A literary forum is infected with worm. win32.agent. IPI/Trojan. win32.agent. AVT
Original endurerVersion 1st
Google once found that Google has marked that the website may contain malware, which may harm your computer.
Check the webpage code of the forum and add it:/------/
Hxxp: // A ** aa.3 ** 6 ** 96 ** 78.cn/xiaoyu.htmContent:/------/
Hxxp: // A ** aa.3 ** 6
The trojan that took me a day to solve is really hard to find.
1. We found that the c: \ windows \ system32 \ 30pzg8d. dll file was infected with Trojan. DL. win32.hmir. HL but it could not be deleted, so we had to force it through the ice blade icesword.
3. Restart after deletion. rundll prompts that the 30pzg8d. dll module cannot be found, indicating that
X tianyao Technology Co., Ltd. Trojan. DL. win32.mnless/win32.losabel
Original endurer2008-06-01 1st
Website code:/------/
Hxxp: // He * I * Dian *. go2. I ** Cp * C * n.com/wo/tzd.htm is an ASP Webpage that uses VBScript as a script and outputs VBScript.
The script uses the MS06-014 vulnerability to download hxxp: // He * I * Dian *. go2. I ** Cp * C * n.com
Encounter qfgsw. sys/Trojan-Downloader.Win32.Agent.bbb/Trojan. win32.agent. BVl, etc.
EndurerOriginalDecember1Version
Last night, a netizen said that the NOD32 in his computer was reported recently:
/---Time module object name virus operation User Name Information21:30:22 Amon file C:/Windows/system32/Drivers/qfgsw. sysWin32/trojandownloader. Agent. bbbTrojan has
Virus name: Trojan. Win32.Agent. cw
Virus Type: Trojan
File MD5: 7127fc4576a589f8cb20ab80d2c6a016
File length: 93,701 bytes
Infected system: Windows 98 or later
Shelling type: PECompact 2.x
Virus description:
The virus is a trojan. After the virus runs, the virus file is derived to the system directory. Create a servic
Scan the machine today and find a Trojan:
File: C: \ Program Files \ nuneos \ mumnos \ socesv. dllFile: C: \ Program Files \ nuneos \ mumnos \ sosvus. dllFile: C: \ Program Files \ nuneos \ micesv.exe
Microsoft's MSE scan report:
Category: Trojan
Description: This program is dangerous and executes commands from an attacker.
Recommendation: Remove this software immediately.
Microsoft Security Essenti
Rootkit. win32.ressdt. O/Trojan-Downloader.Win32.Agent.mjp Analysis
Original endurer2008-04-10 1st
It is something that Xialu has published on its official website.
Rootkit. win32.ressdt. O/Trojan-Downloader.Win32.AgentHttp://endurer.bokee.com/6681893.htmlHttp://blog.csdn.net/Purpleendurer/archive/2008/04/09/2271747.as
First, WIN32. EXE Source: Http://fdghewrtewrtyrew.biz/adv/130/win32.exeTwo Performance after operation: This WIN32.EXE through 80 and 8080 ports to access a number of IP, if the firewall can not monitor or allow the access to the firewall, WIN32.EXE will automatically download Troj
Spread of ARP virus websites such as Trojan. psw. win32.onlinegames. gen
Original endurer1st-
The virus adds code to the webpage:/------/
1 hxxp: // A ** D *. 1 ** 02 ** 4.mo *. CN/Shui **/4.htmCode included:/------/
1.1 hxxp: // www. I ** mm ** M * QM. ***. CN/h.htm contains the Code:/------/
1.1.1 hxxp: // 0 ** 867*5. Se * r ** Vice-Google. ***. CN/VIP/cn3100.htm? BB? 6. Include and output the Code:/-----
Down.exe/virus. win32.autorun. Z/Trojan. PWS. maran.262
EndurerOriginal2Added replies from Kaspersky.1Version
When you open a page that is occasionally used in the Forum, rising prompts you to download and run suspicious files.
Search by Google, and Google has already marked it:Http://www.google.cn/search? Complete = 1 HL = ZH-CN newwindow = 1 Q = % E8 % BF % 98% E7 % 8f % A0 % E5 % 8C % Ba + % E6 % 97%
Trojan. DL. win32.small. GKM
EndurerOriginal2008-01-231Version
Open the website, Kaspersky report:14:30:41 malicious HTTP object ProgramTrojan-Downloader.JS.Small.js.
Check the homepageCode, Found:/------/
It may be that the IDC where the website server is located has ARP viruses.
Hxxp: // list **. Ad ** s ** looks.info/list.js code is decrypted as follows:/---If (document. cookie. indexof ('oksun'
First, WIN32. Source of EXE: Http://fdghewrtewrtyrew.biz/adv/130/win32.exe
Two Performance after the operation: this WIN32.EXE through 80 and 8080 ports to access several IP, if the firewall can not monitor or enable the firewall to allow the access, WIN32.EXE will automatically download
Trojan. win32.killfiles. M, Packer. mian007, etc.
EndurerOriginal1Version
Just now, a netizen said that his computer was very slow recently and asked me to remotely assist in the inspection through QQ.
Download pe_xscan to scan logs and analyze the logs. The following suspicious items are found:/=Pe_xscan 07-08-30 by Purple endurerWindows XP Service Pack 2 (5.1.2600)Administrator user group
C:/Windows/syste
Trojan-Downloader.Win32.Hmir.hw/Trojan. win32.mnless. ZPC/ojj6erv. sys bypassing icesword file Detection
EndurerOriginal1Version
A netizen said that he was poisoned when he browsed a literary website two days ago. Today, computers can use anti-virus software every day to scan for viruses such as online game account theft Trojans and QQ account theft Trojans. Now
1. Source of WIN32.EXE: http://fdghewrtewrtyrew.biz/adv/130/win32.exe
Ii. performance after running: Download 1.dlb, 2. dlb... and other Trojans from the network to the current user folder and run them automatically. After the downloaded Trojan is loaded and running, it downloads other Trojans/worms from the network.
After the
Virus name (in Chinese):
Virus alias: TROJAN-PSW.WIN32.FOLIN.A[AVP]
Threat Level: ★★☆☆☆
Virus type: Trojan Horse program
Virus Length: 20818
Impact System: WIN9X\WINNT
Virus behavior:
This is a boast West tour Trojan virus, the virus can steal Dahua West play home account and password, and through the way of mail will be stolen accounts and passwords sent
Encountered Trojan. win32.agent. Kle, etc. 2
EndurerOriginal2008-05-15 th1Version
(Continued 1)
Let the netizens go to the following process:
Stop and disable services corresponding to o23
Use icesword to force the deletion of red files
Install rising Kaka Security Assistant to delete o22 and o23 items
Use WinRAR to delete windows temporary folders, ie temporary folders, and files that can be deleted in C:/
Today, with the ever-changing nature of the virus, more and more camouflage and new variants are crazy one day after another. In the face of such a situation, many netizens can only restore or reinstall the system once and again. Security Software seems to be powerless at this time, because many virus and Trojan horses began to remove the security protection function before the attack, this is not the new Trojan
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.