The file NOSAFEMODE.DLL can destroy your system, thus making the computer to work abnormally.
NOSAFEMODE.DLL is a dangerous file.
Remove NOSAFEMODE.DLL from your computer immediately.
Kill the process NOSAFEMODE.DLL and remove NOSAFEMODE.DLL from the Windows startup.
Malware Analysis of NOSAFEMODE.DLL
Full path on a computer: %SysDir%\NoSafeMode.dll
Detected by UnHackMe:
NOSAFEMODE.DLL
Default location: %SysDir%\NoSafeMode.dll
Removal Results: Success
Number of reboot: 1
NOSAFEMODE.DLL is known as:
Trojan.Mbro.fki, Trojan.Mbro.HsR18LNH1GA, Trojan.A.Mbro.51926[UPX], Tool.SafeModeDisabler.1, TR.Ransom.Mbro.fki, Trojan.MBro.jcg, Hoax.MBro, Win32.NoSafeMode.A
NOSAFEMODE.DLL hash:
- MD5: 6bb3bca23fdff5b013863d8423267251
How to quickly detect NOSAFEMODE.DLL presence?
![]( "Registry")
Registry:
![]( "Folders")
Folders:
![]( "Files")
Files:
Registry:- HKLM\Software\Microsoft\Windows\CurrentVersion\Run\svchost: “C:\abwvrpcm\svchost.exe”
- HKLM\System\CurrentControlSet\Services\NIaSvc\ImagePath: “%SysDir%\svschost.exe”
- HKLM\System\CurrentControlSet\Services\NIaSvc\DisplayName: “Network Locatlon Awareness”
- HKLM\System\CurrentControlSet\Services\NIaSvc\ObjectName: “LocalSystem”
- HKLM\System\CurrentControlSet\Services\NIaSvc\Description: “Collects and stores configuration information for the network and notifies programs when this information is modified. If this service is stopped, configuration information might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to starts.”
Folders:- C:\Documents and Settings\LocalService\Application Data\WinRAR
- C:\abwvrpcm
- C:\plbbqirj
- C:\ProgramData
- C:\ProgramData\cbojrhub
- C:\ProgramData\kxhafmyp
- C:\ProgramData\rkbttpwo
- C:\ProgramData\stppthmain
- C:\ProgramData\tklidtjy
Files:- %Common Desktopdirectory%\omixdmvn.txt
- %Common Desktopdirectory%\whrryggn.bat
- %SysDir%\cfwin32.dll
- %SysDir%\csrss32.dll
- %SysDir%\csrss64.dll
- %SysDir%\default2.sfx
- %SysDir%\NoSafeMode.dll
- %SysDir%\nsf.exe
- %SysDir%\sdelete.dll
- %SysDir%\svschost.exe
- C:\abwvrpcm\svchost.exe
- C:\plbbqirj\dc.exe
- C:\ProgramData\cbojrhub\svchost.exe
- C:\ProgramData\kxhafmyp\svchost.exe
- C:\ProgramData\rkbttpwo\nprkyfbl.dlls
- C:\ProgramData\rkbttpwo\qqcrwxmn.dlls
- C:\ProgramData\stppthmain\stppthmain.dll
- C:\ProgramData\tklidtjy\eifiodcn.dll
- C:\ProgramData\tklidtjy\eifiodcn.dll.dlls
- C:\ProgramData\tklidtjy\xwhljjdr.dll