om710.exe - Dangerous
om710.exe
Manual removal instructions:
Antivirus Report of om710.exe:
om710.exe
We suggest you to remove %SysDir%\network.dll from your computer as soon as possible.
%SysDir%\network.dll is Trojan/Backdoor.
Kill the file %SysDir%\network.dll and remove %SysDir%\network.dll from Windows startup.
File: om710.exe(C:\sand-box\om710.exe)
Classification:
Antivirus Version Last Update Result
Avast 4.8.1335.0 2009.07.27 -
AVG 8.5.0.387 2009.07.27 -
BitDefender 7.2 2009.07.28 -
Comodo 1791 2009.07.28 -
DrWeb 5.0.0.12182 2009.07.28 DLOADER.Trojan
Kaspersky 7.0.0.125 2009.07.28 -
McAfee-GW-Edition 6.8.5 2009.07.28 Heuristic.BehavesLike.Win32.Backdoor.P
NOD32 4283 2009.07.28 -
Symantec 1.4.4.12 2009.07.28 -
Additional information
File size: 53364 bytes
MD5...: caddf31777b282609ab62a67b8b674c3
SHA1..: ca095d37c6a4f0cc520991324e12cb958fca69d3
Installation
When the program is executed, it creates the following registry subkeys and values:
----------------------------------
Keys added:5
----------------------------------
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK\0000
HKLM\SYSTEM\CurrentControlSet\Services\network
HKLM\SYSTEM\CurrentControlSet\Services\network\Parameters
HKLM\SYSTEM\CurrentControlSet\Services\network\Security
----------------------------------
Values added:16
----------------------------------
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK\0000\Service: "network"
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK\0000\Legacy: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK\0000\ConfigFlags: 0x00000000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK\0000\Class: "LegacyDriver"
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK\0000\ClassGUID: "{8ECC055D-047F-11D1-A537-0000F8753ED1}"
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK\0000\DeviceDesc: "newwork"
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK\NextInstance: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Services\network\Security\Security: 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 0B 00 00 00 00 00 18 00 FD 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 23 02 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00
HKLM\SYSTEM\CurrentControlSet\Services\network\Parameters\ServiceDll: "C:\WINDOWS\system32\network.dll"
HKLM\SYSTEM\CurrentControlSet\Services\network\Type: 0x00000110
HKLM\SYSTEM\CurrentControlSet\Services\network\Start: 0x00000002
HKLM\SYSTEM\CurrentControlSet\Services\network\ErrorControl: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Services\network\ImagePath: "%SystemRoot%\System32\svchost.exe -k netsvcs"
HKLM\SYSTEM\CurrentControlSet\Services\network\DisplayName: "newwork"
HKLM\SYSTEM\CurrentControlSet\Services\network\ObjectName: "LocalSystem"
HKLM\SYSTEM\CurrentControlSet\Services\network\Description: "network"
----------------------------------
Values modified:2
----------------------------------
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs: '6to4 AppMgmt AudioSrv Browser CryptSvc DMServer DHCP ERSvc EventSystem FastUserSwitchingCompatibility HidServ Ias Iprip Irmon LanmanServer LanmanWorkstation Messenger Netman Nla Ntmssvc NWCWorkstation Nwsapagent Rasauto Rasman Remoteaccess Schedule Seclogon SENS Sharedaccess SRService Tapisrv Themes TrkWks W32Time WZCSVC Wmi WmdmPmSp winmgmt wscsvc xmlprov napagent hkmsvc BITS wuauserv ShellHWDetection helpsvc WmdmPmSN'
