v3avie0.dll – trojan Scar

The file v3avie0.dll is identified as the Trojan Program that is used for stealing bank information and users passwords.
To delete v3avie0.dll we suggest you should use UnHackMe:
http://www.unhackme.com

Malware Analysis of v3avie0.dll
Executed: 0i86rk.exe
Removed: v3avie0.dll. Full path: C:\WINDOWS\system32\v3avie0.dll

—————————————————————————————————————————-
How to quickly detect malware presence?

Files:
C:\WINDOWS\system32\cyban.exe
C:\WINDOWS\system32\cyban0.dll
C:\WINDOWS\system32\ieban0.dll
C:\WINDOWS\system32\v3avast.exe
C:\WINDOWS\system32\v3avie0.dll
C:\WINDOWS\system32\v3avmn0.dll
C:\WINDOWS\system32\wuaucldt.exe
C:\0i86rk.exe
C:\autorun.inf
—————————————————————————————————————————-
Classification:

Antivirus Version Last Update Result
F-Secure 9.0.16440.0 2011.05.23 Win32.Virtob.Gen.12
Kaspersky 9.0.0.837 2011.05.23 Virus.Win32.Virut.ce
Microsoft 1.6903 2011.05.23 Virus:Win32/Virut.BN
NOD32 6145 2011.05.23 Win32/Virut.NBP

—————————————————————————————————————————-

MD5 48352ad2836dea631ba829a800ee9440

SHA1 6716bc82bcad79fcca18948a41d43470d7e8a7f2

SHA256 8eeb661352f2f60a440320ed69ad19de97ab84f8f00dd710603e1e4d961460a1

—————————————————————————————————————————-


Installation
When the program is executed, it creates the following registry subkeys and values:

———————————-
Keys added:38
———————————-
HKLM\Software\Classes\CLSID\MNDOWN
HKLM\Software\Classes\CLSID\{6EB54244-231D-4ED0-8518-3A50F06096A3}
HKLM\Software\Classes\CLSID\{6EB54244-231D-4ED0-8518-3A50F06096A3}\InprocServer32
HKLM\Software\Classes\CLSID\{6EB54244-231D-4ED0-8518-3A50F06096A3}\ProgID
HKLM\Software\Classes\CLSID\{6EB54244-231D-4ED0-8518-3A50F06096A3}\Programmable
HKLM\Software\Classes\CLSID\{6EB54244-231D-4ED0-8518-3A50F06096A3}\VersionIndependentProgID
HKLM\Software\Classes\CLSID\{7F23592B-8F2C-4C08-83A8-BBE01BF9CC64}
HKLM\Software\Classes\CLSID\{7F23592B-8F2C-4C08-83A8-BBE01BF9CC64}\InprocServer32
HKLM\Software\Classes\CLSID\{7F23592B-8F2C-4C08-83A8-BBE01BF9CC64}\ProgID
HKLM\Software\Classes\CLSID\{7F23592B-8F2C-4C08-83A8-BBE01BF9CC64}\Programmable
