I have come accross "sofofuhi.dll" in my win32 subdirectory. Avast can't seem to get rid of it. VirusTotal reports the following - some kind of Trojan:
Antivirus Version Last Update Result
AhnLab-V3 2008.12.2.2 2008.12.02 -
AntiVir 7.9.0.36 2008.12.02 -
Authentium 5.1.0.4 2008.12.02 -
Avast 4.8.1281.0 2008.12.02 -
AVG 8.0.0.199 2008.12.02 -
BitDefender 7.2 2008.12.02 -
CAT-QuickHeal 10.00 2008.12.02 -
ClamAV 0.94.1 2008.12.02 -
DrWeb 4.44.0.09170 2008.12.02 Trojan.Virtumod.1459
eSafe 7.0.17.0 2008.12.02 Suspicious File
eTrust-Vet 31.6.6239 2008.12.02 -
Ewido 4.0 2008.12.02 -
F-Prot 4.4.4.56 2008.12.01 -
F-Secure 8.0.14332.0 2008.12.02 -
Fortinet 3.117.0.0 2008.12.02 -
GData 19 2008.12.02 -
Ikarus T3.1.1.45.0 2008.12.02 -
K7AntiVirus 7.10.540 2008.12.02 -
Kaspersky 7.0.0.125 2008.12.02 -
McAfee 5451 2008.12.01 -
McAfee+Artemis 5451 2008.12.01 -
Microsoft 1.4104 2008.12.02 -
NOD32 3658 2008.12.02 -
Norman 5.80.02 2008.12.02 -
Panda 9.0.0.4 2008.12.02 -
PCTools 4.4.2.0 2008.12.02 -
Prevx1 V2 2008.12.02 -
Rising 21.06.12.00 2008.12.02 Trojan.Win32.VUNDO.bvp
SecureWeb-Gateway 6.7.6 2008.12.02 Win32.Malware.gen!92 (suspicious)
Sophos 4.36.0 2008.12.02 -
Sunbelt 3.1.1832.2 2008.12.01 -
Symantec 10 2008.12.02 -
TheHacker 6.3.1.2.171 2008.12.02 -
TrendMicro 8.700.0.1004 2008.12.02 -
VBA32 3.12.8.10 2008.12.02 -
ViRobot 2008.12.2.1496 2008.12.02 -
VirusBuster 4.5.11.0 2008.12.01 -
Additional information
File size: 93236 bytes
MD5...: 0e5d0d0319fa80415718bc589d494b0d
SHA1..: 1412aa281591336ced5aa245f2bc5428a5862d3c
SHA256: 09d989a9a6f043aa5db058dd0b7e161ea84aad481c4e11f9949de7252b7930c5
SHA512: 6faf4e1e126a4e0863126d61aa1b382e925d02d99d1be0176d29de2f4cf5dfc1
cfd416ce49d132c1b0376f8f6943ba827a52d5ebdbd35da9e7107fc03dc98744
ssdeep: 1536:4B/2GtUbh1cMjSIJtURZwG0SaEX/EIlaQNPcjGbnv7IO:O2zUayZx83QNpv
MO
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x10001067
timedatestamp.....: 0x0 (Thu Jan 01 00:00:00 1970)
machinetype.......: 0x14c (I386)
( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
CODE 0x1000 0x51d2 0x5200 7.92 3ec2d1c3c80a1f7de4e4ff2cc5904a64
.rdata 0x7000 0x52d4 0x5400 7.85 f337639ad381495417ede5b268f5db8b
.data 0xd000 0xb7ff 0xb400 7.99 fd1220e078663fa2f7daf6a4e8728906
.rsrc 0x19000 0x489 0x600 2.67 83b220b4281def97f43a351a012a9e2b
.reloc 0x1a000 0x7954 0x800 0.77 848ac8f4412a072219c2896a1630cc56
( 4 imports )
> user32.dll: ToAscii, RegisterClassW, MessageBoxW, MessageBeep, GetMessageW, DispatchMessageW
> KERNEL32.dll: HeapDestroy, SetFilePointer, SetEnvironmentVariableW, GetStdHandle, GetExitCodeProcess, FlushFileBuffers, CloseHandle, ExitProcess
> advapi32.dll: RegOpenKeyExW, RegQueryValueExW, RegCloseKey, RegEnumValueW
> comdlg32.dll: GetOpenFileNameW, GetFileTitleW
( 0 exports )