DelFin
|
Popis:
|
Spyware
|
|
Úroveň rizika:
|
Vysoké
|
|
Datum 1. výskytu:
|
Monday, April 14, 2008
|
|
Poskytovatel Softwaru:
|
(neznámá)
|
|
Stručné informace:
|
DelFin is a program that downloads adware. It represents itself as a media viewer.
|
|
Odstranění:
|
Tento škodlivý software může být odstraněn pomocí "Spyware
Terminatora"
|
ODSTRANIT SPYWARE »
Geogr. rozdělení softwaru "DelFin"
Info o škodlivém softwaru
Zobrazit vše
Detected Items
- Detected Files:
%SYSDIR%\vidctrl\vidctrl.exe
MD5: D98B737BF224BF173FB7BADF485A20FF Size:90112
%TEMP%\vmstmp\vmstmp.exe
MD5: 0A9387A7448ECCCC78156879FD3098BE Size:147456
MD5: 6ACCB90427B219494A35743E719B6B80 Size:147456
%SYSDIR%\nsvsvc\nsv.ocx
MD5: BAFE10DA877DD39428668746F04233D4 Size:40960
%PROGRAMFILES%\DelFin\PromulGate\PgMonitr.exe
MD5: 150B626186F9EA81EFC74434CADB93EE Size:32256
MD5: 47BBC00CCFCA03238509A6C8A7C66FC4 Size:209880
MD5: F8F16147B1DC134A601CF74A28C24C9A Size:32768
%SYSDIR%\pcs\wusscan.dll
MD5: ADBE6578D3E58567E4955D522668A315 Size:93696
%SYSDIR%\pcs\mbsacli2.exe
MD5: AB04F788EA8AE5850CC39754A9D7261A Size:133120
%SYSDIR%\vmss\vmss.exe
MD5: 29C2CD97F85E4A06E9FB068FF6E60C13 Size:98304
%SYSDIR%\wsxsvc\wsxsvc.exe
MD5: DDC6CE2E29AA19093DCF721DF1210CE1 Size:65536
%SYSDIR%\wsxsvc\wsx.ocx
MD5: D82BD05775C7A936D58959B1D7EB58A7 Size:40960
%SYSDIR%\wsxsvc\wsx.dll
MD5: D61A55C2537012F7EEA4007F6321129C Size:204800
%PROGRAMFILES%\PeDevice\PeDev.dll
MD5: EEF21A72791B2BA3D73D2D6ED1F81F9E Size:143360
MD5: 0DDB255375F9EBBCC4E37CE03416357F Size:147456
%SYSDIR%\picsvr\picsvr.exe
MD5: 779A079BA282DB68D120D7164C16F981 Size:94208
%COMMONFILES%\dpi\Dpi.exe
MD5: 0782D3416735CA91C24837B80C4ACF6C Size:94208
MD5: 9FE0B8E5FA9E0A069B90593D69F60611 Size:94208
MD5: 9C27320235C9C6C42E06C1EEC9B5708C Size:94208
MD5: 8B4913CC752ACE54EC7DC85765A8D8CC Size:94208
MD5: C44DBD32255CB30A25CB36358F8EC381 Size:94208
%SYSDIR%\nfomon\nfo.ocx
MD5: 28B79DACA2AC30331CE0B814422280D6 Size:40960
%SYSDIR%\nfomon\nfomon.exe
MD5: 465F67D0EEB2D7212907178A8A62D5A4 Size:57344
%SYSDIR%\pcs\init.dll
MD5: 828A4767142CAA47CB333AEDF4175050 Size:69632
MD5: 5B1621DFD6AD697B9FB085EDB6F9734E Size:69632
MD5: E338AB3F6C54E6CA21A6123F77A3BA08 Size:69632
%SYSDIR%\pcs\pcsvcAccess.ocx
MD5: CBD58DD3A1571056D5435F990B5238FC Size:40960
MD5: 5C5DA6CE96B5ACE87261DCA80A0DE47C Size:40960
