vsmvhk.dll

Playing around with a file.

 

Re: Test

Couple more to go.

 

Re: Test

Still playing.

 

Re: Test

What app are you using to view the ADS Stream, Pete? It looks familiar

 

Re: Test

Hey, let's check it to death.

 

Re: Test

Starting to think this thing may actually be alright.

 

Re: Test

It was TrojanHunter, dog (screenshots from post 1 & 2) - could have used TDS-3, too. (Actually did, in the other screenshot). Pete

 

Re: Test

I wonder what this dll is, and what is it for

the winlogon dll too...strange.

 

Re: Test

I'm sure that's quite possible - if that's the case, I'm in the process of sending it to enough people to find out.

Hey, can't a guy play with his toys? Pete

(This one's from The Cleaner)

 

Re: Test

in fact like I said, pg should have blocked it...

 

Re: Test

Hey Pete,

Is that a CLSID that I see?

If so, copy it from your TDS-log and search here:
http://computercops.biz/CLSID.html

As far as I could tell with those bad eyes of mine, it was:
{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
and that one was not in there.

Well anyhow, just only a guess

I hope your PC is clean my friend.
Take care !!
Warm regards, Jan.

 

Re: Test

the prblem is they key is found in : app_init.dll in the registry...that concerns me to begin with, the fact I cannot find a single thing on the whole www concerms me more and the fact you have a sunotify.dll in your winlogon makes the thing complete.

maybe I am wrong here, if so, forgive me.

Inf.

 

Re: Test

Good thinking Jan, but that CLSID is the one for ADS.

Regards,

Pieter

 

Re: Test

Whoops , thanks Pieter !!

Cheers/groetjes, Jan.

 

Re: Test

If its spyware and you hava processgaurd protecting that registry key from changes what so ever, then I think it would be impossible to clean it...

the fact that nothing indicates your infected (except that m$ app) makes me wonder too...

 

Re: Test

Well, I removed winlogon from PG's protection list - I'll wait and see what - if anything - makes it do a request.

I'm sure I could get rid of the vsmvhk.dll if I wanted to, but at this point I'm simply not sure that it's a good idea.

I'll wait and see what further comes to light. Pete

 

Re: Test

Well, you got my curiousity going, Spy1, I'll wait with you and Infinity to see what the heck it is!?

 

Re: Test

I hope I didn't give you an attack...

 

Re: Test

<g> No, not at all. I'm just trying to find out what it is for you, Infinity.

And, hey - if it's the discovery of the century, it's still all good! Pete

 

Re: Test

Thanx Pete!!

with your arsenal it shouldn't be malware anyway.

Inf.

 

Re: Test

Interesting.

 

Re: Test

And then it added itself to explorer.exe

 

Re: Test

Is anyone reading this using Ryan_Means_GCWN for adding a "Streams" tab to your "Properties" tabs? If so, could you do a "Search" on your computer for the vsmvhk.dll? Not saying the two are connected, just trying to see if they are. Pete

 

Re: Test

HI Pete , I just installed it and I cannot see a dll in process explorer with that name...

if it is adding the dll into the apinit_dll registry setting it will be blocked by PG and regdefend

it is not that


Inf.

 

Take a look at this and see what you all think. Since I just started using Filemon today, I'm not really sure what I'm seeing there (what it means, that is). Pete

NM - I can't upload a zip, apparently. Crap.