v3avie0.dll – trojan Scar

I use UnHackMe for cleaning adware and viruses from my friend's computers, because it is extremely fast and effective.

Download free e-book [PDF]: "How to Easily Remove Malware with UnHackMe"

Join us on Facebook
Click to Download
Solved! The issue has been fixed!
5 Stars (5 / 5)


The file v3avie0.dll is identified as the Trojan Program that is used for stealing bank information and users passwords.
To delete v3avie0.dll we suggest you should use UnHackMe:
http://www.unhackme.com

Malware Analysis of v3avie0.dll
Executed: 0i86rk.exe
Removed: v3avie0.dll. Full path: C:\WINDOWS\system32\v3avie0.dll

—————————————————————————————————————————-
How to quickly detect malware presence?

Files:
C:\WINDOWS\system32\cyban.exe
C:\WINDOWS\system32\cyban0.dll
C:\WINDOWS\system32\ieban0.dll
C:\WINDOWS\system32\v3avast.exe
C:\WINDOWS\system32\v3avie0.dll
C:\WINDOWS\system32\v3avmn0.dll
C:\WINDOWS\system32\wuaucldt.exe
C:\0i86rk.exe
C:\autorun.inf
—————————————————————————————————————————-
Classification:

Antivirus Version Last Update Result
F-Secure 9.0.16440.0 2011.05.23 Win32.Virtob.Gen.12
Kaspersky 9.0.0.837 2011.05.23 Virus.Win32.Virut.ce
Microsoft 1.6903 2011.05.23 Virus:Win32/Virut.BN
NOD32 6145 2011.05.23 Win32/Virut.NBP

—————————————————————————————————————————-

MD5 48352ad2836dea631ba829a800ee9440

SHA1 6716bc82bcad79fcca18948a41d43470d7e8a7f2

SHA256 8eeb661352f2f60a440320ed69ad19de97ab84f8f00dd710603e1e4d961460a1

—————————————————————————————————————————-


Installation
When the program is executed, it creates the following registry subkeys and values:

———————————-
Keys added:38
———————————-
HKLM\Software\Classes\CLSID\MNDOWN
HKLM\Software\Classes\CLSID\{6EB54244-231D-4ED0-8518-3A50F06096A3}
HKLM\Software\Classes\CLSID\{6EB54244-231D-4ED0-8518-3A50F06096A3}\InprocServer32
HKLM\Software\Classes\CLSID\{6EB54244-231D-4ED0-8518-3A50F06096A3}\ProgID
HKLM\Software\Classes\CLSID\{6EB54244-231D-4ED0-8518-3A50F06096A3}\Programmable
HKLM\Software\Classes\CLSID\{6EB54244-231D-4ED0-8518-3A50F06096A3}\VersionIndependentProgID
HKLM\Software\Classes\CLSID\{7F23592B-8F2C-4C08-83A8-BBE01BF9CC64}
HKLM\Software\Classes\CLSID\{7F23592B-8F2C-4C08-83A8-BBE01BF9CC64}\InprocServer32