%PROGRAMFILES%\PeDevice\PeDev.exe
MD5: 1A99FAF10FA789D5BCAA079CB39AEEE8 Size:159744
%PROGRAMFILES%\PeDevice\PeDevPS.dll
MD5: 1D37EE8C667AD6D38956B8B3F17A94D6 Size:45056
MD5: 3D3B464D8A1B4F68FCA0BE3C758BDBEE Size:45056
%SYSDIR%\VIDMON\VIDMON.EXE
MD5: E5232DCEFAE5EE377CEB73CC91321102 Size:90112
%SYSDIR%\pcs\est\est05022_exe.exe
MD5: 58822C4F736859B0B6ACF42B72D9F5C5 Size:241751
%SYSDIR%\pcs\est\est04028_exe.exe
MD5: 6F80EB6466516DDFEA47C94DC8FD8FBB Size:233533
%SYSDIR%\pcs\WindowsUpdateAgent20-x86.exe
MD5: 9B7E5DC382ABF6D851A905116AC2543F Size:6139760
%PROGRAMFILES%\PeDevice\Preparation.dll
MD5: 2210D5BB7BCF8AF78C174FACFC7A8337 Size:45056
%PROGRAMFILES%\PeDevice\pedevPS.dll
MD5: EA2E169D5CD7C87805623C7B12829268 Size:45056
%PROGRAMFILES%\PeDevice\pedev.exe
MD5: 09FF98918B47506667AAA332DD66A17D Size:159744
%PROGRAMFILES%\PeDevice\pedev.dll
MD5: B3541043F5D46004DE4E2B44235D8DC6 Size:147456
%PROGRAMFILES%\PeDevice\fixit2.exe
MD5: 0F68526FA257716F27B49FCDF5A45C91 Size:49152
%SYSDIR%\nfomon\nfom.dll
MD5: 4CFE30D6095E33ADA6E5FF90C2B21D6B Size:208896
%SYSDIR%\pcs\pcsvc.exe
MD5: F03DB954D348FE4AB79DF8DB7A5218B9 Size:35840
MD5: 26E2D1FAB18A38ED48CDC594CF696CC1 Size:35840
%SYSDIR%\pcs\pcsvc.dll
MD5: EC76EF41CA7BC294E21413C24B5CE542 Size:199168
%PROGRAMFILES%\DelFin\PromulGate\PgSDK.DLL
MD5: 1A64AE08C7FE42F2D96BFE9B0C3458A5 Size:157696
%PROGRAMFILES%\DELFIN\PROMULGATE\PGMONITR.EXE
MD5: E8CA8C2EBE92750F3A43D9E8EF1CC344 Size:36352
MD5: E3E7016DF4E64D8DD4B0E9DA88AFDD8D Size:210394
%PROGRAMFILES%\PEDEVICE\PEDEV.EXE
MD5: E16D03227CB8330C247F17E8914AA6FF Size:151552
%PROGRAMFILES%\DelFin\PromulGate\PgValidator.dll
MD5: C0492F6AF73396855F0ECF71DF8434FE Size:57344
%PROGRAMFILES%\DelFin\PromulGate\patchme.exe
MD5: 60C06AC43504E015E4A3DCE4715BF849 Size:528102
MD5: F4AA4973E84661A36C93306265587AB3 Size:711088
- Detected Files with variable Filenames:
MD5: DEB3CEF6C1EA4FCC69F31B14836E25D1 Size: 208896
%SYSDIR%\nsvsvc\nsvs.dll
%SYSDIR%\nsvsvc\nsvs.dll.ren
MD5: 016645AD95781969367A4500AEEA456F Size: 57344
%SYSDIR%\nsvsvc\nsvsvc.exe
%SYSDIR%\nsvsvc\nsvsvc.exe.ren
MD5: 1387A0CD76929AFEEA9A6E42C349FAE7 Size: 156672
%PROGRAMFILES%\DelFin\PromulGate\PgSDK.DLL
%PROGRAMFILES%\DelFin\PromulGate\PgSDK.DLL.ren
MD5: 2C8B8B0AA4E0BC4240868F16FF8F8D28 Size: 143360
%TEMP%\uppicsvr.exe
