Item: HV_ZYX_BL130105.TOMCMalwarefixit
Rating: 5
Author: Alex

Dmitry Sokolov recommends UnHackMe!

UnHackMe is a powerful tool against malware.

UnHackMe quickly removes rootkits/malware/adware/browser hijack issues!

Alex NightWatcher: Solved! (5 / 5)

HV_ZYX_BL130105.TOMC also known as JS.A.Iframe.47104.M.

Malware Analysis of HV_ZYX_BL130105.TOMC – BASS_TAK.DLL

Created files:

%SysDir%\bass_ofr.dll
%SysDir%\bass_opus.dll
%SysDir%\bass_tak.dll
%SysDir%\bass_tta.dll
%SysDir%\bass_wv.dll

Autostart registry keys:

HKLM\Software\Classes\CLSID\{007FC171-01AA-4B3A-B2DB-062DEE815A1E}\InprocServer32\: “%SysDir%\ffdshow.ax”
HKLM\Software\Classes\CLSID\{0180E49C-13BF-46DB-9AFD-9F52292E1C22}\InprocServer32\: “%SysDir%\VSFilter.dll”
HKLM\Software\Classes\CLSID\{04FE9017-F873-410E-871E-AB91661A4EF7}\InprocServer32\: “%SysDir%\ffdshow.ax”
HKLM\Software\Classes\CLSID\{0512B874-44F6-48F1-AFB5-6DE808DDE230}\InprocServer32\: “%SysDir%\ffdshow.ax”
HKLM\Software\Classes\CLSID\{05F983EC-637F-4133-B489-5E03914929D7}\InprocServer32\: “%SysDir%\ffdshow.ax”
HKLM\Software\Classes\CLSID\{0B0EFF97-C750-462C-9488-B10E7D87F1A6}\InprocServer32\: “%SysDir%\ffdshow.ax”
HKLM\Software\Classes\CLSID\{0B390488-D80F-4A68-8408-48DC199F0E97}\InprocServer32\: “%SysDir%\ffdshow.ax”
HKLM\Software\Classes\CLSID\{0F40E1E5-4F79-4988-B1A9-CC98794E6B55}\InprocServer32\: “%SysDir%\ffdshow.ax”
HKLM\Software\Classes\CLSID\{1F71651E-65D2-40BF-AC44-275D11927D99}\InprocServer32\: “%SysDir%\ffdshow.ax”
HKLM\Software\Classes\CLSID\{3E3ECA90-4D6A-4344-98C3-1BB95BF24038}\InprocServer32\: “%SysDir%\ffdshow.ax”
HKLM\Software\Classes\CLSID\{47E792CF-0BBE-4F7A-859C-194B0768650A}\InprocServer32\: “%SysDir%\FLVSplitter.ax”
HKLM\Software\Classes\CLSID\{49590BC9-6DD5-4E44-AD4C-E8FCB7131EC4}\InprocServer32\: “%SysDir%\ffdshow.ax”
HKLM\Software\Classes\CLSID\{4DB2B5D9-4556-4340-B189-AD20110D953F}\InprocServer32\: “%SysDir%\ffdshow.ax”
HKLM\Software\Classes\CLSID\{51A00247-40A8-4845-9F17-7DBFCC9A8783}\InprocServer32\: “%SysDir%\avi.dll”
HKLM\Software\Classes\CLSID\{525F116F-04AD-40A2-AE2F-A0C4E1AFEF98}\InprocServer32\: “%SysDir%\VSFilter.dll”
HKLM\Software\Classes\CLSID\{53D9DE0B-FC61-4650-9773-74D13CC7E582}\InprocServer32\: “%SysDir%\mkx.dll”
HKLM\Software\Classes\CLSID\{545A00C2-FCCC-40B3-9310-2C36AE64B0DD}\InprocServer32\: “%SysDir%\ffdshow.ax”
HKLM\Software\Classes\CLSID\{55DA30FC-F16B-49FC-BAA5-AE59FC65F82D}\InprocServer32\: “%SysDir%\splitter.ax”
HKLM\Software\Classes\CLSID\{564FD788-86C9-4444-971E-CC4A243DA150}\InprocServer32\: “%SysDir%\splitter.ax”
HKLM\Software\Classes\CLSID\{5711D95F-0984-4A22-8FF8-90A954958D0C}\InprocServer32\: “%SysDir%\ffdshow.ax”
HKLM\Software\Classes\CLSID\{60765CF5-01C2-4EE7-A44B-C791CF25FEA0}\InprocServer32\: “%SysDir%\VSFilter.dll”
HKLM\Software\Classes\CLSID\{64F2005C-6CF5-4652-B94F-600360B15B27}\InprocServer32\: “%SysDir%\mkx.dll”
HKLM\Software\Classes\CLSID\{650DE05E-5CD3-44F8-BA20-A5BB91FC61E6}\InprocServer32\: “%SysDir%\ffdshow.ax”
