The system time is modified to use the xibgptd.exe, netdde32.exe, and so on.

The system time is modified to use the xibgptd.exe, netdde32.exe, and so on.

EndurerOriginal
1Version

File Description: C:/Windows/netdde32.exe
Property:-sh-
An error occurred while obtaining the file version information!
Creation Time:
Modification time: 9:19:16
Access time:
Size: 46080 bytes, 45.0 KB
MD5: a51350e65839a16ab5f5de5de6c525e8

Subject:	Re: netdde32.exe [KLAB-2608379]
Sender:	"" <Newvirus@kaspersky.com>	Sent:

Hello,
Netdde32.exed-Trojan-Downloader.Win32.QQHelper.wk
New malicious software was found in this file. It's detection will be added in the next update. Thank you for your help.
Please quote all when answering.
--
Best regards, Denis maslennikov
Virus analyst, Kaspersky Lab.

Subject:	Virus report email analysis result-flow Ticket No.: 20070810220249050458
Sender:	"" <Send@rising.net.cn>	Sent:

Dear customer!
Your email has been received. Thank you for your support for rising.

We have analyzed your problems and files in detail. The following are the analysis results of the files you uploaded:
1. File Name: netdde32.exe
Virus Name:Trojan. DL. win32.agent. xpe

The virus file you reported will be processed in version 19.35.61.

C:/Windows/system32/netdde32.exe is the same as C:/Windows/netdde32.exe.

File Description: C:/Windows/svrsvc.exe
Attribute: ---
An error occurred while obtaining the file version information!
Creation Time:
Modification time:
Access time:
Size: 46080 bytes, 45.0 KB
MD5: f13eba00e68a7752cbe56e14d9b4a43c

Kaspersky reportsTrojan. win32.agent. AVL(Pe_patch.upx/UPX)

File Description: C:/program files/common files/Microsoft shared/xibgptd.exe
Property:-sh-
An error occurred while obtaining the file version information!
Creation Time:
Modification time:
Access time:
Size: 30545 bytes, 29.849 KB
MD5: 7429c648771095716ef3aaf620966c7e

Kaspersky reportsTrojan-Downloader.Win32.Agent.bpp

D:/pnxxupm.exe, E:/pnxxupm.exe, F:/pnxxupm.exe, C:/program files/common files/system/xmjisnw.exe and xibgptd.exe are the same.

File Description: C:/Windows/system32/dhcins.exe
Attribute :----
An error occurred while obtaining the file version information!
Creation Time:
Modification time: 11:34:50
Access time:
Size: 11090 bytes, 10.850 KB
MD5: ce21c15571fe339a7a683e4572a6b188

Subject:	Re: dhcins.exe [KLAB-2608177]
Sender:	"" <Newvirus@kaspersky.com>	Sent:

Hello,
Dhcins.exe d-Trojan-Spy.Win32.Delf.uv
New malicious software was found in this file. It's detection will be added in the next update. Thank you for your help.
Please quote all when answering.
--
Best regards, Denis maslennikov
Virus analyst, Kaspersky Lab.

Subject:	Virus report email analysis result-flow Ticket No.: 20070810221050220667
Sender:	"" <Send@rising.net.cn>	Sent at: 11:40:01

Dear customer!
Your email has been received. Thank you for your support for rising.

We have analyzed your problems and files in detail. The following are the analysis results of the files you uploaded:
1. File Name: dhcins.exe
Virus Name:Trojan. psw. win32.xyonline. Eg

The virus file you reported will be processed in version 19.35.50.

File Description: C:/Windows/system32/mydpri. dll
Attribute :----
An error occurred while obtaining the file version information!
Creation Time: 9:14:10
Modification time: 9:14:12
Access time:
Size: 19580 bytes, 19.124 KB
MD5: bdb5ea719fa38f956dfba3d4e0659dbf

Subject:	Re: mydpri. dll [KLAB-2608201]
Sender:	"" <Newvirus@kaspersky.com>	Sending time:

Hello,
Mydpri. dll-Trojan-Spy.Win32.Delf.uv
New malicious software was found in this file. It's detection will be added in the next update. Thank you for your help.
Please quote all when answering.
--
Best regards, Denis maslennikov
Virus analyst, Kaspersky Lab.

Subject:	Virus report email analysis result-flow Ticket No.: 20070810221136853681
Sender:	"" <Send@rising.net.cn>	Sent:

Dear customer!
Your email has been received. Thank you for your support for rising.

We have analyzed your problems and files in detail. The following are the analysis results of the files you uploaded:
1. File Name: mydpri. dll
Virus Name:Trojan. psw. win32.roconline. BP

The virus file you reported will be processed in version 19.35.50.

