Revizer.b (fs)

Dmitry Sokolov recommends UnHackMe!

UnHackMe is a powerful tool against malware.

UnHackMe quickly removes rootkits/malware/adware/browser hijack issues!

: Solved! 5 Stars (5 / 5)

Revizer.b (fs) also known as .

Malware Analysis of Revizer.b (fs) – 176.DLL

Created files:

%Program Files%\ver8PassShow\176.crx
%Program Files%\ver8PassShow\176.dat
%Program Files%\ver8PassShow\176.dll
%Program Files%\ver8PassShow\176.xpi
%Program Files%\ver8PassShow\a.db

Autostart registry keys:

HKLM\Software\Classes\CLSID\{368080F9-7393-5BB8-7496-8D27FED067EE}\InprocServer32\: “%Program Files%\ver8PassShow\176.dll”
HKLM\Software\Classes\CLSID\{B89F5C49-51DB-4974-AB5A-E25901AA339C}\InprocServer32\: “%Program Files%\PC Speed Up\PCSUHelper.dll”
HKLM\Software\Classes\CLSID\{E9B5B0D2-D08A-49FC-8B5C-159B60BAA268}\InprocServer32\: “%Program Files%\PC Speed Up\PCSUHelper.dll”
HKLM\Software\Classes\AIR.InstallerPackage\shell\open\command\: “C:\PROGRA~1\COMMON~1\ADOBEA~1\Versions\1.0\ADOBEA~1.EXE “%1″”
HKLM\Software\Classes\driverscanner\shell\open\command\: “”%Program Files%\Uniblue\DriverScanner\driverscanner.exe” –serial=”%1″”
HKLM\Software\Microsoft\Windows\CurrentVersion\Group Policy\History\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}\0\DisplayName: “Local Group Policy”
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\5FF82D77F242A884285139D7A6D4960E\InstallProperties\UninstallString: “MsiExec.exe /I{77D28FF5-242F-488A-8215-937D6A4D69E0}”
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\5FF82D77F242A884285139D7A6D4960E\InstallProperties\DisplayName: “Adobe AIR”
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\SmartWeb: “%Local Appdata%\SmartWeb\SmartWebHelper.exe”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Adobe AIR\DisplayName: “Adobe AIR”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Adobe AIR\UninstallString: “%Program Files Common%\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\E87BE4A9-E728-827F-AC87-1127110A1623\DisplayName: “PassShow”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\E87BE4A9-E728-827F-AC87-1127110A1623\UninstallString: “%Program Files%\ver8PassShow\Uninstall.exe”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\PCSU-SL_is1\DisplayName: “PC Speed Up”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\PCSU-SL_is1\UninstallString: “”%Program Files%\PC Speed Up\unins000.exe””
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Smart Driver Updater_is1\DisplayName: “Smart Driver Updater v3.2”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Smart Driver Updater_is1\UninstallString: “”%Program Files%\Smart Driver Updater\unins000.exe””
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Smart PC Cleaner_is1\DisplayName: “Smart PC Cleaner v3.2”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Smart PC Cleaner_is1\UninstallString: “”%Program Files%\Smart PC Cleaner\unins000.exe””
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SmartWeb\DisplayName: “SmartWeb”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SmartWeb\UninstallString: “%Local Appdata%\SmartWeb\uninst.exe”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{77D28FF5-242F-488A-8215-937D6A4D69E0}\UninstallString: “MsiExec.exe /I{77D28FF5-242F-488A-8215-937D6A4D69E0}”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{77D28FF5-242F-488A-8215-937D6A4D69E0}\DisplayName: “Adobe AIR”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{C2F8CA82-2BD9-4513-B2D1-08A47914C1DA}_is1\DisplayName: “DriverScanner”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{C2F8CA82-2BD9-4513-B2D1-08A47914C1DA}_is1\UninstallString: “”%Program Files%\Uniblue\DriverScanner\unins000.exe””
HKLM\System\CurrentControlSet\Services\PassShow\ImagePath: “%Program Files%\ver8PassShow\O8PassShowCK176.exe”
HKLM\System\CurrentControlSet\Services\PassShow\DisplayName: “PassShow”
HKLM\System\CurrentControlSet\Services\PCSUService\ImagePath: “%Program Files%\PC Speed Up\PCSUService.exe”
HKLM\System\CurrentControlSet\Services\PCSUService\DisplayName: “PC Speed Up Service”
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Smart Driver Updater: “%Program Files%\Smart Driver Updater\SDUTray.exe”
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Smart PC Cleaner: “%Program Files%\Smart PC Cleaner\SPCLauncher.exe”
HKCU\Software\Smart PC Cleaner\DisplayName: “Smart PC Cleaner”

Detected by UnHackMe:

176.DLL
Default location: %PROGRAM FILES%\VER8PASSSHOW\176.DLL

Dropper hash(md5): d798fa740ddc3913ce6793af39fe016d

Share This:

Written by 

Malware Hunter.

UnHackMe removes malware invisible for your antivirus!

Free Download

1
UnHackMe is compatible with most antivirus software.
UnHackMe is 100% CLEAN, which means it does not contain any form of malware, including adware, spyware, viruses, trojans and backdoors. VirusTotal (0/56).
System Requirements: Windows 2000-Windows 8.1/10. UnHackMe uses minimum of computer resources.

WordPress SEO fine-tune by Meta SEO Pack from Poradnik Webmastera