We received the file NTREDIRECT.DLL and detected that NTREDIRECT.DLL is not good.
NTREDIRECT.DLL is Adware. You should remove the file NTREDIRECT.DLL.
Kill the process NTREDIRECT.DLL and remove NTREDIRECT.DLL from Windows.
Malware Analysis of NTREDIRECT.DLL
Full path on a computer: %Appdata%\BabSolution\Shared\NTRedirect.dll
Detected by UnHackMe:
NTREDIRECT.DLL
Default location: %Appdata%\BabSolution\Shared\NTRedirect.dll
Removal Results: Success
Number of reboot: 1
NTREDIRECT.DLL is known as:
Adware.Babylon.A, Trojan.Agent
NTREDIRECT.DLL hash:
- MD5: 2e1d99d838a2e104186954705f467317
The file tries to connect to the dangerous web site.
How to quickly detect NTREDIRECT.DLL presence?
![]( "Registry")
Registry:
![]( "Folders")
Folders:
![]( "Files")
Files:
Registry:- HKLM\Software\Classes\CLSID\{2C141B4C-B5BA-4E89-BE73-F71ED4A208CF}\InprocServer32\: “%Program Files%\mixidj\mixidj\1.8.18.8\mixidjApp.dll”
- HKLM\Software\Classes\CLSID\{4D6A9BBF-402C-4301-B1EF-28D04F71D761}\InprocServer32\: “%Program Files%\mixidj\mixidj\1.8.18.8\bh\mixidj.dll”
- HKLM\Software\Classes\CLSID\{C3F978C3-0594-4397-B8E6-3F9D9BE6A7B9}\InprocServer32\: “%Program Files%\mixidj\mixidj\1.8.18.8\bh\mixidj.dll”
- HKLM\Software\Classes\CLSID\{CA9B9C89-4662-4ADC-9C23-A452BECD5D19}\InprocServer32\: “%Program Files%\mixidj\mixidj\1.8.18.8\mixidjTlbr.dll”
- HKLM\Software\Classes\CLSID\{F9221CC8-22DF-4CEF-B8ED-BA87F1F09878}\InprocServer32\: “%Program Files%\mixidj\mixidj\1.8.18.8\mixidjEng.dll”
- HKLM\System\CurrentControlSet\Services\BrowserDefendert\ImagePath: “%Common Appdata%\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe”
- HKLM\System\CurrentControlSet\Services\DefaultTabSearch\ImagePath: “%Program Files%\DefaultTab\DefaultTabSearch.exe”
- HKLM\System\CurrentControlSet\Services\RemoteEngineService\ImagePath: “%Program Files%\VuuPC\remoteengine.exe”
- HKLM\System\CurrentControlSet\Services\VuuPCConnectivity\ImagePath: “%Program Files%\VuuPC\Connectivity.exe”
- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\NTRedirect: “%SysDir%\rundll32.exe “%Appdata%\BabSolution\Shared\NTRedirect.dll”,Run”
- HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs: “c:\docume~1\alluse~1\applic~1\browse~1\261562~1.220\{c16c1~1\browse~1.dll ”
Folders:- %Appdata%\Mozilla\Firefox\Profiles\gi17c3pt.default\extensions\ffxtlbr@babylon.com
- %Appdata%\BabSolution
- %Appdata%\mixidj
- %Local Appdata%\Google\Chrome\User Data\Default\extensions\kdidombaedgpfiiedeimiebkmbilgmlc
- %Local Appdata%\avgchrome
- %Programs%\BrowserDefender
- %Programs%\VuuPC
- %Common Appdata%\Babylon
- %Common Appdata%\BrowserDefender
- %Program Files%\Mozilla Firefox\Extensions
- %Program Files%\DefaultTab
- %Program Files%\mixidj
- %Program Files%\VuuPC
Files:- %Appdata%\BabSolution\Shared\BabMaint.exe
- %Appdata%\BabSolution\Shared\BUSolution.dll
- %Appdata%\BabSolution\Shared\MixiDJ.ico
- %Appdata%\BabSolution\Shared\NTRedirect.dll