hoabinh_a20
New Member
Tên Virus:C:\WINDOWS\system32\qqqr.exe
C:\WINDOWS\system32\qqq.exe
C:\WINDOWS\system32\qqqhk.dll
C:\WINDOWS\system32\qqqwb.dll
Ngày phát hiện:19/7/2011
Chủng tộcR/Perflogger.AH dropper
SPR/Tool.PerfectKeylogger.412
TR/Spy.Perfloger.AB.31 Trojan
SPR/Tool.PerfectKeylogger.410
Người phát hiện:sieusystem
Cách diệt:delete qqqwb.dll,qqqhk.dll,qqq.exe,qqqr.exe bằng unlocker
Xóa regedit:HKEY_LOCAL_MACHINE\Software\Microsoft\Wind ows\CurrentVersion\Explorer\Browser Helper Objects\{1E1B2879-88FF-11D3-8D96-D7ACAC95951A
File log của Avira 10 premium:
Premium Security Suite
Report file date: Tuesday, July 19, 2011 14:47
Scanning for 2985992 virus strains and unwanted programs.
The program is running as an unrestricted full version.
Online services are available:
Licensee : Sieu Vuong Kha
Serial number : 2214948847-ISECE-0000001
Platform : Windows XP
Windows phiên bản : (Service Pack 2) [5.1.2600]
Boot mode : Normally booted
Username : AAAA
Computer name : AAAA-9ECF542063
Version information:
BUILD.DAT : 10.2.0.659 43195 Bytes 6/22/2011 16:02:00
AVSCAN.EXE : 10.3.0.7 484008 Bytes 7/18/2011 10:08:22
AVSCAN.DLL : 10.0.5.0 47464 Bytes 7/18/2011 10:08:22
LUKE.DLL : 10.3.0.5 45416 Bytes 7/18/2011 10:08:23
LUKERES.DLL : 10.0.0.1 12648 Bytes 2/10/2010 16:40:44
AVSCPLR.DLL : 10.3.0.7 119656 Bytes 7/18/2011 10:08:24
AVREG.DLL : 10.3.0.9 88833 Bytes 7/18/2011 10:08:24
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 02:05:36
VBASE001.VDF : 7.11.0.0 13342208 Bytes 12/14/2010 07:28:52
VBASE002.VDF : 7.11.3.0 1950720 Bytes 2/9/2011 07:28:54
VBASE003.VDF : 7.11.5.225 1980416 Bytes 4/7/2011 04:53:20
VBASE004.VDF : 7.11.8.178 2354176 Bytes 5/31/2011 04:53:30
VBASE005.VDF : 7.11.10.251 1788416 Bytes 7/7/2011 04:53:37
VBASE006.VDF : 7.11.10.252 2048 Bytes 7/7/2011 04:53:38
VBASE007.VDF : 7.11.10.253 2048 Bytes 7/7/2011 04:53:38
VBASE008.VDF : 7.11.10.254 2048 Bytes 7/7/2011 04:53:38
VBASE009.VDF : 7.11.10.255 2048 Bytes 7/7/2011 04:53:38
VBASE010.VDF : 7.11.11.0 2048 Bytes 7/7/2011 04:53:39
VBASE011.VDF : 7.11.11.1 2048 Bytes 7/7/2011 04:53:39
VBASE012.VDF : 7.11.11.2 2048 Bytes 7/7/2011 04:53:39
VBASE013.VDF : 7.11.11.75 688128 Bytes 7/12/2011 04:53:43
VBASE014.VDF : 7.11.11.104 978944 Bytes 7/13/2011 04:53:47
VBASE015.VDF : 7.11.11.137 655360 Bytes 7/14/2011 04:53:51
VBASE016.VDF : 7.11.11.138 2048 Bytes 7/14/2011 04:53:51
VBASE017.VDF : 7.11.11.139 2048 Bytes 7/14/2011 04:53:51
VBASE018.VDF : 7.11.11.140 2048 Bytes 7/14/2011 04:53:52
VBASE019.VDF : 7.11.11.141 2048 Bytes 7/14/2011 04:53:52
VBASE020.VDF : 7.11.11.142 2048 Bytes 7/14/2011 04:53:52
VBASE021.VDF : 7.11.11.143 2048 Bytes 7/14/2011 04:53:52
VBASE022.VDF : 7.11.11.144 2048 Bytes 7/14/2011 04:53:53
VBASE023.VDF : 7.11.11.145 2048 Bytes 7/14/2011 04:53:53
VBASE024.VDF : 7.11.11.146 2048 Bytes 7/14/2011 04:53:53
VBASE025.VDF : 7.11.11.147 2048 Bytes 7/14/2011 04:53:54
VBASE026.VDF : 7.11.11.148 2048 Bytes 7/14/2011 04:53:54
VBASE027.VDF : 7.11.11.149 2048 Bytes 7/14/2011 04:53:54
VBASE028.VDF : 7.11.11.150 2048 Bytes 7/14/2011 04:53:55
VBASE029.VDF : 7.11.11.151 2048 Bytes 7/14/2011 04:53:55
VBASE030.VDF : 7.11.11.152 2048 Bytes 7/14/2011 04:53:55
VBASE031.VDF : 7.11.11.179 164864 Bytes 7/18/2011 10:08:22
