RLLS.DLL

Cloaked Malware

Your PC is infected. The file called RLLS.DLL is considered unsafe and there may be other infections on your PC.

You should urgently check your PC and remove any malicious software including RLLS.DLL as soon as possible. The free version of Prevx will scan your PC for millions of spyware and malware infections in less than 2 minutes. Don't put your confidential data, or your identity at risk, check your PC now with Prevx.

Download Prevx 3.0 »

Associated Malware Groups

The filename is associated with the malware groups:

Cloaked Malware
Malicious Software

File Behavior

RLLS.DLL has been seen to perform the following behavior:

The Process is polymorphic and can change its structure
Adds a Registry Key (RUN) to auto start Programs on system start up
Adds a Registry Key (RUNONCE) to auto start Programs on system start up
Adds a Winlogon Notification DLL to automatically load on system start up
Found on infected systems and resists interrogation by security products
Uses low level functions to hide itself from the user and from system/security processes

RLLS.DLL has been the subject of the following behavior:

Deleted as a process from disk
Created as a process on disk
Registered as a Dynamic Link Library File
The process is hooked into all running processes which could allow it to take control of the system or record keyboard input, mouse activity and screen contents
Copied to multiple locations on the system
Executed as a Process

Country Of Origin

The filename RLLS.DLL was first seen on May 8 2007 in the following geographical regions of the Prevx community:

The UNITED STATES on May 8 2007
TURKEY on May 8 2007
SWEDEN on Jan 15 2008
The EUROPEAN UNION on Apr 3 2009

File Name Aliases

RLLS.DLL can also use the following file names:

RLLS.DL_
OPLS.DLL
PMLS.DLL
PRLS.DLL
SRLS.DLL
RLLS(3).DLL
SHLS.DLL.VZR
SHLS.DLL
RLLS(2).DLL
ETLS.DLL
PMLS.DL_
PMLS(2).DLL
RLLS.DLL.REN
OSMIM.DLL
MFEX-1.DAT
TEMP.FR0EB9
RLLS.DLL_TOBEDELETED
RLLS.DLL_TOBEDELETED_OLD

Filesizes

The following file size has been seen:

315,392 bytes
385,024 bytes
307,200 bytes
376,832 bytes
385,664 bytes
344,064 bytes

Vendor, Product and Version Information

Files with the name RLLS.DLL have been seen to have the following Vendor, Product and Version Information in the file header:

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx; xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx; 1.0.54.114 (Build 54.114)
RelevantKnowledge; RelevantKnowledge; 1.0.54.114 (Build 54.114)
RelevantKnowledge; RelevantKnowledge; 3.0.62.71 (Build 62.71)
OpinionSquare; OpinionSquare; 3.0.62.71 (Build 62.71)
PremierOpinion; PremierOpinion; 3.0.62.71 (Build 62.71)
PermissionResearch; PermissionResearch; 3.0.62.71 (Build 62.71)
mySHCCommunity; mySHCCommunity; 3.0.62.71 (Build 62.71)
ShoppersHotlineWired; ShoppersHotlineWired; 3.0.62.71 (Build 62.71)
e-Trends; e-Trends; 3.0.62.71 (Build 62.71)
RelevantKnowledge; RelevantKnowledge; 1.0.54.77 (Build 54.77)
TMRG, Inc.; RelevantKnowledge; 4.0.5.43 (Build 5.43)
TMRG, Inc.; RelevantKnowledge; 4.0.6.38 (Build 6.38)
RelevantKnowledge; RelevantKnowledge; 3.0.58.83 (Build 58.83)
ShoppersHotlineWired; ShoppersHotlineWired; 3.0.58.83 (Build 58.83)
PermissionResearch; PermissionResearch; 3.0.58.83 (Build 58.83)
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx; xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx; 3.0.58.83 (Build 58.83)
OpinionSquare; OpinionSquare; 3.0.58.83 (Build 58.83)
e-Trends; e-Trends; 3.0.58.83 (Build 58.83)
mySHCCommunity; mySHCCommunity; 3.0.58.83 (Build 58.83)
RelevantKnowledge; RelevantKnowledge; �

File Type

The filename RLLS.DLL refers to many versions of a dynamic link library.

Virus, Spyware & Malware Center »