HKLM\Software\Classes\CLSID\{7F23592B-8F2C-4C08-83A8-BBE01BF9CC64}\VersionIndependentProgID
HKLM\Software\Classes\Interface\{6EB54245-231D-4ED0-8518-3A50F06096A3}
HKLM\Software\Classes\Interface\{6EB54245-231D-4ED0-8518-3A50F06096A3}\ProxyStubClsid
HKLM\Software\Classes\Interface\{6EB54245-231D-4ED0-8518-3A50F06096A3}\ProxyStubClsid32
HKLM\Software\Classes\Interface\{6EB54245-231D-4ED0-8518-3A50F06096A3}\TypeLib
HKLM\Software\Classes\Interface\{7F23592C-8F2C-4C08-83A8-BBE01BF9CC64}
HKLM\Software\Classes\Interface\{7F23592C-8F2C-4C08-83A8-BBE01BF9CC64}\ProxyStubClsid
HKLM\Software\Classes\Interface\{7F23592C-8F2C-4C08-83A8-BBE01BF9CC64}\ProxyStubClsid32
HKLM\Software\Classes\Interface\{7F23592C-8F2C-4C08-83A8-BBE01BF9CC64}\TypeLib
HKLM\Software\Classes\TypeLib\{6EB5424B-231D-4ED0-8518-3A50F06096A3}
HKLM\Software\Classes\TypeLib\{6EB5424B-231D-4ED0-8518-3A50F06096A3}\1.0
HKLM\Software\Classes\TypeLib\{6EB5424B-231D-4ED0-8518-3A50F06096A3}\1.0\0
HKLM\Software\Classes\TypeLib\{6EB5424B-231D-4ED0-8518-3A50F06096A3}\1.0\0\win32
HKLM\Software\Classes\TypeLib\{6EB5424B-231D-4ED0-8518-3A50F06096A3}\1.0\FLAGS
HKLM\Software\Classes\TypeLib\{6EB5424B-231D-4ED0-8518-3A50F06096A3}\1.0\HELPDIR
HKLM\Software\Classes\TypeLib\{7F235922-8F2C-4C08-83A8-BBE01BF9CC64}
HKLM\Software\Classes\TypeLib\{7F235922-8F2C-4C08-83A8-BBE01BF9CC64}\1.0
HKLM\Software\Classes\TypeLib\{7F235922-8F2C-4C08-83A8-BBE01BF9CC64}\1.0\0
HKLM\Software\Classes\TypeLib\{7F235922-8F2C-4C08-83A8-BBE01BF9CC64}\1.0\0\win32
HKLM\Software\Classes\TypeLib\{7F235922-8F2C-4C08-83A8-BBE01BF9CC64}\1.0\FLAGS
HKLM\Software\Classes\TypeLib\{7F235922-8F2C-4C08-83A8-BBE01BF9CC64}\1.0\HELPDIR
HKLM\Software\Classes\IEHlprObj.IEHlprObj
HKLM\Software\Classes\IEHlprObj.IEHlprObj\CurVer
HKLM\Software\Classes\IEHlprObj.IEHlprObj.1
HKLM\Software\Classes\IEHlprObj.IEHlprObj.1\CLSID
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EB54244-231D-4ED0-8518-3A50F06096A3}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F23592B-8F2C-4C08-83A8-BBE01BF9CC64}
HKLM\Software\Microsoft\DownloadManager