HKLM\Software\Classes\CLSID\{760A8F35-97E7-479D-AAF5-DA9EFF95D751}\InprocServer32\: “%SysDir%\dxr.dll”
HKLM\Software\Classes\CLSID\{7B63A013-DC2C-462E-9292-CAF8C867100F}\InprocServer32\: “%SysDir%\splitter.ax”
HKLM\Software\Classes\CLSID\{7CA71B1E-A67D-4D54-A200-FA47605483A7}\InprocServer32\: “%SysDir%\ffdshow.ax”
HKLM\Software\Classes\CLSID\{7E15A6DE-B1F1-4E1F-8448-F5A06E179208}\InprocServer32\: “%SysDir%\DCBassSourceMod.ax”
HKLM\Software\Classes\CLSID\{87271B4E-1726-4CED-AF0D-BE675621FD29}\InprocServer32\: “%SysDir%\ffdshow.ax”
HKLM\Software\Classes\CLSID\{895322C5-84A1-450C-8478-C57793CAE86F}\InprocServer32\: “%SysDir%\splitter.ax”
HKLM\Software\Classes\CLSID\{8E8B4A31-408B-4929-86A4-A9FA9F01BA43}\InprocServer32\: “%SysDir%\dxr.dll”
HKLM\Software\Classes\CLSID\{8E9922F0-B775-45B8-B650-941BEA790EEB}\InprocServer32\: “%SysDir%\ffdshow.ax”
HKLM\Software\Classes\CLSID\{8F43B7D9-9D6B-4F48-BE18-4D787C795EEA}\InprocServer32\: “%SysDir%\splitter.ax”
HKLM\Software\Classes\CLSID\{90C7D10E-CE9A-479B-A238-1A0F2396DE43}\InprocServer32\: “%SysDir%\splitter.ax”
HKLM\Software\Classes\CLSID\{93A22E7A-5091-45EF-BA61-6DA26156A5D0}\InprocServer32\: “%SysDir%\VSFilter.dll”
HKLM\Software\Classes\CLSID\{9852A670-F845-491B-9BE6-EBD841B8A613}\InprocServer32\: “%SysDir%\VSFilter.dll”
HKLM\Software\Classes\CLSID\{9A98ADCC-C6A4-449E-A8B1-0363673D9F8A}\InprocServer32\: “%SysDir%\ffdshow.ax”
HKLM\Software\Classes\CLSID\{A0606860-51BE-4CF6-99C0-7CE5F78AC2D8}\InprocServer32\: “%SysDir%\ffdshow.ax”
HKLM\Software\Classes\CLSID\{A28F324B-DDC5-4999-AA25-D3A7E25EF7A8}\InprocServer32\: “%SysDir%\splitter.ax”
HKLM\Software\Classes\CLSID\{A36C253D-CEE4-4BCA-9CC2-E03CF6BBB054}\InprocServer32\: “%SysDir%\dxr.dll”
HKLM\Software\Classes\CLSID\{A8B25C0E-0894-4531-B668-AB1599FAF7F6}\InprocServer32\: “%SysDir%\VSFilter.dll”
HKLM\Software\Classes\CLSID\{ABE7B1D9-4B3E-4ACD-A0D1-92611D3A4492}\InprocServer32\: “%SysDir%\DCBassSourceMod.ax”
HKLM\Software\Classes\CLSID\{ACE4747B-35BD-4E97-9DD7-1D4245B0695C}\InprocServer32\: “%SysDir%\VSFilter.dll”
HKLM\Software\Classes\CLSID\{B3DE7EDC-0CD4-4d07-B1C5-92219CD475CC}\InprocServer32\: “%SysDir%\mp4.dll”
HKLM\Software\Classes\CLSID\{B841F346-4835-4de8-AA5E-2E7CD2D4C435}\InprocServer32\: “%SysDir%\ts.dll”
HKLM\Software\Classes\CLSID\{B86F6BEE-E7C0-4D03-8D52-5B4430CF6C88}\InprocServer32\: “%SysDir%\ffdshow.ax”
HKLM\Software\Classes\CLSID\{BD4FB4BE-809D-487b-ADD6-F7D164247E52}\InprocServer32\: “%SysDir%\mkx.dll”
HKLM\Software\Classes\CLSID\{C2D6D98F-09CA-4524-AF64-1049B5665C9C}\InprocServer32\: “%SysDir%\VSFilter.dll”
HKLM\Software\Classes\CLSID\{C9ECE7B3-1D8E-41F5-9F24-B255DF16C087}\InprocServer32\: “%SysDir%\FLVSplitter.ax”
HKLM\Software\Classes\CLSID\{CE77C59C-CFD2-429F-868C-8B04D23F94CA}\InprocServer32\: “%SysDir%\VSFilter.dll”
HKLM\Software\Classes\CLSID\{D367878E-F3B8-4235-A968-F378EF1B9A44}\InprocServer32\: “%SysDir%\cdxareader.ax”
HKLM\Software\Classes\CLSID\{D6A9B8CC-192D-4F00-8BF8-AD8774011B07}\InprocServer32\: “%SysDir%\ffdshow.ax”
HKLM\Software\Classes\CLSID\{DB43B405-43AA-4f01-82D8-D84D47E6019C}\InprocServer32\: “%SysDir%\ogm.dll”
