796525.dll - Dangerous

Application database

Startupapps.com recommends you:

Malware Tests - removal of the newest malware.

Detect and remove hidden rootkits using UnHackMe Free fully functional 30-days trial.

RegRun Security Suite = 24 system utilities for protecting your computer. Get it!

I would like to say that RegRun has helped me on more than 1 occasion when it comes to spyware/adware by letting me know automatically that a piece of it got added to Windows startup. There is so much spyware/addware out there today it's hard to imagine being without RegRun. I like many other features too including the daily registry backups and file protection.

Chris Wagers

796525.dll - Dangerous

796525.dll

We suggest you to remove 796525.dll from your computer as soon as possible.
796525.dll is Trojan/Backdoor.
Kill the file 796525.dll and remove 796525.dll from Windows startup.

File:
C:\sand-box\6244.exe

Classification:
Antivirus Version Last Update Result
a-squared 4.5.0.18 2009.06.18 Trojan-Dropper.Win32.Nonaco!IK
AVG 8.5.0.339 2009.06.17 BHO.IME.dropper
BitDefender 7.2 2009.06.18 Trojan.Generic.1628199
Comodo 1357 2009.06.18 TrojWare.Win32.Trojan.Agent.
Gen
DrWeb 5.0.0.12182 2009.06.17 Trojan.DownLoad.36180
F-Secure 8.0.14470.0 2009.06.17 Trojan-Dropper.Win32.BHO.bo
K7AntiVirus 7.10.766 2009.06.17 Trojan-Dropper.Win32.BHO.bh
NOD32 4164 2009.06.17 Win32/BHO.NOE
Symantec 1.4.4.12 2009.06.18 Trojan.Zlob

Additional information
File size: 16896 bytes
MD5 : a42f1934f5505ec2601b257f3e6484bc
SHA1 : e8b99ee7eeff5988df72fb82b2f89f0d797c91a8

Installation
When the program is executed, it creates the following registry subkeys and values:

----------------------------------
Keys added:22
----------------------------------
HKLM\SOFTWARE\Classes\CLSID\{E7F15AC4-E0A9-43F0-921B-70DFEA621220}
HKLM\SOFTWARE\Classes\CLSID\{E7F15AC4-E0A9-43F0-921B-70DFEA621220}\InprocServer32
HKLM\SOFTWARE\Classes\CLSID\{E7F15AC4-E0A9-43F0-921B-70DFEA621220}\ProgID
HKLM\SOFTWARE\Classes\CLSID\{E7F15AC4-E0A9-43F0-921B-70DFEA621220}\Programmable
HKLM\SOFTWARE\Classes\CLSID\{E7F15AC4-E0A9-43F0-921B-70DFEA621220}\TypeLib
HKLM\SOFTWARE\Classes\CLSID\{E7F15AC4-E0A9-43F0-921B-70DFEA621220}\VersionIndependentProgID
HKLM\SOFTWARE\Classes\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836}
HKLM\SOFTWARE\Classes\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836}\ProxyStubClsid
HKLM\SOFTWARE\Classes\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836}\ProxyStubClsid32
HKLM\SOFTWARE\Classes\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836}\TypeLib
HKLM\SOFTWARE\Classes\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}
HKLM\SOFTWARE\Classes\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}\1.0
HKLM\SOFTWARE\Classes\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}\1.0\0
HKLM\SOFTWARE\Classes\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}\1.0\0\win32
HKLM\SOFTWARE\Classes\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}\1.0\FLAGS
HKLM\SOFTWARE\Classes\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}\1.0\HELPDIR
HKLM\SOFTWARE\Classes\y537.y537mgr
HKLM\SOFTWARE\Classes\y537.y537mgr\CLSID
HKLM\SOFTWARE\Classes\y537.y537mgr\CurVer
HKLM\SOFTWARE\Classes\y537.y537mgr.1
HKLM\SOFTWARE\Classes\y537.y537mgr.1\CLSID
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7F15AC4-E0A9-43F0-921B-70DFEA621220}