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs: 36 74 6F 34 00 41 70 70 4D 67 6D 74 00 41 75 64 69 6F 53 72 76 00 42 72 6F 77 73 65 72 00 43 72 79 70 74 53 76 63 00 44 4D 53 65 72 76 65 72 00 44 48 43 50 00 45 52 53 76 63 00 45 76 65 6E 74 53 79 73 74 65 6D 00 46 61 73 74 55 73 65 72 53 77 69 74 63 68 69 6E 67 43 6F 6D 70 61 74 69 62 69 6C 69 74 79 00 48 69 64 53 65 72 76 00 49 61 73 00 49 70 72 69 70 00 49 72 6D 6F 6E 00 4C 61 6E 6D 61 6E 53 65 72 76 65 72 00 4C 61 6E 6D 61 6E 57 6F 72 6B 73 74 61 74 69 6F 6E 00 4D 65 73 73 65 6E 67 65 72 00 4E 65 74 6D 61 6E 00 4E 6C 61 00 4E 74 6D 73 73 76 63 00 4E 57 43 57 6F 72 6B 73 74 61 74 69 6F 6E 00 4E 77 73 61 70 61 67 65 6E 74 00 52 61 73 61 75 74 6F 00 52 61 73 6D 61 6E 00 52 65 6D 6F 74 65 61 63 63 65 73 73 00 53 63 68 65 64 75 6C 65 00 53 65 63 6C 6F 67 6F 6E 00 53 45 4E 53 00 53 68 61 72 65 64 61 63 63 65 73 73 00 53 52 53 65 72 76 69 63 65 00 54 61 70 69 73 72 76 00 54 68 65 6D 65 73 00 54 72 6B 57 6B 73 00 57 33 32 54 69 6D 65 00 57 5A 43 53 56 43 00 57 6D 69 00 57 6D 64 6D 50 6D 53 70 00 77 69 6E 6D 67 6D 74 00 77 73 63 73 76 63 00 78 6D 6C 70 72 6F 76 00 6E 61 70 61 67 65 6E 74 00 68 6B 6D 73 76 63 00 42 49 54 53 00 77 75 61 75 73 65 72 76 00 53 68 65 6C 6C 48 57 44 65 74 65 63 74 69 6F 6E 00 68 65 6C 70 73 76 63 00 57 6D 64 6D 50 6D 53 4E 00 6E 65 74 77 6F 72 6B 00
----------------------------------
Files added:1
----------------------------------
C:\WINDOWS\system32\network.dll
----------------------------------
Files deleted:1
----------------------------------
C:\sand-box\om710.exe
----------------------------------
Files [attributes?] modified:0
----------------------------------
----------------------------------
Folders added:0
----------------------------------
----------------------------------
Folders deleted:0
----------------------------------
----------------------------------
Total changes:25
----------------------------------
-------------------------------------------------------------------------------------
Detected by RegRun Reanimator:
Item Name: network
Author: Unknown
Related File: C:\WINDOWS\system32\network.dll
Type: Svchost DLLs
Removal Results: Success
Number of reboot: 1
-------------------------------------------------------------------------------------
Recommended software:
UnHackMe anti-rootkit and anti-malware
http://www.unhackme.com
RegRun Security Suite (Good choice for removal and protection)
om710.exe | Malware |
om710.exe | Dangerous |
om710.exe | High Risk |
%SysDir%\network.dll is Trojan/Backdoor.
Kill the file %SysDir%\network.dll and remove %SysDir%\network.dll from Windows startup.
File: om710.exe(C:\sand-box\om710.exe)
Classification:
Antivirus Version Last Update Result
Avast 4.8.1335.0 2009.07.27 -
AVG 8.5.0.387 2009.07.27 -
BitDefender 7.2 2009.07.28 -
Comodo 1791 2009.07.28 -
DrWeb 5.0.0.12182 2009.07.28 DLOADER.Trojan
Kaspersky 7.0.0.125 2009.07.28 -
McAfee-GW-Edition 6.8.5 2009.07.28 Heuristic.BehavesLike.Win32.Backdoor.P
NOD32 4283 2009.07.28 -
Symantec 1.4.4.12 2009.07.28 -
Additional information
File size: 53364 bytes
MD5...: caddf31777b282609ab62a67b8b674c3
SHA1..: ca095d37c6a4f0cc520991324e12cb958fca69d3
Installation
When the program is executed, it creates the following registry subkeys and values:
----------------------------------
Keys added:5
----------------------------------
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK\0000
HKLM\SYSTEM\CurrentControlSet\Services\network
HKLM\SYSTEM\CurrentControlSet\Services\network\Parameters
HKLM\SYSTEM\CurrentControlSet\Services\network\Security
----------------------------------
Values added:16
----------------------------------
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK\0000\Service: "network"
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK\0000\Legacy: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK\0000\ConfigFlags: 0x00000000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK\0000\Class: "LegacyDriver"
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK\0000\ClassGUID: "{8ECC055D-047F-11D1-A537-0000F8753ED1}"
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK\0000\DeviceDesc: "newwork"
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK\NextInstance: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Services\network\Security\Security: 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 0B 00 00 00 00 00 18 00 FD 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 23 02 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00
