Solved! Use XWEBFILERD.DLL (Unclassified Malware) Removal Guide

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Download UnHackMe
Fully Functional 30-day Trial. No credit card is required. Reviews. EULA. Privacy Policy.

XWEBFILERD.DLL – Unclassified Malware removal

XWEBFILERD.DLL size: 24576 bytes
XWEBFILERD.DLL hash: 84141720332E5E4CE0AF2BC6102D66FB

Created files:

%Program Files%\Mozilla Firefox\plugins\npxecure.dll
%Program Files%\Mozilla Firefox\plugins\npxwfile.dll
%Program Files%\NPKI\CrossCert\0FD92CAF8B33B1B2B4F1151C9D786162E19B1427_10078.der
%Program Files%\NPKI\CrossCert\B674A99B923CC751B122A44FBCB73CFE2233D776_4100.der
%Program Files%\NPKI\CrossCert\d3c1937bd61f964f1c2c6872acec4c85614cd2dc_10088.der
%Program Files%\NPKI\KICA\6F1F0BD880BE4AC7184E62CDCE3A6FA19B447061_10056.der
%Program Files%\NPKI\KICA\AE52FD0E0E01F83086377EF618C649254A600970_4106.der
%Program Files%\NPKI\KICA\B909F2B621489A2ABA025980862793166A77F559_10081.der
%Program Files%\NPKI\KISA\2587df3e181c92c06c2e9677d44a009559077649_16.der
%Program Files%\NPKI\KISA\BFB627D8035A76654C6101415631E58B7B3AD9CC_4.der
%Program Files%\NPKI\KISA\C8D08EC749AE1F2042B24B7F13C977580CA1CDC1_1.der
%Program Files%\NPKI\KISA\FF8A46723358E8488822AA1768DA1648098B3591_3.der
%Program Files%\NPKI\NCASign\766D8BCDAD940DF5A5B63F2202B6F59F4349398A_10045.der
%Program Files%\NPKI\NCASign\FE2A1DC3637EBFFD31830AB1F1D3F0DA2BE78D7A_10082.der
%Program Files%\NPKI\SignKorea\279696BEF384DC5901622423E2187BD3418D2D42_4098.der
%Program Files%\NPKI\SignKorea\8DAA2008F089E01141BC7FA48E2AC4405ECA563A_10079.der
%Program Files%\NPKI\SignKorea\b063e7eba3dbd862c64427ff65e9316273a7c6cc_10043.der
%Program Files%\NPKI\TradeSign\2B7602AE825C7DEE81919EF5895BB9E2995BA9AF_10084.der
%Program Files%\NPKI\TradeSign\4D5D560A0703DF83CAF3D56D8F19FC12AC90A28A_4105.der
%Program Files%\NPKI\TradeSign\CE671644B27E73FD85A7CD0D1ED3F0D3A52D2639_10023.der
%Program Files%\NPKI\yessign\4AFBBD332D8BB1D18C946BFFE042365F1C91CB08_10080.der
%Program Files%\NPKI\yessign\5204329F8F9D2172BAFA3398A8617E2733248D5F_4099.der
%Program Files%\NPKI\yessign\E2EC6D2CE57D9BC09EAC015379BA9A8F9A85D90B_10050.der
%Program Files%\SoftForum\CertStorage\ca\03fa3e5aa4df9ef779646a2b165bb17c31b0009e\cert.der
%Program Files%\SoftForum\CertStorage\ca\03fa3e5aa4df9ef779646a2b165bb17c31b0009e\cert_02.der
%Program Files%\SoftForum\CertStorage\ca\0a22c999c9a1372490e1be6013e4aff15ae33eb8\cert.der
%Program Files%\SoftForum\CertStorage\ca\0a22c999c9a1372490e1be6013e4aff15ae33eb8\cert_07.der
