Removed: C:\Program Files\Secret Crush Revealer\jsi.dll

Dmitry Sokolov recommends his nice removal tool: UnHackMe


UnHackMe quickly removes rootkits/malware/adware/browser hijack issues!

: Solved!
5 Stars (5 / 5)


Malware: 12b27c9a609d2efaf56fc00666c1197a.exe

Removed: C:\Program Files\Secret Crush Revealer\jsi.dll

—————————————————————————————————————————-
Detected by UnHackMe:

Item Name: JSIModule
Author: Unknown
Related File: C:\PROGRAM FILES\SECRET CRUSH REVEALER\JSI.DLL
Type: Registry Run

Removal Results: Success
Number of reboot: 1

—————————————————————————————————————————-
How to quickly detect malware presence?

Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\JSIModule
Value: “rundll32.exe “C:\Program Files\Secret Crush Revealer\jsi.dll”,InstallHook”

Folders:
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gi17c3pt.default\searchplugins
C:\Documents and Settings\Administrator\Local Settings\Temp\RarSFX0
C:\Program Files\Secret Crush Revealer

Files:
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gi17c3pt.default\cookies.sqlite-journal
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gi17c3pt.default\parent.lock
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gi17c3pt.default\prefs.js.ask.bak
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gi17c3pt.default\searchplugins\ask.uk.xml
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gi17c3pt.default\sessionstore.js
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\gi17c3pt.default\Cache\1FBAAA64d01
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\gi17c3pt.default\Cache\6D2EF99Ed01
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\gi17c3pt.default\Cache\AA176169d01
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\gi17c3pt.default\Cache\C1C863F0d01
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\gi17c3pt.default\Cache\CE6E2E3Ad01
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\gi17c3pt.default\Cache\D7916261d01
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\gi17c3pt.default\Cache\F3D8151Fd01
C:\Program Files\Secret Crush Revealer\jsi.dll
C:\Program Files\Secret Crush Revealer\setup.ini
C:\Program Files\Secret Crush Revealer\Uninstaller.exe
C:\Program Files\Secret Crush Revealer\Zugo.exe
—————————————————————————————————————————-
Classification:

Antivirus Version Last Update Result
F-Secure 9.0.16160.0 2011.01.06 Rootkit.44301
Kaspersky 7.0.0.125 2011.01.06 -
Microsoft 1.6402 2011.01.05 -
NOD32 5763 2011.01.05 -

—————————————————————————————————————————-

MD5 12b27c9a609d2efaf56fc00666c1197a

SHA1 a312ba722eca1633098a769aa8e927a954cc289e

SHA256 42226e15efdc88d6cdfd898832e7e7dfa73e3b9d7afe829104d405b9e12dbd22

—————————————————————————————————————————-


Installation
When the program is executed, it creates the following registry subkeys and values:

———————————-
Keys added:3
———————————-
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Secret Crush Revealer
HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E977DF1B-46B5-B449-EE8E-6143A3D0FA23}
HKCU\Software\Zugo

———————————-
Values added:10
———————————-
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\JSIModule: “rundll32.exe “C:\Program Files\Secret Crush Revealer\jsi.dll”,InstallHook”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Secret Crush Revealer\DisplayName: “Secret Crush Revealer”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Secret Crush Revealer\UninstallString: “C:\Program Files\Secret Crush Revealer\uninstaller.exe”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Secret Crush Revealer\DisplayIcon: “C:\Program Files\Secret Crush Revealer\Secret Crush Revealer.exe”
HKCU\Software\Microsoft\Internet Explorer\Main\Start Page Restore: “about:blank”
HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E977DF1B-46B5-B449-EE8E-6143A3D0FA23}\DisplayName: “Ask”
HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E977DF1B-46B5-B449-EE8E-6143A3D0FA23}\URL: “http://iws.asksearch.com/s/?q={searchTerms}&iesrc={referrer:source?}&cfg=2-347-0-2PpmX”
HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E977DF1B-46B5-B449-EE8E-6143A3D0FA23}\Codepage: 0x0000FDE9
HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E977DF1B-46B5-B449-EE8E-6143A3D0FA23}\FaviconPath: “C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\Services\search_{E977DF1B-46B5-B449-EE8E-6143A3D0FA23}.ico”
HKCU\Software\Zugo\SID: “2PpmX”

