLL, sauhad. DLL, ijougiemnaw. DLL, taijoad. DLL, lnaixnauhqq. DLL, idtj. DLL, vhqq. DLL, atgnehz. DLL, rsqq. DLL, tsqc. DLL, vauyiqvlnaix. DLL, WQ. DLL, fmxh. DLL, cty. DLL, pahzij. DLL, JZ. DLL, BZ. DLL, pyomielnux. DLL, mhtd. DLL, qnefnaib. DLL, EJ. DLL, uixauh. DLL, hjiq. DLL, kiluw. DLL, dsfg. DLL, yqhs. DLL, oaijihzeuyouhz. DLL, jemnaw. DLL, cuhad. DLL, laixuhz. DLL, rfhx. DLL, mnauygniqaixnaij. DLL, oqnauhc. DLL, xjxr. DLL, utiemnaw. DLL, SVE. DLL, wininat. DLL, gnolnait. DLL, zadnew. DLL, htwx. DLL, knaixnauhuoyizqq. DLL, duygnef. DLL, gmx. DLL, nadgnohiac. DLL, agzg. DLL, qlihzouhgnfe. DLL, bchib. DLL, tzm. DLL, r2.dll, slcs. DLL, xptyj. DLL, xhtd. DLL, QQ. DLL, sfhx. DLL, gnaixnauhqq. DLL, 3auhad. DLL, oadnew. DLL, iemnaw. DLL, qcsct. DLL, oadgnohiac. DLL, iqnauhc. DLL, aixauh. DLL, ddtj. DLL, nuygnef. DLL, uohsom. DLL, gnefnaib. DLL, ijiq. DLL, hjxr. DLL, naijoad. DLL, naixuhz. DLL, nahzij. DLL, fmxh. DLL, zqhs. DLL, jsfg. DLL, utgnehz. DLL, uyom. DLL, wtiemnaw. DLL, uyomielnux. DLL, vlihzouhgnfe. DLL, 2ty. DLL, nauhgnem. DLL, auhad. DLL, RJ. DLL, Hz. DLL, naijihzeuyouhz. DLL, xhqq. DLL, JMX. DLL, dgzg. DLL, gsqq. DLL, Fz. DLL

O23-service: icafe Manager (icafe manager)-C:/docume ~ 1/DONGHE/locals ~ 1/temp/usbhcid. sys (manual)

O23-service: SC Manager-C:/docume ~ 1/DONGHE/locals ~ 1/temp/usbcams3.sys (manual)

O24-shlexechook: [Microsoft]-{CAED0F3B-DF8B-4DBF-BB20-8DFBC3199068} = C:/Windows/system32/jhrcar. dll

