2rs23617.dll - Dangerous

2rs23617.dll

Manual removal instructions:

Antivirus Report of 2rs23617.dll:
2rs23617.dll Malware
2rs23617.dllDangerous
2rs23617.dllHigh Risk
2rs23617.dll
We suggest you to remove 2rs23617.dll from your computer as soon as possible.
2rs23617.dll is Trojan/Backdoor.
Kill the file 2rs23617.dll and remove 2rs23617.dll from Windows startup.

File: WindowsMedia-KB324290.exe

Classification:
Antivirus Version Last Update Result
AVG 8.5.0.339 2009.06.23 Win32/Heur
BitDefender 7.2 2009.06.24 -
Comodo 1404 2009.06.24 -
DrWeb 5.0.0.12182 2009.06.24 -
F-Secure 8.0.14470.0 2009.06.24 -
Kaspersky 7.0.0.125 2009.06.24 -
Microsoft 1.4803 2009.06.24 BrowserModifier:Win32/Kerlofost
NOD32 4183 2009.06.24 -
Symantec 1.4.4.12 2009.06.24 -

Additional information
File size: 287438 bytes
MD5 : 3b45ff095aa474f24ba031d8d838ed50
SHA1 : 1ff2ea4803d84da168e84dde1e701d251c4ec4e5

Installation
When the program is executed, it creates the following registry subkeys and values:

