Removed: avifil.dll (trojan Smardf)

May 9, 2010 by NightWatcher
Filed under: Malware 
: Solved!

You should Download Removal Tool here...

Malware: 1003yrqvd.exe

Removed: C:\WINDOWS\system32\avifil.dll

—————————————————————————————————————————-
Detected by UnHackMe:

Item Name: {D2C6D136-A157-4C2D-9D17-3C2354B25E20} (ramdom item name)
Author: Unknown
Related File: C:\WINDOWS\SYSTEM32\AVIFIL.DLL (random filname)
Type: Browser Helper Objects

Removal Results: Success
Number of reboot: 1
—————————————————————————————————————————-
Classification:

Antivirus Version Last Update Result
F-Secure 9.0.15370.0 2010.05.07 Trojan-Dropper:W32/Agent.DIWV
Kaspersky 7.0.0.125 2010.05.08 Trojan.Win32.Smardf.mls
Microsoft 1.5703 2010.05.08 TrojanDropper:Win32/Boaxxe.G
NOD32 5096 2010.05.07 a variant of Win32/Rootkit.Podnuha.NCE

—————————————————————————————————————————-
Additional information
File size: 142848 bytes
MD5 : f7aaf4ed8bcb977b1db6c8a692733ee2
SHA1 : 679ade2afc691b86f4ef8ba0c233a69fa7526698
SHA256: 66f92c5adea8845509f5f473cebfe830257b75c3acd6a121107a2027e55b2f2d
—————————————————————————————————————————-
Installation
When the program is executed, it creates the following registry subkeys and values:

———————————-
Keys added:5
———————————-
HKLM\Software\Classes\CLSID\{D2C6D136-A157-4C2D-9D17-3C2354B25E20}
HKLM\Software\Classes\CLSID\{D2C6D136-A157-4C2D-9D17-3C2354B25E20}\InprocServer32
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D2C6D136-A157-4C2D-9D17-3C2354B25E20}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\BITS
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\BITS\B08A1

———————————-
Values added:7
———————————-
HKLM\Software\Classes\CLSID\{D2C6D136-A157-4C2D-9D17-3C2354B25E20}\InprocServer32\: “C:\WINDOWS\system32\avifil.dll”
HKLM\Software\Classes\CLSID\{D2C6D136-A157-4C2D-9D17-3C2354B25E20}\InprocServer32\ThreadingModel: “apartment”
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\BITS\B08A1\bf: 9D 5D EA 98 47 F9 A2 50 69 54 4A 1C 17 24 32 DA F3 94 44 53 AF 81 CF 39 97 2B F8 CB 42 FB 06
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\BITS\B08A1\bk: A5 23 84 8C 38 F3 D7 2C 08 2A 57 5E 5B 60 6B 8B DD 95 32 22 F7 B3 97 68 D3 74 95 9D 1D A2 32 BD 6C D2 73 7D BE 4A 66
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\BITS\B08A1\iu: 0x000003EB
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\BITS\B08A1\mu: 7B 14 AE 47 E1 7A 84 3F
HKCU\Software\Microsoft\Internet Explorer\Main\TabProcGrowth: 0×00000001

———————————-
Files added:1
———————————-
C:\WINDOWS\system32\avifil.dll

———————————-
Total changes:13
———————————-

—————————————————————————————————————————-
Recommended software:
UnHackMe anti-rootkit and anti-malware
http://www.unhackme.com
RegRun Security Suite (Good choice for removal and protection)
http://www.regrun.com


Recommended: UnHackMe anti-rootkit and anti-malware

Premium software: RegRun Security Suite (Good choice for removal and protection)

Written by

Malware Hunter.

Tags: avifil.dll, Smardf

Comments

Tell me what you're thinking...
and oh, if you want a pic to show with your comment, go get a gravatar!

You must be logged in to post a comment.