Solved! Use MV2.DLL (Unclassified Malware) Removal Guide

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Free Download
Fully Functional 30-day Trial. No credit card is required.
Reviews
. EULA. Privacy Policy. Uninstall.

MV2.DLL – Unclassified Malware removal

MV2.DLL size: 24680 bytes
MV2.DLL hash: 1C77E76A6C8DCD0482883C4748F6B481

Created files:

%WinDir%\HMZ\authadmin.dll
%WinDir%\HMZ\authSSP.dll
%WinDir%\HMZ\check_install.exe
%WinDir%\HMZ\driver\driver\mv2.dll
%WinDir%\HMZ\driver\driver\mv2.sys
%WinDir%\HMZ\driver\setupdrv.exe
%WinDir%\HMZ\ldapauth.dll
%WinDir%\HMZ\ldapauth9x.dll
%WinDir%\HMZ\ldapauthnt4.dll
%WinDir%\HMZ\logging.dll
%WinDir%\HMZ\logmessages.dll
%WinDir%\HMZ\MSLogonACL.exe
%WinDir%\HMZ\MSRC4Plugin_for_sc.dsm
%WinDir%\HMZ\SCHook.dll
%WinDir%\HMZ\SecureVNCPlugin.dsm
%WinDir%\HMZ\setcad.exe
%WinDir%\HMZ\setpasswd.exe
%WinDir%\HMZ\unins000.msg
%WinDir%\HMZ\uvnc_settings.exe
%WinDir%\HMZ\vnchooks.dll
%WinDir%\HMZ\winvnc.exe
%WinDir%\HMZ\workgrpdomnt4.dll

Autostart registry keys:

HKLM\System\CurrentControlSet\Services\/windows/hmz/die\Type: 10000000
HKLM\System\CurrentControlSet\Services\/windows/hmz/die\Start: 02000000
HKLM\System\CurrentControlSet\Services\/windows/hmz/die\ErrorControl: 01000000
HKLM\System\CurrentControlSet\Services\/windows/hmz/die\DisplayName: /windows/hmz/die
HKLM\System\CurrentControlSet\Services\/windows/hmz/die\ImagePath: “%WinDir%\HMZ\winvnc.exe” -service
HKLM\System\CurrentControlSet\Services\/windows/hmz/die\Description: Provides secure remote desktop sharing

Detected by UnHackMe:

MV2.DLL
Default location: %WinDir%\HMZ\DRIVER\DRIVER\MV2.DLL

Dropper information:
MD5: 62b0a04c4fe9bf3ea2bbe155e9534510
File size: 1492351 bytes

Leave a Reply