IBSetup.exe – Trojan Downloader.Generic

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Download UnHackMe
Fully Functional 30-day Trial. No credit card is required. Reviews. EULA. Privacy Policy.

IBSetup.exe – Trojan Downloader.Generic removal

File Virus Alias
IBSetup.exe Trojan Downloader.Generic
IBSetup.exe Trojan Agent
IBSetup.exe Trojan Siggen

Created files:

%Program Files%\Instant Buzz\IBBar.dll – Trojan Downloader.Generic
%Program Files%\Instant Buzz\IBDaemon.exe – Trojan Downloader.Generic
%Program Files%\Instant Buzz\IBMH.dll – Trojan Downloader.Generic
%Program Files%\Instant Buzz\IBSetup.exe – Trojan Downloader.Generic

Autostart registry keys:

HKLM\Software\Classes\CLSID\{7475D3FD-5D85-49DB-8B9B-6968467B2D80}\InprocServer32 : C:\PROGRA~1\INSTAN~1\IBBar.dll
HKLM\Software\Classes\CLSID\{B8D60EBB-5565-4392-957B-7164BA087AD4}\InprocServer32 : C:\PROGRA~1\INSTAN~1\IBBar.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Instant Buzz Daemon: %Program Files%\Instant Buzz\IBDaemon.exe
HKLM\System\CurrentControlSet\Services\mchInjDrv\Type: 01000000
HKLM\System\CurrentControlSet\Services\mchInjDrv\Start: 04000000
HKLM\System\CurrentControlSet\Services\mchInjDrv\ImagePath: \??\%Temp%\mc2168.tmp
HKLM\System\CurrentControlSet\Services\mchInjDrv\DeleteFlag: 01000000

Detected by UnHackMe:

IBSetup.exe
Default location: %Program Files%\Instant Buzz\IBSetup.exe

Dropper information:
SHA256: db551d710e420572e1f124fdece90cc71910482afcc6b57a9011c72c67784860
SHA1: 744c7361c4bffd71c996db62b2e0ce6b02399997
MD5: bfd9fcf7854449f1ef52ece49d1fde51
File size: 995363 bytes

Leave a Reply