DollarRev

Description:	Adware
Risk Level:	High
Date of First Occurence:	Monday, April 14, 2008
Software Developer:	(unknown)
Brief Info:	DollarRev is an adware program that downloads another adware component.
Removal:	This threat can be removed using "Spyware Terminator"

SUPPRIMER SPYWARE »

Geographical Distribution of Threat "DollarRev"

Threat Info

View All

Detected Items

Detected Files: %TEMP%\nss4.tmp\NSIS_Picasa.dll MD5: 33BDA7B1BD43819C3FB2AA6BC18C50D9 Size:51200 MD5: 5A1CFF0DF65541EC391D3836446C9AEE Size:55808 MD5: 36E0FC7C633B6EC9190EFE9C65FC28A2 Size:54784 MD5: F3170F60A33E3BD417D849D141EBCDB6 Size:55808 %TEMP%\nss4.tmp\registry.dll MD5: 1AF237911F21E78A1F118B14F9DA3994 Size:17408 MD5: AD0C39F7FF92B650511117FFA94D2A65 Size:16384 %TEMP%\nss4.tmp\UserInfo.dll MD5: ECD3F4FECEEA4DB193133FA901408D6A Size:4096 MD5: 419D642FE3436FDA8BB22EEA9C37A6CA Size:4096 MD5: 68D73A95C628836B67EA5A717D74B38C Size:4096 MD5: B27F488ADB12BEF2CCF9B9B900EC090C Size:4096 MD5: 056D32707D68F171C4D036A9AF4B253F Size:4096 %TEMP%\nss4.tmp\FindProcDLL.dll MD5: 8614C450637267AFACAD1645E23BA24A Size:3584 MD5: 83CD62EAB980E3D64C131799608C8371 Size:31744 %TEMP%\nss4.tmp\System.dll MD5: 0BBCBAEE7B703EBD55CD8658A0E8DCD3 Size:10240 MD5: EBFF9B02B61DF14B06DF4FA0B121D0EA Size:10240 MD5: AFD989EF7EEC6BF952BEDFCE541FE236 Size:9216 MD5: 9C32A7501C959B4AED7FD64313137ECC Size:9728 MD5: 86B5A07A43B7CBC5C49263B8D974B736 Size:10240 MD5: ED228603BF5D6BA382B59274DBA35A0A Size:10240 MD5: 725145E8CAA39635CAB9899C47C72EDA Size:10240 MD5: 61151AFF8C92CA17B3FAB51CE1CA7156 Size:10240 MD5: 16AE54E23736352739D7AB156B1965BA Size:10240 MD5: 05E52213CFA17DEE760186462A9645ED Size:10240 MD5: E085476805E8F5EF1C7ED635C5309017 Size:9216 MD5: BF01B2D04E8FAD306BA2F364CFC4EDFA Size:10240 and more.... %TEMP%\nss4.tmp\newadvsplash.dll MD5: 9BC6C411EFA742A5DE7D8372AFAFA2FA Size:8704 MD5: 56B746F9A729D8C614A2DE84AF2E1A8A Size:8704 MD5: E961D94E43E3FE28F274D6D616CDBBEC Size:8704 %TEMP%\nss4.tmp\splash.dll MD5: 086ECD24CB4B2E25611BBC54E4939643 Size:4096 %TEMP%\nss4.tmp\NSISdl.dll MD5: 6AA4110859634F38900F690584A21748 Size:12800 %TEMP%\nss4.tmp\RunProcess.dll MD5: 6F05ACD8D0B80754534355437CFA4F0B Size:184320 %TEMP%\nss4.tmp\nsisdl.dll MD5: 41C6C89458DE4A8679E4841B77759B1A Size:12800 %TEMP%\nss4.tmp\LangDLL.dll MD5: 2C3C8976D729D28478A789217A882291 Size:5120 MD5: BE901409A27E122F31D7C9F2C7F22A38 Size:5120 MD5: 6E78B62A574B8EF6FE3AD1CCBD46E327 Size:5120 %TEMP%\nss4.tmp\InstallOptions.dll MD5: 07F3B3445F66E1089567796BF3C8BE78 Size:12800 MD5: 4C7D97D0786FF08B20D0E8315B5FC3CB Size:12288 MD5: 29459D9EE2BCE32ED937FB1F965F9D5E Size:12800 MD5: 9B2AD0546FD834C01A3BDCBFBC95DA7D Size:14336 MD5: 9B2BDF058D377DA28704AF9CA3EF1142 Size:13824 %TEMP%\nss4.tmp\ExtractDLLEx.dll MD5: BA4063F437ABB349AA9120E9C320C467 Size:7680 %TEMP%\nss4.tmp\Banner.dll MD5: 5CE60830E6DB34A33F12BE5018B21CA2 Size:4096 %TEMP%\nss4.tmp\InetLoad.dll MD5: EE8BA3125AB40C31503864A32A246CFA Size:22094 MD5: 534BA614BC009F933E8D1E93FB2DC450 Size:10240 %TEMP%\nss4.tmp\Dialer.dll MD5: 8ACA4491745195C628C1AE00C290E8C4 Size:3584 %TEMP%\nss4.tmp\esinstui.dll MD5: 9395E8D24D04E4737B906C084B4F3DFD Size:126976 %TEMP%\nss4.tmp\NSISArray.dll