Suffered from kapjazy.dll, yhpri.dll, winsys64.sys, nwiztlbu.exe, and myplayer.com.

Suffered from kapjazy.dll, yhpri.dll, winsys64.sys, nwiztlbu.exe, and myplayer.com.

EndurerOriginal
2Added replies from Kaspersky and rising.
1Version

(Step 1)

I used QQ to remotely help the netizen handle the problem last night.
We found that rising's virus database on the computer was still 09-04. After upgrading to the latest virus database, Rising's monitoring continuously reported virus:
/---
Virus name processing result scan method path File
Trojan. psw. win32.npsword. A. After restarting the Computer, delete file monitoring C:/Windows/system32 kapjazy. dll.
Trojan. psw. win32.wowar. WO restart the computer and delete file monitoring C:/Windows dbhelp. dll
Trojan. psw. win32.asktao. BZ restart the computer and delete file monitoring C:/Windows/system32 kawdbzy. dll
Trojan. psw. win32.xyonline. hn restart the computer and delete file monitoring C:/Windows/system32 kvdxbma. dll
Trojan. psw. win32.qqhx. TPS after restarting the computer, delete file monitoring C:/Windows/system32 kaqhczy. dll
Trojan. psw. win32.wowar. WO deleted successfully. C:/Windows winrar.exe> upack0.34
---/

Ask a netizen to restart the computer and then manually scan the computer. The result is as follows:
/---
Virus name processing result scan method path file virus source
Trojan. psw. win32.wowar. Wo is deleted successfully. Manually scanning C:/Windows/system32 9.exe>> upack0.34 Local Machine
Trojan. psw. win32.onlinegames. Yim deleted successfully and manually scanned C:/Windows/system32 17.exe>> upx_c Local Machine
Trojan. psw. win32.onlinegames. yiq is deleted and manually scanned for C:/Windows/system32 12.exe>> upack0.34 Local Machine
Trojan. psw. win32.zhengtu. yju is deleted and manually scanned for C:/Windows/system32 4.exe>> fsg2.0 Local Machine
Trojan. psw. win32.onlinegames. yii is deleted and manually scanned for C:/Windows/system32 kvdxbis.exe> upack0.34.
Trojan. psw. win32.asktao. CD is deleted successfully. Manually scanning C:/Windows/system32 kawdbaz.exe> upack0.34 Local Machine
Trojan. psw. win32.npsword. A is successfully deleted and manually scanned for C:/Windows/system32 kapjaaz.exe> upack0.34 Local Machine
Trojan. psw. win32.qqhx. TPS deleted successfully. Manually scanning C:/Windows/system32 kaqhcaz.exe> upack0.34 Local Machine
Trojan. psw. win32.xyonline. HF deleted successfully. manual scan for C:/Windows/system32 kvdxais.exe> upack0.34 Local Machine
Trojan. psw. win32.onlinegames. yiq is deleted and manually scanned for C:/Windows video. dll.
Trojan. psw. win32.onlinegames. yiq is deleted and manually scanned for C:/Windows wmsj.exe> upack0.34
Trojan. win32.agent. Wal deleted successfully. Manually scanning C:/Documents and Settings/Administrator/Local Settings/temp banner.jpg> upx_c Local Machine
Trojan. psw. win32.zhengtu. yju is deleted and manually scanned for C:/Documents and Settings/Administrator/Local Settings/temp 4rtm. dll.
Trojan. psw. win32.lmir. Yev is successfully deleted and manually scanned for C:/Documents and Settings/Administrator/Local Settings/Temporary Internet Files/content. ie5/0mvhxvr4 81_1).exe> upack0.39
Trojan. psw. win32.qqhx. TPS deleted manually scan C:/Documents and Settings/Administrator/Local Settings/Temporary Internet Files/content. ie5/0mvhxvr4 151_1).exe> upack0.34 Local Machine
---/

All are cleared.

Next, delete the items with residual viruses. Unfortunately, they cannot be found in 360 security guard.

Download, install, and run the rising card security assistant. Choose [advanced functions]-> [plug-in management and uninstallation] to uninstall the o24 project.

Switch to [system startup Item Management], find projects such as O4, o23, and o25, right-click and choose delete from the pop-up menu.

Download hijackthis from the http://endurer.ys168.com to fix O2 items.