----------------------------------
Keys added:47
----------------------------------
HKLM\SOFTWARE\Classes\AppID\rs_adw.DLL
HKLM\SOFTWARE\Classes\AppID\{D96FA298-1BB6-47FC-AD21-72781B744DC3}
HKLM\SOFTWARE\Classes\CLSID\{304EAD7E-2910-4CE6-83F1-554B04D44A0F}
HKLM\SOFTWARE\Classes\CLSID\{304EAD7E-2910-4CE6-83F1-554B04D44A0F}\InprocServer32
HKLM\SOFTWARE\Classes\CLSID\{71E59D37-D7FC-4ED6-BC1D-D13BE02FE6C5}
HKLM\SOFTWARE\Classes\CLSID\{71E59D37-D7FC-4ED6-BC1D-D13BE02FE6C5}\InprocServer32
HKLM\SOFTWARE\Classes\CLSID\{71E59D37-D7FC-4ED6-BC1D-D13BE02FE6C5}\ProgID
HKLM\SOFTWARE\Classes\CLSID\{71E59D37-D7FC-4ED6-BC1D-D13BE02FE6C5}\Programmable
HKLM\SOFTWARE\Classes\CLSID\{71E59D37-D7FC-4ED6-BC1D-D13BE02FE6C5}\TypeLib
HKLM\SOFTWARE\Classes\CLSID\{71E59D37-D7FC-4ED6-BC1D-D13BE02FE6C5}\VersionIndependentProgID
HKLM\SOFTWARE\Classes\CLSID\{FFFFE708-B832-42F1-BAFF-247753B5E452}
HKLM\SOFTWARE\Classes\CLSID\{FFFFE708-B832-42F1-BAFF-247753B5E452}\Implemented Categories
HKLM\SOFTWARE\Classes\CLSID\{FFFFE708-B832-42F1-BAFF-247753B5E452}\Implemented Categories\{00021494-0000-0000-C000-000000000046}
HKLM\SOFTWARE\Classes\CLSID\{FFFFE708-B832-42F1-BAFF-247753B5E452}\InprocServer32
HKLM\SOFTWARE\Classes\CLSID\{FFFFE708-B832-42F1-BAFF-247753B5E452}\Instance
HKLM\SOFTWARE\Classes\CLSID\{FFFFE708-B832-42F1-BAFF-247753B5E452}\Instance\InitPropertyBag
HKLM\SOFTWARE\Classes\CLSID\{FFFFE708-B832-42F1-BAFF-247753B5E452}\ProgID
HKLM\SOFTWARE\Classes\CLSID\{FFFFE708-B832-42F1-BAFF-247753B5E452}\Programmable
HKLM\SOFTWARE\Classes\CLSID\{FFFFE708-B832-42F1-BAFF-247753B5E452}\TypeLib
HKLM\SOFTWARE\Classes\CLSID\{FFFFE708-B832-42F1-BAFF-247753B5E452}\VersionIndependentProgID
HKLM\SOFTWARE\Classes\Interface\{E743CF05-181C-4D72-B4EE-95435ED4B86B}
HKLM\SOFTWARE\Classes\Interface\{E743CF05-181C-4D72-B4EE-95435ED4B86B}\ProxyStubClsid
HKLM\SOFTWARE\Classes\Interface\{E743CF05-181C-4D72-B4EE-95435ED4B86B}\ProxyStubClsid32
HKLM\SOFTWARE\Classes\Interface\{E743CF05-181C-4D72-B4EE-95435ED4B86B}\TypeLib
HKLM\SOFTWARE\Classes\Interface\{F1287389-B2FE-4315-8484-540B2033646D}
HKLM\SOFTWARE\Classes\Interface\{F1287389-B2FE-4315-8484-540B2033646D}\ProxyStubClsid
HKLM\SOFTWARE\Classes\Interface\{F1287389-B2FE-4315-8484-540B2033646D}\ProxyStubClsid32
HKLM\SOFTWARE\Classes\Interface\{F1287389-B2FE-4315-8484-540B2033646D}\TypeLib
HKLM\SOFTWARE\Classes\TypeLib\{2552632F-867D-4052-B836-7F83A5302534}
HKLM\SOFTWARE\Classes\TypeLib\{2552632F-867D-4052-B836-7F83A5302534}\1.0
HKLM\SOFTWARE\Classes\TypeLib\{2552632F-867D-4052-B836-7F83A5302534}\1.0\0
HKLM\SOFTWARE\Classes\TypeLib\{2552632F-867D-4052-B836-7F83A5302534}\1.0\0\win32
HKLM\SOFTWARE\Classes\TypeLib\{2552632F-867D-4052-B836-7F83A5302534}\1.0\FLAGS
HKLM\SOFTWARE\Classes\TypeLib\{2552632F-867D-4052-B836-7F83A5302534}\1.0\HELPDIR
HKLM\SOFTWARE\Classes\reklosoft_adw.Helper_Bar
HKLM\SOFTWARE\Classes\reklosoft_adw.Helper_Bar\CLSID
HKLM\SOFTWARE\Classes\reklosoft_adw.Helper_Bar\CurVer
HKLM\SOFTWARE\Classes\rs_adw.Helper_Bar.1
HKLM\SOFTWARE\Classes\rs_adw.Helper_Bar.1\CLSID
HKLM\SOFTWARE\Classes\rs_adw.Helper_bho
HKLM\SOFTWARE\Classes\rs_adw.Helper_bho\CLSID
HKLM\SOFTWARE\Classes\rs_adw.Helper_bho\CurVer
HKLM\SOFTWARE\Classes\rs_adw.Helper_bho.1
HKLM\SOFTWARE\Classes\rs_adw.Helper_bho.1\CLSID
HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{FFFFE708-B832-42F1-BAFF-247753B5E452}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{304EAD7E-2910-4CE6-83F1-554B04D44A0F}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{71E59D37-D7FC-4ED6-BC1D-D13BE02FE6C5}