O26-ifeo: 360rpt.exe-> ntsd-d
O26-ifeo: 360safe.exe-> ntsd-d
O26-ifeo: 360safebox.exe-> ntsd-d
O26-ifeo: 360tray.exe-> ntsd-d
O26-ifeo: adam.exe-> ntsd-d
O26-ifeo: agentsvr.exe-> ntsd-d
O26-ifeo: Prepare vc32.exe-> ntsd-d
O26-ifeo: autoruns.exe-> ntsd-d
O26-ifeo: avconsol.exe-> ntsd-d
O26-ifeo: avgrssvc.exe-> ntsd-d
O26-ifeo: avmonitor.exe-> ntsd-d
O26-ifeo: avp.com-> ntsd-d
O26-ifeo: avp.exe-> ntsd-d
O26-ifeo: ccsvchst.exe-> ntsd-d
O26-ifeo: eghost.exe-> ntsd-d
O26-ifeo: ftcleanershell.exe-> ntsd-d
O26-ifeo: fyfirewall.exe-> ntsd-d
O26-ifeo: hijackthis.exe-> ntsd-d
O26-ifeo: icesword.exe-> ntsd-d
O26-ifeo: iparmo.exe-> ntsd-d
O26-ifeo: iparmor.exe-> ntsd-d
O26-ifeo: ispwdsvc.exe-> ntsd-d
O26-ifeo: kabaload.exe-> ntsd-d
O26-ifeo: kascrscn. scr-> ntsd-d
O26-ifeo: kasmain.exe-> ntsd-d
O26-ifeo: kastask.exe-> ntsd-d
O26-ifeo: kav32.exe-> ntsd-d
O26-ifeo: kavdx.exe-> ntsd-d
O26-ifeo: kavpf.exe-> ntsd-d
O26-ifeo: kavpfw.exe-> ntsd-d
O26-ifeo: kavsetup.exe-> ntsd-d
O26-ifeo: kavstart.exe-> ntsd-d
O26-ifeo: kislnchr.exe-> ntsd-d
O26-ifeo: kmailmon.exe-> ntsd-d
O26-ifeo: kmfilter.exe-> ntsd-d
O26-ifeo: kpfw32.exe-> ntsd-d
O26-ifeo: kpfw32x.exe-> ntsd-d
O26-ifeo: kpfwsvc.exe-> ntsd-d
O26-ifeo: kregex.exe-> ntsd-d
O26-ifeo: krepair.com-> ntsd-d
O26-ifeo: ksloader.exe-> ntsd-d
O26-ifeo: kvcenter. KXP-> ntsd-d
O26-ifeo: kvdetect.exe-> ntsd-d
O26-ifeo: kvfwmcl.exe-> ntsd-d
O26-ifeo: kvmonxp. KXP-> ntsd-d
O26-ifeo: kvmonxp_1.kxp-> ntsd-d
O26-ifeo: kvol.exe-> ntsd-d
O26-ifeo: kvolself.exe-> ntsd-d
O26-ifeo: kvreport. KXP-> ntsd-d
O26-ifeo: kvscan. KXP-> ntsd-d
O26-ifeo: kvsrvxp.exe-> ntsd-d
O26-ifeo: kvstub. KXP-> ntsd-d
O26-ifeo: kvupload.exe-> ntsd-d
O26-ifeo: kvwsc.exe-> ntsd-d
O26-ifeo: kvxp. KXP-> ntsd-d
O26-ifeo: kvxp_1.kxp-> ntsd-d
O26-ifeo: kwatch.exe-> ntsd-d
O26-ifeo: kwatch9x.exe-> ntsd-d
O26-ifeo: kwatchx.exe-> ntsd-d
O26-ifeo: magicset.exe-> ntsd-d
O26-ifeo: mcconsol.exe-> ntsd-d
O26-ifeo: mmqczj.exe-> ntsd-d
O26-ifeo: mmsk.exe-> ntsd-d
O26-ifeo: navapsvc.exe-> ntsd-d
O26-ifeo: navapw32.exe-> ntsd-d
O26-ifeo: nod32.exe-> ntsd-d
O26-ifeo: nod32krn.exe-> ntsd-d
O26-ifeo: nod32kui.exe-> ntsd-d
O26-ifeo: npfmntor.exe-> ntsd-d
O26-ifeo: ollydbg. exe-> ntsd-d
O26-ifeo: ollyice. exe-> ntsd-d
O26-ifeo: pfw.exe-> ntsd-d
O26-ifeo: pfwliveupdate.exe-> ntsd-d
O26-ifeo: procexp.exe-> ntsd-d
O26-ifeo: qhset.exe-> ntsd-d
O26-ifeo: qqdoctor.exe-> ntsd-d
O26-ifeo: qqkav.exe-> ntsd-d
O26-ifeo: rawcopy.exe-> ntsd-d
O26-ifeo: regtool.exe-> ntsd-d
O26-ifeo: rfwproxy.exe-> ntsd-d
O26-ifeo: rfwstub.exe-> ntsd-d
O26-ifeo: safebank.exe-> ntsd-d
O26-ifeo: safeboxtray.exe-> ntsd-d
O26-ifeo: safelive.exe-> ntsd-d
O26-ifeo: scan32.exe-> ntsd-d
O26-ifeo: shda-32.exe-> ntsd-d
O26-ifeo: Sreng. exe-> ntsd-d
O26-ifeo: symlcsvc.exe-> ntsd-d
O26-ifeo: syssafe.exe-> ntsd-d
O26-ifeo: trojandetector.exe-> ntsd-d
O26-ifeo: trojanwall.exe-> ntsd-d
O26-ifeo: trojdie. KXP-> ntsd-d
O26-ifeo: uihost.exe-> ntsd-d
O26-ifeo: umxagent.exe-> ntsd-d
O26-ifeo: umxattachment.exe-> ntsd-d
O26-ifeo: umxw..exe-> ntsd-d
O26-ifeo: umxfwhlp.exe-> ntsd-d
O26-ifeo: umxpol.exe-> ntsd-d
O26-ifeo: uplive.exe-> ntsd-d
O26-ifeo: vsstat.exe-> ntsd-d
O26-ifeo: webscanx.exe-> ntsd-d
O26-ifeo: windbg.exe-> ntsd-d
O26-ifeo: wopticlean.exe-> ntsd-d
===/

 

(To be continued)

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.