It is probably legitimate software – LegitLibM.dll – 516e7f0f5a9ffecd09573c71ad626635

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Free Download
Fully Functional 30-day Trial. No credit card is required.
Reviews
. EULA. Privacy Policy. Uninstall.

It is probably legitimate software
SHA256: bb23d445def0d1d5f1f5497dde6ebd96d2588a5ca0a89034ed445f365ef73cbd
SHA1: e40dc8267204436b84e5e79ae62d00bba21bf60b
MD5: 516e7f0f5a9ffecd09573c71ad626635
File size: 25761408 bytes

Created files:

%Temp%\IXP000.TMP\LegitLibM.dll – It is probably legitimate software
%Temp%\IXP000.TMP\mymusic.inf – It is probably legitimate software
%Temp%\IXP000.TMP\setup_wm.exe – It is probably legitimate software
%Temp%\IXP000.TMP\skins.inf – It is probably legitimate software
%Temp%\IXP000.TMP\umdf.exe – It is probably legitimate software
%Temp%\IXP000.TMP\WindowsXP-MSCompPackV1-x86.exe – It is probably legitimate software
%Temp%\IXP000.TMP\wmdbexport.exe – It is probably legitimate software
%Temp%\IXP000.TMP\wmfdist11.exe – It is probably legitimate software
%Temp%\IXP000.TMP\wmp11.exe – It is probably legitimate software
%Temp%\IXP000.TMP\wmpappcompat.exe – It is probably legitimate software

It is probably legitimate software created autostart registry keys:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0: rundll32.exe %WinDir%\System32\advpack.dll,DelNodeRunDLL32 “%Temp%\IXP000.TMP\”

Leave a Reply