C:\WINDOWS\ausctv32a.dll
Malware March 18th, 2008A new Files Secure trojan is present. Below is the files and registry entries it creates. This trojan hijacks your search engine hits and recommends you purchase Files Secure. Removal instructions below.
C:\WINDOWS\ausctv32a.dll
HKLM\SOFTWARE\Classes\AppID\{CE0487CA-8B02-431E-BA63-D38844E020B5}
HKLM\SOFTWARE\Classes\AppID\ausctv32a.dll
HKLM\SOFTWARE\Classes\ausctv32a.Video
HKLM\SOFTWARE\Classes\CLSID\{CE0487CA-8B02-431E-BA63-D38844E020B5}
HKLM\SOFTWARE\Classes\Interface\{48D78BE5-CFB9-4B66-9AC4-96D4CF21DE06}
HKLM\SOFTWARE\Classes\TypeLib\{74D46BBA-5638-473A-83B6-97E7804A7411}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CE0487CA-8B02-431E-BA63-D38844E020B5}
We have provided removal instructions for anybody unfortunate to have been infected by this trojan or Files Secure.
March 21st, 2008 at 6:01 pm
I am an IT manager and a user reported pop-ups and web redirects, and we found the ausctv32a.dll file as you describe. We cleaned out the registry. He claimed the problems started after watching Obama’s recent speech on YouTube. We found RealPlayer had been installed, which he claimed he never downloaded. We removed RealPlayer, rebooted, and he appears to be clean.
March 21st, 2008 at 6:03 pm
Good to hear you got it resolved. Feel free to run MBAM to verify everything is in order. If you have any more information, do not hestiate to contact me.