Prevx Research Division
A.DLL
Fraudulent Security ProgramFree PC Cleanup from Webroot
Use Webroot SecureAnywhere to remove A.DLL.
"Just when you thought it couldn't get any better or faster. The Webroot scanning engine is 'high octane' with a hidden nitrous oxide system. Bravo!!!" W. Lodzinski, SecureAnywhere User
Associated Malware Groups
The filename is associated with the malware groups:
- Fraudulent Security Program
- Cloaked Malware
- Malware Downloader
File Behavior
A.DLL has been seen to perform the following behavior:
- Adds a Registry Key (RUN) to auto start Programs on system start up
- The Process is packed and/or encrypted using a software packing process
- Opens browser pop ups
- Uses DNS to retrieve the IP address for web sites
- Found on infected systems and resists interrogation by security products
- Uses low level functions to hide itself from the user and from system/security processes
- The Process is polymorphic and can change its structure
A.DLL has been the subject of the following behavior:
- Created as a process on disk
- Added as a Registry auto start to load Program on Boot up
- Registered as a Dynamic Link Library File
- Executed as a Process
- Created as a new Background Service on the machine
- Enabled as an In Process Object/Server - Common with DLL Injections
- Deleted as a process from disk
Country Of Origin
The filename A.DLL was first seen on Jun 2 2007 in the following geographical regions of the Webroot community:
- Europe on Jun 2 2007
- Canada on Jun 2 2007
- Spain on Jun 28 2007
- Ukraine on Dec 8 2009
- Russian Federation on Dec 8 2009
- The United States on Jun 9 2011
- The United Kingdom on Jun 9 2011
- Turkey on May 20 2012
File Name Aliases
A.DLL can also use the following file names:
- INO16.DLL
- INO17.DLL
- PAD.DLL
- FKD.DLL
- GXM.DLL
- BYA.DLL
- TJL.DLL
- CBFMG.DLL
- TMIPLFM.DLL
- NEUIS.DLL
- ADOKY.DLL
- QADWP.DLL
- CDXDD.DLL
- VOQFU.DLL
- URQYS.DLL
- AIXNU.DLL
- ZEOGD.DLL
- JEUIRZT.DLL
- PZQVJIRV.DLL
- TPFUARSK.DLL
- OKM.DLL
- TJQGDX.DLL
- LUBVUHVH.DLL
- LKIP.DLL
- ZVEGV.DLL
- SWYMXLCTO.DLL
- WGZHS.DLL
- KMLGU.DLL
- QVAKH.DLL
- GMCZZE.DLL
- TAW.DLL
- LIWQGWK.DLL
- WRGDXQ.DLL
- OKFXW.DLL
- HWTTZELK.DLL
- XPN.DLL
- IESDLE.DLL
- SSB.DLL
- RUASKRAZ.DLL
- OFBNPXWX.DLL
- CIFXZ.DLL
- GKDME.DLL
- SLWYMEA.DLL
- XVWWTXBXX.DLL
- HMFJHECI.DLL
- WVKUNMGFB.DLL
- VPRTPNBY.DLL
- HQCVU.DLL
- UBXXBAFLF.DLL
- AYF.DLL
- YQSQY.DLL
- WMCX.DLL
- TUERCLI.DLL
- RVOXOKTE.DLL
- ESQLO.DLL
- BYCEINYVO.DLL
- EHUEE.DLL
- IHHNWCX.DLL
- QGCXQLXM.DLL
- LRUETAIS.DLL
- ZWD.DLL
- YUABEMIZX.DLL
- JMKWCY.DLL
- GCDLC.DLL
- GUS.DLL
- QUFNY.DLL
- MLCTRK.DLL
- ELNST.DLL
- LKTND.DLL
- FAGPDRL.DLL
- YIQWMRTS.DLL
- ZEYFEUZQP.DLL
- QLIGENFU.DLL
- HSBGQYUO.DLL
- SLFYMOUBZ.DLL
- GOVQ.DLL
- EAZGRW.DLL
- UZIVQPXQW.DLL
- BWIOE.DLL
- IRVREZP.DLL
- ZSYJM.DLL
- KLUH.DLL
- FGBHUYF.DLL
- UOBXC.DLL
- FDCGYX.DLL
- TRBOJD.DLL
- AVMZKC.DLL
- MXD.DLL
- WZXGU.DLL
- FIAQUL.DLL
- KCHPFOMGK.DLL
- AUTOFKT.EXE
- AAAASP.DLL
- B.DLL
- D.DLL
- I.DLL
- Z.DLL
- G.DLL
- J.DLL
- F.DLL
- L.DLL
- M.DLL
- P.DLL
- U.DLL
- V.DLL
- WM.DLL
- LB.DLL
- EG.DLL
- EJ.DLL
- RN.DLL
- JR.DLL
- PP.DLL
- XX.DLL
- KK.DLL
- AO.DLL
- SP.DLL
- OF.DLL
- LY.DLL
- GO.DLL
- V12.5.DLL
- 03287709.DAT
Filesizes
The following file size has been seen:
- 49,152 bytes
- 20,696 bytes
- 325,640 bytes
- 135,194 bytes
- 79,872 bytes
- 12,681 bytes
- 16,896 bytes
- 80,896 bytes
File Type
The filename A.DLL is used by multiple object types including Dynamic Link LIbraries,objects.
File Activity
One or more files with the name A.DLL creates, deletes, copies or moves the following files and folders:
- Opens/modifes c:\autoexec.bat
- Creates c:\docume~1\user\locals~1\temp\000008ec00000954.url
- Deletes c:\docume~1\user\locals~1\temp\000008ec00000954.url
- Creates c:\docume~1\user\locals~1\temp\00000948000006ac.url
- Deletes c:\docume~1\user\locals~1\temp\00000948000006ac.url
- Creates c:\docume~1\user\locals~1\temp\00000924000009c4.url
- Deletes c:\docume~1\user\locals~1\temp\00000924000009c4.url
- Creates c:\docume~1\user\locals~1\temp\00000a5000000a14.url
- Deletes c:\docume~1\user\locals~1\temp\00000a5000000a14.url
Network Activity
One or more files with the name A.DLL performs the following network events:
- DNS Lookup122.224.50.164 ytwl2.3322.org
Website Activity
One or more files with the name A.DLL interacts with the following web sites and pages. Web addresses have been deliberately modified to prevent unintentional use.
- TCP:122.224.50.164:4455 Port:14
Help the Webroot Community to fight cyber crime
We are always looking for ways to improve the quality and speed of research to help us protect you from malicious software and cyber crime.
PCMag.com Editors' Choice Award Logo is a trademark of Ziff Davis Publishing Holdings Inc. Used under license.