%Program Files%\SoftForum\CertStorage\ca\137fb162b695db9b6af5c773a8495982532b34f3\cert.der
%Program Files%\SoftForum\CertStorage\ca\137fb162b695db9b6af5c773a8495982532b34f3\cert_42df407a00311243eed8d8155bde0393.der
%Program Files%\SoftForum\CertStorage\ca\45b0ceab5b0c76d83f597150791c4e29e96a4e0f\cert.der
%Program Files%\SoftForum\CertStorage\ca\45b0ceab5b0c76d83f597150791c4e29e96a4e0f\cert_2714.der
%Program Files%\SoftForum\CertStorage\ca\48fa520704829eb91999fb7ebd7b569bd78e93dd\cert.der
%Program Files%\SoftForum\CertStorage\ca\48fa520704829eb91999fb7ebd7b569bd78e93dd\cert_3f810c2a014d7da56956f7a5ff03fcb7.der
%Program Files%\SoftForum\CertStorage\ca\527d0fe16be781803176a83fbef722731a12e617\cert.der
%Program Files%\SoftForum\CertStorage\ca\527d0fe16be781803176a83fbef722731a12e617\cert_3f811b7a026cc2fbe96c9c69b6c689c8.der
%Program Files%\SoftForum\CertStorage\ca\5578e97a76f02507041458c94b23ea9e11d775d6\cert.der
%Program Files%\SoftForum\CertStorage\ca\5578e97a76f02507041458c94b23ea9e11d775d6\cert_03.der
%Program Files%\SoftForum\CertStorage\ca\ade9d66e18288893e8234df8cdc970087d005047\cert.der
%Program Files%\SoftForum\CertStorage\ca\ade9d66e18288893e8234df8cdc970087d005047\cert_410743f0027dad4fe11db9487df2a9ba.der
%Program Files%\SoftForum\CertStorage\ca\f0496fd72c050996eb08e05280687f17a336ae83\cert.der
%Program Files%\SoftForum\CertStorage\ca\f0496fd72c050996eb08e05280687f17a336ae83\cert_42df402301a9ac1f7d411833d75765c5.der
%Program Files%\SoftForum\CertStorage\newmndca.der
%Program Files%\SoftForum\CertStorage\newroot.der
%Program Files%\SoftForum\CertStorage\root\064be6dd317317159d7aaf9fb6657268425b5604\cert.der
%Program Files%\SoftForum\CertStorage\root\0ef12e12c6f31a2ea28b9028473313fccdd888c6\cert_48479209034cb66f1005525650458b7b.der
%Program Files%\SoftForum\CertStorage\root\143f06757a32fb4a04efe58ae847a92e28462f81\cert.der
%Program Files%\SoftForum\CertStorage\root\143f06757a32fb4a04efe58ae847a92e28462f81\cert_02.der
%Program Files%\SoftForum\CertStorage\root\2df9c06ae840c62438fb338257ebd9dc0f95a0b2\cert.der
%Program Files%\SoftForum\CertStorage\root\2df9c06ae840c62438fb338257ebd9dc0f95a0b2\cert_3cc2814b00e7524d9baa47b7e161f50e.der
%Program Files%\SoftForum\CertStorage\root\4b975cbd73ec36b25f552ad964800c73e892383e\cert.der
%Program Files%\SoftForum\CertStorage\root\4b975cbd73ec36b25f552ad964800c73e892383e\cert_01.der
%Program Files%\SoftForum\CertStorage\root\5e8d54cd0953a9279f79a5ee62b6702271a08bd9\cert.der
%Program Files%\SoftForum\CertStorage\root\5e8d54cd0953a9279f79a5ee62b6702271a08bd9\cert_01.der
