Solved! Use XWEBUTIL.DLL (Trojan OnLineGames) Removal Guide

Trojan No Comments

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Download UnHackMe
Fully Functional 30-day Trial. No credit card is required. Reviews. EULA. Privacy Policy.

XWEBUTIL.DLL – Trojan OnLineGames removal

File MD5 Virus Alias
XWEBUTIL.DLL 9ac39fe84cc17627a96757dc9b65b69b Trojan OnLineGames
XWEBUTIL.DLL 9ac39fe84cc17627a96757dc9b65b69b Trojan Eldorado

XWEBUTIL.DLL size: 225280 bytes
XWEBUTIL.DLL hash: 9AC39FE84CC17627A96757DC9B65B69B

Created files:

%Program Files%\NPKI\CrossCert\0FD92CAF8B33B1B2B4F1151C9D786162E19B1427_10078.der
%Program Files%\NPKI\CrossCert\d3c1937bd61f964f1c2c6872acec4c85614cd2dc_10088.der
%Program Files%\NPKI\KICA\6F1F0BD880BE4AC7184E62CDCE3A6FA19B447061_10056.der
%Program Files%\NPKI\KICA\B909F2B621489A2ABA025980862793166A77F559_10081.der
%Program Files%\NPKI\KISA\2587df3e181c92c06c2e9677d44a009559077649_16.der
%Program Files%\NPKI\KISA\BFB627D8035A76654C6101415631E58B7B3AD9CC_4.der
%Program Files%\NPKI\KISA\FF8A46723358E8488822AA1768DA1648098B3591_3.der
%Program Files%\NPKI\NCASign\766D8BCDAD940DF5A5B63F2202B6F59F4349398A_10045.der
%Program Files%\NPKI\NCASign\FE2A1DC3637EBFFD31830AB1F1D3F0DA2BE78D7A_10082.der
%Program Files%\NPKI\SignKorea\8DAA2008F089E01141BC7FA48E2AC4405ECA563A_10079.der
%Program Files%\NPKI\SignKorea\b063e7eba3dbd862c64427ff65e9316273a7c6cc_10043.der
%Program Files%\NPKI\TradeSign\2B7602AE825C7DEE81919EF5895BB9E2995BA9AF_10084.der
%Program Files%\NPKI\TradeSign\CE671644B27E73FD85A7CD0D1ED3F0D3A52D2639_10023.der
%Program Files%\NPKI\yessign\4AFBBD332D8BB1D18C946BFFE042365F1C91CB08_10080.der
%Program Files%\NPKI\yessign\E2EC6D2CE57D9BC09EAC015379BA9A8F9A85D90B_10050.der
%Program Files%\SoftForum\CertStorage\ca\03fa3e5aa4df9ef779646a2b165bb17c31b0009e\cert.der
%Program Files%\SoftForum\CertStorage\ca\03fa3e5aa4df9ef779646a2b165bb17c31b0009e\cert_02.der
%Program Files%\SoftForum\CertStorage\ca\0a22c999c9a1372490e1be6013e4aff15ae33eb8\cert.der
%Program Files%\SoftForum\CertStorage\ca\0a22c999c9a1372490e1be6013e4aff15ae33eb8\cert_07.der
%Program Files%\SoftForum\CertStorage\ca\137fb162b695db9b6af5c773a8495982532b34f3\cert.der
%Program Files%\SoftForum\CertStorage\ca\137fb162b695db9b6af5c773a8495982532b34f3\cert_42df407a00311243eed8d8155bde0393.der
%Program Files%\SoftForum\CertStorage\ca\48fa520704829eb91999fb7ebd7b569bd78e93dd\cert.der
