Adware Hebogo – MSINET.OCX – 6f83cf0bef450d6221e298664c24f6ec

Adware Hebogo
Also known as: Virus Part
SHA256: c0bcbd4564e5e9ab64dab2e89b6bf0e59c024935c6406e48d7101ed020e778f5
SHA1: 7ef52468cd7ec99755d6a79718754625fe6b31f9
MD5: 6f83cf0bef450d6221e298664c24f6ec
File size: 867504 bytes

Created files:

%SysDir%\MSINET.OCX – Adware Hebogo
%SysDir%\VB6KO.DLL – Adware Hebogo
%AppData%\GuardSupport\Conv.exe – Adware Hebogo
%AppData%\GuardSupport\GuardConvert.exe – Adware Hebogo
%AppData%\GuardSupport\GuardSupport.exe – Adware Hebogo
%AppData%\GuardSupport\Uninstall\Uninstall.exe – Adware Hebogo
%AppData%\MicroLab\MyEngin\Common\MicroProCon.exe – Adware Hebogo
%AppData%\MicroLab\MyEngin\Common\MicroProProc.exe – Adware Hebogo
%AppData%\MicroLab\MyEngin\Common\Uninstall\Uninstall.exe – Adware Hebogo
%Temp%\_ir_sf_temp_0\irsetup.exe – Adware Hebogo
%Temp%\_ir_sf_temp_1\irsetup.exe – Adware Hebogo

Adware Hebogo created autostart registry keys:

HKLM\Software\Classes\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\InprocServer32 : %WinDir%\System32\MSINET.OCX
HKLM\Software\Classes\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\InprocServer32\ThreadingModel: Apartment
HKLM\Software\Classes\CLSID\{48E59294-9880-11CF-9754-00AA00C00908}\InprocServer32 : %WinDir%\System32\MSINET.OCX
HKLM\Software\Classes\CLSID\{48E59295-9880-11CF-9754-00AA00C00908}\InprocServer32 : %WinDir%\System32\MSINET.OCX
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\MicroLabProc: %AppData%\MicroLab\MyEngin\Common\MicroProProc.exe -checkvalue
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\GuardSupport: %ApplicationDataFolder%\GuardSupport\GuardConvert.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\MicroLabCon: %AppData%\MicroLab\MyEngin\Common\MicroProCon.exe -checkvalue
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\GuardSupport: %AppData%\GuardSupport\GuardConvert.exe /autorun