Solved! Use RSTOREDLL.DLL (Trojan DLOADER) Removal Guide

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Free Download
Fully Functional 30-day Trial. No credit card is required.
Reviews
. EULA. Privacy Policy. Uninstall.

RSTOREDLL.DLL – Trojan DLOADER removal

FileMD5Virus Alias
RSTOREDLL.DLL 8353f3fdd33da4187b4411a51122174d Trojan DLOADER

RSTOREDLL.DLL size: 198424 bytes
RSTOREDLL.DLL hash: 8353F3FDD33DA4187B4411A51122174D

Created files:

%Program Files%\Rising\RSD\Backup\RSD\RSSetup\CfgDll.dll
%Program Files%\Rising\RSD\Backup\RSD\RSSetup\comx3.dll
%Program Files%\Rising\RSD\Backup\RSD\RSSetup\localopt.dll
%Program Files%\Rising\RSD\Backup\RSD\RSSetup\popwndexe.exe
%Program Files%\Rising\RSD\Backup\RSD\RSSetup\protreg.sys
%Program Files%\Rising\RSD\Backup\RSD\RSSetup\RsAppMgr.dll
%Program Files%\Rising\RSD\Backup\RSD\RSSetup\RsBackup.exe
%Program Files%\Rising\RSD\Backup\RSD\RSSetup\RSD1252\Eng.lag
%Program Files%\Rising\RSD\Backup\RSD\RSSetup\RSD932\Jpn.lag
%Program Files%\Rising\RSD\Backup\RSD\RSSetup\RSD936\CHS.lag
%Program Files%\Rising\RSD\Backup\RSD\RSSetup\RSD950\CHT.lag
%Program Files%\Rising\RSD\Backup\RSD\RSSetup\rsdinfo.dll
%Program Files%\Rising\RSD\Backup\RSD\RSSetup\rsdk.dll
%Program Files%\Rising\RSD\Backup\RSD\RSSetup\rslang.dll
%Program Files%\Rising\RSD\Backup\RSD\RSSetup\rsmginfo.dll
%Program Files%\Rising\RSD\Backup\RSD\RSSetup\RsMgrSvc.exe
%Program Files%\Rising\RSD\Backup\RSD\RSSetup\RsStub.exe
%Program Files%\Rising\RSD\Backup\RSD\RSSetup\RstoreDll.dll
%Program Files%\Rising\RSD\Backup\RSD\RSSetup\syslay.dll
%Program Files%\Rising\RSD\Backup\RSD\RSSetup\updater.exe
%Program Files%\Rising\RSD\CfgDll.dll
%Program Files%\Rising\RSD\comx3.dll
%Program Files%\Rising\RSD\RsAppMgr.dll
%Program Files%\Rising\RSD\RsBackup.exe
%Program Files%\Rising\RSD\RSD936\CHS.lag
%Program Files%\Rising\RSD\RSD950\CHT.lag
%Program Files%\Rising\RSD\rsdinfo.dll
%Program Files%\Rising\RSD\rslang.dll
%Program Files%\Rising\RSD\RsMgrSvc.exe
%Program Files%\Rising\RSD\RsStub.exe
%Program Files%\Rising\RSD\syslay.dll
%Program Files%\Rising\RSD\updater.exe
%SysDir%\drivers\protreg.sys
%Temp%\RAV.cfg.bak
%Temp%\RsdSfxTmp\CfgDll.dll
%Temp%\RsdSfxTmp\cloudqry\cloudnet.dll
%Temp%\RsdSfxTmp\cloudqry\cloudqry.dll
%Temp%\RsdSfxTmp\cloudqry\cloudsta.dll
%Temp%\RsdSfxTmp\cloudqry\rscurl.dll
%Temp%\RsdSfxTmp\cloudv3\cloudnotifier.dll
%Temp%\RsdSfxTmp\cloudv3\cloudstore.dll
%Temp%\RsdSfxTmp\cloudv3\Cloudv3.dll
%Temp%\RsdSfxTmp\cloudv3\cloudwork.dll
%Temp%\RsdSfxTmp\cloudv3\localopt.dll
%Temp%\RsdSfxTmp\cloudv3\userdata.mond
%Temp%\RsdSfxTmp\cloudv3\userdata.rstray
%Temp%\RsdSfxTmp\comx3.dll
%Temp%\RsdSfxTmp\hookbase\64\rsndisp.sys
%Temp%\RsdSfxTmp\hookbase\64\rsutils.sys
%Temp%\RsdSfxTmp\hookbase\64\sysmon.sys
%Temp%\RsdSfxTmp\hookbase\hookbase.dll
%Temp%\RsdSfxTmp\hookbase\kguard.sys
%Temp%\RsdSfxTmp\hookbase\kguard_if.dll
