Home Malware Programs Fake Warning Messages Video ActiveX Object Error

Video ActiveX Object Error

Posted: June 22, 2010

Video ActiveX Object Error is a fake warning message and part of a backdoor trojan infection that pretends to be a video codec. The trojan is promoted through a warning message which reads: "Video ActiveX Object Error: Your browser cannot display this video file." Do not click on anything when you see this popup. Use a reliable malware remover to terminate this threat before it spreads and causes chaos on your system.

File System Modifications

  • The following files were created in the system:
    # File Name
    1 dumpserv.com
    2 hp[X].tmp
    3 msvol.tlb
    4 ncompat.tlb
    5 vnp7s.net
    6 zxserv0.com

Registry Modifications

  • The following newly produced Registry Values are:
    HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Online Add-onHKEY..\..\..\..{RegistryKeys}%UserProfile%\Application Data\Microsoft\Crypto\RSA%UserProfile%\Application Data\Microsoft\ProtectObjects\{2C566C34-7D72-4DC1-9BBE-1121A76698F8}E404.e404mgrE404.e404mgr.1HKEY_LOCAL_MACHINE SoftwareMicrosoftWindows CurrentVersionRunRegSvr32=%System%msmsgs.exeHKEY_LOCAL_MACHINE SoftwareMicrosoftWindows NT CurrentVersionWinlogonShell=explorer.exe, msmsgs.exeHKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVHKEY_LOCAL_MACHINESoftwareMicrosoftWindowsNTCurrentVersionWinlogonShell=explorer.exeMicrosoft\Internet Explorer\Toolbar\WebBrowser\{81705D67-3F73-4983-859B-97D0922E5ABE}Microsoft\Internet Explorer\Toolbar\WebBrowser\{F2BADA0D-FD61-45EF-A994-64A073FD6613}Microsoft\Internet Explorer\Toolbar\{81705D67-3F73-4983-859B-97D0922E5ABE}Microsoft\Internet Explorer\Toolbar\{F2BADA0D-FD61-45EF-A994-64A073FD6613}Microsoft\Windows\CurrentVersion\Explorer\Browser HelperMicrosoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{03B902B1-9B25-4173-9468-56775C85A8D4}Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10C52A42-DB8B-4ade-AA4A-CED6A8282B67}Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{69B98C68-D2B8-4A4E-9CB7-E85B6F3A7014}Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3D76B96-30B9-4DCC-9B3D-D12E31280D29}Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C03FD59D-9104-44B7-929A-9EAA0BA05211}Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C2A1C5CB-C0EF-4689-9436-F62CCA1C5383}Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F10587E9-0E47-4CBE-ABCD-7DD20B862223}Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{27cb634d-c84e-4c00-9b53-f5523601dbad}Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{747e1fbe-b70f-441d-bbca-6e536c04924a}Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{c0ca766d-060c-48e1-b536-205e321bd174}Microsoft\Windows\CurrentVersion\policies\explorer\run\someMicrosoft\Windows\CurrentVersion\policies\explorer\run\startNetProjectObjects\{B499D34E-58EF-4927-AB9F-7AF52B2C4C82}Online Add-onSOFTWARE\Microsoft\Internet Explorer\Toolbar\{23ED2206-856D-461A-BBCF-1C2466AC5AE3}SOFTWARE\Microsoft\Internet Explorer\Toolbar\{41F6170D-6AF8-4188-8D92-9DDAB3C71A78}SOFTWARE\Microsoft\Internet Explorer\Toolbar\{6CA49FDD-4AEB-4F08-A394-C0A1F82CAA16}SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D579A683-0CC7-4023-BAE7-0544D0D1DA3A}SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{60dea04c-9817-4309-bfa2-f8a1766c3cd1}SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{a6d478c6-7961-4fe9-be4b-e621dd640112}SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ab75cc7d-2751-4144-a278-5462d5a5884c}SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run\someSOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run\startSoftware\Microsoft\Internet Explorer\Toolbar\WebBrowser\{23ED2206-856D-461A-BBCF-1C2466AC5AE3}Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{41F6170D-6AF8-4188-8D92-9DDAB3C71A78}Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{6CA49FDD-4AEB-4F08-A394-C0A1F82CAA16}{10C52A42-DB8B-4ade-AA4A-CED6A8282B67}{2012F73E-7427-4AD8-9E9D-6CBA6E0053D4}{23ED2206-856D-461A-BBCF-1C2466AC5AE3}{27cb634d-c84e-4c00-9b53-f5523601dbad}{41F6170D-6AF8-4188-8D92-9DDAB3C71A78}{499B8A53-5949-4625-A8BF-A4D934AFC9DA}{60dea04c-9817-4309-bfa2-f8a1766c3cd1}{69B98C68-D2B8-4A4E-9CB7-E85B6F3A7014}{6CA49FDD-4AEB-4F08-A394-C0A1F82CAA16}{747e1fbe-b70f-441d-bbca-6e536c04924a}{81705D67-3F73-4983-859B-97D0922E5ABE}{B499D34E-58EF-4927-AB9F-7AF52B2C4C82}{C03FD59D-9104-44B7-929A-9EAA0BA05211}{C2A1C5CB-C0EF-4689-9436-F62CCA1C5383}{D579A683-0CC7-4023-BAE7-0544D0D1DA3A}{E63648F7-3933-440E-B4F6-A8584DD7B7EB}{E85F6AA5-7A0C-49A5-9E5E-936FED62347D}{F10587E9-0E47-4CBE-ABCD-7DD20B862223}{F2BADA0D-FD61-45EF-A994-64A073FD6613}{F7D09218-46D7-4D3D-9B7F-315204CD0836}{a6d478c6-7961-4fe9-be4b-e621dd640112}{aaad3a22-1c07-45f5-bfb3-e9a8c3b382fe}{ab75cc7d-2751-4144-a278-5462d5a5884c}{c0ca766d-060c-48e1-b536-205e321bd174}HKEY_LOCAL_MACHINE\Software\[APPLICATION]\Microsoft\Windows\CurrentVersion\Uninstall..{Uninstaller}Internet ServiceMultiMedia SoftwareSecure BrowsingWeb ApplicationWindows Safety Alert
  • The following CLSID's were detected:
    HKEY..\..\{CLSID Path}7265100a-17e1-41bf-bd08-63b95a25a9c3F10587E9-0E47-4CBE-84AE-7DD20B8684CCBA0BACB5-FC95-451E-94D2-4959AB0949D2c7cd9e83-3bf6-47f8-b2e2-b114c96c188810C52A42-DB8B-4ade-AA4A-CED6A8282B85F10587E9-0E47-4CBE-ABCD-7DD20B8622FF
Loading...