Missed evil files

I tried looking for a newer version of NSIS Media by visiting their latest update server. I came out empty handed, which was bad news for my research but great news for the rest of the world. Just to make sure I got it right, I visited the old update server once again. I was in for a surprise when it served me b10.bin for downloading. As you may recall from one of the earlier posts, I originally downloaded only [ab][1-9]. Seeing as it suddenly served b10.bin, I upgraded my download script and found some more evil files.

atixim.dll
avirpa.dll
javadsa.dll
kbdicp.dll
msabdx.dll
msrrwvb.dll
schuu52e.dll
xmlfef32.dll

I’ve updated my NSIS Media Remover to detect and remove those as well. I’ve also updated the samples archive, though it still doesn’t contain any of the old version DLL files.

2 thoughts on “Missed evil files

  1. Hi,

    I noticed file 1165145816.exe in my c:WINDOWSsystem32 that NOD32 reports as

    C:WINDOWSsystem321165145816.exe »NSIS »dspvfx.dll – Win32/Adware.BHO.BA application

    Your latest NSIS Media Remover does not recognize and remove this file. Maybe you sholud add it..

    Dejan

  2. Thanks, but my remover only removes installed NSIS Media components. It doesn’t scan the entire hard drive for known files. It only looks in known locations. The file NOD32 found is probably a random name for the downloaded updater (yours is b9.bin). On its own, it’s harmless, but it was probably executed by the older version of NSIS Media to update itself.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s