%Program Files%\SoftForum\CertStorage\ca\48fa520704829eb91999fb7ebd7b569bd78e93dd\cert_3f810c2a014d7da56956f7a5ff03fcb7.der
%Program Files%\SoftForum\CertStorage\ca\527d0fe16be781803176a83fbef722731a12e617\cert.der
%Program Files%\SoftForum\CertStorage\ca\527d0fe16be781803176a83fbef722731a12e617\cert_3f811b7a026cc2fbe96c9c69b6c689c8.der
%Program Files%\SoftForum\CertStorage\ca\5578e97a76f02507041458c94b23ea9e11d775d6\cert.der
%Program Files%\SoftForum\CertStorage\ca\5578e97a76f02507041458c94b23ea9e11d775d6\cert_03.der
%Program Files%\SoftForum\CertStorage\ca\ade9d66e18288893e8234df8cdc970087d005047\cert.der
%Program Files%\SoftForum\CertStorage\ca\ade9d66e18288893e8234df8cdc970087d005047\cert_410743f0027dad4fe11db9487df2a9ba.der
%Program Files%\SoftForum\CertStorage\ca\f0496fd72c050996eb08e05280687f17a336ae83\cert.der
%Program Files%\SoftForum\CertStorage\ca\f0496fd72c050996eb08e05280687f17a336ae83\cert_42df402301a9ac1f7d411833d75765c5.der
%Program Files%\SoftForum\CertStorage\newmndca.der
%Program Files%\SoftForum\CertStorage\newroot.der
%Program Files%\SoftForum\CertStorage\root\0ef12e12c6f31a2ea28b9028473313fccdd888c6\cert_48479209034cb66f1005525650458b7b.der
%Program Files%\SoftForum\CertStorage\root\143f06757a32fb4a04efe58ae847a92e28462f81\cert.der
%Program Files%\SoftForum\CertStorage\root\143f06757a32fb4a04efe58ae847a92e28462f81\cert_02.der
%Program Files%\SoftForum\CertStorage\root\2df9c06ae840c62438fb338257ebd9dc0f95a0b2\cert.der
%Program Files%\SoftForum\CertStorage\root\2df9c06ae840c62438fb338257ebd9dc0f95a0b2\cert_3cc2814b00e7524d9baa47b7e161f50e.der
%Program Files%\SoftForum\CertStorage\root\5e8d54cd0953a9279f79a5ee62b6702271a08bd9\cert.der
%Program Files%\SoftForum\CertStorage\root\5e8d54cd0953a9279f79a5ee62b6702271a08bd9\cert_01.der
%Program Files%\SoftForum\CertStorage\root\e7efa5bc23cc9c3e6683c558a7fb14d7fea6107c\cert.der
%Program Files%\SoftForum\CertStorage\root\e7efa5bc23cc9c3e6683c558a7fb14d7fea6107c\cert_3b9aca03.der
%Program Files%\SoftForum\XecureWeb\ActiveX\ClientSM.exe
%Program Files%\SoftForum\XecureWeb\ActiveX\conf\BankCode.tbl
%Program Files%\SoftForum\XecureWeb\ActiveX\conf\issuer.tbl
%Program Files%\SoftForum\XecureWeb\ActiveX\conf\policy.tbl
%Program Files%\SoftForum\XecureWeb\ActiveX\conf\policy_en.tbl
%Program Files%\SoftForum\XecureWeb\ActiveX\MiraePKIX_v4.dll