HKLM\Software\Classes\CLSID\{7F23592B-8F2C-4C08-83A8-BBE01BF9CC64}\ProgID
HKLM\Software\Classes\CLSID\{7F23592B-8F2C-4C08-83A8-BBE01BF9CC64}\Programmable
HKLM\Software\Classes\CLSID\{7F23592B-8F2C-4C08-83A8-BBE01BF9CC64}\VersionIndependentProgID
HKLM\Software\Classes\Interface\{6EB54245-231D-4ED0-8518-3A50F06096A3}
HKLM\Software\Classes\Interface\{6EB54245-231D-4ED0-8518-3A50F06096A3}\ProxyStubClsid
HKLM\Software\Classes\Interface\{6EB54245-231D-4ED0-8518-3A50F06096A3}\ProxyStubClsid32
HKLM\Software\Classes\Interface\{6EB54245-231D-4ED0-8518-3A50F06096A3}\TypeLib
HKLM\Software\Classes\Interface\{7F23592C-8F2C-4C08-83A8-BBE01BF9CC64}
HKLM\Software\Classes\Interface\{7F23592C-8F2C-4C08-83A8-BBE01BF9CC64}\ProxyStubClsid
HKLM\Software\Classes\Interface\{7F23592C-8F2C-4C08-83A8-BBE01BF9CC64}\ProxyStubClsid32
HKLM\Software\Classes\Interface\{7F23592C-8F2C-4C08-83A8-BBE01BF9CC64}\TypeLib
HKLM\Software\Classes\TypeLib\{6EB5424B-231D-4ED0-8518-3A50F06096A3}
HKLM\Software\Classes\TypeLib\{6EB5424B-231D-4ED0-8518-3A50F06096A3}\1.0
HKLM\Software\Classes\TypeLib\{6EB5424B-231D-4ED0-8518-3A50F06096A3}\1.0\0
HKLM\Software\Classes\TypeLib\{6EB5424B-231D-4ED0-8518-3A50F06096A3}\1.0\0\win32
HKLM\Software\Classes\TypeLib\{6EB5424B-231D-4ED0-8518-3A50F06096A3}\1.0\FLAGS
HKLM\Software\Classes\TypeLib\{6EB5424B-231D-4ED0-8518-3A50F06096A3}\1.0\HELPDIR
HKLM\Software\Classes\TypeLib\{7F235922-8F2C-4C08-83A8-BBE01BF9CC64}
HKLM\Software\Classes\TypeLib\{7F235922-8F2C-4C08-83A8-BBE01BF9CC64}\1.0
HKLM\Software\Classes\TypeLib\{7F235922-8F2C-4C08-83A8-BBE01BF9CC64}\1.0\0
HKLM\Software\Classes\TypeLib\{7F235922-8F2C-4C08-83A8-BBE01BF9CC64}\1.0\0\win32
HKLM\Software\Classes\TypeLib\{7F235922-8F2C-4C08-83A8-BBE01BF9CC64}\1.0\FLAGS
HKLM\Software\Classes\TypeLib\{7F235922-8F2C-4C08-83A8-BBE01BF9CC64}\1.0\HELPDIR
HKLM\Software\Classes\IEHlprObj.IEHlprObj
HKLM\Software\Classes\IEHlprObj.IEHlprObj\CurVer
HKLM\Software\Classes\IEHlprObj.IEHlprObj.1
HKLM\Software\Classes\IEHlprObj.IEHlprObj.1\CLSID
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EB54244-231D-4ED0-8518-3A50F06096A3}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F23592B-8F2C-4C08-83A8-BBE01BF9CC64}
HKLM\Software\Microsoft\DownloadManager