Use WinRAR to delete windows temporary folders, ie temporary folders, and files and folders that can be deleted in C:/Windows/prefetch.

Accidentally found three suspicious files, to the http://purpleendurer.ys168.com to download fileinfo extracted file information, download the bat_do package file:

File Description: C:/Documents and Settings/Administrator/Local Settings/temp/sa.jpg.exe
Attribute: ---
An error occurred while obtaining the file version information!
Creation Time: 7:44:13
Modification time: 17:20:46
Access time:
Size: 23688 bytes, 23.136 KB
MD5: aca03083893a20ee255a34b69c6f6f88
Hsa1: 8d3cf9d4a7bec148cd7246eda6d86d2565b01078

Subject:	Virus report email analysis result-flow Ticket No.: 20070914230844556566
Sender:	"" <Send@rising.net.cn>	Sent:

Dear customer!
Your email has been received. Thank you for your support for rising.

We have analyzed your problems and files in detail. The following are the analysis results of the files you uploaded:
1. File Name: sa.jpg.exe
Virus Name:Trojan. Clicker. win32.delf. IJ

The virus file you reported will be processed in version 19.40.51.

Subject:	Re: sa.jpg.exe.rar [KLAB-2915261]
Sender:	"" <Newvirus@kaspersky.com>	Sent at: 2007.09.15

Hello,
Sa.jpg. Ex-Trojan-Spy.Win32.Delf.abb
New malicious software was found in this file. It's detection will be added in the next update. Thank you for your help.
Please quote all when answering.
--
Best regards, erakhtin Kirill
Virus analyst, Kaspersky Lab.

File Description: C:/Documents and Settings/Administrator/Local Settings/temp/c8.jpg.exe
Attribute: ---
An error occurred while obtaining the file version information!
Creation Time: 7:44:12
Modification time: 17:20:44
Access time:
Size: 23158 bytes, 22.630 KB
MD5: 09cbb2d92fb270f17e58bb61240b4a15
Hsa1: 93954089548f55d685d7d25ebda8a0ca07d109f

Subject:	Virus report email analysis result-flow Ticket No.: 20070914231057204457
Sender:	"" <Send@rising.net.cn>	Sent at: 2007.09.14

Dear customer!
Your email has been received. Thank you for your support for rising.

We have analyzed your problems and files in detail. The following are the analysis results of the files you uploaded:
1. File Name: c8.jpg.exe
Virus Name:Trojan. Clicker. win32.delf. Il

The virus file you reported will be processed in version 19.40.51.

Subject:	Re: c8.jpg.exe.rar [KLAB-2915271]
Sender:	"" <Newvirus@kaspersky.com>	Sent at: 2007.09.15

Hello,
C8.jpg. Ex-Trojan-Spy.Win32.Delf.bbo
New malicious software was found in this file. It's detection will be added in the next update. Thank you for your help.
Please quote all when answering.
--
Best regards, erakhtin Kirill
Virus analyst, Kaspersky Lab.

File Description: C:/Documents and Settings/Administrator/Local Settings/temp/ck3.jpg.exe
Attribute: ---
An error occurred while obtaining the file version information!
Creation Time: 7:44:10
Modification time: 17:20:42
Access time:
Size: 26777 bytes, 26.153 KB
MD5: c700f613cd7e115b13e39c0b42958b4c
Hsa1: 03569a04ef382e82245a9a61d91_1fea0e0a3da

Subject:	Virus report email analysis result-flow Ticket No.: 20070914231334416615
Sender:	"" <Send@rising.net.cn>	Sent:

Dear customer!
Your email has been received. Thank you for your support for rising.

We have analyzed your problems and files in detail. The following are the analysis results of the files you uploaded:
1. File Name: ck3.jpg.exe
Virus Name:Trojan. Clicker. win32.delf. ik

The virus file you reported will be processed in version 19.40.51.

Subject:	Re: ck3.jpg.exe.rar [KLAB-2915279]
Sender:	"" <Newvirus@kaspersky.com>	Sent:

Hello,
Ck3.jpg. Ex-Trojan-Spy.Win32.Delf.bbn
New malicious software was found in this file. It's detection will be added in the next update. Thank you for your help.
Please quote all when answering.
--
Best regards, erakhtin Kirill
Virus analyst, Kaspersky Lab.