NvRaser.dll - Mystery File ...
So last night my computer ALMOST got slammed with a trojan pretty hard. I started seeing alerts come up from Norton Internet Security that a Trojan was blocked, and then 10 seconds later another such alert came up... My normal procedure when this starts to happen is to immediately cut the power to my computer, reboot into Safe Mode and run a full system virus scan.
Lo and behold Norton found an infected file, and required a reboot to complete the repair. So between the system scan, a reboot for Norton, and a second reboot for ChkDisk, it took several hours to finish.
Upon going back into Windows everything (for the most part) seemed to be running well. I did, however, notice a strange entry in the startup area of the registry that just would not go away. As soon as I deleted it, it would reappear. I wish I had written the entry down, but as far as I can remember it was calling 'rundll32.exe c:\windows\nvraser.dll /startup' ... To get rid of this I simply terminated the rundll32.exe process and then purged the registry entry. There were also numerous files created in the Temp folder of Local Settings, all around the time of the infection. I killed all of them.
So I am happy to say that I dodged a major bullet LOL. Now all that remains is a mystery DLL file which I renamed and hijacked to my Desktop for further inspection. What baffles me is that there appears to be ZERO information anywhere about NvRaser.dll. I tried Google, Bing, Yahoo, and none of them return any results! WTF ??!
I used PE Explorer's disassembler to see if I could get any clues as to the use of this file, but unfortunately am quite inexperienced at the bit level machine language. Here are some (extremely vague) clues:
; Imports from KERNEL32.dll
; Imports from msvcrt.dll
; Imports from user32.dll
; Imports from winmm.dll
; Imports from ole32.dll
; Imports from SHLWAPI.dll
I think I might need to defer to my good friend and Computer Forensics Expert to see if any other clues can be found. My guess at this point is that NvRaser.dll was to be referenced by one of the malicious (randomly named) executable files residing in the Temp folder, or the infected file in the Windows directory.
I am archiving this mystery file, so if anybody wants a copy just let me know and I'll be happy to send it over!