prismsetup_v1.30.exe - Dangerous

prismsetup_v1.30.exe

Manual removal instructions:

Antivirus Report of prismsetup_v1.30.exe:
prismsetup_v1.30.exe Malware
prismsetup_v1.30.exeDangerous
prismsetup_v1.30.exeHigh Risk
prismsetup_v1.30.exe
We suggest you to remove schl.exe from your computer as soon as possible.
Schl.exe is Trojan/Backdoor.
Kill the process schl.exe and remove schl.exe from Windows startup.

Malware dropper: prismsetup.exe
Removed: C:\RECYCLER\S-1-5-21-8396584470-9059742492-093116439-1733\schl.exe
-------------------------------------------------------------------------------------
Classification:
Code:
Antivirus Version Last Update Result
F-Secure 8.0.14470.0 2009.10.13 -
Kaspersky 7.0.0.125 2009.10.13 -
McAfee 5769 2009.10.12 -
Microsoft 1.5101 2009.10.13 -
NOD32 4502 2009.10.13 a variant of Win32/Injector.ACU
Symantec 1.4.4.12 2009.10.13 Suspicious.MH690.A

Additional information
File size: 451760 bytes
MD5 : 99e4a76c1329f02f096db5192af72f77
SHA1 : 0a48788a43452880183865962bbc92f9ee1e834f
-------------------------------------------------------------------------------------
Installation
When the program is executed, it creates the following registry subkeys and values:

----------------------------------
Keys added:134
----------------------------------
HKLM\SOFTWARE\Classes\mplayerc.3gp\shell\Convert with Prism Video Converter
HKLM\SOFTWARE\Classes\mplayerc.3gp\shell\Convert with Prism Video Converter\command
/.../
HKCU\Software\NCH Software\Prism\OutputFolder
HKCU\Software\NCH Software\Prism\Registration
HKCU\Software\NCH Software\Prism\Settings

----------------------------------
Values added:88
----------------------------------
HKLM\SOFTWARE\Classes\.dct\: "dctfile"
HKLM\SOFTWARE\Classes\mplayerc.3gp\shell\Convert with Prism Video Converter\command\: ""C:\Program Files\NCH Software\Prism\prism.exe" "%L""
HKLM\SOFTWARE\Classes\mplayerc.asf\shell\Convert with Prism Video Converter\command\: ""C:\Program Files\NCH Software\Prism\prism.exe" "%L""
/.../
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Prism\UninstallString: "C:\Program Files\NCH Software\Prism\uninst.exe"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Prism\DisplayIcon: "C:\Program Files\NCH Software\Prism\uninst.exe"
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Taskman: "C:\RECYCLER\S-1-5-21-8396584470-9059742492-093116439-1733\schl.exe"
HKLM\SOFTWARE\NCH Software\Prism\Capabilities\FileTypes\.avi: "mplayerc.avi"
HKLM\SOFTWARE\NCH Software\Prism\Capabilities\FileTypes\.wmv: "mplayerc.wmv"
HKLM\SOFTWARE\NCH Software\Prism\Capabilities\FileTypes\.asf: "mplayerc.asf"
/.../
HKCU\Software\NCH Software\Prism\Columns\2: "75"
HKCU\Software\NCH Software\Prism\Columns\3: "170"
HKCU\Software\NCH Software\Prism\Columns\4: "270"

----------------------------------
Values modified:0
----------------------------------

----------------------------------
Files added:45
----------------------------------
C:\Documents and Settings\Administrator\Application Data\prismsetup.exe
C:\Documents and Settings\Administrator\Favorites\NCH Software Download.lnk
C:\Documents and Settings\Administrator\Local Settings\Temp\~DF81B3.tmp
C:\Documents and Settings\All Users\Desktop\Prism Video Converter.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\NCH Software Suite\Express Burn CD, DVD or Blu-Ray.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\NCH Software Suite\Express Dictate Recorder.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\NCH Software Suite\Express Rip CD Ripper.lnk
/.../
C:\Program Files\NCH Software\Prism\prismsetup_v1.30.exe
C:\Program Files\NCH Software\Prism\uninst.exe
C:\RECYCLER\S-1-5-21-8396584470-9059742492-093116439-1733\Desktop.ini
C:\RECYCLER\S-1-5-21-8396584470-9059742492-093116439-1733\schl.exe

----------------------------------
Files [attributes?] modified:1
----------------------------------
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat

----------------------------------
Folders added:9
----------------------------------
C:\Documents and Settings\All Users\Application Data\NCH Software
C:\Documents and Settings\All Users\Application Data\NCH Software\Prism
C:\Documents and Settings\All Users\Start Menu\Programs\NCH Software Suite
C:\Documents and Settings\All Users\Start Menu\Programs\Prism Video Converter
C:\Documents and Settings\All Users\Start Menu\Programs\Video Related Programs
C:\Program Files\NCH Software
C:\Program Files\NCH Software\Prism
C:\Program Files\NCH Software\Prism\Help
C:\RECYCLER\S-1-5-21-8396584470-9059742492-093116439-1733

----------------------------------
Folders deleted:0
----------------------------------

----------------------------------
Folders attributes changed:1
----------------------------------
C:\RECYCLER

----------------------------------
Total changes:278
----------------------------------

-------------------------------------------------------------------------------------
Detected by UnHackMe:

Item Name: taskman
Author: Unknown
Related File: C:\RECYCLER\S-1-5-21-8396584470-9059742492-093116439-1733\schl.exe
Type: Winlogon System

Removal Results: Success
Number of reboot: 1
-------------------------------------------------------------------------------------

Recommended software:
UnHackMe anti-rootkit and anti-malware
http://www.unhackme.com
RegRun Security Suite (Good choice for removal and protection)

Remove prismsetup_v1.30.exe now!

Dmitry Sokolov:

I created UnHackMe in 2006 to fix the problem that antivioruses did not fix: detecting rootkits.

Since that time I work every day to fix the issues that antiviruses cannot.

If your antivirus have not helped you solve the problem, you should try UnHackMe.

We are a small company and you can ask me directly, if you have any questions.

Testimonials

You can read UnHackMe testimonials here.