mscorewr.dll - Dangerous

mscorewr.dll

Manual removal instructions:

Antivirus Report of mscorewr.dll:
mscorewr.dll Malware
mscorewr.dllDangerous
mscorewr.dllHigh Risk
mscorewr.dll
We suggest you to remove mscorewr.dll from your computer as soon as possible.
Mscorewr.dll is Trojan/Backdoor.
Kill the file mscorewr.dll and remove mscorewr.dll from Windows startup.

File: load.exe

Classification:
Antivirus Version Last Update Result
AVG 8.5.0.339 2009.06.24 PSW.Banker5.NSX
BitDefender 7.2 2009.06.24 -
Comodo 1405 2009.06.24 UnclassifiedMalware
DrWeb 5.0.0.12182 2009.06.24 -
F-Secure 8.0.14470.0 2009.06.24 Trojan-Downloader:W32/Agent.KYC
Kaspersky 7.0.0.125 2009.06.24 Trojan.Win32.Agent2.ksk
Microsoft 1.4803 2009.06.24 Trojan:Win32/Silentbanker.B
NOD32 4186 2009.06.24 Win32/Spy.Silentbanker.AM
Symantec 1.4.4.12 2009.06.24 Trojan.Dropper

Additional information
File size: 69632 bytes
MD5 : 801efe85bef379e50b882f7b5846db7a
SHA1 : baf73cd18d5a256f0816862b226ec34209149344

Installation
When the program is executed, it creates the following registry subkeys and values:

----------------------------------
Keys added:4
----------------------------------
HKLM\SOFTWARE\Classes\CLSID\{00009E9F-DDD7-AA59-AA7D-AA4B7D6BE000}
HKLM\SOFTWARE\Classes\CLSID\{00009E9F-DDD7-AA59-AA7D-AA4B7D6BE000}\InprocServer32
HKLM\SOFTWARE\Classes\CLSID\{00009E9F-DDD7-AA59-AA7D-AA4B7D6BE000}\TypeLib
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00009E9F-DDD7-AA59-AA7D-AA4B7D6BE000}

----------------------------------
Values added:4
----------------------------------
HKLM\SOFTWARE\Classes\CLSID\{00009E9F-DDD7-AA59-AA7D-AA4B7D6BE000}\TypeLib\: ""
HKLM\SOFTWARE\Classes\CLSID\{00009E9F-DDD7-AA59-AA7D-AA4B7D6BE000}\InprocServer32\: "C:\WINDOWS\system32\mscorewr.dll"
HKLM\SOFTWARE\Classes\CLSID\{00009E9F-DDD7-AA59-AA7D-AA4B7D6BE000}\InprocServer32\ThreadingModel: "Apartment"
HKLM\SOFTWARE\Classes\CLSID\{00009E9F-DDD7-AA59-AA7D-AA4B7D6BE000}\: "mscorewr"

----------------------------------
Values modified:0
----------------------------------

----------------------------------
Files added:2
----------------------------------
C:\Documents and Settings\Administrator\Local Settings\Temp\devaxswp.tmp
C:\WINDOWS\system32\mscorewr.dll

----------------------------------
Files [attributes?] modified:0
----------------------------------

----------------------------------
Folders added:0
----------------------------------

----------------------------------
Folders deleted:0
----------------------------------

----------------------------------
Total changes:10
----------------------------------

-------------------------------------------------------------------------------------
Detected by RegRun Reanimator:

Item Name: {00009E9F-DDD7-AA59-AA7D-AA4B7D6BE000}
Author: Macrovision Corporation
Related File: C:\WINDOWS\system32\mscorewr.dll
Type: Browser Helper Objects

Removal Results: Success
Number of reboot: 1

-------------------------------------------------------------------------------------

Recommended software:
UnHackMe anti-rootkit and anti-malware
http://www.unhackme.com
RegRun Security Suite (Good choice for removal and protection)

Remove mscorewr.dll now!

Dmitry Sokolov:

I created UnHackMe in 2006 to fix the problem that antivioruses did not fix: detecting rootkits.

Since that time I work every day to fix the issues that antiviruses cannot.

If your antivirus have not helped you solve the problem, you should try UnHackMe.

We are a small company and you can ask me directly, if you have any questions.

Testimonials

You can read UnHackMe testimonials here.