----------------------------------
Values added:43
----------------------------------
HKLM\SOFTWARE\Classes\AppID\rs_adw.DLL\AppID: "{D96FA298-1BB6-47FC-AD21-72781B744DC3}"
HKLM\SOFTWARE\Classes\AppID\{D96FA298-1BB6-47FC-AD21-72781B744DC3}\: "rs_adw"
HKLM\SOFTWARE\Classes\CLSID\{304EAD7E-2910-4CE6-83F1-554B04D44A0F}\InprocServer32\: "C:\WINDOWS\system32\j2se.dll"
HKLM\SOFTWARE\Classes\CLSID\{304EAD7E-2910-4CE6-83F1-554B04D44A0F}\InprocServer32\ThreadingModel: "Apartment"
HKLM\SOFTWARE\Classes\CLSID\{71E59D37-D7FC-4ED6-BC1D-D13BE02FE6C5}\VersionIndependentProgID\: "rs_adw.Helper_bho"
HKLM\SOFTWARE\Classes\CLSID\{71E59D37-D7FC-4ED6-BC1D-D13BE02FE6C5}\TypeLib\: "{2552632F-867D-4052-B836-7F83A5302534}"
HKLM\SOFTWARE\Classes\CLSID\{71E59D37-D7FC-4ED6-BC1D-D13BE02FE6C5}\ProgID\: "rs_adw.Helper_bho.1"
HKLM\SOFTWARE\Classes\CLSID\{71E59D37-D7FC-4ED6-BC1D-D13BE02FE6C5}\InprocServer32\: "C:\WINDOWS\system32\2rs23617.dll"
HKLM\SOFTWARE\Classes\CLSID\{71E59D37-D7FC-4ED6-BC1D-D13BE02FE6C5}\InprocServer32\ThreadingModel: "Apartment"
HKLM\SOFTWARE\Classes\CLSID\{71E59D37-D7FC-4ED6-BC1D-D13BE02FE6C5}\: "Helper_bho Class"
HKLM\SOFTWARE\Classes\CLSID\{FFFFE708-B832-42F1-BAFF-247753B5E452}\VersionIndependentProgID\: "rs_adw.Helper_Bar"
HKLM\SOFTWARE\Classes\CLSID\{FFFFE708-B832-42F1-BAFF-247753B5E452}\TypeLib\: "{2552632F-867D-4052-B836-7F83A5302534}"
HKLM\SOFTWARE\Classes\CLSID\{FFFFE708-B832-42F1-BAFF-247753B5E452}\ProgID\: "rs_adw.Helper_Bar.1"
HKLM\SOFTWARE\Classes\CLSID\{FFFFE708-B832-42F1-BAFF-247753B5E452}\InprocServer32\: "C:\WINDOWS\system32\2rs23617.dll"
HKLM\SOFTWARE\Classes\CLSID\{FFFFE708-B832-42F1-BAFF-247753B5E452}\InprocServer32\ThreadingModel: "Apartment"
HKLM\SOFTWARE\Classes\CLSID\{FFFFE708-B832-42F1-BAFF-247753B5E452}\: "rs"
HKLM\SOFTWARE\Classes\Interface\{E743CF05-181C-4D72-B4EE-95435ED4B86B}\TypeLib\: "{2552632F-867D-4052-B836-7F83A5302534}"
HKLM\SOFTWARE\Classes\Interface\{E743CF05-181C-4D72-B4EE-95435ED4B86B}\TypeLib\Version: "1.0"
HKLM\SOFTWARE\Classes\Interface\{E743CF05-181C-4D72-B4EE-95435ED4B86B}\ProxyStubClsid32\: "{00020424-0000-0000-C000-000000000046}"
HKLM\SOFTWARE\Classes\Interface\{E743CF05-181C-4D72-B4EE-95435ED4B86B}\ProxyStubClsid\: "{00020424-0000-0000-C000-000000000046}"
HKLM\SOFTWARE\Classes\Interface\{E743CF05-181C-4D72-B4EE-95435ED4B86B}\: "IHelper_bho"
HKLM\SOFTWARE\Classes\Interface\{F1287389-B2FE-4315-8484-540B2033646D}\TypeLib\: "{2552632F-867D-4052-B836-7F83A5302534}"
HKLM\SOFTWARE\Classes\Interface\{F1287389-B2FE-4315-8484-540B2033646D}\TypeLib\Version: "1.0"
HKLM\SOFTWARE\Classes\Interface\{F1287389-B2FE-4315-8484-540B2033646D}\ProxyStubClsid32\: "{00020424-0000-0000-C000-000000000046}"
HKLM\SOFTWARE\Classes\Interface\{F1287389-B2FE-4315-8484-540B2033646D}\ProxyStubClsid\: "{00020424-0000-0000-C000-000000000046}"
HKLM\SOFTWARE\Classes\Interface\{F1287389-B2FE-4315-8484-540B2033646D}\: "IHelper_Bar"
HKLM\SOFTWARE\Classes\TypeLib\{2552632F-867D-4052-B836-7F83A5302534}\1.0\0\win32\: "C:\WINDOWS\system32\2rs23617.dll"
HKLM\SOFTWARE\Classes\TypeLib\{2552632F-867D-4052-B836-7F83A5302534}\1.0\HELPDIR\: "C:\WINDOWS\system32"
HKLM\SOFTWARE\Classes\TypeLib\{2552632F-867D-4052-B836-7F83A5302534}\1.0\FLAGS\: "0"
HKLM\SOFTWARE\Classes\TypeLib\{2552632F-867D-4052-B836-7F83A5302534}\1.0\: "rs_adw 1.0 Type Library"
HKLM\SOFTWARE\Classes\reklosoft_adw.Helper_Bar\CurVer\: "rs_adw.Helper_Bar.1"
HKLM\SOFTWARE\Classes\reklosoft_adw.Helper_Bar\CLSID\: "{FFFFE708-B832-42F1-BAFF-247753B5E452}"
HKLM\SOFTWARE\Classes\reklosoft_adw.Helper_Bar\: "Helper_Bar Class"
HKLM\SOFTWARE\Classes\rs_adw.Helper_Bar.1\CLSID\: "{FFFFE708-B832-42F1-BAFF-247753B5E452}"
HKLM\SOFTWARE\Classes\rs_adw.Helper_Bar.1\: "Helper_Bar Class"
HKLM\SOFTWARE\Classes\rs_adw.Helper_bho\CurVer\: "rs_adw.Helper_bho.1"
HKLM\SOFTWARE\Classes\rs_adw.Helper_bho\CLSID\: "{71E59D37-D7FC-4ED6-BC1D-D13BE02FE6C5}"
HKLM\SOFTWARE\Classes\rs_adw.Helper_bho\: "Helper_bho Class"
HKLM\SOFTWARE\Classes\rs_adw.Helper_bho.1\CLSID\: "{71E59D37-D7FC-4ED6-BC1D-D13BE02FE6C5}"
HKLM\SOFTWARE\Classes\rs_adw.Helper_bho.1\: "Helper_bho Class"
HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{FFFFE708-B832-42F1-BAFF-247753B5E452}\: "rs_Bar Class"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{71E59D37-D7FC-4ED6-BC1D-D13BE02FE6C5}\: "Helper_bho"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{71E59D37-D7FC-4ED6-BC1D-D13BE02FE6C5}\NoExplorer: 0x00000001

