Solved! Use IBM00001.EXE (Trojan Sinowal) Removal Guide

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Download UnHackMe
Fully Functional 30-day Trial. No credit card is required. Reviews. EULA. Privacy Policy.

IBM00001.EXE – Trojan Sinowal removal

File MD5 Virus Alias
IBM00001.EXE 299a7720ee0d8f591bf083e64dadf2f3 Trojan Sinowal
IBM00001.EXE 299a7720ee0d8f591bf083e64dadf2f3 Trojan Generic
IBM00001.EXE 299a7720ee0d8f591bf083e64dadf2f3 Trojan ZBot

IBM00001.EXE size: 1024 bytes
IBM00001.EXE hash: 299A7720EE0D8F591BF083E64DADF2F3

Created files:

%Program Files Common%\Microsoft Shared\Web Folders\ibm00001.dll
%Program Files Common%\Microsoft Shared\Web Folders\ibm00001.exe
%Program Files Common%\Microsoft Shared\Web Folders\ibm00002.dll
%Program Files Common%\Microsoft Shared\Web Folders\ibm00003.exe

Autostart registry keys:

HKLM\Software\Microsoft\Windows NT\CurrentVersion\WinLogon\shell: explorer.exe “%Program Files Common%\Microsoft Shared\Web Folders\ibm00001.exe”
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\shell: “%Program Files Common%\Microsoft Shared\Web Folders\ibm00001.exe”

Detected by UnHackMe:

IBM00001.EXE
Default location: %PROGRAM FILES COMMON%\MICROSOFT SHARED\WEB FOLDERS\IBM00001.EXE

Dropper information:
MD5: 033ea9b29300d8616514c090906ad1c3
File size: 151040 bytes

Leave a Reply