HKLM\Software\Classes\CLSID\{DBF9000E-F08C-4858-B769-C914A0FBB1D7}\InprocServer32\: “%SysDir%\ffdshow.ax”
HKLM\Software\Classes\CLSID\{DFD031D4-4780-44E7-A5F5-951D672FC93A}\InprocServer32\: “%SysDir%\DCBassSourceMod.ax”
HKLM\Software\Classes\CLSID\{E2F64369-3A16-4692-A6C0-6EFCB6AEBAC1}\InprocServer32\: “%SysDir%\ffdshow.ax”
HKLM\Software\Classes\CLSID\{EB02CC0B-C3BF-4c10-859C-70F42AFCD6B6}\InprocServer32\: “%SysDir%\avs.dll”
HKLM\Software\Classes\CLSID\{F13D3732-96BD-4108-AFEB-E85F68FF64DC}\InprocServer32\: “%SysDir%\splitter.ax”
HKLM\Software\Classes\CLSID\{F544E0F5-CA3C-47EA-A64D-35FCF1602396}\InprocServer32\: “%SysDir%\VSFilter.dll”
HKLM\Software\Classes\CLSID\{F6E8FC04-8B05-48B1-9399-848229502A06}\InprocServer32\: “%SysDir%\ffdshow.ax”
HKLM\Software\Classes\CLSID\{FFFCC670-5CD4-4C09-952C-F53F46C2B1A7}\InprocServer32\: “%SysDir%\ffdshow.ax”
HKLM\Software\Classes\AC3File\shell\open\command\: “”%Program Files%\Windows Media Player\wmplayer.exe” /prefetch:8 /Open “%L””
HKLM\Software\Classes\APEFile\shell\open\command\: “”%Program Files%\Windows Media Player\wmplayer.exe” /prefetch:8 /Open “%L””
HKLM\Software\Classes\BDMVFile\shell\open\command\: “”%Program Files%\Windows Media Player\wmplayer.exe” /prefetch:8 /Open “%L””
HKLM\Software\Classes\DTSFile\shell\open\command\: “”%Program Files%\Windows Media Player\wmplayer.exe” /prefetch:8 /Open “%L””
HKLM\Software\Classes\EVOFile\shell\open\command\: “”%Program Files%\Windows Media Player\wmplayer.exe” /prefetch:8 /Open “%L””
HKLM\Software\Classes\FLACFile\shell\open\command\: “”%Program Files%\Windows Media Player\wmplayer.exe” /prefetch:8 /Open “%L””
HKLM\Software\Classes\FLVFile\shell\open\command\: “”%Program Files%\Windows Media Player\wmplayer.exe” /prefetch:8 /Open “%L””
HKLM\Software\Classes\ITFile\shell\open\command\: “”%Program Files%\Windows Media Player\wmplayer.exe” /prefetch:8 /Open “%L””
HKLM\Software\Classes\M2TSFile\shell\open\command\: “”%Program Files%\Windows Media Player\wmplayer.exe” /prefetch:8 /Open “%L””
HKLM\Software\Classes\MKAFile\shell\open\command\: “”%Program Files%\Windows Media Player\wmplayer.exe” /prefetch:8 /Open “%L””
HKLM\Software\Classes\MKVFile\shell\open\command\: “”%Program Files%\Windows Media Player\wmplayer.exe” /prefetch:8 /Open “%L””
HKLM\Software\Classes\MO3File\shell\open\command\: “”%Program Files%\Windows Media Player\wmplayer.exe” /prefetch:8 /Open “%L””
HKLM\Software\Classes\MODFile\shell\open\command\: “”%Program Files%\Windows Media Player\wmplayer.exe” /prefetch:8 /Open “%L””
HKLM\Software\Classes\MP4File\shell\open\command\: “”%Program Files%\Windows Media Player\wmplayer.exe” /prefetch:8 /Open “%L””
HKLM\Software\Classes\MPCFile\shell\open\command\: “”%Program Files%\Windows Media Player\wmplayer.exe” /prefetch:8 /Open “%L””
HKLM\Software\Classes\MTMFile\shell\open\command\: “”%Program Files%\Windows Media Player\wmplayer.exe” /prefetch:8 /Open “%L””