HKLM\SYSTEM\CurrentControlSet\Services\network\Parameters\ServiceDll: "C:\WINDOWS\system32\network.dll"
HKLM\SYSTEM\CurrentControlSet\Services\network\Type: 0x00000110
HKLM\SYSTEM\CurrentControlSet\Services\network\Start: 0x00000002
HKLM\SYSTEM\CurrentControlSet\Services\network\ErrorControl: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Services\network\ImagePath: "%SystemRoot%\System32\svchost.exe -k netsvcs"
HKLM\SYSTEM\CurrentControlSet\Services\network\DisplayName: "newwork"
HKLM\SYSTEM\CurrentControlSet\Services\network\ObjectName: "LocalSystem"
HKLM\SYSTEM\CurrentControlSet\Services\network\Description: "network"
----------------------------------
Values modified:2
----------------------------------
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs: '6to4 AppMgmt AudioSrv Browser CryptSvc DMServer DHCP ERSvc EventSystem FastUserSwitchingCompatibility HidServ Ias Iprip Irmon LanmanServer LanmanWorkstation Messenger Netman Nla Ntmssvc NWCWorkstation Nwsapagent Rasauto Rasman Remoteaccess Schedule Seclogon SENS Sharedaccess SRService Tapisrv Themes TrkWks W32Time WZCSVC Wmi WmdmPmSp winmgmt wscsvc xmlprov napagent hkmsvc BITS wuauserv ShellHWDetection helpsvc WmdmPmSN'
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs: 36 74 6F 34 00 41 70 70 4D 67 6D 74 00 41 75 64 69 6F 53 72 76 00 42 72 6F 77 73 65 72 00 43 72 79 70 74 53 76 63 00 44 4D 53 65 72 76 65 72 00 44 48 43 50 00 45 52 53 76 63 00 45 76 65 6E 74 53 79 73 74 65 6D 00 46 61 73 74 55 73 65 72 53 77 69 74 63 68 69 6E 67 43 6F 6D 70 61 74 69 62 69 6C 69 74 79 00 48 69 64 53 65 72 76 00 49 61 73 00 49 70 72 69 70 00 49 72 6D 6F 6E 00 4C 61 6E 6D 61 6E 53 65 72 76 65 72 00 4C 61 6E 6D 61 6E 57 6F 72 6B 73 74 61 74 69 6F 6E 00 4D 65 73 73 65 6E 67 65 72 00 4E 65 74 6D 61 6E 00 4E 6C 61 00 4E 74 6D 73 73 76 63 00 4E 57 43 57 6F 72 6B 73 74 61 74 69 6F 6E 00 4E 77 73 61 70 61 67 65 6E 74 00 52 61 73 61 75 74 6F 00 52 61 73 6D 61 6E 00 52 65 6D 6F 74 65 61 63 63 65 73 73 00 53 63 68 65 64 75 6C 65 00 53 65 63 6C 6F 67 6F 6E 00 53 45 4E 53 00 53 68 61 72 65 64 61 63 63 65 73 73 00 53 52 53 65 72 76 69 63 65 00 54 61 70 69 73 72 76 00 54 68 65 6D 65 73 00 54 72 6B 57 6B 73 00 57 33 32 54 69 6D 65 00 57 5A 43 53 56 43 00 57 6D 69 00 57 6D 64 6D 50 6D 53 70 00 77 69 6E 6D 67 6D 74 00 77 73 63 73 76 63 00 78 6D 6C 70 72 6F 76 00 6E 61 70 61 67 65 6E 74 00 68 6B 6D 73 76 63 00 42 49 54 53 00 77 75 61 75 73 65 72 76 00 53 68 65 6C 6C 48 57 44 65 74 65 63 74 69 6F 6E 00 68 65 6C 70 73 76 63 00 57 6D 64 6D 50 6D 53 4E 00 6E 65 74 77 6F 72 6B 00
----------------------------------
Files added:1
----------------------------------
C:\WINDOWS\system32\network.dll
----------------------------------
Files deleted:1
----------------------------------
C:\sand-box\om710.exe
----------------------------------
Files [attributes?] modified:0
----------------------------------
----------------------------------
Folders added:0
----------------------------------
----------------------------------
Folders deleted:0
----------------------------------
----------------------------------
Total changes:25
----------------------------------
-------------------------------------------------------------------------------------
Detected by RegRun Reanimator:
Item Name: network
Author: Unknown
Related File: C:\WINDOWS\system32\network.dll
Type: Svchost DLLs
Removal Results: Success
Number of reboot: 1
-------------------------------------------------------------------------------------
Recommended software:
UnHackMe anti-rootkit and anti-malware
http://www.unhackme.com
RegRun Security Suite (Good choice for removal and protection)
Dmitry Sokolov:
I created UnHackMe in 2006 to fix the problem that antivioruses did not fix: detecting rootkits.
Since that time I work every day to fix the issues that antiviruses cannot.
If your antivirus have not helped you solve the problem, you should try UnHackMe.
We are a small company and you can ask me directly, if you have any questions.