%Program Files%\SoftForum\XecureWeb\ActiveX\npxwebplugin.dll
%Program Files%\SoftForum\XecureWeb\ActiveX\npxwebplugin_file.dll
%Program Files%\SoftForum\XecureWeb\ActiveX\nsldap32v50.dll
%Program Files%\SoftForum\XecureWeb\ActiveX\RestartIE.exe
%Program Files%\SoftForum\XecureWeb\ActiveX\Unzip32.dll
%Program Files%\SoftForum\XecureWeb\ActiveX\XCrSvr.exe
%Program Files%\SoftForum\XecureWeb\ActiveX\XecureASN_v20.dll
%Program Files%\SoftForum\XecureWeb\ActiveX\XecureCMP_v20.dll
%Program Files%\SoftForum\XecureWeb\ActiveX\XecureCodec_v20.dll
%Program Files%\SoftForum\XecureWeb\ActiveX\XecureCRL_v20.dll
%Program Files%\SoftForum\XecureWeb\ActiveX\XecureCrypto_v20.dll
%Program Files%\SoftForum\XecureWeb\ActiveX\XecureCSP_v20.dll
%Program Files%\SoftForum\XecureWeb\ActiveX\XecureCTL_v20.dll
%Program Files%\SoftForum\XecureWeb\ActiveX\XecureIO_v20.dll
%Program Files%\SoftForum\XecureWeb\ActiveX\XecureLDAP_v20.dll
%Program Files%\SoftForum\XecureWeb\ActiveX\XecureNEAT_v20.dll
%Program Files%\SoftForum\XecureWeb\ActiveX\XecureOCSP_v20.dll
%Program Files%\SoftForum\XecureWeb\ActiveX\XecurePKCS12_v20.dll
%Program Files%\SoftForum\XecureWeb\ActiveX\XecurePKCS5_v20.dll
%Program Files%\SoftForum\XecureWeb\ActiveX\XecurePKCS7_v20.dll
%Program Files%\SoftForum\XecureWeb\ActiveX\XecurePKCS8_v20.dll
%Program Files%\SoftForum\XecureWeb\ActiveX\XecurePKC_v20.dll
%Program Files%\SoftForum\XecureWeb\ActiveX\XecurePVD_v20.dll
%Program Files%\SoftForum\XecureWeb\ActiveX\XecureST_v20.dll
%Program Files%\SoftForum\XecureWeb\ActiveX\XecureTSP_v20.dll
%Program Files%\SoftForum\XecureWeb\ActiveX\XWebCertMng.dll
%Program Files%\SoftForum\XecureWeb\ActiveX\XWebCLT.dll
%Program Files%\SoftForum\XecureWeb\ActiveX\XWebCMP.dll
%Program Files%\SoftForum\XecureWeb\ActiveX\XWebCS.dll
%Program Files%\SoftForum\XecureWeb\ActiveX\XWebFileCLT.dll
%Program Files%\SoftForum\XecureWeb\ActiveX\XWebFileRD.dll
%Program Files%\SoftForum\XecureWeb\ActiveX\XWebSSL.dll
%Program Files%\SoftForum\XecureWeb\ActiveX\XWebUI.dll
%Program Files%\SoftForum\XecureWeb\ActiveX\XWebUpdate.dll
%Program Files%\SoftForum\XecureWeb\ActiveX\XWebUtil.dll
%Program Files%\SoftForum\XecureWeb\ActiveX\XWSmartCard.dll
%Program Files%\SoftForum\XecureWeb\ActiveX\xwUACctl.dll
%Program Files%\SoftForum\XecureWeb\ActiveX\xwUACUpdatectl.dll
%Program Files%\SoftForum\XecureWeb\ActiveX\xwUACWrapper.dll
