Solved! Use MSSIGN30.DLL (Trojan Generic) Removal Guide

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Free Download
Fully Functional 30-day Trial. No credit card is required.
Reviews
. EULA. Privacy Policy. Uninstall.

MSSIGN30.DLL – Trojan Generic removal

FileMD5Virus Alias
MSSIGN30.DLL 7d72bf5a3f74ddeb5a7a384a1f73be80 Trojan Generic
MSSIGN30.DLL 7d72bf5a3f74ddeb5a7a384a1f73be80 Trojan (Suspicious File)
MSSIGN30.DLL 7d72bf5a3f74ddeb5a7a384a1f73be80 Trojan Eldorado

MSSIGN30.DLL size: 53248 bytes
MSSIGN30.DLL hash: 7D72BF5A3F74DDEB5A7A384A1F73BE80

Created files:

C:\13b4a2
%SysDir%\hxdef.exe
%SysDir%\IEXPLORE.EXE
%SysDir%\kernel66.dll
%SysDir%\msjdbc11.dll
%SysDir%\MSSIGN30.DLL
%SysDir%\NetMeeting.exe
%SysDir%\ODBC16.dll
%SysDir%\RAVMOND.exe
%SysDir%\spollsv.exe
D:\13b737
D:\cert\VBoxCertUtil.exe

Autostart registry keys:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Hardware Profile: %WinDir%\System32\hxdef.exeicrosoft Text Frame Work Service IME! ?Q?A~msctfime.imel?S??| ???8???l?3?n? ? c????T? ?U??U?tVn eQl?S??|
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Microsoft NetMeeting Associates, Inc.: NetMeeting.exe\NetMeeting.exeMicrosoft NetMeeting Associates, Inc.dialog box demoDialogboxexe_startgggggg_v10101010WINDOWSrunRAVMOND.exe\win.ini\RAVMOND.exeHardware ProfileSOFTWARE\Microsoft\Windows\CurrentVersion\Run\hxdef.e
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\VFW Encoder/Decoder Settings: RUNDLL32.EXE MSSIGN30.DLL ondll_regws Management Protocol v.0 (experimental)Rundll32.exe msjdbc11.dll ondll_serverRe: %s > Get your FREE %s now! < HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Shell Extension: %WinDir%\System32\spollsv.exe*?A~? D ?s?s??0????D~0?A~????*?A~?B~D ?sp? pP???B~D ?sp? x?f?#} ?#}p? ?#}????4! A~p? ?#} HKLM\System\CurrentControlSet\Services\Windows Management Protocol v.0 (experimental)\Type: 10000000 HKLM\System\CurrentControlSet\Services\Windows Management Protocol v.0 (experimental)\Start: 02000000 HKLM\System\CurrentControlSet\Services\Windows Management Protocol v.0 (experimental)\ErrorControl: 01000000 HKLM\System\CurrentControlSet\Services\Windows Management Protocol v.0 (experimental)\DisplayName: Windows Management Protocol v.0 (experimental) HKLM\System\CurrentControlSet\Services\Windows Management Protocol v.0 (experimental)\ImagePath: Rundll32.exe msjdbc11.dll ondll_server HKLM\System\CurrentControlSet\Services\Windows Management Protocol v.0 (experimental)\Description: Windows Advanced Server. Performs scheduled scans for LANguard. HKLM\System\CurrentControlSet\Services\_reg\Type: 10000000 HKLM\System\CurrentControlSet\Services\_reg\Start: 02000000 HKLM\System\CurrentControlSet\Services\_reg\ErrorControl: 01000000 HKLM\System\CurrentControlSet\Services\_reg\DisplayName: _reg HKLM\System\CurrentControlSet\Services\_reg\ImagePath: Rundll32.exe msjdbc11.dll ondll_server

Detected by UnHackMe:

MSSIGN30.DLL
Default location: %SYSDIR%\MSSIGN30.DLL

Dropper information:
MD5: c5d41ea4e79aef963d7194a361079544
File size: 197632 bytes

Leave a Reply