----------------------------------
Values added:23
----------------------------------
HKLM\SOFTWARE\Classes\CLSID\{E7F15AC4-E0A9-43F0-921B-70DFEA621220}\VersionIndependentProgID\: "y537.y537mgr"
HKLM\SOFTWARE\Classes\CLSID\{E7F15AC4-E0A9-43F0-921B-70DFEA621220}\TypeLib\: "{E63648F7-3933-440E-AAAA-A8584DD7B7EB}"
HKLM\SOFTWARE\Classes\CLSID\{E7F15AC4-E0A9-43F0-921B-70DFEA621220}\ProgID\: "y537.y537mgr.1"
HKLM\SOFTWARE\Classes\CLSID\{E7F15AC4-E0A9-43F0-921B-70DFEA621220}\InprocServer32\: "C:\WINDOWS\system32\796525\796525.dll"
HKLM\SOFTWARE\Classes\CLSID\{E7F15AC4-E0A9-43F0-921B-70DFEA621220}\InprocServer32\ThreadingModel: "Apartment"
HKLM\SOFTWARE\Classes\CLSID\{E7F15AC4-E0A9-43F0-921B-70DFEA621220}\: "796525 Class"
HKLM\SOFTWARE\Classes\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836}\TypeLib\: "{E63648F7-3933-440E-B4F6-A8584DD7B7EB}"
HKLM\SOFTWARE\Classes\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836}\TypeLib\Version: "1.0"
HKLM\SOFTWARE\Classes\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836}\ProxyStubClsid32\: "{00020424-0000-0000-C000-000000000046}"
HKLM\SOFTWARE\Classes\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836}\ProxyStubClsid\: "{00020424-0000-0000-C000-000000000046}"
HKLM\SOFTWARE\Classes\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836}\: "Ie405mgr"
HKLM\SOFTWARE\Classes\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}\1.0\0\win32\: "C:\WINDOWS\system32\796525\796525.dll"
HKLM\SOFTWARE\Classes\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}\1.0\HELPDIR\: "C:\WINDOWS\system32\796525\"
HKLM\SOFTWARE\Classes\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}\1.0\FLAGS\: "0"
HKLM\SOFTWARE\Classes\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}\1.0\: "796525 1.0 Type Library"
HKLM\SOFTWARE\Classes\y537.y537mgr\CurVer\: "y537.y537mgr.1"
HKLM\SOFTWARE\Classes\y537.y537mgr\CLSID\: "{E7F15AC4-E0A9-43F0-921B-70DFEA621220}"
HKLM\SOFTWARE\Classes\y537.y537mgr\: "796525 Class"
HKLM\SOFTWARE\Classes\y537.y537mgr.1\CLSID\: "{E7F15AC4-E0A9-43F0-921B-70DFEA621220}"
HKLM\SOFTWARE\Classes\y537.y537mgr.1\: "796525 Class"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7F15AC4-E0A9-43F0-921B-70DFEA621220}\: "796525 helper"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7F15AC4-E0A9-43F0-921B-70DFEA621220}\NoHOPA: 0x00000001
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7F15AC4-E0A9-43F0-921B-70DFEA621220}\NoExplorer: 0x00000001

----------------------------------
Values modified:0
----------------------------------

----------------------------------
Files added:1
----------------------------------
C:\WINDOWS\system32\796525\796525.dll

----------------------------------
Files deleted:1
----------------------------------
C:\sand-box\6244.exe

----------------------------------
Files [attributes?] modified:0
----------------------------------

----------------------------------
Folders added:1
----------------------------------
C:\WINDOWS\system32\796525

----------------------------------
Folders deleted:0
----------------------------------

----------------------------------
Total changes:48
----------------------------------

-------------------------------------------------------------------------------------
Detected by RegRun Reanimator:

Type: Browser Helper Objects
Item Name: {E7F15AC4-E0A9-43F0-921B-70DFEA621220}
Related File: C:\WINDOWS\system32\796525\796525.dll

Removal Results: Success
Number of reboot: 1

Removal: 796525.dll is removed by RegRun.

UnHackMe - Rootkit/Malware killer

Also recommended software:
RegRun Security Suite Platinum - removal and protection.

UnHackMe is a part of RegRun Security Suite Platinum.

RegRun - User's Choice

Vista Programs - full info...

What is hidden in MSDN?
.NET Secrets Revealed

Why software developers prefer Win32.FreeTechSecrets.com?

All Unix Manuals in Alphabetical Order

C# controls for .NET in 3 simple steps.

Constantly updated. Last update: November 16 2009

Interesting information about Vista programs...
Need consultation?

Would you like to add your opinion?

Quick Links: What's new?
RSS Feed
Add to AppDatabase
Ask Experts
Join forum
Links
Articles: Virus or not? SPTD####.sys
What is mc21.tmp, mc22.tmp, mc23.tmp?
Select: Necessary
Useless
At your option
Dangerous