%Temp%\RsdSfxTmp\hookbase\mondrv.dll
%Temp%\RsdSfxTmp\hookbase\rsndisp.sys
%Temp%\RsdSfxTmp\hookbase\rsutils.sys
%Temp%\RsdSfxTmp\hookbase\rsutils_if.dll
%Temp%\RsdSfxTmp\hookbase\sysmon.sys
%Temp%\RsdSfxTmp\hookbase\sysmon_if.dll
%Temp%\RsdSfxTmp\license\12345678.000
%Temp%\RsdSfxTmp\license\12345678.000.bak
%Temp%\RsdSfxTmp\localopt.dll
%Temp%\RsdSfxTmp\monbasedui\moncomm.dll
%Temp%\RsdSfxTmp\monbasedui\ravmond.exe
%Temp%\RsdSfxTmp\monbasedui\rscombas.dll
%Temp%\RsdSfxTmp\monbasedui\rssrv.dll
%Temp%\RsdSfxTmp\mscrt9\atl90.dll
%Temp%\RsdSfxTmp\mscrt9\msvcp90.dll
%Temp%\RsdSfxTmp\mscrt9\msvcr90.dll
%Temp%\RsdSfxTmp\popwndexe.exe
%Temp%\RsdSfxTmp\protreg.sys
%Temp%\RsdSfxTmp\Rav.7z
%Temp%\RsdSfxTmp\rav936\chs.lag
%Temp%\RsdSfxTmp\ravbase\pngdll.dll
%Temp%\RsdSfxTmp\ravbase\RavSetup.dll
%Temp%\RsdSfxTmp\ravbase\repairmanager.dll
%Temp%\RsdSfxTmp\ravbase\repairmanager.mond
%Temp%\RsdSfxTmp\ravbase\repairmanager.mondcoms
%Temp%\RsdSfxTmp\ravbase\rspalvd.dll
%Temp%\RsdSfxTmp\ravconfig\mergexml.dll
%Temp%\RsdSfxTmp\ravdefdb\mondef.dll
%Temp%\RsdSfxTmp\ravdefdb\rsmon.db1
%Temp%\RsdSfxTmp\ravdefdb\rsuser.db1
%Temp%\RsdSfxTmp\ravlog\rslog.dll
%Temp%\RsdSfxTmp\ravmaindui\rsmain.dll
%Temp%\RsdSfxTmp\ravmaindui\rsmain.exe
%Temp%\RsdSfxTmp\ravxp\ravxp.exe
%Temp%\RsdSfxTmp\RsAppMgr.dll
%Temp%\RsdSfxTmp\RsBackup.exe
%Temp%\RsdSfxTmp\rscfg\rscfg.dll
%Temp%\RsdSfxTmp\rscomm\cnt08.dll
%Temp%\RsdSfxTmp\rscomm\cnt09.dll
%Temp%\RsdSfxTmp\rscomm\moncom08.dll
%Temp%\RsdSfxTmp\rscomm\Proccom.dll
%Temp%\RsdSfxTmp\rscomm\Proccomm.dll
%Temp%\RsdSfxTmp\rscomm\RsBaseNetWrapper.dll
%Temp%\RsdSfxTmp\rscomm\rscommx2.dll
%Temp%\RsdSfxTmp\rscomm\rssqlite.dll
%Temp%\RsdSfxTmp\rscomm\syslay.dll
%Temp%\RsdSfxTmp\RSD1252\Eng.lag
%Temp%\RsdSfxTmp\RSD932\Jpn.lag
%Temp%\RsdSfxTmp\RSD936\CHS.lag
%Temp%\RsdSfxTmp\RSD950\CHT.lag
%Temp%\RsdSfxTmp\rsdinfo.dll
%Temp%\RsdSfxTmp\rsdk\comx3.dll
%Temp%\RsdSfxTmp\rsdk\dfw.dll
%Temp%\RsdSfxTmp\rsdk\procenv.dll
%Temp%\RsdSfxTmp\rsdk\rscom.dll
%Temp%\RsdSfxTmp\rsdk\rsxml3a.dll
%Temp%\RsdSfxTmp\rsdk\rsxml3w.dll
%Temp%\RsdSfxTmp\rsdk\traywnd.dll
%Temp%\RsdSfxTmp\rsdk.dll
%Temp%\RsdSfxTmp\rslang.dll
%Temp%\RsdSfxTmp\rsmginfo.dll
%Temp%\RsdSfxTmp\RsMgrSvc.exe
%Temp%\RsdSfxTmp\rsmondef\adefmon.mond
%Temp%\RsdSfxTmp\rsmondef\antipromotionmon.dll
%Temp%\RsdSfxTmp\rsmondef\bacore.dll
%Temp%\RsdSfxTmp\rsmondef\bawhite.dll
%Temp%\RsdSfxTmp\rsmondef\defmon.dll
%Temp%\RsdSfxTmp\rsmondef\monrule.dll
%Temp%\RsdSfxTmp\rsmondef\selfmon.dll
%Temp%\RsdSfxTmp\rsmondef\x64\adefmon.mond
%Temp%\RsdSfxTmp\RsStub.exe
%Temp%\RsdSfxTmp\RstoreDll.dll
%Temp%\RsdSfxTmp\setup.dll
%Temp%\RsdSfxTmp\syslay.dll
%Temp%\RsdSfxTmp\updater.exe

Detected by UnHackMe:

RSTOREDLL.DLL
Default location: %PROGRAM FILES%\RISING\RSD\BACKUP\RSD\RSSETUP\RSTOREDLL.DLL

Dropper information:
MD5: 6ec0c6593ebb0727aa0a36828b7116cc
File size: 4686400 bytes

Leave a Reply