Engineversion : 8.2.6.16
AEVDF.DLL : 8.1.2.1 106868 Bytes 3/4/2011 07:28:28
AESCRIPT.DLL : 8.1.3.73 1622395 Bytes 7/18/2011 04:54:15
AESCN.DLL : 8.1.7.2 127349 Bytes 3/4/2011 07:28:27
AESBX.DLL : 8.2.1.34 323957 Bytes 7/18/2011 04:54:16
AERDL.DLL : 8.1.9.13 639349 Bytes 7/18/2011 04:54:13
AEPACK.DLL : 8.2.9.5 676214 Bytes 7/18/2011 04:54:11
AEOFFICE.DLL : 8.1.2.12 201083 Bytes 7/18/2011 04:54:09
AEHEUR.DLL : 8.1.2.144 3621240 Bytes 7/18/2011 04:54:08
AEHELP.DLL : 8.1.17.5 246135 Bytes 7/18/2011 04:54:01
AEGEN.DLL : 8.1.5.6 401780 Bytes 7/18/2011 04:54:00
AEEMU.DLL : 8.1.3.0 393589 Bytes 3/4/2011 07:28:19
AECORE.DLL : 8.1.22.4 196983 Bytes 7/18/2011 04:53:59
AEBB.DLL : 8.1.1.0 53618 Bytes 3/4/2011 07:28:19
AVWINLL.DLL : 10.0.0.0 19304 Bytes 3/4/2011 07:28:34
AVPREF.DLL : 10.0.3.2 44904 Bytes 7/18/2011 10:08:22
AVREP.DLL : 10.0.0.10 174120 Bytes 7/18/2011 10:08:24
AVARKT.DLL : 10.0.26.1 255336 Bytes 7/18/2011 10:08:22
AVEVTLOG.DLL : 10.0.0.9 203112 Bytes 7/18/2011 10:08:22
SQLITE3.DLL : 3.6.19.0 355688 Bytes 6/17/2010 07:23:04
AVSMTP.DLL : 10.0.0.17 63848 Bytes 3/4/2011 07:28:33
NETNT.DLL : 10.0.0.0 11624 Bytes 6/17/2010 07:23:03
RCIMAGE.DLL : 10.0.0.33 2901352 Bytes 7/18/2011 10:08:22
RCTEXT.DLL : 10.0.63.0 97640 Bytes 7/18/2011 10:08:22
Configuration settings for the scan:
Jobname.............................: ShlExt
Configuration file..................: C:\DOCUME~1\AAAA\LOCALS~1\Temp\3a3a2232.avp
Logging.............................: Default
Primary action......................: delete
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:,
Process scan........................: off
Scan registry.......................: off
Search for rootkits.................: off
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Deviating archive types.............: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox, +ISO,
Macro heuristic.....................: on
File heuristic......................: Complete
Deviating risk categories...........: +APPL,+GAME,+JOKE,+PCK,+PFS,+SPR,
Start of the scan: Tuesday, July 19, 2011 14:47
Starting the file scan:
Begin scan in 'C:\WINDOWS\system32'
C:\WINDOWS\system32\qqq.exe
[DETECTION] Contains recognition pattern of the DR/Perflogger.AH dropper
[NOTE] The file was deleted!
C:\WINDOWS\system32\qqqhk.dll
[DETECTION] Contains recognition pattern of the SPR/Tool.PerfectKeylogger.412 program
[NOTE] The file was deleted!
C:\WINDOWS\system32\qqqr.exe
[DETECTION] Is the TR/Spy.Perfloger.AB.31 Trojan
[NOTE] A backup was created as '0f14eccd.qua' ( QUARANTINE )
[NOTE] The file was deleted!
C:\WINDOWS\system32\qqqwb.dll
[DETECTION] Contains recognition pattern of the SPR/Tool.PerfectKeylogger.410 program
[NOTE] The registration entry
[NOTE] A backup was created as '6923a338.qua' ( QUARANTINE )
[NOTE] The file was deleted!
End of the scan: Tuesday, July 19, 2011 14:49
Used time: 02:38 Minute(s)
The scan has been done completely.
244 Scanned directories
6782 Files were scanned
4 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
4 files were deleted
0 Viruses and unwanted programs were repaired
4 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
6778 Files not concerned
7 Archives were scanned
0 Warnings
4 Notes
Link down:
You must be registered for see links