HKLM\Software\Classes\NUVFile\shell\open\command\: “”%Program Files%\Windows Media Player\wmplayer.exe” /prefetch:8 /Open “%L””
HKLM\Software\Classes\OFRFile\shell\open\command\: “”%Program Files%\Windows Media Player\wmplayer.exe” /prefetch:8 /Open “%L””
HKLM\Software\Classes\OGGFile\shell\open\command\: “”%Program Files%\Windows Media Player\wmplayer.exe” /prefetch:8 /Open “%L””
HKLM\Software\Classes\ogmfile\shell\open\command\: “”%Program Files%\Windows Media Player\wmplayer.exe” /prefetch:8 /Open “%L””
HKLM\Software\Classes\OPUSFile\shell\open\command\: “”%Program Files%\Windows Media Player\wmplayer.exe” /prefetch:8 /Open “%L””
HKLM\Software\Classes\S3MFile\shell\open\command\: “”%Program Files%\Windows Media Player\wmplayer.exe” /prefetch:8 /Open “%L””
HKLM\Software\Classes\TAKFile\shell\open\command\: “”%Program Files%\Windows Media Player\wmplayer.exe” /prefetch:8 /Open “%L””
HKLM\Software\Classes\TTAFile\shell\open\command\: “”%Program Files%\Windows Media Player\wmplayer.exe” /prefetch:8 /Open “%L””
HKLM\Software\Classes\UMXFile\shell\open\command\: “”%Program Files%\Windows Media Player\wmplayer.exe” /prefetch:8 /Open “%L””
HKLM\Software\Classes\VOBFile\shell\open\command\: “”%Program Files%\Windows Media Player\wmplayer.exe” /prefetch:8 /Open “%L””
HKLM\Software\Classes\WEBMFile\shell\open\command\: “”%Program Files%\Windows Media Player\wmplayer.exe” /prefetch:8 /Open “%L””
HKLM\Software\Classes\WVFile\shell\open\command\: “”%Program Files%\Windows Media Player\wmplayer.exe” /prefetch:8 /Open “%L””
HKLM\Software\Classes\XMFile\shell\open\command\: “”%Program Files%\Windows Media Player\wmplayer.exe” /prefetch:8 /Open “%L””
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\74FCBAD4EB964B24A9BA84D66FA4FEC0\InstallProperties\UninstallString: “MsiExec.exe /I{4DABCF47-69BE-42B4-9AAB-486DF64AEF0C}”
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\74FCBAD4EB964B24A9BA84D66FA4FEC0\InstallProperties\DisplayName: “Free MKV Player”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Cole2k Media – Codec Pack\DisplayName: “Cole2k Media – Codec Pack (Advanced) 8.0.2”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Cole2k Media – Codec Pack\UninstallString: “%SysDir%\C2MP\Uninst.exe”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{4DABCF47-69BE-42B4-9AAB-486DF64AEF0C}\UninstallString: “MsiExec.exe /I{4DABCF47-69BE-42B4-9AAB-486DF64AEF0C}”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{4DABCF47-69BE-42B4-9AAB-486DF64AEF0C}\DisplayName: “Free MKV Player”

Detected by UnHackMe:

BASS_TAK.DLL
Default location: %SYSDIR%\BASS_TAK.DLL

Dropper hash(md5): 577a740c9fe2c9d1f8e8f76e91a3f141

Written by NightWatcher

Malware Hunter.
Google+

UnHackMe removes malware invisible for your antivirus!

UnHackMe is compatible with most antivirus software.
UnHackMe is 100% CLEAN, which means it does not contain any form of malware, including adware, spyware, viruses, trojans and backdoors. VirusTotal (0/56).
System Requirements: Windows 2000-Windows 8.1/10. UnHackMe uses minimum of computer resources.