EndurerOriginal
1Version
A netizen's computer encountered a problem: An error occurred while turning on IE and closed it. Let me help with the repair.
Via QQ Remote Assistance.
Double-click the IE icon on the desktop to bring up the 5460. dll error message box.
Pe_xscan is used to scan logs and the following suspicious items are found:
/==============
Pe_xscan by Purple endurer
2006-12-29 12:35:22
Windows XP Service Pack 2 (5.1.2600)
Administrator user group
C:/Windows/EXPLORER. EXE * 1676
C:/Windows/system32/windhcp. ocx * 15:36:50
C:/Windows/system32/winsmd.exe * 3258*2006-12-25 9:47:46
O2-BHO xbtp00162 class-{EBA8FC1C-C7BB-4306-B019-99AA73D1021C}-C:/Windows/downlo ~ 1/5460. dll
* O3-IE Toolbar:-{6ae02e1c-8859-4f57-9097-5a55a56a4caf}-C:/Windows/Downloaded Program Files/5460.dll
O4-HKLM/../run: [soundm] winsmd.exe
O16-DPF: {6ae02e1c-8859-4f57-9097-5a55a56a4caf} (5460 toolbar)-hxxp: // images.5460.net/toolbar/webinstall/5460.cab
O23-service: NPF (netgroup Packet Filter Driver)-system32/Drivers/NPF. sys (auto start)
===============/
I haven't gotten to 5460.net for a long time. I couldn't think of a 5460. dll advertisement.
Download hijackthis and procview from http://endurer.ys168.com.
Use procview to terminate the process C:/Windows/system32/winsmd.exe.
Download bat_do and fileinfo to the http://purpleendurer.ys168.com.
Use fileinfo to extract the following file information. bat_do will package and back up the file and delete it. If it cannot be deleted, it will be executed at the next startup.
File description:C:/Windows/downlo ~ 1/5460. dll
Attribute: ---
Language: English (USA)
File version: 1, 0, 0, 4
Notes: IE Toolbar
Copyright: Copyright 2001-2003. All rights reserved.
Note:
Product Version: 1, 0, 0, 1
Product Name: IE Toolbar
Company Name: IE Toolbar
Legal trademark:
Internal name: IE Toolbar
Source File Name: toolbar. dll
Creation Time: 13:48:43
Modification time: 13:50:18
Access time: 12:50:42
Size: 544768 bytes, 532.0 KB
MD5: 9effd673d996bb65c4ff611a113784c8
Kaspersky reportsNot-a-virus: adware. win32.mytool. fThe rising report isTrojan. Agent. yjy.
File description:C:/Windows/system32/winsmd.exe
Attribute: ---
An error occurred while obtaining the file version information!
Creation Time: 13:52:52
Modification time: 9:47:46
Access time:
Size: 123697 bytes, 120.817 KB
MD5: 285c29347551fee9c6cee2c213493edf
Kaspersky reportsTrojan-PSW.Win32.Nilage.annThe rising report isTrojan. psw. lmir. LKH.
File description:C:/Windows/system32/Drivers/NPF. sys
Property:-sh-
Language: language neutral
File version: 3, 1, 0, 27
Note: NPF
Copyright: copyright? 2005 cace technologies. Copyright? 2003-2005 netgroup, Politecnico di Torino.
Note:
Product Version: 3, 1, 0, 27
Product Name: Winpcap netgroup Packet Filter Driver
Company Name: cace Technologies
Legal trademark:
Internal name: NPF + tme
Source File Name: NPF. sys
Creation Time: 13:56:41
Modification time: 11:16:46
Access time:
Size: 39920 bytes, 38.1008 KB
MD5: c153a16fc677f8cc2965227d424374e0
RisingTrojan. psw. wowar. QD.
File description:D:/Windows/system32/windhcp. ocx
Attribute: ---
An error occurred while obtaining the file version information!
Creation Time: 13:59:45
Modification time: 15:36:50
Access time: 12:59:58
Size: 41472 bytes, 40.512 KB
MD5: d98249fd3ab41817f7bac87d97912b63
RisingTrojan. Agent. kh0.
Use hijackthis to fix the suspicious items listed above.
Go to the Registry to delete the project of the NPF (netgroup Packet Filter Driver) service.