Solved! Use IBM00003.EXE (Trojan Sinowal) Removal Guide

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Free Download
Fully Functional 30-day Trial. No credit card is required.
Reviews
. EULA. Privacy Policy. Uninstall.

IBM00003.EXE – Trojan Sinowal removal

FileMD5Virus Alias
IBM00003.EXE 4ff6b529dac13c65a753c7c8df2f2e8b Trojan Sinowal
IBM00003.EXE 4ff6b529dac13c65a753c7c8df2f2e8b Trojan Artemis
IBM00003.EXE 4ff6b529dac13c65a753c7c8df2f2e8b Trojan Generic
IBM00003.EXE 4ff6b529dac13c65a753c7c8df2f2e8b Trojan Graftor

IBM00003.EXE size: 10240 bytes
IBM00003.EXE hash: 4FF6B529DAC13C65A753C7C8DF2F2E8B

Created files:

%Program Files Common%\Microsoft Shared\Web Folders\ibm00001.dll
%Program Files Common%\Microsoft Shared\Web Folders\ibm00001.exe
%Program Files Common%\Microsoft Shared\Web Folders\ibm00002.dll
%Program Files Common%\Microsoft Shared\Web Folders\ibm00003.exe

Autostart registry keys:

HKLM\Software\Microsoft\Windows NT\CurrentVersion\WinLogon\shell: explorer.exe “%Program Files Common%\Microsoft Shared\Web Folders\ibm00001.exe”
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\shell: “%Program Files Common%\Microsoft Shared\Web Folders\ibm00001.exe”

Detected by UnHackMe:

IBM00003.EXE
Default location: %PROGRAM FILES COMMON%\MICROSOFT SHARED\WEB FOLDERS\IBM00003.EXE

Dropper information:
MD5: 033ea9b29300d8616514c090906ad1c3
File size: 151040 bytes

Leave a Reply