%Program Files%\SoftForum\XecureWeb\ActiveX\Zip32.dll
%Program Files%\SoftForum\XecureWeb\xw_setup.exe
%Temp%\WZSE0.TMP\BankCode.tbl
%Temp%\WZSE0.TMP\CertStorage\ca\03fa3e5aa4df9ef779646a2b165bb17c31b0009e\cert.der
%Temp%\WZSE0.TMP\CertStorage\ca\03fa3e5aa4df9ef779646a2b165bb17c31b0009e\cert_02.der
%Temp%\WZSE0.TMP\CertStorage\ca\0a22c999c9a1372490e1be6013e4aff15ae33eb8\cert.der
%Temp%\WZSE0.TMP\CertStorage\ca\0a22c999c9a1372490e1be6013e4aff15ae33eb8\cert_07.der
%Temp%\WZSE0.TMP\CertStorage\ca\137fb162b695db9b6af5c773a8495982532b34f3\cert.der
%Temp%\WZSE0.TMP\CertStorage\ca\137fb162b695db9b6af5c773a8495982532b34f3\cert_42df407a00311243eed8d8155bde0393.der
%Temp%\WZSE0.TMP\CertStorage\ca\2acaad71b5ad3b07e829bb60020ba94ce5f11bc4\cert.der
%Temp%\WZSE0.TMP\CertStorage\ca\2acaad71b5ad3b07e829bb60020ba94ce5f11bc4\cert_2742.der
%Temp%\WZSE0.TMP\CertStorage\ca\409a9f6e45acc757e949e73dbd4582d0b95e0411\cert.der
%Temp%\WZSE0.TMP\CertStorage\ca\409a9f6e45acc757e949e73dbd4582d0b95e0411\cert_2764.der
%Temp%\WZSE0.TMP\CertStorage\ca\48fa520704829eb91999fb7ebd7b569bd78e93dd\cert.der
%Temp%\WZSE0.TMP\CertStorage\ca\48fa520704829eb91999fb7ebd7b569bd78e93dd\cert_3f810c2a014d7da56956f7a5ff03fcb7.der
%Temp%\WZSE0.TMP\CertStorage\ca\4b3d4575915a11f8acb3cc6922c28e9df75919ce\cert.der
%Temp%\WZSE0.TMP\CertStorage\ca\4b3d4575915a11f8acb3cc6922c28e9df75919ce\cert_275f.der
%Temp%\WZSE0.TMP\CertStorage\ca\527d0fe16be781803176a83fbef722731a12e617\cert.der
%Temp%\WZSE0.TMP\CertStorage\ca\527d0fe16be781803176a83fbef722731a12e617\cert_3f811b7a026cc2fbe96c9c69b6c689c8.der
%Temp%\WZSE0.TMP\CertStorage\ca\5578e97a76f02507041458c94b23ea9e11d775d6\cert.der
%Temp%\WZSE0.TMP\CertStorage\ca\5578e97a76f02507041458c94b23ea9e11d775d6\cert_03.der
%Temp%\WZSE0.TMP\CertStorage\ca\5b24eb6212d26d2552d62417c39c05a1967b99a7\cert.der
%Temp%\WZSE0.TMP\CertStorage\ca\5b24eb6212d26d2552d62417c39c05a1967b99a7\cert_273d.der
%Temp%\WZSE0.TMP\CertStorage\ca\5c7448e248b10311a69fbffa223c233d41687ca3\cert.der
%Temp%\WZSE0.TMP\CertStorage\ca\5c7448e248b10311a69fbffa223c233d41687ca3\cert_2760.der
%Temp%\WZSE0.TMP\CertStorage\ca\5e98c8c99dd7a0abe2b3d37cbab5a0f1dfe19365\cert.der
%Temp%\WZSE0.TMP\CertStorage\ca\5e98c8c99dd7a0abe2b3d37cbab5a0f1dfe19365\cert_2762.der
%Temp%\WZSE0.TMP\CertStorage\ca\60450c53212dab7c6f6a6426c554cd708fcc6c92\cert.der
%Temp%\WZSE0.TMP\CertStorage\ca\60450c53212dab7c6f6a6426c554cd708fcc6c92\cert_2727.der
