spy009.dll - Dangerous

spy009.dll

Manual removal instructions:

Antivirus Report of spy009.dll:
spy009.dll Malware
spy009.dllDangerous
spy009.dllHigh Risk
spy009.dll
We suggest you to remove Spy009.dll from your computer as soon as possible.
Spy009.dll is Trojan/Backdoor.
Kill the file Spy009.dll and remove Spy009.dll from Windows startup.

File: 9991099.exe
-------------------------------------------------------------------------------------
Classification:
Code:
Antivirus Version Last Update Result
Avast 4.8.1335.0 2009.08.11 Win32:Trojan-gen {Other}
AVG 8.5.0.406 2009.08.12 PSW.Generic7.MLM
BitDefender 7.2 2009.08.12 Trojan.Generic.2073296
Comodo 1950 2009.08.12 -
DrWeb 5.0.0.12182 2009.08.12 Trojan.PWS.Gamania.19070
F-Secure 8.0.14470.0 2009.08.11 Trojan-GameThief.Win32.OnLineGames.vdhp
Kaspersky 7.0.0.125 2009.08.12 Trojan-GameThief.Win32.OnLineGames.vdhp
Microsoft 1.4903 2009.08.11 PWS:Win32/Prast!rts
NOD32 4327 2009.08.11 Win32/PSW.QQPass.NEH
Symantec 1.4.4.12 2009.08.12 Infostealer.Gampass

Additional information
File size: 65174 bytes
MD5 : 32f4e9c187b4e761dddbe51dd9e19629
SHA1 : 14e1a13abde5a602e82d1f415a312b5917187927

-------------------------------------------------------------------------------------
Installation
When the program is executed, it creates the following registry subkeys and values:

----------------------------------
Keys added:4
----------------------------------
HKLM\SOFTWARE\Classes\CLSID\{C8417122-386F-48C7-8900-C82E4694FEBC}
HKLM\SOFTWARE\Classes\CLSID\{C8417122-386F-48C7-8900-C82E4694FEBC}\InProcServer32
HKCU\Software\Tencent
HKCU\Software\Tencent\SPY009

----------------------------------
Values added:6
----------------------------------
HKLM\SOFTWARE\Classes\CLSID\{C8417122-386F-48C7-8900-C82E4694FEBC}\InProcServer32\: "C:\Documents and Settings\Administrator\Application Data\Spy009.dll"
HKLM\SOFTWARE\Classes\CLSID\{C8417122-386F-48C7-8900-C82E4694FEBC}\InProcServer32\ThreadingModel: "Apartment"
HKLM\SOFTWARE\Classes\CLSID\{C8417122-386F-48C7-8900-C82E4694FEBC}\: ""
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{C8417122-386F-48C7-8900-C82E4694FEBC}: ""
HKCU\Software\Microsoft\CTF\MSUTB\ShowDeskBand: 0x00000001
HKCU\Software\Tencent\SPY009\F: "F"

----------------------------------
Values modified:18
----------------------------------
HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{0445ABC5-DCB0-4E8B-A5BE-DA7B973EBA30}\LeaseObtainedTime: 0x4A8186E5
HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{0445ABC5-DCB0-4E8B-A5BE-DA7B973EBA30}\LeaseObtainedTime: 0x4A83E856
HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{0445ABC5-DCB0-4E8B-A5BE-DA7B973EBA30}\T1: 0x4A818A69
HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{0445ABC5-DCB0-4E8B-A5BE-DA7B973EBA30}\T1: 0x4A83EBDA
HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{0445ABC5-DCB0-4E8B-A5BE-DA7B973EBA30}\T2: 0x4A818D0C
HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{0445ABC5-DCB0-4E8B-A5BE-DA7B973EBA30}\T2: 0x4A83EE7D
HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{0445ABC5-DCB0-4E8B-A5BE-DA7B973EBA30}\LeaseTerminatesTime: 0x4A818DED
HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{0445ABC5-DCB0-4E8B-A5BE-DA7B973EBA30}\LeaseTerminatesTime: 0x4A83EF5E
HKLM\SYSTEM\CurrentControlSet\Services\{0445ABC5-DCB0-4E8B-A5BE-DA7B973EBA30}\Parameters\Tcpip\LeaseObtainedTime: 0x4A8186E5
HKLM\SYSTEM\CurrentControlSet\Services\{0445ABC5-DCB0-4E8B-A5BE-DA7B973EBA30}\Parameters\Tcpip\LeaseObtainedTime: 0x4A83E856
HKLM\SYSTEM\CurrentControlSet\Services\{0445ABC5-DCB0-4E8B-A5BE-DA7B973EBA30}\Parameters\Tcpip\T1: 0x4A818A69
HKLM\SYSTEM\CurrentControlSet\Services\{0445ABC5-DCB0-4E8B-A5BE-DA7B973EBA30}\Parameters\Tcpip\T1: 0x4A83EBDA
HKLM\SYSTEM\CurrentControlSet\Services\{0445ABC5-DCB0-4E8B-A5BE-DA7B973EBA30}\Parameters\Tcpip\T2: 0x4A818D0C
HKLM\SYSTEM\CurrentControlSet\Services\{0445ABC5-DCB0-4E8B-A5BE-DA7B973EBA30}\Parameters\Tcpip\T2: 0x4A83EE7D
HKLM\SYSTEM\CurrentControlSet\Services\{0445ABC5-DCB0-4E8B-A5BE-DA7B973EBA30}\Parameters\Tcpip\LeaseTerminatesTime: 0x4A818DED
HKLM\SYSTEM\CurrentControlSet\Services\{0445ABC5-DCB0-4E8B-A5BE-DA7B973EBA30}\Parameters\Tcpip\LeaseTerminatesTime: 0x4A83EF5E
HKCU\Software\Microsoft\Internet Explorer\Desktop\Components\GeneralFlags: 0x00000004
HKCU\Software\Microsoft\Internet Explorer\Desktop\Components\GeneralFlags: 0x00000005

----------------------------------
Files added:3
----------------------------------
C:\Documents and Settings\Administrator\Application Data\Reg.bak
C:\Documents and Settings\Administrator\Application Data\Spy009.dll
C:\Documents and Settings\Administrator\Application Data\Spy009.tmp

----------------------------------
Files [attributes?] modified:0
----------------------------------

----------------------------------
Folders added:0
----------------------------------

----------------------------------
Folders deleted:0
----------------------------------

----------------------------------
Total changes:31
----------------------------------
-------------------------------------------------------------------------------------
Detected by RegRun Reanimator:

Item Name: {C8417122-386F-48C7-8900-C82E4694FEBC}
Author: Unknown
Related File: C:\Documents and Settings\Administrator\Application Data\Spy009.dll
Type: Shell Execute Hooks

Removal Results: Success
Number of reboot: 1
-------------------------------------------------------------------------------------

Recommended software:
UnHackMe anti-rootkit and anti-malware
http://www.unhackme.com
RegRun Security Suite (Good choice for removal and protection)

Remove spy009.dll now!

Dmitry Sokolov:

I created UnHackMe in 2006 to fix the problem that antivioruses did not fix: detecting rootkits.

Since that time I work every day to fix the issues that antiviruses cannot.

If your antivirus have not helped you solve the problem, you should try UnHackMe.

We are a small company and you can ask me directly, if you have any questions.

Testimonials

You can read UnHackMe testimonials here.