———————————-
Values added:40
———————————-
HKLM\Software\Classes\CLSID\MNDOWN\urlinfo: “lxser.x”
HKLM\Software\Classes\CLSID\{6EB54244-231D-4ED0-8518-3A50F06096A3}\VersionIndependentProgID\: “IEHlprObj.IEHlprObj”
HKLM\Software\Classes\CLSID\{6EB54244-231D-4ED0-8518-3A50F06096A3}\ProgID\: “IEHlprObj.IEHlprObj.1″
HKLM\Software\Classes\CLSID\{6EB54244-231D-4ED0-8518-3A50F06096A3}\InprocServer32\: “C:\WINDOWS\system32\v3avie0.dll”
HKLM\Software\Classes\CLSID\{6EB54244-231D-4ED0-8518-3A50F06096A3}\InprocServer32\ThreadingModel: “Apartment”
HKLM\Software\Classes\CLSID\{6EB54244-231D-4ED0-8518-3A50F06096A3}\: “IEHlprObj Class”
HKLM\Software\Classes\CLSID\{7F23592B-8F2C-4C08-83A8-BBE01BF9CC64}\VersionIndependentProgID\: “IEHlprObj.IEHlprObj”
HKLM\Software\Classes\CLSID\{7F23592B-8F2C-4C08-83A8-BBE01BF9CC64}\ProgID\: “IEHlprObj.IEHlprObj.1″
HKLM\Software\Classes\CLSID\{7F23592B-8F2C-4C08-83A8-BBE01BF9CC64}\InprocServer32\: “C:\WINDOWS\system32\ieban0.dll”
HKLM\Software\Classes\CLSID\{7F23592B-8F2C-4C08-83A8-BBE01BF9CC64}\InprocServer32\ThreadingModel: “Apartment”
HKLM\Software\Classes\CLSID\{7F23592B-8F2C-4C08-83A8-BBE01BF9CC64}\: “IEHlprObj Class”
HKLM\Software\Classes\Interface\{6EB54245-231D-4ED0-8518-3A50F06096A3}\TypeLib\: “{6EB5424B-231D-4ED0-8518-3A50F06096A3}”
HKLM\Software\Classes\Interface\{6EB54245-231D-4ED0-8518-3A50F06096A3}\TypeLib\Version: “1.0″
HKLM\Software\Classes\Interface\{6EB54245-231D-4ED0-8518-3A50F06096A3}\ProxyStubClsid32\: “{00020424-0000-0000-C000-000000000046}”
HKLM\Software\Classes\Interface\{6EB54245-231D-4ED0-8518-3A50F06096A3}\ProxyStubClsid\: “{00020424-0000-0000-C000-000000000046}”
HKLM\Software\Classes\Interface\{6EB54245-231D-4ED0-8518-3A50F06096A3}\: “IIEHlprObj”
HKLM\Software\Classes\Interface\{7F23592C-8F2C-4C08-83A8-BBE01BF9CC64}\TypeLib\: “{7F235922-8F2C-4C08-83A8-BBE01BF9CC64}”
HKLM\Software\Classes\Interface\{7F23592C-8F2C-4C08-83A8-BBE01BF9CC64}\TypeLib\Version: “1.0″
HKLM\Software\Classes\Interface\{7F23592C-8F2C-4C08-83A8-BBE01BF9CC64}\ProxyStubClsid32\: “{00020424-0000-0000-C000-000000000046}”
HKLM\Software\Classes\Interface\{7F23592C-8F2C-4C08-83A8-BBE01BF9CC64}\ProxyStubClsid\: “{00020424-0000-0000-C000-000000000046}”
HKLM\Software\Classes\Interface\{7F23592C-8F2C-4C08-83A8-BBE01BF9CC64}\: “IIEHlprObj”
HKLM\Software\Classes\TypeLib\{6EB5424B-231D-4ED0-8518-3A50F06096A3}\1.0\0\win32\: “C:\WINDOWS\system32\v3avie0.dll”
HKLM\Software\Classes\TypeLib\{6EB5424B-231D-4ED0-8518-3A50F06096A3}\1.0\HELPDIR\: “C:\WINDOWS\system32\”
HKLM\Software\Classes\TypeLib\{6EB5424B-231D-4ED0-8518-3A50F06096A3}\1.0\FLAGS\: “0″
HKLM\Software\Classes\TypeLib\{6EB5424B-231D-4ED0-8518-3A50F06096A3}\1.0\: “IEHelper 1.0 Type Library”
HKLM\Software\Classes\TypeLib\{7F235922-8F2C-4C08-83A8-BBE01BF9CC64}\1.0\0\win32\: “C:\WINDOWS\system32\ieban0.dll”
HKLM\Software\Classes\TypeLib\{7F235922-8F2C-4C08-83A8-BBE01BF9CC64}\1.0\HELPDIR\: “C:\WINDOWS\system32\”
HKLM\Software\Classes\TypeLib\{7F235922-8F2C-4C08-83A8-BBE01BF9CC64}\1.0\FLAGS\: “0″
HKLM\Software\Classes\TypeLib\{7F235922-8F2C-4C08-83A8-BBE01BF9CC64}\1.0\: “IEHelper 1.0 Type Library”
HKLM\Software\Classes\IEHlprObj.IEHlprObj\CurVer\: “IEHlprObj.IEHlprObj.1″
HKLM\Software\Classes\IEHlprObj.IEHlprObj\: “IEHlprObj Class”
HKLM\Software\Classes\IEHlprObj.IEHlprObj.1\CLSID\: “{6EB54244-231D-4ED0-8518-3A50F06096A3}”
HKLM\Software\Classes\IEHlprObj.IEHlprObj.1\: “IEHlprObj Class”
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\wuaucldt: “c:\windows\system32\wuaucldt.exe”
HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\??\C:\WINDOWS\system32\winlogon.exe: “\??\C:\WINDOWS\system32\winlogon.exe:*:enabled:@shell32.dll,-1″
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden: 0×00000000
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun: 0×00000091
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\cybansos: “C:\WINDOWS\system32\cyban.exe”
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\V3_reg: “C:\WINDOWS\system32\v3avast.exe”
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\wuaucldt: “c:\documents and settings\administrator\wuaucldt.exe”