%Temp%\WZSE0.TMP\CertStorage\ca\764e7cf9a3f1eefb32773bae85114926cb94b3d9\cert.der
%Temp%\WZSE0.TMP\CertStorage\ca\764e7cf9a3f1eefb32773bae85114926cb94b3d9\cert_273b.der
%Temp%\WZSE0.TMP\CertStorage\ca\ade9d66e18288893e8234df8cdc970087d005047\cert.der
%Temp%\WZSE0.TMP\CertStorage\ca\ade9d66e18288893e8234df8cdc970087d005047\cert_410743f0027dad4fe11db9487df2a9ba.der
%Temp%\WZSE0.TMP\CertStorage\ca\bf3f4cbad08086cd0782afd2b4403cd0a839b37a\cert.der
%Temp%\WZSE0.TMP\CertStorage\ca\bf3f4cbad08086cd0782afd2b4403cd0a839b37a\cert_275e.der
%Temp%\WZSE0.TMP\CertStorage\ca\dac052905418132dc647c7a040ceb6aa45edaf13\cert.der
%Temp%\WZSE0.TMP\CertStorage\ca\dac052905418132dc647c7a040ceb6aa45edaf13\cert_2761.der
%Temp%\WZSE0.TMP\CertStorage\ca\daeacb7c3975441a8f3fc738af9504bbd2c18ac3\cert.der
%Temp%\WZSE0.TMP\CertStorage\ca\daeacb7c3975441a8f3fc738af9504bbd2c18ac3\cert_2748.der
%Temp%\WZSE0.TMP\CertStorage\ca\f0496fd72c050996eb08e05280687f17a336ae83\cert.der
%Temp%\WZSE0.TMP\CertStorage\ca\f0496fd72c050996eb08e05280687f17a336ae83\cert_42df402301a9ac1f7d411833d75765c5.der
%Temp%\WZSE0.TMP\CertStorage\ca\f441e6bfa36cfd1d0287dd2faa5394f1641ee7b8\cert.der
%Temp%\WZSE0.TMP\CertStorage\ca\f441e6bfa36cfd1d0287dd2faa5394f1641ee7b8\cert_2768.der
%Temp%\WZSE0.TMP\CertStorage\newmndca.der
%Temp%\WZSE0.TMP\CertStorage\newroot.der
%Temp%\WZSE0.TMP\CertStorage\root\0ef12e12c6f31a2ea28b9028473313fccdd888c6\cert_48479209034cb66f1005525650458b7b.der
%Temp%\WZSE0.TMP\CertStorage\root\143f06757a32fb4a04efe58ae847a92e28462f81\cert.der
%Temp%\WZSE0.TMP\CertStorage\root\143f06757a32fb4a04efe58ae847a92e28462f81\cert_02.der
%Temp%\WZSE0.TMP\CertStorage\root\1507a4cd887f33f0a30ddc5a685f77798d199a4f\cert.der
%Temp%\WZSE0.TMP\CertStorage\root\1507a4cd887f33f0a30ddc5a685f77798d199a4f\cert_03.der
%Temp%\WZSE0.TMP\CertStorage\root\2df9c06ae840c62438fb338257ebd9dc0f95a0b2\cert.der
%Temp%\WZSE0.TMP\CertStorage\root\2df9c06ae840c62438fb338257ebd9dc0f95a0b2\cert_3cc2814b00e7524d9baa47b7e161f50e.der
%Temp%\WZSE0.TMP\CertStorage\root\5e8d54cd0953a9279f79a5ee62b6702271a08bd9\cert.der
%Temp%\WZSE0.TMP\CertStorage\root\5e8d54cd0953a9279f79a5ee62b6702271a08bd9\cert_01.der
%Temp%\WZSE0.TMP\CertStorage\root\e76d641b04091c92f9cb5c47b95f09339926eb44\cert.der
%Temp%\WZSE0.TMP\CertStorage\root\e76d641b04091c92f9cb5c47b95f09339926eb44\cert_10.der
