d7rxntfm.dll - Dangerous

Windows Programs - Useful, Useless or Malicious

Startupapps.com recommends you:

UnHackMe Warrior Removing rootkits is best done from the "clean" Windows!

Blog: New viruses/malware/rootkits. Everyday!

Blog: How to remove malware/Trojans/rootkits using UnHackMe or manually. We know how to remove malware.

Shortcut Antivirus protects against Microsoft LNK and PIF vulnerability, notify a user about found threats and give possibility to immediately remove threats.

StuxnetRemover - free of charge Stuxnet/Tmphider rootkit removal tool.

Blog: System Software Research. What is under the hood? Who is faster? Antiviral and system software under microscope...

d7rxntfm.dll - Dangerous

Fix it immediately

d7rxntfm.dll

We suggest you to remove d7rxntfm.sys from your computer as soon as possible.
D7rxntfm.sys is Trojan/Backdoor.
Kill the file d7rxntfm.sys and remove d7rxntfm.sys from Windows startup.

File: who.exe(C:\sand-box\who.exe)

Classification:
Antivirus Version Last Update Result
Avast 4.8.1335.0 2009.08.01 Win32:Korgo-V
AVG 8.5.0.406 2009.08.02 Dropper.Generic.AQPO
BitDefender 7.2 2009.08.02 Trojan.Generic.2079230
Comodo 1838 2009.08.02 TrojWare.Win32.Trojan.Agent.Gen
DrWeb 5.0.0.12182 2009.08.02 -
Kaspersky 7.0.0.125 2009.08.02 Trojan-GameThief.Win32.Agent.ci
Microsoft 1.4903 2009.08.02 TrojanDropper:Win32/Dozmot.C
NOD32 4298 2009.08.02 -
Symantec 1.4.4.12 2009.08.02 Infostealer.Gampass

Additional information
File size: 22264 bytes
MD5 : 79f835df862449aa9aac1e6e38d1de9c
SHA1 : fc5f489678f5335f2bcb817ff8c5758ddb6828b1

Installation
When the program is executed, it creates the following registry subkeys and values:

----------------------------------
Keys added:4
----------------------------------
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCIEDUMP
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCIEDUMP\0000
HKLM\SYSTEM\CurrentControlSet\Services\PCIEDump
HKLM\SYSTEM\CurrentControlSet\Services\PCIEDump\Security

----------------------------------
Values added:15
----------------------------------
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\sys: "C:\WINDOWS\system32\drivers\d7rxntfm.sys"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\dll: "d7rxntfm.dll"
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCIEDUMP\0000\Service: "PCIEDump"
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCIEDUMP\0000\Legacy: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCIEDUMP\0000\ConfigFlags: 0x00000000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCIEDUMP\0000\Class: "LegacyDriver"
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCIEDUMP\0000\ClassGUID: "{8ECC055D-047F-11D1-A537-0000F8753ED1}"
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCIEDUMP\0000\DeviceDesc: "PCIEDump"
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCIEDUMP\NextInstance: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Services\PCIEDump\Security\Security: 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 0B 00 00 00 00 00 18 00 FD 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 23 02 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00
HKLM\SYSTEM\CurrentControlSet\Services\PCIEDump\Type: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Services\PCIEDump\Start: 0x00000002
HKLM\SYSTEM\CurrentControlSet\Services\PCIEDump\ErrorControl: 0x00000000
HKLM\SYSTEM\CurrentControlSet\Services\PCIEDump\ImagePath: "\??\C:\WINDOWS\system32\drivers\d7rxntfm.sys"
HKLM\SYSTEM\CurrentControlSet\Services\PCIEDump\DisplayName: "PCIEDump"

----------------------------------
Values modified:0
----------------------------------

----------------------------------
Files added:2
----------------------------------
C:\WINDOWS\system32\drivers\d7rxntfm.sys
C:\WINDOWS\system32\d7rxntfm.dll

----------------------------------
Files deleted:1
----------------------------------
C:\sand-box\who.exe

----------------------------------
Files [attributes?] modified:0
----------------------------------

----------------------------------
Folders added:0
----------------------------------

----------------------------------
Folders deleted:0
----------------------------------

----------------------------------
Total changes:22
----------------------------------

-------------------------------------------------------------------------------------
Detected by RegRun Reanimator:

Item Name: AppInit_DLLs
Author: Unknown
Related File: d7rxntfm.dll
Type: List of Injected DLLs

Item Name: PCIEDump
Author:
Related File: \??\C:\WINDOWS\system32\drivers\d7rxntfm.sys
Type: Services detected by Partizan

Removal Results: Success
Number of reboot: 1

-------------------------------------------------------------------------------------
d7rxntfm.dll
Antivirus Version Last Update Result
Avast 4.8.1335.0 2009.07.14 -
AVG 8.5.0.387 2009.07.14 -
BitDefender 7.2 2009.07.15 -
Comodo 1653 2009.07.15 -
DrWeb 5.0.0.12182 2009.07.14 -
F-Secure 8.0.14470.0 2009.07.15 -
Kaspersky 7.0.0.125 2009.07.15 -
Microsoft 1.4803 2009.07.14 PWS:Win32/Dozmot.C
NOD32 4243 2009.07.14 -
Symantec 1.4.4.12 2009.07.15 -

Additional information
File size: 19456 bytes
MD5 : 8970eb05e7b8ab86c5f0128cf36b63eb
SHA1 : 1dd9de4ce7aa19e8d5c64858e95215ca5a6cdc01

-------------------------------------------------------------------------------------
d7rxntfm.sys
Antivirus Version Last Update Result
Avast 4.8.1335.0 2009.07.08 -
AVG 8.5.0.386 2009.07.09 -
BitDefender 7.2 2009.07.09 -
Comodo 1578 2009.07.09 -
DrWeb 5.0.0.12182 2009.07.09 -
F-Secure 8.0.14470.0 2009.07.09 -
K7AntiVirus 7.10.788 2009.07.09 -
Microsoft 1.4803 2009.07.09 VirTool:WinNT/Dozmot.A
NOD32 4228 2009.07.09 -
Symantec 1.4.4.12 2009.07.09 Adware.Purityscan

Additional information
File size: 3968 bytes
MD5 : a22dfd727edb78c1cb27811ee758a7f6
SHA1 : b2c89d9295c540758a9fcbc8f7e69c17b08b1012

-------------------------------------------------------------------------------------
Recommended software:
UnHackMe anti-rootkit and anti-malware
http://www.unhackme.com
RegRun Security Suite (Good choice for removal and protection)

Remove D7RXNTFM.DLL.HTM now!

Virus Problem? Google Redirects? Ads? Slow?

First download the latest version UnHackMe: Download UnHackMe.
Open the archive and start the unhackme_setup.exe.
When the installation is over you will see the main UnHackMe screen.
Click on the Advanced button and choose �Send report to the support center� in the popup menu. Follow the instructions. The report file (regrunlog.txt) will be saved on your Desktop.
Go to the Support Center. Attach it to your ticket and click on the Browse button and then to the regrunlog.txt file. Don�t insert the report text directly into the message text! We won�t be able to analyse such a report. Describe your problem in detail. Add the screenshot, your antivirus log or suspicious files.

Constantly updated. Last update: February 5 2012

Fix Windows PC's Fast! Automated Software Repairs damaged & slow windows systems in 1 click.

Quick Links: What's new?
RSS Feed
Add to AppDatabase
Ask Experts
Join forum
Links
Articles: Virus or not? SPTD####.sys
What is mc21.tmp, mc22.tmp, mc23.tmp?
Select: Necessary
Useless
At your option
Dangerous