MD5: 2B8574F6A8F5DE9042BAA43C069D20BA Size:17920 %TEMP%\nss4.tmp\nsExec.dll MD5: A156C83E1FE512F587918277DF53BE2C Size:6144 MD5: 4B2C42148EE0414FC031141DE8D07508 Size:6144 MD5: E5F9D339D035E054E01648B4A00F8502 Size:6144 %TEMP%\nss4.tmp\xml.dll MD5: 53661CF10042400F719DB6E01BA269B3 Size:119296 %TEMP%\nss4.tmp\gtapi.dll MD5: B19256632FD0BA5BED01E80E29402384 Size:45056 %TEMP%\nss4.tmp\BcNsisHelper.dll MD5: 610D79FAC70CC57CE72CBDC18BB55FCE Size:696320 %TEMP%\nss4.tmp\fpinstall.dll MD5: 071B6233C92F69FFA1C24243328C3B94 Size:8704 %TEMP%\nss4.tmp\ExecDos.dll MD5: 6C41AA5589A370E2E37EA97C7D3EC642 Size:5120 %TEMP%\nss4.tmp\CmdLine.dll MD5: 6FE041CD139CCA9306E645D9D9CF6F28 Size:4608 %TEMP%\nss4.tmp\vxblock.dll MD5: DB35007E33B1E2511B8252B0023BBB25 Size:28672 %TEMP%\nss4.tmp\pxwave.dll MD5: 70B9A715AAE7985C4BC1EE5DAB2E3F73 Size:339968 %TEMP%\nss4.tmp\pxsetup.exe MD5: 62D56EA1F15CAA12C9DACBB93DE97623 Size:61440 %TEMP%\nss4.tmp\pxmas.dll MD5: 9FB3D5D9159F87606D807081A9FFD96B Size:172032 %TEMP%\nss4.tmp\PxInsI64.exe MD5: 4E88BF40643639E45AF462566805F877 Size:109568 %TEMP%\nss4.tmp\PxInsA64.exe MD5: D94C1DFE012A33E84E0CA131C45DF07B Size:56320 %TEMP%\nss4.tmp\pxhpinst.exe MD5: 72BF10F42498C3C7FE8B976A6A0DE1E2 Size:61440 %TEMP%\nss4.tmp\PxHlpa64.sys MD5: DC2E1374677402BDDB7FA4C51C8C7A8B Size:26720 %TEMP%\nss4.tmp\pxhelper.vxd MD5: 6DEA119427F0F261BF11D8B5CBDB55B2 Size:12345 %TEMP%\nss4.tmp\pxhelper.sys MD5: 760ADD42962A36D1F1ABC9859752B906 Size:32752 %TEMP%\nss4.tmp\PxHelp64.sys MD5: 1DFC05ED6B791E874EF63ED307BCA1E8 Size:55104 %TEMP%\nss4.tmp\pxhelp20.sys MD5: 86724469CD077901706854974CD13C3E Size:20640 %TEMP%\nss4.tmp\pxdrv.dll MD5: 53C6C2C62AAD36F100ADDC9C8B7CD67B Size:421888 %TEMP%\nss4.tmp\PxCpyI64.exe MD5: 8E91FB2D31173D92E235A92B07FB4B50 Size:108544 %TEMP%\nss4.tmp\PxCpyA64.exe MD5: 52539D0200DBC74102CB05DAED603563 Size:56832 %TEMP%\nss4.tmp\px.dll MD5: 865B2F3AF9D63FC40EB86690E4B2CABC Size:372736 %TEMP%\nss4.tmp\PrimoSDK.dll MD5: 00B705BEA8CD05B67706CC956D429242 Size:159744 %TEMP%\nss4.tmp\PCloser.dll MD5: 31BE407E4CC8FEDD853D13BC2F5C1703 Size:28672 %TEMP%\nss4.tmp\ShellLink.dll MD5: 073D44E11A4BCFF06E72E1EBFE5605F7 Size:4096 %TEMP%\nss4.tmp\System.dll MD5: 4125926391466FDBE8A4730F2374B033 Size:10240 MD5: 93AEC59C0D79B5F4B43EEF10B6AE260D Size:15704 MD5: 4FBB4A2CD711FC1FE84F3DC30C491DC9 Size:10240
Detected Files with variable Filenames: MD5: 02184A0759753164C0DF464DE83CE3DF Size: 10240 %TEMP%\nsvD304.tmp\System.dll %TEMP%\nsn3D.tmp\System.dll %TEMP%\nsp15F.tmp\System.dll %TEMP%\nsh143.tmp\System.dll %TEMP%\nsi14.tmp\System.dll f:\Documents and Settings\mahboob.MELCODXB\Local Settings\Temp\nsz2.tmp\System.dll f:\Documents and Settings\mahboob.MELCODXB\Local Settings\Temp\nsr2.tmp\System.dll f:\Documents and Settings\mahboob.MELCODXB\Local Settings\Temp\nso41F.tmp\System.dll f:\Documents and Settings\mahboob.MELCODXB\Local Settings\Temp\nso2.tmp\System.dll f:\Documents and Settings\mahboob.MELCODXB\Local Settings\Temp\nsj5FD.tmp\System.dll f:\Documents and Settings\mahboob.MELCODXB\Local Settings\Temp\nsg2.tmp\System.dll and next 470 variations. MD5: A9937E7784EA5386FA18F2F7415F26BD Size: 4096 d:\--BACKUP--\WINDOWS\Temp\nsa1E2.tmp\nsProcess.dll