myspeed_onlineinstaller_wz_1003.exe - Dangerous

myspeed_onlineinstaller_wz_1003.exe

Manual removal instructions:

Antivirus Report of myspeed_onlineinstaller_wz_1003.exe:
myspeed_onlineinstaller_wz_1003.exe Malware
myspeed_onlineinstaller_wz_1003.exeDangerous
myspeed_onlineinstaller_wz_1003.exeHigh Risk
myspeed_onlineinstaller_wz_1003.exe
We suggest you to remove MySpeed_Onlineinstaller_wz_1003.exe from your computer as soon as possible.
MySpeed_Onlineinstaller_wz_1003.exe is Trojan/Backdoor.
Kill the process MySpeed_Onlineinstaller_wz_1003.exe and remove MySpeed_Onlineinstaller_wz_1003.exe from Windows startup.

File: MySpeed_Onlineinstaller_wz_1003.exe

Classification:
Antivirus Version Last Update Result
Avast 4.8.1335.0 2009.07.25 Win32:Trojan-gen {Other}
BitDefender 7.2 2009.07.26 -
Comodo 1767 2009.07.26 -
K7AntiVirus 7.10.802 2009.07.25 -
Microsoft 1.4903 2009.07.25 -
NOD32 4278 2009.07.26 -
Symantec 1.4.4.12 2009.07.26 Trojan Horse

Additional information
File size: 1005096 bytes
MD5 : 8573f0453c2f7f23da34e4bc386beacb
SHA1 : c0de2f904e65e504aa291d81837b3c4b0782245f

Installation
When the program is executed, it creates the following registry subkeys and values:

----------------------------------
Keys deleted:0
----------------------------------

----------------------------------
Keys added:80
----------------------------------
HKLM\SOFTWARE\Microsoft\ESENT\Process\MySpeed_Onlineinstaller_wz_1003
HKLM\SOFTWARE\Microsoft\ESENT\Process\MySpeed_Onlineinstaller_wz_1003\DEBUG
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MySpeed
HKLM\SOFTWARE\Microsoft\DownloadManager
HKLM\SOFTWARE\MySpeed
HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0008
HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0008\Linkage
HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0008\Ndi
...

----------------------------------
Values deleted:0
----------------------------------

----------------------------------
Values added:232
----------------------------------
HKLM\SOFTWARE\Microsoft\ESENT\Process\MySpeed_Onlineinstaller_wz_1003\DEBUG\Trace Level: ""
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MySpeed\DisplayName: "MySpeed"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MySpeed\UninstallString: "C:\Program Files\MySpeed\uninstall.exe"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MySpeed\DisplayIcon: "C:\Program Files\MySpeed\MySpeed.exe"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MySpeed\DisplayVersion: "1.0.0.1"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MySpeed\URLInfoAbout: "http://www.9sv.cn"
HKLM\SOFTWARE\MySpeed\install: "C:\Program Files\MySpeed"
HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0008\Ndi\params\AllowNonAdmin\enum\0: "Not Allowed"
...
----------------------------------
Values modified:84
----------------------------------
HKLM\SYSTEM\CurrentControlSet\Control\GroupOrderList\Ndis: 0B 00 00 00 01 00 00 00 02 00 00 00 03 00 00 00 04 00 00 00 05 00 00 00 06 00 00 00 07 00 00 00 08 00 00 00 09 00 00 00 0A 00 00 00 0B 00 00 00
HKLM\SYSTEM\CurrentControlSet\Control\GroupOrderList\Ndis: 0C 00 00 00 01 00 00 00 02 00 00 00 03 00 00 00 04 00 00 00 05 00 00 00 06 00 00 00 07 00 00 00 08 00 00 00 09 00 00 00 0A 00 00 00 0B 00 00 00 0C 00 00 00
...
----------------------------------
Files added:9
----------------------------------
C:\Documents and Settings\Administrator\Local Settings\Temp\ctfmons.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\godeyes.exe
C:\Program Files\MySpeed\myspeed.reg
C:\WINDOWS\inf\oem8.inf
C:\WINDOWS\inf\oem8.PNF
C:\WINDOWS\system32\drivers\tap0801.sys
C:\WINDOWS\LastGood\INF\oem8.inf
C:\WINDOWS\LastGood\INF\oem8.PNF
C:\WINDOWS\RunMs.tmp

----------------------------------
Files [attributes?] modified:1
----------------------------------
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\TimeStamp

----------------------------------
Folders added:3
----------------------------------
C:\Program Files\MySpeed
C:\WINDOWS\LastGood
C:\WINDOWS\LastGood\INF

----------------------------------
Folders deleted:0
----------------------------------

----------------------------------
Total changes:409
----------------------------------

-------------------------------------------------------------------------------------
Detected by RegRun Reanimator:

Item Name: RunMs
Author: Unknown
Related File: rundll32 RunMs.tmp RunMs
Type: Registry Run

After first reboot detected by RegRun Reanimator:

Item Name: RunMs
Author:
Related File: rundll32 RunMs.tmp RunMs
Type: Registry Run

Removal Results: Success
Number of reboot: 2

-------------------------------------------------------------------------------------

Detected by RegRun Reanimator in Deep Level Scan mode:

Item Name: tap0801.sys
Author: The OpenVPN Project
Related File: C:\WINDOWS\SYSTEM32\DRIVERS\TAP0801.SYS
Type: Drivers

Item Name: tap0801
Author:
Related File: system32\DRIVERS\tap0801.sys
Type: Services detected by Partizan

Removal Results: Success
Number of reboot: 1
-------------------------------------------------------------------------------------

Recommended software:
UnHackMe anti-rootkit and anti-malware
http://www.unhackme.com
RegRun Security Suite (Good choice for removal and protection)


Remove myspeed_onlineinstaller_wz_1003.exe now!

Dmitry Sokolov:

I created UnHackMe in 2006 to fix the problem that antivioruses did not fix: detecting rootkits.

Since that time I work every day to fix the issues that antiviruses cannot.

If your antivirus have not helped you solve the problem, you should try UnHackMe.

We are a small company and you can ask me directly, if you have any questions.

Testimonials

You can read UnHackMe testimonials here.