----------------------------------
Values modified:0
----------------------------------

----------------------------------
Files added:2
----------------------------------
C:\WINDOWS\system32\2rs23617.dll
C:\WINDOWS\system32\j2se.dll

----------------------------------
Files [attributes?] modified:0
----------------------------------

----------------------------------
Folders added:0
----------------------------------

----------------------------------
Folders deleted:0
----------------------------------

----------------------------------
Total changes:92
----------------------------------

-------------------------------------------------------------------------------------
Detected by RegRun Reanimator:

Item Name: {304EAD7E-2910-4CE6-83F1-554B04D44A0F}
Author: Unknown
Related File: C:\WINDOWS\system32\j2se.dll
Type: Browser Helper Objects

Item Name: {71E59D37-D7FC-4ED6-BC1D-D13BE02FE6C5}
Author: Reklosoft.ru
Related File: C:\WINDOWS\system32\2rs23617.dll
Type: Browser Helper Objects

Removal Results: Success
Number of reboot: 1

-------------------------------------------------------------------------------------

Recommended software:
UnHackMe anti-rootkit and anti-malware
http://www.unhackme.com
RegRun Security Suite (Good choice for removal and protection)

Remove 2rs23617.dll now!

Dmitry Sokolov:

I created UnHackMe in 2006 to fix the problem that antivioruses did not fix: detecting rootkits.

Since that time I work every day to fix the issues that antiviruses cannot.

If your antivirus have not helped you solve the problem, you should try UnHackMe.

We are a small company and you can ask me directly, if you have any questions.

Testimonials

You can read UnHackMe testimonials here.