%Program Files%\SoftForum\CertStorage\root\e7efa5bc23cc9c3e6683c558a7fb14d7fea6107c\cert.der
%Program Files%\SoftForum\CertStorage\root\e7efa5bc23cc9c3e6683c558a7fb14d7fea6107c\cert_3b9aca03.der
%Program Files%\SoftForum\XecureWeb\ActiveX\ClientSM.exe
%Program Files%\SoftForum\XecureWeb\ActiveX\conf\BankCode.tbl
%Program Files%\SoftForum\XecureWeb\ActiveX\conf\issuer.tbl
%Program Files%\SoftForum\XecureWeb\ActiveX\conf\policy.tbl
%Program Files%\SoftForum\XecureWeb\ActiveX\conf\policy_en.tbl
%Program Files%\SoftForum\XecureWeb\ActiveX\gdiplus.dll
%Program Files%\SoftForum\XecureWeb\ActiveX\MiraePKIX_v4.dll
%Program Files%\SoftForum\XecureWeb\ActiveX\npxwebplugin.dll
%Program Files%\SoftForum\XecureWeb\ActiveX\npxwebplugin_file.dll
%Program Files%\SoftForum\XecureWeb\ActiveX\nsldap32v50.dll
%Program Files%\SoftForum\XecureWeb\ActiveX\RestartIE.exe
%Program Files%\SoftForum\XecureWeb\ActiveX\TransKeyCS.dll
%Program Files%\SoftForum\XecureWeb\ActiveX\Unzip32.dll
%Program Files%\SoftForum\XecureWeb\ActiveX\XCrSvr.exe
%Program Files%\SoftForum\XecureWeb\ActiveX\XecureASN_v20.dll
%Program Files%\SoftForum\XecureWeb\ActiveX\XecureCMP_v20.dll
%Program Files%\SoftForum\XecureWeb\ActiveX\XecureCodec_v20.dll
%Program Files%\SoftForum\XecureWeb\ActiveX\XecureCRL_v20.dll
%Program Files%\SoftForum\XecureWeb\ActiveX\XecureCrypto_v20.dll
%Program Files%\SoftForum\XecureWeb\ActiveX\XecureCSP_v20.dll
%Program Files%\SoftForum\XecureWeb\ActiveX\XecureCTL_v20.dll
%Program Files%\SoftForum\XecureWeb\ActiveX\XecureFreeze.dll
%Program Files%\SoftForum\XecureWeb\ActiveX\XecureIO_v20.dll
%Program Files%\SoftForum\XecureWeb\ActiveX\XecureLDAP_v20.dll
%Program Files%\SoftForum\XecureWeb\ActiveX\XecureNEAT_v20.dll
%Program Files%\SoftForum\XecureWeb\ActiveX\XecureOCSP_v20.dll
%Program Files%\SoftForum\XecureWeb\ActiveX\XecurePKCS12_v20.dll
%Program Files%\SoftForum\XecureWeb\ActiveX\XecurePKCS5_v20.dll
%Program Files%\SoftForum\XecureWeb\ActiveX\XecurePKCS7_v20.dll
%Program Files%\SoftForum\XecureWeb\ActiveX\XecurePKCS8_v20.dll
%Program Files%\SoftForum\XecureWeb\ActiveX\XecurePKC_v20.dll
%Program Files%\SoftForum\XecureWeb\ActiveX\XecurePVD_v20.dll
%Program Files%\SoftForum\XecureWeb\ActiveX\XecureST_v20.dll
%Program Files%\SoftForum\XecureWeb\ActiveX\XecureTSP_v20.dll
%Program Files%\SoftForum\XecureWeb\ActiveX\XWebCertMng.dll
%Program Files%\SoftForum\XecureWeb\ActiveX\XWebCLT.dll
%Program Files%\SoftForum\XecureWeb\ActiveX\XWebCMP.dll
%Program Files%\SoftForum\XecureWeb\ActiveX\XWebCS.dll
