Solved! Use RUNDLL32MGR.EXE (Worm AMN) Removal Guide

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Free Download
Fully Functional 30-day Trial. No credit card is required.
Reviews
. EULA. Privacy Policy. Uninstall.

RUNDLL32MGR.EXE – Worm AMN removal

FileMD5Virus Alias
RUNDLL32MGR.EXE 0e0f0ae845d89c22bb6385f64a6b85fd Worm AMN
RUNDLL32MGR.EXE 0e0f0ae845d89c22bb6385f64a6b85fd Trojan SuspiciousFile
RUNDLL32MGR.EXE 0e0f0ae845d89c22bb6385f64a6b85fd Trojan XPACK
RUNDLL32MGR.EXE 0e0f0ae845d89c22bb6385f64a6b85fd Trojan Generic
RUNDLL32MGR.EXE 0e0f0ae845d89c22bb6385f64a6b85fd Trojan Eldorado
RUNDLL32MGR.EXE 0e0f0ae845d89c22bb6385f64a6b85fd Trojan Krap

RUNDLL32MGR.EXE size: 61357 bytes
RUNDLL32MGR.EXE hash: 0E0F0AE845D89C22BB6385F64A6B85FD

Created files:

%Program Files%\Microsoft\WaterMark.exe
%SysDir%\rundll32mgr.exe
%Common AppData%\Apple Computer\Installer Cache\Safari 5.34.52.7\SetupAdmin.exe
%Local AppData%\Google\Chrome\Application\17.0.963.79\avcodec-53.dll
%Local AppData%\Google\Chrome\Application\17.0.963.79\avformat-53.dll
%Local AppData%\Google\Chrome\Application\17.0.963.79\avutil-51.dll
%Local AppData%\Google\Chrome\Application\17.0.963.79\chrome.dll
%Local AppData%\Google\Chrome\Application\17.0.963.79\chrome_frame_helper.dll
%Local AppData%\Google\Chrome\Application\17.0.963.79\chrome_frame_helper.exe
%Local AppData%\Google\Chrome\Application\17.0.963.79\chrome_launcher.exe
%Local AppData%\Google\Chrome\Application\17.0.963.79\d3dcompiler_43.dll
%Local AppData%\Google\Chrome\Application\17.0.963.79\d3dx9_43.dll

Autostart registry keys:

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit: c:\windows\System32\userinit.exe,,c:\program files\Microsoft\watermark.exe

Detected by UnHackMe:

RUNDLL32MGR.EXE
Default location: %SYSDIR%\RUNDLL32MGR.EXE

Dropper information:
MD5: a348d3f377362fd221b9fe2712a496f8
File size: 1786254 bytes

Leave a Reply