File Description: C:/Windows/system32/dhcpri. dll
Attribute :----
An error occurred while obtaining the file version information!
Creation Time: 9:13:51
Modification time: 9:13:52
Access time:
Size: 16435 bytes, 16.51 KB
MD5: ca4e84ecf4c29afec5abc21535092319

Subject:	Re: dhcpri. dll [KLAB-2608248]
Sender:	"" <Newvirus@kaspersky.com>	Sent :,

Hello,
Dhcpri. dll-Trojan-Spy.Win32.Delf.uv
New malicious software was found in this file. It's detection will be added in the next update. Thank you for your help.
Please quote all when answering.
--
Best regards, Denis maslennikov
Virus analyst, Kaspersky Lab.

Subject:	Virus report email analysis result-flow Ticket No.: 20070810220526706016
Sender:	"" <Send@rising.net.cn>	Sent:

Dear customer!
Your email has been received. Thank you for your support for rising.

We have analyzed your problems and files in detail. The following are the analysis results of the files you uploaded:
1. File Name: dhcpri. dll
Virus Name:Trojan. psw. win32.xyonline. Eg

The virus file you reported will be processed in version 19.35.50.

File Description: C:/Windows/system32/wgepri. dll
Attribute :----
An error occurred while obtaining the file version information!
Creation Time: 9:13:57
Modification time: 9:13:58
Access time:
Size: 18474 bytes, 18.42 KB
MD5: 795aab4a35a33fa767519793a7ffb73f

RisingTrojan. psw. win32.onlinegames. xma

Scanned file: wgepri. dll-infected

Wgepri. dll-infected by Trojan-Spy.Win32.Delf.uv

Subject:	Re: wgepri. dll [KLAB-2608147]
Sender:	"" <Newvirus@kaspersky.com>	Sent:

Hello,
Wgepri. dll-Trojan-Spy.Win32.Delf.uv
New malicious software was found in this file. It's detection will be added in the next update. Thank you for your help.
Please quote all when answering.
--
Best regards, Denis maslennikov
Virus analyst, Kaspersky Lab.

File Description: C:/Windows/system32/jzupli. dll
Attribute :----
An error occurred while obtaining the file version information!
Creation Time: 9:14:28
Modification time: 9:14:30
Access time:
Size: 16426 bytes, 16.42 KB
MD5: 9e7165ac8cc3079ba420e482be34eec3

RisingTrojan. psw. win32.onlinegames. UCG

Scanned file: jzupli. dll-infected

Jzupli. dll-infected by Trojan-PSW.Win32.OnLineGames.uo

File Description: C:/Windows/system32/Drivers/qgqelbr. sys
Attribute: ---
Language: Chinese (China)
File version: 1, 0, 1, 3
Description: SYS Application
Copyright: Copyright (c) 2006
Note:
Product Version: 1, 0, 1, 3
Product Name: SYS Application
Company Name: Beijing sanqi eryi Technology Co., Ltd.
Legal trademark:
Internal name: SYS
Source File Name: sys.exe
Creation Time: 14:13:20
Modification time: 14:13:22
Access time:
Size: 37888 bytes, 37.0 KB
MD5: 3382efb9f0971c070d7b91b4e484bf7c

File Description: C:/Windows/system32/dllcache/svchost.exe
Properties: A-H-
Language: English (USA)
File version:
Note:
Copyright: (c) Microsoft Corporation. All rights reserved.
Note:
Product Version:
Product Name: Microsoft (r) Windows (r) Operating System
Company Name: Microsoft Corporation
Legal trademark:
Internal Name:
Source File Name:
Creation Time:
Modification time:
Access time:
Size: 14416 bytes, 14.80 KB
MD5: d7cca6e3d786a49ccbcba8eef102a48d

Subject:	Re: svchost.exe [KLAB-2608246]
Sender:	"" <Newvirus@kaspersky.com>	Sent :,

Hello,
Svchost.exe d-Backdoor. win32.agent. ahj
New malicious software was found in this file. It's detection will be added in the next update. Thank you for your help.
Please quote all when answering.
--
Best regards, Denis maslennikov
Virus analyst, Kaspersky Lab.

Subject:	Virus report email analysis result-flow Ticket No.: 20070810220746682662
Sender:	"" <Send@rising.net.cn>	Sent:

Dear customer!
Your email has been received. Thank you for your support for rising.

We have analyzed your problems and files in detail. The following are the analysis results of the files you uploaded:
1. File Name: svchost.exe
Virus Name:Trojan. DL. win32.agent. XOF

The virus file you reported will be processed in version 19.35.51.

C:/Windows/system32/dllcache/1028/svchost.exe is the same as C:/Windows/system32/dllcache/svchost.exe.