%Temp%\WZSE0.TMP\CertStorage\root\e7efa5bc23cc9c3e6683c558a7fb14d7fea6107c\cert.der
%Temp%\WZSE0.TMP\CertStorage\root\e7efa5bc23cc9c3e6683c558a7fb14d7fea6107c\cert_3b9aca03.der
%Temp%\WZSE0.TMP\CertStorage\root\ef6ae6aa613c3d225296fc08dff93cca47512ce0\cert.der
%Temp%\WZSE0.TMP\CertStorage\root\ef6ae6aa613c3d225296fc08dff93cca47512ce0\cert_04.der
%Temp%\WZSE0.TMP\ClientSM.exe
%Temp%\WZSE0.TMP\issuer.tbl
%Temp%\WZSE0.TMP\MiraePKIX_v4.dll
%Temp%\WZSE0.TMP\NPXecSSL40.dll
%Temp%\WZSE0.TMP\npxecure.dll
%Temp%\WZSE0.TMP\npxwebplugin.dll
%Temp%\WZSE0.TMP\npxwebplugin_file.dll
%Temp%\WZSE0.TMP\npxwfile.dll
%Temp%\WZSE0.TMP\NPxwfilectl.dll
%Temp%\WZSE0.TMP\nsldap32v50.dll
%Temp%\WZSE0.TMP\nsxwpp.dll
%Temp%\WZSE0.TMP\policy.tbl
%Temp%\WZSE0.TMP\policy_en.tbl
%Temp%\WZSE0.TMP\RestartIE.exe
%Temp%\WZSE0.TMP\Unzip32.dll
%Temp%\WZSE0.TMP\XCrSvr.exe
%Temp%\WZSE0.TMP\XecureASN_v20.dll
%Temp%\WZSE0.TMP\XecureCMP_v20.dll
%Temp%\WZSE0.TMP\XecureCodec_v20.dll
%Temp%\WZSE0.TMP\XecureCRL_v20.dll
%Temp%\WZSE0.TMP\XecureCrypto_v20.dll
%Temp%\WZSE0.TMP\XecureCSP_v20.dll
%Temp%\WZSE0.TMP\XecureCTL_v20.dll
%Temp%\WZSE0.TMP\XecureIO_v20.dll
%Temp%\WZSE0.TMP\XecureLDAP_v20.dll
%Temp%\WZSE0.TMP\XecureNEAT_v20.dll
%Temp%\WZSE0.TMP\XecureOCSP_v20.dll
%Temp%\WZSE0.TMP\XecurePKCS12_v20.dll
%Temp%\WZSE0.TMP\XecurePKCS5_v20.dll
%Temp%\WZSE0.TMP\XecurePKCS7_v20.dll
%Temp%\WZSE0.TMP\XecurePKCS8_v20.dll
%Temp%\WZSE0.TMP\XecurePKC_v20.dll
%Temp%\WZSE0.TMP\XecurePVD_v20.dll
%Temp%\WZSE0.TMP\XecureST_v20.dll
%Temp%\WZSE0.TMP\XecureTSP_v20.dll
%Temp%\WZSE0.TMP\XWebCertMng.dll
%Temp%\WZSE0.TMP\XWebCLT.dll
%Temp%\WZSE0.TMP\XWebCMP.dll
%Temp%\WZSE0.TMP\XWebCS.dll
%Temp%\WZSE0.TMP\XWebFileCLT.dll
%Temp%\WZSE0.TMP\XWebFileRD.dll
%Temp%\WZSE0.TMP\XWebSSL.dll
%Temp%\WZSE0.TMP\XWebUI.dll
%Temp%\WZSE0.TMP\XWebUpdate.dll
%Temp%\WZSE0.TMP\XWebUtil.dll
%Temp%\WZSE0.TMP\XWSmartCard.dll
%Temp%\WZSE0.TMP\xwUACctl.dll
%Temp%\WZSE0.TMP\xwUACUpdatectl.dll
%Temp%\WZSE0.TMP\xwUACWrapper.dll
%Temp%\WZSE0.TMP\xw_setup.exe
%Temp%\WZSE0.TMP\Zip32.dll

Detected by UnHackMe:

XWEBUTIL.DLL
Default location: %PROGRAM FILES%\SOFTFORUM\XECUREWEB\ACTIVEX\XWEBUTIL.DLL

Dropper information:
MD5: 2ba2fb389f3b00ea6041fadd33b9946f
File size: 2430816 bytes

Leave a Reply

Privacy Policy      Terms and Conditions

Thank you for theme by IdeaBox       Credits: Thank you to www.icons8.com for Icons and Images