———————————-
Values modified:2
———————————-
(-) HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue: 0×00000001
(+) HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue: 0×00000000

———————————-
Files added:21
———————————-
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\index.dat
C:\Documents and Settings\Administrator\Local Settings\Temp\History\History.IE5\desktop.ini
C:\Documents and Settings\Administrator\Local Settings\Temp\History\History.IE5\index.dat
C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\72W0YZ74\ah1[1].rar
C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\72W0YZ74\desktop.ini
C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\7W6ZBGB6\desktop.ini
C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\BXXA6NDN\ah1[1].rar
C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\BXXA6NDN\desktop.ini
C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\desktop.ini
C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat
C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\SJQJZ62W\desktop.ini
C:\Documents and Settings\Administrator\wuaucldt.exe
C:\WINDOWS\system32\cyban.exe
C:\WINDOWS\system32\cyban0.dll
C:\WINDOWS\system32\ieban0.dll
C:\WINDOWS\system32\v3avast.exe
C:\WINDOWS\system32\v3avie0.dll
C:\WINDOWS\system32\v3avmn0.dll
C:\WINDOWS\system32\wuaucldt.exe
C:\0i86rk.exe
C:\autorun.inf

———————————-
Files deleted:1
———————————-
C:\sand-box\0i86rk.exe

———————————-
Files [attributes?] modified:26
———————————-
C:\Program Files\MiniCap\dcuhelper.exe
C:\Program Files\MiniCap\MiniCap.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\Installer\{90110419-6000-11D3-8CFE-0150048383C9}\accicons.exe
C:\WINDOWS\Installer\{90110419-6000-11D3-8CFE-0150048383C9}\cagicon.exe
C:\WINDOWS\Installer\{90110419-6000-11D3-8CFE-0150048383C9}\inficon.exe
C:\WINDOWS\Installer\{90110419-6000-11D3-8CFE-0150048383C9}\misc.exe
C:\WINDOWS\Installer\{90110419-6000-11D3-8CFE-0150048383C9}\mspicons.exe
C:\WINDOWS\Installer\{90110419-6000-11D3-8CFE-0150048383C9}\oisicon.exe
C:\WINDOWS\Installer\{90110419-6000-11D3-8CFE-0150048383C9}\opwicon.exe
C:\WINDOWS\Installer\{90110419-6000-11D3-8CFE-0150048383C9}\outicon.exe
C:\WINDOWS\Installer\{90110419-6000-11D3-8CFE-0150048383C9}\pptico.exe
C:\WINDOWS\Installer\{90110419-6000-11D3-8CFE-0150048383C9}\pubs.exe
C:\WINDOWS\Installer\{90110419-6000-11D3-8CFE-0150048383C9}\wordicon.exe
C:\WINDOWS\Installer\{90110419-6000-11D3-8CFE-0150048383C9}\xlicons.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\mshearts.exe
C:\WINDOWS\system32\reg.exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\system32\Restore\rstrui.exe
C:\WINDOWS\system32\spider.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\usmt\migwiz.exe
C:\WINDOWS\system32\verclsid.exe
C:\WINDOWS\system32\wuauclt.exe

———————————-
Folders added:9
———————————-
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies
C:\Documents and Settings\Administrator\Local Settings\Temp\History
C:\Documents and Settings\Administrator\Local Settings\Temp\History\History.IE5
C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\72W0YZ74
C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\7W6ZBGB6
C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\BXXA6NDN
C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\SJQJZ62W

———————————-
Total changes:137
———————————-

—————————————————————————————————————————-
Recommended software:
UnHackMe anti-rootkit and anti-malware
http://www.unhackme.com
RegRun Security Suite (Good choice for removal and protection)
http://www.regrun.com


I use UnHackMe for cleaning ads and viruses from my friend's computers, because it is extremely fast and effective.




1. Download UnHackMe for free

UnHackMe removes Adware/Spyware/Unwanted Programs/Browser Hijackers/Search Redirectors from your PC easily.

Free Download

UnHackMe is compatible with most antivirus software.
UnHackMe is 100% CLEAN, which means it does not contain any form of malware, including adware, spyware, viruses, trojans and backdoors. VirusTotal (0/56).
System Requirements: Windows 2000-Windows 8.1/10 32 or 64-bit. UnHackMe uses minimum of computer resources.

2. Double click on UnHackMe_setup.exe

You will see a confirmation screen with verified publisher: Greatis Software. Verified Publisher Greatis Software

Once UnHackMe has installed has installed the first Scan will start automatically

Review the detected threats

3. Carefully review the detected threats!

Click Remove button or False Positive.

What to do if you are unable to solve a problem?

UnHackMe Remote Assistant
  1. Open UnHackMe main screen.
  2. Click on a Remote Assistant button.
  3. Follow instructions on a screen.
  4. We will contact you and send a solution of your problem.
  5. Remote assistance is free during trial period.

Enjoy!