———————————-
Values modified:4
———————————-
(-) HKCU\Software\Microsoft\Internet Explorer\Main\Start Page: “about:blank”
(+) HKCU\Software\Microsoft\Internet Explorer\Main\Start Page: “http://iws.asksearch.com/?cfg=2-347-0-2PpmX”
(-) HKCU\Software\Microsoft\Internet Explorer\SearchScopes\DefaultScope: “{6A1806CD-94D4-4689-BA73-E35EA1EA9990}”
(+) HKCU\Software\Microsoft\Internet Explorer\SearchScopes\DefaultScope: “{E977DF1B-46B5-B449-EE8E-6143A3D0FA23}”

———————————-
Files added:16
———————————-
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gi17c3pt.default\cookies.sqlite-journal
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gi17c3pt.default\parent.lock
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gi17c3pt.default\prefs.js.ask.bak
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gi17c3pt.default\searchplugins\ask.uk.xml
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gi17c3pt.default\sessionstore.js
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\gi17c3pt.default\Cache\1FBAAA64d01
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\gi17c3pt.default\Cache\6D2EF99Ed01
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\gi17c3pt.default\Cache\AA176169d01
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\gi17c3pt.default\Cache\C1C863F0d01
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\gi17c3pt.default\Cache\CE6E2E3Ad01
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\gi17c3pt.default\Cache\D7916261d01
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\gi17c3pt.default\Cache\F3D8151Fd01
C:\Program Files\Secret Crush Revealer\jsi.dll
C:\Program Files\Secret Crush Revealer\setup.ini
C:\Program Files\Secret Crush Revealer\Uninstaller.exe
C:\Program Files\Secret Crush Revealer\Zugo.exe

———————————-
Files [attributes?] modified:10
———————————-
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gi17c3pt.default\cookies.sqlite
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gi17c3pt.default\places.sqlite
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gi17c3pt.default\places.sqlite-journal
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gi17c3pt.default\prefs.js
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gi17c3pt.default\search.json
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gi17c3pt.default\urlclassifierkey3.txt
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\gi17c3pt.default\Cache\_CACHE_001_
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\gi17c3pt.default\Cache\_CACHE_002_
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\gi17c3pt.default\Cache\_CACHE_003_
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\gi17c3pt.default\XPC.mfl

———————————-
Folders added:3
———————————-
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gi17c3pt.default\searchplugins
C:\Documents and Settings\Administrator\Local Settings\Temp\RarSFX0
C:\Program Files\Secret Crush Revealer

———————————-
Total changes:46
———————————-

—————————————————————————————————————————-
Recommended software:
UnHackMe anti-rootkit and anti-malware
http://www.unhackme.com
RegRun Security Suite (Good choice for removal and protection)
http://www.regrun.com

UnHackMe removes malware invisible for your antivirus!

Free Download

UnHackMe is compatible with most antivirus software.
UnHackMe is 100% CLEAN, which means it does not contain any form of malware, including adware, spyware, viruses, trojans and backdoors. VirusTotal (0/56).
System Requirements: Windows 2000-Windows 8.1. UnHackMe uses minimum of computer resources.

Testimonials:

Simon:
UnHackMe is a success where others have failed. We have used the software for sometime. Thank you for a great product, which actually works and we believe in the developers.

Bob:
The UnHackMe is a real program, no spyware or phish and works great and is easy to use. Enjoy!

2 responses on “Removed: C:\Program Files\Secret Crush Revealer\jsi.dll

Leave a Reply