%WINDIR%\Temp\uppicsvr.exe
MD5: F40775629AF1371320328BF6B16C7573 Size: 199168
%SYSDIR%\pcs\pcsvc.dll
%SYSDIR%\pcs\pcsvc.dll.ren
Detecting items list:
- Files by Name
%Sysdir%\nsvsvc\nsvsvc.exe
%Sysdir%\vidctrl\vidctrl.exe
%sysdir%\VIDMON\VIDMON.EXE
%TEMP%\G18151~1.EXE
%ProgramFiles%\DelFin\PromulGate\PgMonitr.exe
%ProgramFiles%\DelFin\PromulGate\PgSDK.dll
%ProgramFiles%\DelFin\PromulGate\PgMonitr.exe
%CommonFiles%\dpi\Dpi.exe
%TEMP%\uppicsvr.exe
%TEMP%\vmstmp\vmstmp.exe
%Sysdir%\picsvr\picsvr.exe
%Sysdir%\nsvsvc\nsvs.dll
%Sysdir%\vmss\vmss.exe
%Sysdir%\wsxsvc\wsx.dll
%Sysdir%\wsxsvc\wsx.ocx
%Sysdir%\wsxsvc\wsxsvc.exe
%Windir%\Temp\uppicsvr.exe
%sysdir%\pgtools\init.dll
%Sysdir%\pgtools\tatss.dll
%sysdir%\pgtools\tatss.exe
%sysdir%\63mm.exe
%SYSDIR%\nfomon\License.txt
%SYSDIR%\nfomon\nfo.ocx
%SYSDIR%\nfomon\nfom.dll
%SYSDIR%\nfomon\nfomon.exe
%SYSDIR%\vidmon\vidmon.exe
%PROGRAMFILES%\PeDevice\Downloader.exe
%PROGRAMFILES%\PeDevice\fixit2.exe
%PROGRAMFILES%\PeDevice\PeDev.dll
%PROGRAMFILES%\PeDevice\PeDev.exe
%PROGRAMFILES%\PeDevice\pedevPS.dll
%PROGRAMFILES%\PeDevice\Preparation.dll
- Files by Directories
%APPDATA%\nsv
%Sysdir%\nsvsvc
%Sysdir%\wsxsvc
%Sysdir%\vmss
%Sysdir%\vidctrl
%ProgramFiles%\DelFin
%START_PROGRAMS%\DelFin Media Viewer
%Sysdir%\pgtools
%sysdir%\pcs
%PROGRAMFILES%\PeDevice
- Files by CLSID or Name
CLSID=A8BD9566-9895-4FA3-918D-A51D4CD15865
CLSID=41700749-A109-4254-AF13-BE54011E8783
CLSID=D0070620-1E72-42E7-A14C-3A255AD31839
CLSID=2A7DB8D1-43BE-4AD3-A81E-9BB8C9D00073
CLSID=39D37D53-EAB9-4E04-9AC2-1D72F051590C
CLSID=4499F8BB-234F-4c22-9131-5B147BD231B4
CLSID=5E47627B-D89E-442b-82A6-F2FAB368621B
CLSID=8B2369FD-C388-404d-B3A8-DD4784267EA1
CLSID=A5CE9E73-125D-4e2f-8CB2-1349AB21EB53
CLSID=B424100F-21D7-4660-B2D0-90C71A597177
CLSID=BAA62B4F-5E59-40CC-B2EC-0E19B8776FA2
CLSID=E1412445-4FF8-410e-8D24-F2CF86B171A4
- Registry Keys
HKLM\SOFTWARE\Dvx
HKLM\SOFTWARE\Tat
HKLM\SOFTWARE\Pcsv
HKLM\SOFTWARE\Mvu
HKLM\SOFTWARE\picsvr
HKLM\SOFTWARE\DelFin
HKLM\SOFTWARE\skin
HKLM\Software\Dpi
HKLM\SOFTWARE\vmss
HKCU\Software\DelFin
HKCR\AppID\pedev.EXE
HKCR\AppID\PEDEV.DLL
HKCU\Software\PeDev
- Registry Values
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ValueName=vidmon
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ValueName=Nfo
«
Jít do Databáze softwaru
