d7rxntfm.dll - Dangerous

d7rxntfm.dll

Manual removal instructions:

Antivirus Report of d7rxntfm.dll:
d7rxntfm.dll Malware
d7rxntfm.dllDangerous
d7rxntfm.dllHigh Risk
d7rxntfm.dll
We suggest you to remove d7rxntfm.sys from your computer as soon as possible.
D7rxntfm.sys is Trojan/Backdoor.
Kill the file d7rxntfm.sys and remove d7rxntfm.sys from Windows startup.

File: who.exe(C:\sand-box\who.exe)

Classification:
Antivirus Version Last Update Result
Avast 4.8.1335.0 2009.08.01 Win32:Korgo-V
AVG 8.5.0.406 2009.08.02 Dropper.Generic.AQPO
BitDefender 7.2 2009.08.02 Trojan.Generic.2079230
Comodo 1838 2009.08.02 TrojWare.Win32.Trojan.Agent.Gen
DrWeb 5.0.0.12182 2009.08.02 -
Kaspersky 7.0.0.125 2009.08.02 Trojan-GameThief.Win32.Agent.ci
Microsoft 1.4903 2009.08.02 TrojanDropper:Win32/Dozmot.C
NOD32 4298 2009.08.02 -
Symantec 1.4.4.12 2009.08.02 Infostealer.Gampass

Additional information
File size: 22264 bytes
MD5 : 79f835df862449aa9aac1e6e38d1de9c
SHA1 : fc5f489678f5335f2bcb817ff8c5758ddb6828b1

Installation
When the program is executed, it creates the following registry subkeys and values:

----------------------------------
Keys added:4
----------------------------------
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCIEDUMP
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCIEDUMP\0000
HKLM\SYSTEM\CurrentControlSet\Services\PCIEDump
HKLM\SYSTEM\CurrentControlSet\Services\PCIEDump\Security

----------------------------------
Values added:15
----------------------------------
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\sys: "C:\WINDOWS\system32\drivers\d7rxntfm.sys"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\dll: "d7rxntfm.dll"
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCIEDUMP\0000\Service: "PCIEDump"
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCIEDUMP\0000\Legacy: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCIEDUMP\0000\ConfigFlags: 0x00000000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCIEDUMP\0000\Class: "LegacyDriver"
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCIEDUMP\0000\ClassGUID: "{8ECC055D-047F-11D1-A537-0000F8753ED1}"
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCIEDUMP\0000\DeviceDesc: "PCIEDump"
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCIEDUMP\NextInstance: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Services\PCIEDump\Security\Security: 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 0B 00 00 00 00 00 18 00 FD 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 23 02 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00
HKLM\SYSTEM\CurrentControlSet\Services\PCIEDump\Type: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Services\PCIEDump\Start: 0x00000002
HKLM\SYSTEM\CurrentControlSet\Services\PCIEDump\ErrorControl: 0x00000000
HKLM\SYSTEM\CurrentControlSet\Services\PCIEDump\ImagePath: "\??\C:\WINDOWS\system32\drivers\d7rxntfm.sys"
HKLM\SYSTEM\CurrentControlSet\Services\PCIEDump\DisplayName: "PCIEDump"

----------------------------------
Values modified:0
----------------------------------

----------------------------------
Files added:2
----------------------------------
C:\WINDOWS\system32\drivers\d7rxntfm.sys
C:\WINDOWS\system32\d7rxntfm.dll

----------------------------------
Files deleted:1
----------------------------------
C:\sand-box\who.exe

----------------------------------
Files [attributes?] modified:0
----------------------------------

----------------------------------
Folders added:0
----------------------------------

----------------------------------
Folders deleted:0
----------------------------------

----------------------------------
Total changes:22
----------------------------------

-------------------------------------------------------------------------------------
Detected by RegRun Reanimator:

Item Name: AppInit_DLLs
Author: Unknown
Related File: d7rxntfm.dll
Type: List of Injected DLLs

Item Name: PCIEDump
Author:
Related File: \??\C:\WINDOWS\system32\drivers\d7rxntfm.sys
Type: Services detected by Partizan

Removal Results: Success
Number of reboot: 1

-------------------------------------------------------------------------------------
d7rxntfm.dll
Antivirus Version Last Update Result
Avast 4.8.1335.0 2009.07.14 -
AVG 8.5.0.387 2009.07.14 -
BitDefender 7.2 2009.07.15 -
Comodo 1653 2009.07.15 -
DrWeb 5.0.0.12182 2009.07.14 -
F-Secure 8.0.14470.0 2009.07.15 -
Kaspersky 7.0.0.125 2009.07.15 -
Microsoft 1.4803 2009.07.14 PWS:Win32/Dozmot.C
NOD32 4243 2009.07.14 -
Symantec 1.4.4.12 2009.07.15 -

Additional information
File size: 19456 bytes
MD5 : 8970eb05e7b8ab86c5f0128cf36b63eb
SHA1 : 1dd9de4ce7aa19e8d5c64858e95215ca5a6cdc01

-------------------------------------------------------------------------------------
d7rxntfm.sys
Antivirus Version Last Update Result
Avast 4.8.1335.0 2009.07.08 -
AVG 8.5.0.386 2009.07.09 -
BitDefender 7.2 2009.07.09 -
Comodo 1578 2009.07.09 -
DrWeb 5.0.0.12182 2009.07.09 -
F-Secure 8.0.14470.0 2009.07.09 -
K7AntiVirus 7.10.788 2009.07.09 -
Microsoft 1.4803 2009.07.09 VirTool:WinNT/Dozmot.A
NOD32 4228 2009.07.09 -
Symantec 1.4.4.12 2009.07.09 Adware.Purityscan

Additional information
File size: 3968 bytes
MD5 : a22dfd727edb78c1cb27811ee758a7f6
SHA1 : b2c89d9295c540758a9fcbc8f7e69c17b08b1012

-------------------------------------------------------------------------------------
Recommended software:
UnHackMe anti-rootkit and anti-malware
http://www.unhackme.com
RegRun Security Suite (Good choice for removal and protection)

Remove d7rxntfm.dll now!

Dmitry Sokolov:

I created UnHackMe in 2006 to fix the problem that antivioruses did not fix: detecting rootkits.

Since that time I work every day to fix the issues that antiviruses cannot.

If your antivirus have not helped you solve the problem, you should try UnHackMe.

We are a small company and you can ask me directly, if you have any questions.

Testimonials

You can read UnHackMe testimonials here.