vsmvhk.dll

Discussion in 'other security issues & news' started by spy1, Mar 7, 2005.

Thread Status:
Not open for further replies.
  1. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    Playing around with a file.
     

    Attached Files:

  2. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    Re: Test

    Couple more to go.
     

    Attached Files:

  3. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    Re: Test

    Still playing.
     

    Attached Files:

  4. dog

    dog Guest

    Re: Test

    What app are you using to view the ADS Stream, Pete? It looks familiar :doubt:
     
  5. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    Re: Test

    Hey, let's check it to death.
     

    Attached Files:

  6. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    Re: Test

    Starting to think this thing may actually be alright.
     

    Attached Files:

  7. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    Re: Test

    It was TrojanHunter, dog (screenshots from post 1 & 2) - could have used TDS-3, too. (Actually did, in the other screenshot). Pete
     
  8. Infinity

    Infinity Registered Member

    Joined:
    May 31, 2004
    Posts:
    2,651
    Re: Test

    I wonder what this dll is, and what is it for

    the winlogon dll too...strange.
     
  9. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    Re: Test

    I'm sure that's quite possible - if that's the case, I'm in the process of sending it to enough people to find out.

    Hey, can't a guy play with his toys? :D Pete

    (This one's from The Cleaner)
     

    Attached Files:

  10. Infinity

    Infinity Registered Member

    Joined:
    May 31, 2004
    Posts:
    2,651
    Re: Test

    in fact like I said, pg should have blocked it...
     
  11. FanJ

    FanJ Guest

    Re: Test

    Hey Pete,

    Is that a CLSID that I see?

    If so, copy it from your TDS-log and search here:
    http://computercops.biz/CLSID.html

    As far as I could tell with those bad eyes of mine, it was:
    {4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
    and that one was not in there.

    Well anyhow, just only a guess ;)

    I hope your PC is clean my friend.
    Take care !!
    Warm regards, Jan.
     
  12. Infinity

    Infinity Registered Member

    Joined:
    May 31, 2004
    Posts:
    2,651
    Re: Test

    the prblem is they key is found in : app_init.dll in the registry...that concerns me to begin with, the fact I cannot find a single thing on the whole www concerms me more and the fact you have a sunotify.dll in your winlogon makes the thing complete.

    maybe I am wrong here, if so, forgive me.

    Inf.
     
  13. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,429
    Location:
    Netherlands
    Re: Test

    Good thinking Jan, but that CLSID is the one for ADS. :)

    Regards,

    Pieter
     
  14. FanJ

    FanJ Guest

    Re: Test

    Whoops :oops: , thanks Pieter !!

    Cheers/groetjes, Jan.
     
  15. Infinity

    Infinity Registered Member

    Joined:
    May 31, 2004
    Posts:
    2,651
    Re: Test

    If its spyware and you hava processgaurd protecting that registry key from changes what so ever, then I think it would be impossible to clean it...

    the fact that nothing indicates your infected (except that m$ app) makes me wonder too...
     
  16. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    Re: Test

    Well, I removed winlogon from PG's protection list - I'll wait and see what - if anything - makes it do a request.

    I'm sure I could get rid of the vsmvhk.dll if I wanted to, but at this point I'm simply not sure that it's a good idea.

    I'll wait and see what further comes to light. Pete
     
  17. Marja

    Marja Honestly, I'm not a bot!!

    Joined:
    Mar 8, 2004
    Posts:
    4,553
    Location:
    In the Vast Fields of My Mind
    Re: Test

    Well, you got my curiousity going, Spy1, I'll wait with you and Infinity to see what the heck it is!? :D
     
  18. Infinity

    Infinity Registered Member

    Joined:
    May 31, 2004
    Posts:
    2,651
    Re: Test

    I hope I didn't give you an attack...:(
     
  19. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    Re: Test

    <g> No, not at all. I'm just trying to find out what it is for you, Infinity.

    And, hey - if it's the discovery of the century, it's still all good! Pete
     
  20. Infinity

    Infinity Registered Member

    Joined:
    May 31, 2004
    Posts:
    2,651
    Re: Test

    Thanx Pete!!

    with your arsenal it shouldn't be malware anyway.

    Inf.
     
  21. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    Re: Test

    Interesting.
     

    Attached Files:

  22. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    Re: Test

    And then it added itself to explorer.exe
     

    Attached Files:

  23. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    Re: Test

    Is anyone reading this using Ryan_Means_GCWN for adding a "Streams" tab to your "Properties" tabs? If so, could you do a "Search" on your computer for the vsmvhk.dll? Not saying the two are connected, just trying to see if they are. Pete
     
  24. Infinity

    Infinity Registered Member

    Joined:
    May 31, 2004
    Posts:
    2,651
    Re: Test

    HI Pete , I just installed it and I cannot see a dll in process explorer with that name...

    if it is adding the dll into the apinit_dll registry setting it will be blocked by PG and regdefend

    it is not that


    Inf.
     
  25. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    Take a look at this and see what you all think. Since I just started using Filemon today, I'm not really sure what I'm seeing there (what it means, that is). Pete

    NM - I can't upload a zip, apparently. Crap.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.