Wuauclt.exe error? Wself. bat, abopx. sys, etc.
Original endurer
1st-
When the computer in the hotel is turned on, it is found that there is a small sensen recovery card installed. after entering the desktop, the monitoring icon of Kaspersky and 360's System Tray area shows a small face and disappears.
Prompt box pops up occasionally:
Pe_xscan is used to scan logs and the following suspicious items are found:
Pe_xscan 08-08-01 by Purple endurer
2008-10-1 20:40:55
Windows XP Service Pack 2 (5.1.2600)
MSIE: 6.0.2900.2180
Administrator user group
Normal Mode
(Process Module omitted)
O4-HKLM/../run: []
O4-Global startup: Self. Bat-> fail to open file
O23-service: abopx (abopx)-C:/Windows/system32/Drivers/abopx. sys | (manual)
O23-service: abopxy (abopxy)-C:/Windows/system32/Drivers/abopxy. sys | 12:36:24 (manual)
O23-service: opxyzq (opxyzq)-C:/Windows/system32/Drivers/opxyzq. sys | 12:37:23 (manual)
O23-service: qpxayz (qpxayz)-C:/Windows/system32/Drivers/qpxayz. sys | 12:39:44 (manual)
O23-service: xyzqa (xyzqa)-C:/Windows/system32/Drivers/xyzqa. sys | (manual)
O23-service: xyzqab (xyzqab)-C:/Windows/system32/Drivers/xyzqab. sys | (manual)
O23-service: yzpcxb (yzpcxb)-C:/Windows/system32/Drivers/yzpcxb. sys | 12:39:56 (manual)
O26-ifeo: 360rpt.exe-> ntsd-d
O26-ifeo: 360safe.exe-> ntsd-d
O26-ifeo: 360tray.exe-> ntsd-d
O26-ifeo: adam.exe-> ntsd-d
O26-ifeo: agentsvr.exe-> ntsd-d
O26-ifeo: antiarp.exe-> ntsd-d
O26-ifeo: Prepare vc32.exe-> ntsd-d
O26-ifeo: autoruns.exe-> ntsd-d
O26-ifeo: avconsol.exe-> ntsd-d
O26-ifeo: avgrssvc.exe-> ntsd-d
O26-ifeo: avmonitor.exe-> ntsd-d
O26-ifeo: avp.com-> ntsd-d
O26-ifeo: avp.exe-> ntsd-d
O26-ifeo: ccenter.exe-> ntsd-d
O26-ifeo: ccsvchst.exe-> ntsd-d
O26-ifeo: drvanti.exe-> ntsd-d
O26-ifeo: drwadins.exe-> ntsd-d
O26-ifeo: drwebstc.exe-> ntsd-d
O26-ifeo: drwebupw.exe-> ntsd-d
O26-ifeo: eghost.exe-> ntsd-d
O26-ifeo: filedsty.exe-> ntsd-d
O26-ifeo: filemon.exe-> ntsd-d
O26-ifeo: ftcleanershell.exe-> ntsd-d
O26-ifeo: fyfirewall.exe-> ntsd-d
O26-ifeo: gfring3.exe-> ntsd-d
O26-ifeo: gfupd.exe-> ntsd-d
O26-ifeo: guardfield.exe-> ntsd-d
O26-ifeo: hijackthis.exe-> ntsd-d
O26-ifeo: icesword.exe-> ntsd-d
O26-ifeo: iparmo.exe-> ntsd-d
O26-ifeo: iparmor.exe-> ntsd-d
O26-ifeo: ispwdsvc.exe-> ntsd-d
O26-ifeo: kabaload.exe-> ntsd-d
O26-ifeo: kascrscn. scr-> ntsd-d
O26-ifeo: kasmain.exe-> ntsd-d
O26-ifeo: kastask.exe-> ntsd-d
O26-ifeo: kav32.exe-> ntsd-d
O26-ifeo: kavdx.exe-> ntsd-d
O26-ifeo: kavpf.exe-> ntsd-d
O26-ifeo: kavpfw.exe-> ntsd-d
O26-ifeo: kavsetup.exe-> ntsd-d
O26-ifeo: kavstart.exe-> ntsd-d
O26-ifeo: kislnchr.exe-> ntsd-d
O26-ifeo: kmailmon.exe-> ntsd-d
O26-ifeo: kmfilter.exe-> ntsd-d
O26-ifeo: kpfw32.exe-> ntsd-d
O26-ifeo: kpfw32x.exe-> ntsd-d
O26-ifeo: kpfwsvc.exe-> ntsd-d