%Program Files%\SoftForum\XecureWeb\ActiveX\XWebFileCLT.dll
%Program Files%\SoftForum\XecureWeb\ActiveX\XWebFileRD.dll
%Program Files%\SoftForum\XecureWeb\ActiveX\XWebLangCH.dll
%Program Files%\SoftForum\XecureWeb\ActiveX\XWebLangEN.dll
%Program Files%\SoftForum\XecureWeb\ActiveX\XWebLangJP.dll
%Program Files%\SoftForum\XecureWeb\ActiveX\XWebLangKR.dll
%Program Files%\SoftForum\XecureWeb\ActiveX\XWebSSL.dll
%Program Files%\SoftForum\XecureWeb\ActiveX\XWebUI.dll
%Program Files%\SoftForum\XecureWeb\ActiveX\XWebUpdate.dll
%Program Files%\SoftForum\XecureWeb\ActiveX\XWebUtil.dll
%Program Files%\SoftForum\XecureWeb\ActiveX\XWSmartCard.dll
%Program Files%\SoftForum\XecureWeb\ActiveX\xwUACctl.dll
%Program Files%\SoftForum\XecureWeb\ActiveX\xwUACUpdatectl.dll
%Program Files%\SoftForum\XecureWeb\ActiveX\xwUACWrapper.dll
%Program Files%\SoftForum\XecureWeb\ActiveX\Zip32.dll
%Program Files%\SoftForum\XecureWeb\xw_setup.exe
%Temp%\WZSE0.TMP\BankCode.tbl
%Temp%\WZSE0.TMP\CertStorage\ca\03fa3e5aa4df9ef779646a2b165bb17c31b0009e\cert.der
%Temp%\WZSE0.TMP\CertStorage\ca\03fa3e5aa4df9ef779646a2b165bb17c31b0009e\cert_02.der
%Temp%\WZSE0.TMP\CertStorage\ca\0a22c999c9a1372490e1be6013e4aff15ae33eb8\cert.der
%Temp%\WZSE0.TMP\CertStorage\ca\0a22c999c9a1372490e1be6013e4aff15ae33eb8\cert_07.der
%Temp%\WZSE0.TMP\CertStorage\ca\137fb162b695db9b6af5c773a8495982532b34f3\cert.der
%Temp%\WZSE0.TMP\CertStorage\ca\137fb162b695db9b6af5c773a8495982532b34f3\cert_42df407a00311243eed8d8155bde0393.der
%Temp%\WZSE0.TMP\CertStorage\ca\45b0ceab5b0c76d83f597150791c4e29e96a4e0f\cert.der
%Temp%\WZSE0.TMP\CertStorage\ca\45b0ceab5b0c76d83f597150791c4e29e96a4e0f\cert_2714.der
%Temp%\WZSE0.TMP\CertStorage\ca\48fa520704829eb91999fb7ebd7b569bd78e93dd\cert.der
%Temp%\WZSE0.TMP\CertStorage\ca\48fa520704829eb91999fb7ebd7b569bd78e93dd\cert_3f810c2a014d7da56956f7a5ff03fcb7.der
%Temp%\WZSE0.TMP\CertStorage\ca\527d0fe16be781803176a83fbef722731a12e617\cert.der
%Temp%\WZSE0.TMP\CertStorage\ca\527d0fe16be781803176a83fbef722731a12e617\cert_3f811b7a026cc2fbe96c9c69b6c689c8.der
%Temp%\WZSE0.TMP\CertStorage\ca\5578e97a76f02507041458c94b23ea9e11d775d6\cert.der
%Temp%\WZSE0.TMP\CertStorage\ca\5578e97a76f02507041458c94b23ea9e11d775d6\cert_03.der
%Temp%\WZSE0.TMP\CertStorage\ca\ade9d66e18288893e8234df8cdc970087d005047\cert.der
%Temp%\WZSE0.TMP\CertStorage\ca\ade9d66e18288893e8234df8cdc970087d005047\cert_410743f0027dad4fe11db9487df2a9ba.der
%Temp%\WZSE0.TMP\CertStorage\ca\f0496fd72c050996eb08e05280687f17a336ae83\cert.der