———————————-
Values added:40
———————————-
HKLM\Software\Classes\CLSID\MNDOWN\urlinfo: “lxser.x”
HKLM\Software\Classes\CLSID\{6EB54244-231D-4ED0-8518-3A50F06096A3}\VersionIndependentProgID\: “IEHlprObj.IEHlprObj”
HKLM\Software\Classes\CLSID\{6EB54244-231D-4ED0-8518-3A50F06096A3}\ProgID\: “IEHlprObj.IEHlprObj.1″
HKLM\Software\Classes\CLSID\{6EB54244-231D-4ED0-8518-3A50F06096A3}\InprocServer32\: “C:\WINDOWS\system32\v3avie0.dll”
HKLM\Software\Classes\CLSID\{6EB54244-231D-4ED0-8518-3A50F06096A3}\InprocServer32\ThreadingModel: “Apartment”
HKLM\Software\Classes\CLSID\{6EB54244-231D-4ED0-8518-3A50F06096A3}\: “IEHlprObj Class”
HKLM\Software\Classes\CLSID\{7F23592B-8F2C-4C08-83A8-BBE01BF9CC64}\VersionIndependentProgID\: “IEHlprObj.IEHlprObj”
HKLM\Software\Classes\CLSID\{7F23592B-8F2C-4C08-83A8-BBE01BF9CC64}\ProgID\: “IEHlprObj.IEHlprObj.1″
HKLM\Software\Classes\CLSID\{7F23592B-8F2C-4C08-83A8-BBE01BF9CC64}\InprocServer32\: “C:\WINDOWS\system32\ieban0.dll”
HKLM\Software\Classes\CLSID\{7F23592B-8F2C-4C08-83A8-BBE01BF9CC64}\InprocServer32\ThreadingModel: “Apartment”
HKLM\Software\Classes\CLSID\{7F23592B-8F2C-4C08-83A8-BBE01BF9CC64}\: “IEHlprObj Class”
HKLM\Software\Classes\Interface\{6EB54245-231D-4ED0-8518-3A50F06096A3}\TypeLib\: “{6EB5424B-231D-4ED0-8518-3A50F06096A3}”
HKLM\Software\Classes\Interface\{6EB54245-231D-4ED0-8518-3A50F06096A3}\TypeLib\Version: “1.0″
HKLM\Software\Classes\Interface\{6EB54245-231D-4ED0-8518-3A50F06096A3}\ProxyStubClsid32\: “{00020424-0000-0000-C000-000000000046}”
HKLM\Software\Classes\Interface\{6EB54245-231D-4ED0-8518-3A50F06096A3}\ProxyStubClsid\: “{00020424-0000-0000-C000-000000000046}”
HKLM\Software\Classes\Interface\{6EB54245-231D-4ED0-8518-3A50F06096A3}\: “IIEHlprObj”
HKLM\Software\Classes\Interface\{7F23592C-8F2C-4C08-83A8-BBE01BF9CC64}\TypeLib\: “{7F235922-8F2C-4C08-83A8-BBE01BF9CC64}”
HKLM\Software\Classes\Interface\{7F23592C-8F2C-4C08-83A8-BBE01BF9CC64}\TypeLib\Version: “1.0″
HKLM\Software\Classes\Interface\{7F23592C-8F2C-4C08-83A8-BBE01BF9CC64}\ProxyStubClsid32\: “{00020424-0000-0000-C000-000000000046}”
HKLM\Software\Classes\Interface\{7F23592C-8F2C-4C08-83A8-BBE01BF9CC64}\ProxyStubClsid\: “{00020424-0000-0000-C000-000000000046}”
HKLM\Software\Classes\Interface\{7F23592C-8F2C-4C08-83A8-BBE01BF9CC64}\: “IIEHlprObj”
HKLM\Software\Classes\TypeLib\{6EB5424B-231D-4ED0-8518-3A50F06096A3}\1.0\0\win32\: “C:\WINDOWS\system32\v3avie0.dll”
HKLM\Software\Classes\TypeLib\{6EB5424B-231D-4ED0-8518-3A50F06096A3}\1.0\HELPDIR\: “C:\WINDOWS\system32\”
HKLM\Software\Classes\TypeLib\{6EB5424B-231D-4ED0-8518-3A50F06096A3}\1.0\FLAGS\: “0″
HKLM\Software\Classes\TypeLib\{6EB5424B-231D-4ED0-8518-3A50F06096A3}\1.0\: “IEHelper 1.0 Type Library”
HKLM\Software\Classes\TypeLib\{7F235922-8F2C-4C08-83A8-BBE01BF9CC64}\1.0\0\win32\: “C:\WINDOWS\system32\ieban0.dll”
HKLM\Software\Classes\TypeLib\{7F235922-8F2C-4C08-83A8-BBE01BF9CC64}\1.0\HELPDIR\: “C:\WINDOWS\system32\”
HKLM\Software\Classes\TypeLib\{7F235922-8F2C-4C08-83A8-BBE01BF9CC64}\1.0\FLAGS\: “0″
HKLM\Software\Classes\TypeLib\{7F235922-8F2C-4C08-83A8-BBE01BF9CC64}\1.0\: “IEHelper 1.0 Type Library”
HKLM\Software\Classes\IEHlprObj.IEHlprObj\CurVer\: “IEHlprObj.IEHlprObj.1″
HKLM\Software\Classes\IEHlprObj.IEHlprObj\: “IEHlprObj Class”
HKLM\Software\Classes\IEHlprObj.IEHlprObj.1\CLSID\: “{6EB54244-231D-4ED0-8518-3A50F06096A3}”
HKLM\Software\Classes\IEHlprObj.IEHlprObj.1\: “IEHlprObj Class”
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\wuaucldt: “c:\windows\system32\wuaucldt.exe”
HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\??\C:\WINDOWS\system32\winlogon.exe: “\??\C:\WINDOWS\system32\winlogon.exe:*:enabled:@shell32.dll,-1″
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden: 0×00000000
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun: 0×00000091
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\cybansos: “C:\WINDOWS\system32\cyban.exe”
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\V3_reg: “C:\WINDOWS\system32\v3avast.exe”
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\wuaucldt: “c:\documents and settings\administrator\wuaucldt.exe”