O26-ifeo: kregex.exe-> ntsd-d
O26-ifeo: krepair.com-> ntsd-d
O26-ifeo: ksloader.exe-> ntsd-d
O26-ifeo: kvcenter. KXP-> ntsd-d
O26-ifeo: kvdetect.exe-> ntsd-d
O26-ifeo: kvfwmcl.exe-> ntsd-d
O26-ifeo: kvmonxp. KXP-> ntsd-d
O26-ifeo: kvmonxp_1.kxp-> ntsd-d
O26-ifeo: kvol.exe-> ntsd-d
O26-ifeo: kvolself.exe-> ntsd-d
O26-ifeo: kvreport. KXP-> ntsd-d
O26-ifeo: kvscan. KXP-> ntsd-d
O26-ifeo: kvsrvxp.exe-> ntsd-d
O26-ifeo: kvstub. KXP-> ntsd-d
O26-ifeo: kvupload.exe-> ntsd-d
O26-ifeo: kvwsc.exe-> ntsd-d
O26-ifeo: kvxp. KXP-> ntsd-d
O26-ifeo: kvxp_1.kxp-> ntsd-d
O26-ifeo: kwatch.exe-> ntsd-d
O26-ifeo: kwatch9x.exe-> ntsd-d
O26-ifeo: kwatchx.exe-> ntsd-d
O26-ifeo: magicset.exe-> ntsd-d
O26-ifeo: mcconsol.exe-> ntsd-d
O26-ifeo: mmqczj.exe-> ntsd-d
O26-ifeo: mmsk.exe-> ntsd-d
O26-ifeo: navapsvc.exe-> ntsd-d
O26-ifeo: navapw32.exe-> ntsd-d
O26-ifeo: nod32.exe-> ntsd-d
O26-ifeo: nod32krn.exe-> ntsd-d
O26-ifeo: nod32kui.exe-> ntsd-d
O26-ifeo: npfmntor.exe-> ntsd-d
O26-ifeo: ollydbg. exe-> ntsd-d
O26-ifeo: ollyice. exe-> ntsd-d
O26-ifeo: pfw.exe-> ntsd-d
O26-ifeo: pfwliveupdate.exe-> ntsd-d
O26-ifeo: procexp.exe-> ntsd-d
O26-ifeo: qhset.exe-> ntsd-d
O26-ifeo: qqdoctor.exe-> ntsd-d
O26-ifeo: qqkav.exe-> ntsd-d
O26-ifeo: ras.exe-> ntsd-d
O26-ifeo: ravcopy.exe-> ntsd-d
O26-ifeo: ravmon.exe-> ntsd-d
O26-ifeo: ravmond.exe-> ntsd-d
O26-ifeo: ravstub.exe-> ntsd-d
O26-ifeo: ravtask.exe-> ntsd-d
O26-ifeo: ravxp.exe-> ntsd-d
O26-ifeo: rawcopy.exe-> ntsd-d
O26-ifeo: regclean.exe-> ntsd-d
O26-ifeo: regedit.exe-> ntsd-d
O26-ifeo: regmon.exe-> ntsd-d
O26-ifeo: regtool.exe-> ntsd-d
O26-ifeo: rfw.exe .exe-> ntsd-d
O26-ifeo: rfwmain.exe-> ntsd-d
O26-ifeo: rfwproxy.exe-> ntsd-d
O26-ifeo: rfwsrv.exe-> ntsd-d
O26-ifeo: rfwstub.exe-> ntsd-d
O26-ifeo: rsagent.exe-> ntsd-d
O26-ifeo: rsaupd.exe-> ntsd-d
O26-ifeo: runiep.exe-> ntsd-d
O26-ifeo: safelive.exe-> ntsd-d
O26-ifeo: scan32.exe-> ntsd-d
O26-ifeo: shda-32.exe-> ntsd-d
O26-ifeo: smartup.exe-> ntsd-d
O26-ifeo: spiderml.exe-> ntsd-d
O26-ifeo: spidernt.exe-> ntsd-d
O26-ifeo: spiderui.exe-> ntsd-d
O26-ifeo: spml_set.exe-> ntsd-d
O26-ifeo: Sreng. exe-> ntsd-d
O26-ifeo: symlcsvc.exe-> ntsd-d
O26-ifeo: syssafe.exe-> ntsd-d
O26-ifeo: taskmgar.exe-> ntsd-d
O26-ifeo: trojandetector.exe-> ntsd-d
O26-ifeo: trojanwall.exe-> ntsd-d
O26-ifeo: trojdie. KXP-> ntsd-d
O26-ifeo: uihost.exe-> ntsd-d
O26-ifeo: umxagent.exe-> ntsd-d
O26-ifeo: umxattachment.exe-> ntsd-d
O26-ifeo: umxw..exe-> ntsd-d
O26-ifeo: umxfwhlp.exe-> ntsd-d
O26-ifeo: umxpol.exe-> ntsd-d
O26-ifeo: uplive.exe-> ntsd-d
O26-ifeo: vsstat.exe-> ntsd-d
O26-ifeo: webscanx.exe-> ntsd-d
O26-ifeo: wopticlean.exe-> ntsd-d
It can be confirmed that the computer won the bid, and the virus penetrated the recovery card ~
Regedit.exe has all been hijacked ~