%Temp%\WZSE0.TMP\CertStorage\ca\f0496fd72c050996eb08e05280687f17a336ae83\cert_42df402301a9ac1f7d411833d75765c5.der
%Temp%\WZSE0.TMP\CertStorage\newmndca.der
%Temp%\WZSE0.TMP\CertStorage\newroot.der
%Temp%\WZSE0.TMP\CertStorage\root\064be6dd317317159d7aaf9fb6657268425b5604\cert.der
%Temp%\WZSE0.TMP\CertStorage\root\0ef12e12c6f31a2ea28b9028473313fccdd888c6\cert_48479209034cb66f1005525650458b7b.der
%Temp%\WZSE0.TMP\CertStorage\root\143f06757a32fb4a04efe58ae847a92e28462f81\cert.der
%Temp%\WZSE0.TMP\CertStorage\root\143f06757a32fb4a04efe58ae847a92e28462f81\cert_02.der
%Temp%\WZSE0.TMP\CertStorage\root\2df9c06ae840c62438fb338257ebd9dc0f95a0b2\cert.der
%Temp%\WZSE0.TMP\CertStorage\root\2df9c06ae840c62438fb338257ebd9dc0f95a0b2\cert_3cc2814b00e7524d9baa47b7e161f50e.der
%Temp%\WZSE0.TMP\CertStorage\root\4b975cbd73ec36b25f552ad964800c73e892383e\cert.der
%Temp%\WZSE0.TMP\CertStorage\root\4b975cbd73ec36b25f552ad964800c73e892383e\cert_01.der
%Temp%\WZSE0.TMP\CertStorage\root\5e8d54cd0953a9279f79a5ee62b6702271a08bd9\cert.der
%Temp%\WZSE0.TMP\CertStorage\root\5e8d54cd0953a9279f79a5ee62b6702271a08bd9\cert_01.der
%Temp%\WZSE0.TMP\CertStorage\root\e7efa5bc23cc9c3e6683c558a7fb14d7fea6107c\cert.der
%Temp%\WZSE0.TMP\CertStorage\root\e7efa5bc23cc9c3e6683c558a7fb14d7fea6107c\cert_3b9aca03.der
%Temp%\WZSE0.TMP\ClientSM.exe
%Temp%\WZSE0.TMP\gdiplus.dll
%Temp%\WZSE0.TMP\issuer.tbl
%Temp%\WZSE0.TMP\MiraePKIX_v4.dll
%Temp%\WZSE0.TMP\NPKI\CrossCert\0FD92CAF8B33B1B2B4F1151C9D786162E19B1427_10078.der
%Temp%\WZSE0.TMP\NPKI\CrossCert\B674A99B923CC751B122A44FBCB73CFE2233D776_4100.der
%Temp%\WZSE0.TMP\NPKI\CrossCert\d3c1937bd61f964f1c2c6872acec4c85614cd2dc_10088.der
%Temp%\WZSE0.TMP\NPKI\KICA\6F1F0BD880BE4AC7184E62CDCE3A6FA19B447061_10056.der
%Temp%\WZSE0.TMP\NPKI\KICA\AE52FD0E0E01F83086377EF618C649254A600970_4106.der
%Temp%\WZSE0.TMP\NPKI\KICA\B909F2B621489A2ABA025980862793166A77F559_10081.der
%Temp%\WZSE0.TMP\NPKI\KISA\2587df3e181c92c06c2e9677d44a009559077649_16.der
%Temp%\WZSE0.TMP\NPKI\KISA\BFB627D8035A76654C6101415631E58B7B3AD9CC_4.der
%Temp%\WZSE0.TMP\NPKI\KISA\C8D08EC749AE1F2042B24B7F13C977580CA1CDC1_1.der
%Temp%\WZSE0.TMP\NPKI\KISA\FF8A46723358E8488822AA1768DA1648098B3591_3.der
%Temp%\WZSE0.TMP\NPKI\NCASign\766D8BCDAD940DF5A5B63F2202B6F59F4349398A_10045.der
%Temp%\WZSE0.TMP\NPKI\NCASign\FE2A1DC3637EBFFD31830AB1F1D3F0DA2BE78D7A_10082.der
%Temp%\WZSE0.TMP\NPKI\SignKorea\279696BEF384DC5901622423E2187BD3418D2D42_4098.der
%Temp%\WZSE0.TMP\NPKI\SignKorea\8DAA2008F089E01141BC7FA48E2AC4405ECA563A_10079.der