———————————-
Values modified:2
———————————-
(-) HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue: 0×00000001
(+) HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue: 0×00000000

———————————-
Files added:21
———————————-
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\index.dat
C:\Documents and Settings\Administrator\Local Settings\Temp\History\History.IE5\desktop.ini
C:\Documents and Settings\Administrator\Local Settings\Temp\History\History.IE5\index.dat
C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\72W0YZ74\ah1[1].rar
C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\72W0YZ74\desktop.ini
C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\7W6ZBGB6\desktop.ini
C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\BXXA6NDN\ah1[1].rar
C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\BXXA6NDN\desktop.ini
C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\desktop.ini
C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat
C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\SJQJZ62W\desktop.ini
C:\Documents and Settings\Administrator\wuaucldt.exe
C:\WINDOWS\system32\cyban.exe
C:\WINDOWS\system32\cyban0.dll
C:\WINDOWS\system32\ieban0.dll
C:\WINDOWS\system32\v3avast.exe
C:\WINDOWS\system32\v3avie0.dll
C:\WINDOWS\system32\v3avmn0.dll
C:\WINDOWS\system32\wuaucldt.exe
C:\0i86rk.exe
C:\autorun.inf

———————————-
Files deleted:1
———————————-
C:\sand-box\0i86rk.exe

———————————-
Files [attributes?] modified:26
———————————-
C:\Program Files\MiniCap\dcuhelper.exe
C:\Program Files\MiniCap\MiniCap.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\Installer\{90110419-6000-11D3-8CFE-0150048383C9}\accicons.exe
C:\WINDOWS\Installer\{90110419-6000-11D3-8CFE-0150048383C9}\cagicon.exe
C:\WINDOWS\Installer\{90110419-6000-11D3-8CFE-0150048383C9}\inficon.exe
C:\WINDOWS\Installer\{90110419-6000-11D3-8CFE-0150048383C9}\misc.exe
C:\WINDOWS\Installer\{90110419-6000-11D3-8CFE-0150048383C9}\mspicons.exe
C:\WINDOWS\Installer\{90110419-6000-11D3-8CFE-0150048383C9}\oisicon.exe
C:\WINDOWS\Installer\{90110419-6000-11D3-8CFE-0150048383C9}\opwicon.exe
C:\WINDOWS\Installer\{90110419-6000-11D3-8CFE-0150048383C9}\outicon.exe
C:\WINDOWS\Installer\{90110419-6000-11D3-8CFE-0150048383C9}\pptico.exe
C:\WINDOWS\Installer\{90110419-6000-11D3-8CFE-0150048383C9}\pubs.exe
C:\WINDOWS\Installer\{90110419-6000-11D3-8CFE-0150048383C9}\wordicon.exe
C:\WINDOWS\Installer\{90110419-6000-11D3-8CFE-0150048383C9}\xlicons.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\mshearts.exe
C:\WINDOWS\system32\reg.exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\system32\Restore\rstrui.exe
C:\WINDOWS\system32\spider.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\usmt\migwiz.exe
C:\WINDOWS\system32\verclsid.exe
C:\WINDOWS\system32\wuauclt.exe

———————————-
Folders added:9
———————————-
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies
C:\Documents and Settings\Administrator\Local Settings\Temp\History
C:\Documents and Settings\Administrator\Local Settings\Temp\History\History.IE5
C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\72W0YZ74
C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\7W6ZBGB6
C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\BXXA6NDN
C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\SJQJZ62W

———————————-
Total changes:137
———————————-

—————————————————————————————————————————-
Recommended software:
UnHackMe anti-rootkit and anti-malware
http://www.unhackme.com
RegRun Security Suite (Good choice for removal and protection)
http://www.regrun.com

Fix it immediately!

Free Download

UnHackMe removes malware invisible for your antivirus!

Leave a Reply