d:\--BACKUP--\Documents and Settings\Paulo Benedito\Local Settings\Temp\nsj80.tmp\nsProcess.dll c:\RECYCLER\S-1-5-21-1220945662-796845957-725345543-1004\Dc527.tmp\nsProcess.dll c:\RECYCLER\S-1-5-21-1220945662-796845957-725345543-1004\Dc526.tmp\nsProcess.dll c:\back-up\Documents and Settings\ABC\Local Settings\Temp\NSJ2.TMP\nsProcess.dll c:\back-up\Documents and Settings\ABC\Local Settings\Temp\NSC2.TMP\nsProcess.dll c:\back-up\Documents and Settings\ABC\Local Settings\Temp\NSF3.TMP\nsProcess.dll c:\back-up\Documents and Settings\ABC\Local Settings\Temp\NSV2.TMP\nsProcess.dll c:\back-up\Documents and Settings\ABC\Local Settings\Temp\NSN2.TMP\nsProcess.dll c:\back-up\Documents and Settings\ABC\Local Settings\Temp\NSN3.TMP\nsProcess.dll c:\back-up\Documents and Settings\ABC\Local Settings\Temp\NSG2.TMP\nsProcess.dll and next 7 variations. MD5: 4666B6A961F8CDE776671F1C1CE952C9 Size: 5120 %TEMP%\nsz1C.tmp\Services.dll %SystemDiskRoot%\Documents and Settings\ChelseaElmer__x\Local Settings\Temp\nso11.tmp\Services.dll %TEMP%\nsu4.tmp\Services.dll %TEMP%\nsn4.tmp\Services.dll %SystemDiskRoot%\System Volume Information\_restore{B7E3FA69-147B-4668-93EB-8121D0D4C5E5}\RP32\A0017459.dll %SystemDiskRoot%\System Volume Information\_restore{B7E3FA69-147B-4668-93EB-8121D0D4C5E5}\RP32\A0017457.dll %SystemDiskRoot%\System Volume Information\_restore{B7E3FA69-147B-4668-93EB-8121D0D4C5E5}\RP32\A0017455.dll %SystemDiskRoot%\System Volume Information\_restore{B7E3FA69-147B-4668-93EB-8121D0D4C5E5}\RP32\A0017453.dll %SystemDiskRoot%\System Volume Information\_restore{B7E3FA69-147B-4668-93EB-8121D0D4C5E5}\RP32\A0017451.dll %SystemDiskRoot%\System Volume Information\_restore{B7E3FA69-147B-4668-93EB-8121D0D4C5E5}\RP32\A0017449.dll %TEMP%\nst59D0.tmp\Services.dll and next 1 variations. MD5: FE24766BA314F620D57D0CF7339103C0 Size: 10240 %TEMP%\nss4.tmp\System.dll %TEMP%\nss4.tmp\system.dll.ren MD5: 9DEF128930124EF94666C066CB0F2B38 Size: 2560 %TEMP%\nss4.tmp\ShutdownAllow.dll %TEMP%\nss4.tmp\ShutdownAllow.dll.ren MD5: 9AB83D7EF9BD55DB63CEB33840431CD5 Size: 5120 %TEMP%\nss4.tmp\NotifyIcon.dll %TEMP%\nss4.tmp\NotifyIcon.dll.ren MD5: 03412BE9BAD701BD251A6AAACA2FEF56 Size: 6656 %TEMP%\nss4.tmp\NM.exe %TEMP%\nss4.tmp\NM.exe.ren

Detecting items list:

Files by MD5 MD5: 4666B6A961F8CDE776671F1C1CE952C9 Size: 5120 MD5: A9937E7784EA5386FA18F2F7415F26BD Size: 4096 MD5: 02184A0759753164C0DF464DE83CE3DF Size: 10240

« Go to Software Database

Chercher dans la Base de Données de notre Logiciel

Naviguez dans la Base de Données du Logiciel

Dernières Nouvelles sur les Malwares

23. septembre 2011

Parmi l'une des spywares les plus actifs est actuellement Trojan.MicroFake.ba sans doute. Il attaque en conjonction avec les applications antispyware Rogue et forces les utilisateurs d'acheter ces applications faux. Utilisez les techniques rootkit est très typique de ce cheval de Troie pour l'aider à cacher de les utilisateurs et le système, ce qui rend difficile à retracer. Nous vous recommandons de mettre régulièrement à jour notre base de données et une politique active temps réel de Shield antivirus.

Anciennes Nouvelles sur les Malwares »