%Temp%\WZSE0.TMP\NPKI\SignKorea\b063e7eba3dbd862c64427ff65e9316273a7c6cc_10043.der
%Temp%\WZSE0.TMP\NPKI\TradeSign\2B7602AE825C7DEE81919EF5895BB9E2995BA9AF_10084.der
%Temp%\WZSE0.TMP\NPKI\TradeSign\4D5D560A0703DF83CAF3D56D8F19FC12AC90A28A_4105.der
%Temp%\WZSE0.TMP\NPKI\TradeSign\CE671644B27E73FD85A7CD0D1ED3F0D3A52D2639_10023.der
%Temp%\WZSE0.TMP\NPKI\yessign\4AFBBD332D8BB1D18C946BFFE042365F1C91CB08_10080.der
%Temp%\WZSE0.TMP\NPKI\yessign\5204329F8F9D2172BAFA3398A8617E2733248D5F_4099.der
%Temp%\WZSE0.TMP\NPKI\yessign\E2EC6D2CE57D9BC09EAC015379BA9A8F9A85D90B_10050.der
%Temp%\WZSE0.TMP\NPXecSSL40.dll
%Temp%\WZSE0.TMP\npxecure.dll
%Temp%\WZSE0.TMP\npxwebplugin.dll
%Temp%\WZSE0.TMP\npxwebplugin_file.dll
%Temp%\WZSE0.TMP\npxwfile.dll
%Temp%\WZSE0.TMP\NPxwfilectl.dll
%Temp%\WZSE0.TMP\nsldap32v50.dll
%Temp%\WZSE0.TMP\policy.tbl
%Temp%\WZSE0.TMP\policy_en.tbl
%Temp%\WZSE0.TMP\RestartIE.exe
%Temp%\WZSE0.TMP\TransKeyCS.dll
%Temp%\WZSE0.TMP\Unzip32.dll
%Temp%\WZSE0.TMP\XCrSvr.exe
%Temp%\WZSE0.TMP\XecureASN_v20.dll
%Temp%\WZSE0.TMP\XecureCMP_v20.dll
%Temp%\WZSE0.TMP\XecureCodec_v20.dll
%Temp%\WZSE0.TMP\XecureCRL_v20.dll
%Temp%\WZSE0.TMP\XecureCrypto_v20.dll
%Temp%\WZSE0.TMP\XecureCSP_v20.dll
%Temp%\WZSE0.TMP\XecureCTL_v20.dll
%Temp%\WZSE0.TMP\XecureFreeze.dll
%Temp%\WZSE0.TMP\XecureIO_v20.dll
%Temp%\WZSE0.TMP\XecureLDAP_v20.dll
%Temp%\WZSE0.TMP\XecureNEAT_v20.dll
%Temp%\WZSE0.TMP\XecureOCSP_v20.dll
%Temp%\WZSE0.TMP\XecurePKCS12_v20.dll
%Temp%\WZSE0.TMP\XecurePKCS5_v20.dll
%Temp%\WZSE0.TMP\XecurePKCS7_v20.dll
%Temp%\WZSE0.TMP\XecurePKCS8_v20.dll
%Temp%\WZSE0.TMP\XecurePKC_v20.dll
%Temp%\WZSE0.TMP\XecurePVD_v20.dll
%Temp%\WZSE0.TMP\XecureST_v20.dll
%Temp%\WZSE0.TMP\XecureTSP_v20.dll
%Temp%\WZSE0.TMP\XWebCertMng.dll
%Temp%\WZSE0.TMP\XWebCLT.dll
%Temp%\WZSE0.TMP\XWebCMP.dll
%Temp%\WZSE0.TMP\XWebCS.dll
%Temp%\WZSE0.TMP\XWebFileCLT.dll
%Temp%\WZSE0.TMP\XWebFileRD.dll
%Temp%\WZSE0.TMP\XWebLangCH.dll
%Temp%\WZSE0.TMP\XWebLangEN.dll
%Temp%\WZSE0.TMP\XWebLangJP.dll
%Temp%\WZSE0.TMP\XWebLangKR.dll
%Temp%\WZSE0.TMP\XWebSSL.dll
%Temp%\WZSE0.TMP\XWebUI.dll
%Temp%\WZSE0.TMP\XWebUpdate.dll
%Temp%\WZSE0.TMP\XWebUtil.dll
%Temp%\WZSE0.TMP\XWSmartCard.dll
%Temp%\WZSE0.TMP\xwUACctl.dll
%Temp%\WZSE0.TMP\xwUACUpdatectl.dll
%Temp%\WZSE0.TMP\xwUACWrapper.dll
%Temp%\WZSE0.TMP\xw_setup.exe
%Temp%\WZSE0.TMP\Zip32.dll

Detected by UnHackMe:

XWEBFILERD.DLL
Default location: %PROGRAM FILES%\SOFTFORUM\XECUREWEB\ACTIVEX\XWEBFILERD.DLL

Dropper information:
MD5: c08657ba27a73da85bf48d13887b6c3e
File size: 3811784 bytes

Leave a Reply