File Description: C:/Windows/system32/he1p.exe
Attribute: ---
Language: Chinese (China)
File version: 1, 0, 0, 1
Note: iexplorer
Copyright: Copyright (c) 2007
Note:
Product Version: 5.1.2600.2180
Product Name: Microsoft (r) Windows (r) Operating System
Company Name: Microsoft Corporation
Legal trademark:
Internal name: iexplorer
Source File Name: icycler.exe
Creation Time:
Modification time:
Access time:
Size: 291553 bytes, 284.737 KB
MD5: 53cd1cff065427044adec890e88a2321

Kaspersky reportsTrojan-Spy.Win32.Agent.pi

File Description: C:/Windows/system32/2dd519ed. exe
Attribute: ---
Language: English (USA)
File version:
Note:
Copyright: (c) Microsoft Corporation. All rights reserved.
Note:
Product Version:
Product Name: Microsoft (r) Windows (r) Operating System
Company Name: Microsoft Corporation
Legal trademark:
Internal Name:
Source File Name:
Creation Time:
Modification time:
Access time:
Size: 17965 bytes, 17.557 KB
MD5: 02d5ee3b1c76d5c33a6d7f9d4aa3fc21

Kaspersky reportsBackdoor. win32.agent. ahj

File Description: C:/Windows/system32/45119f1b. dll
Attribute: ---
Language: English (USA)
File version:
Note:
Copyright: (c) Microsoft Corporation. All rights reserved.
Note:
Product Version:
Product Name: Microsoft (r) Windows (r) Operating System
Company Name: Microsoft Corporation
Legal trademark:
Internal Name:
Source File Name:
Creation Time:
Modification time: 10:33:54
Access time:
Size: 40960 bytes, 40.0 KB
MD5: 052a32cadff6b4222712c60ecb0096b5

Kaspersky reportsBackdoor. win32.agent. ahj

File Description: C:/Windows/kb908024.log
Property:-sh-
An error occurred while obtaining the file version information!
Creation Time: 8:11:19
Modification time: 11:47:42
Access time:
Size: 67584 bytes, 66.0 KB
MD5: 1e2189cb4b22b9e9ba334c1f1c38839d

File Description: C:/Windows/system32/mshttpapp. dll
Attribute: ---
Language: Chinese (China)
File version: 1.0.0.1
Description: mshttpapp
Copyright: Microsoft Corporation. All rights reserved.
Note:
Product Version: 1.0.0.1
Product Name: mshttpapp
Company Name: Microsoft Corporation
Legal trademark:
Internal name: mshttpapp. dll
Source File Name: mshttpapp. dll
Creation Time: 16:14:19
Modification time:
Access time:
Size: 167936 bytes, 164.0 KB
MD5: 0c228bbfb5645be2c62156a9c258aa

Subject:	Re: mshttpapp.dll.rar [KLAB-2613420]
Sender:	"" <Newvirus@kaspersky.com>	Sent at: 2007.08.11

Hello.
Not-a-virus: adware. win32.bho. DC
New malicious software was found in the attached file.
It's detection will be removed in the next update. Thank you for your help.
-----------------
Regards, Yury nesmachny
Virus analyst, Kaspersky Lab.

Subject:	Virus report email analysis result-flow Ticket No.: 20070810220933051582
Sender:	"" <Send@rising.net.cn>	Sent:

Dear customer!
Your email has been received. Thank you for your support for rising.

We have analyzed your problems and files in detail. The following are the analysis results of the files you uploaded:
1. File Name: mshttpapp. dll
:) Virus Name:Adware. win32.agent. NWP

The virus file you reported will be processed in version 19.35.51.

File Description: C:/Windows/system32/jqxelw. dll
Attribute: ---
An error occurred while obtaining the file version information!
Creation Time:
Modification time: 23:54:26
Access time:
Size: 87011 bytes, 84.995 KB
MD5: 6a9a7bd135a686c7f72d7811c06f5853

RisingTrojan. win32.agent. vcy

Subject:	Re: jqxelw.dll.rar [KLAB-2610102]
Sender:	"" <Newvirus@kaspersky.com>	Sent:

Hello.
No malicious software was found in the attached file.
Please quote all when answering. Do not forget to include you registration data.
-----------------
Regards, maslennikov Denis
Virus analyst, Kaspersky Lab.

File Description: C:/program files/qq2006/Q. dll
Attribute :----
An error occurred while obtaining the file version information!
Creation Time: 8:12:39
Modification time: 23:54:26
Access time:
Size: 43782 bytes, 42.774 KB
MD5: 8567b830971574d8c64ca4f7b7000089

RisingTrojan. win32.agent. VAC

Subject:	Re: Q. dll [KLAB-2613965]
Sender:	"" <Newvirus@kaspersky.com>	Sent:

Hello.
New malicious software was found in the attached file.
It's detection will be removed in the next update. Thank you for your help.
--
Regards, Ilya goncharov
Virus analyst, Kaspersky Lab.

Scanned file: Q. dll-infected

Q. dll-infected by Trojan. win32.agent. app

File Description: C:/Windows/web.exe
Attribute: ---
An error occurred while obtaining the file version information!
Creation Time: 12:12:48
Modification time:
Access time: 14:26:38
Size: 27136 bytes, 26.512 KB
MD5: 67ed76324b51a5a7b7c77779783366c0

Kaspersky reportsTrojan-Downloader.Win32.Delf.bjy(Pe_patch.upx/UPX), which isTrojan. win32.agent. VAC