Home > Industries > Computer

The two rogue software moved the computer to the desktop and then went on strike for half a minute.

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

EndurerOriginal

1Version

Yesterday, shortly after a netizen reinstalled Windows XP, he found that it would take half a minute to start the operation after the desktop was started. It was not normal! Let me check it.

Pe_xscan is used to scan logs and the following suspicious items are found:
/------------
Pe_xscan by Purple endurer

Windows XP Service Pack 1 (5.1.2600)
Administrator user group

O2-BHO wmpdrm-{0e674588-66b7-4e19-9d0e-2053b800f69f}-C:/Windows/system32/wmpdrm. dll

O2-BHO bandie class-{77fef28e-eb96-44ff-b511-3185dea48697}-C:/progra ~ 1/Baidu/BAR/baidubar. dll

O3-IE Toolbar:-{B580CF65-E151-49C3-B73F-70B13FCA8E86}-C:/progra ~ 1/Baidu/BAR/baidubar. dll

O4-HKLM/../run: [spoolsv] C:/Windows/system32/spoolsv/spoolsv.exe-printer
------------/

Two rogue software programs were originally at fault:

File Description: C:/Windows/system32/spoolsv/spoolsv.exe
Attribute: ---
Language: Chinese (China)
File version: 2, 0, 0, 3
Note: The auxiliary tool of maxcompute Browser
Copyright: Copyright (c) 2006
Remarks: auxiliary tool of maxcompute Browser
Product Version: 2, 0, 0, 3
Product Name: axun browser auxiliary tool
Company: Guangzhou aoxun Information Technology Co., Ltd.
Legal trademark: maxcompute (TM)
Internal name: spoolsv.exe
Source File Name: spoolsv.exe
Creation Time: 16:15:26
Modification time: 16:15:26
Access time:
Size: 45056 bytes, 44.0 KB
MD5: ca0e9f2948604660bd94d012d65d24a8

File Description: C:/Windows/system32/wmpdrm. dll
Attribute: ---
Language: Chinese (China)
File version: 2, 2, 0, 2
Note: The auxiliary tool of maxcompute Browser
Copyright: Copyright (c) 2006
Remarks: auxiliary tool of maxcompute Browser
Product Version: 2, 2, 0, 2
Product Name: axun browser auxiliary tool
Company Name: allsum info. Tech. Ltd.
Legal trademark: maxcompute (TM)
Internal name: wmpdrm. dll
Source File Name: wmpdrm. dll
Creation Time: 15:46:28
Modification time: 15:46:28
Access time:
Size: 172032 bytes, 168.0 KB
MD5: 20e6b0e65c694d3765b2c8dedb9d0c6f

All of them are notorious ......

Fix:

(For the following operations, refer to [System Restoration series] basic operation indexes.
Http://endurer.bokee.com/2591241.html)

Uninstall Baidu souba

Restart your computer to safe Mode

Use WinRAR to delete the following files and folders:

C:/Windows/system32/wmpdrm. dll
C:/Windows/system32/1116
C:/Windows/system32/bakcfs
C:/Windows/system32/mscache
C:/Windows/system32/msibm
C:/Windows/system32/msicn
C:/Windows/system32/spoolsv

Use hijackthis to scan and fix suspicious items in the pe_xscanlog column.

Clear temporary ie folders and C:/Windows/prefetch folders

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
wordpress the field rogue device detection software how to use timehop then and now best processor for desktop computer rogue software list round to nearest half a guide to software 9th edition
Related Article
Lenovo computer Update BIOS reboot prompts "Secure Flash auth...
Clear trojans on your computer

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More