SOSOTOOLBARSETUP.EXE – Unclassified Malware

Unclassified No Comments

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Download UnHackMe
Fully Functional 30-day Trial. No credit card is required. Reviews. EULA. Privacy Policy.

SOSOTOOLBARSETUP.EXE – Unclassified Malware removal

SOSOTOOLBARSETUP.EXE size: 2124800 bytes
SOSOTOOLBARSETUP.EXE hash: 5C20FB3FEF8A68D7D61708CD7B9DFB0E

Created files:

%Program Files%\Tencent\barupdate\TBUpdate.exe
%Program Files%\Tencent\QQToolbar\IEBar.dll
%Program Files%\Tencent\QQToolbar\Installer\Gadget.exe
%Program Files%\Tencent\QQToolbar\Installer\GoldCoin\GoldCoin.dll
%Program Files%\Tencent\QQToolbar\Installer\Kuaibo\Kuaibo.dll
%Program Files%\Tencent\QQToolbar\Installer\PopWindowLib.dll
%Program Files%\Tencent\QQToolbar\Installer\PrScrn\PrScrn.dll
%Program Files%\Tencent\QQToolbar\Installer\QQMail\QQMail.dll
%Program Files%\Tencent\QQToolbar\Installer\Qzone\Qzone.dll
%Program Files%\Tencent\QQToolbar\Installer\Shuqian\Shuqian.dll
%Program Files%\Tencent\QQToolbar\Installer\SideBar.dll
%Program Files%\Tencent\QQToolbar\Installer\SOSOToolbarSetup.exe
%Program Files%\Tencent\QQToolbar\Installer\TBAddr.dll
%Program Files%\Tencent\QQToolbar\Installer\TBProxy.dll
%Program Files%\Tencent\QQToolbar\Installer\tbspeed.dll
%Program Files%\Tencent\QQToolbar\Installer\ToolBar.dll
%Program Files%\Tencent\QQToolbar\SOSOToolbarUninst.exe
%Program Files%\Tencent\QQToolbar\TBBroker.exe
%Common Startmenu%\Programs\Fixed_Directory_Name\UnicodeFile.bin
%Common Startmenu%\Programs\Fixed_Directory_Name\UnicodeFile_1.bin
%Common Startmenu%\Programs\Fixed_Directory_Name\UnicodeFile_2.bin
%Common Startmenu%\Programs\Fixed_Directory_Name\Fixed_Directory_Name\UnicodeFile.bin
%Common Startmenu%\Programs\Fixed_Directory_Name\Fixed_Directory_Name\UnicodeFile_1.bin
%Common Startmenu%\Programs\Fixed_Directory_Name\Fixed_Directory_Name\UnicodeFile_2.bin
%AppData%\TENCENT\QQToolbar\btns\GoldCoin\GoldCoin.dll
%AppData%\TENCENT\QQToolbar\btns\Kuaibo\Kuaibo.dll
%AppData%\TENCENT\QQToolbar\btns\PrScrn\PrScrn.dll
%AppData%\TENCENT\QQToolbar\btns\QQMail\QQMail.dll
%AppData%\TENCENT\QQToolbar\btns\Qzone\Qzone.dll
%AppData%\TENCENT\QQToolbar\btns\Shuqian\Shuqian.dll
%AppData%\TENCENT\QQToolbar\dlls\Gadget.exe
%AppData%\TENCENT\QQToolbar\dlls\PopWindowLib.dll
%AppData%\TENCENT\QQToolbar\dlls\SideBar.dll
%AppData%\TENCENT\QQToolbar\dlls\TBAddr.dll
%AppData%\TENCENT\QQToolbar\dlls\TBProxy.dll
%AppData%\TENCENT\QQToolbar\dlls\tbspeed.dll
%AppData%\TENCENT\QQToolbar\dlls\ToolBar.dll
%Temp%\sb2c
%Temp%\_tb_1404889567\Gadget.exe
%Temp%\_tb_1404889567\GoldCoin\GoldCoin.dll
%Temp%\_tb_1404889567\IEBar.dll
%Temp%\_tb_1404889567\Kuaibo\Kuaibo.dll
%Temp%\_tb_1404889567\PopWindowLib.dll
%Temp%\_tb_1404889567\PrScrn\PrScrn.dll
%Temp%\_tb_1404889567\QQMail\QQMail.dll
%Temp%\_tb_1404889567\Qzone\Qzone.dll
%Temp%\_tb_1404889567\Shuqian\Shuqian.dll
%Temp%\_tb_1404889567\SideBar.dll
%Temp%\_tb_1404889567\SOSOToolbarUninst.exe
%Temp%\_tb_1404889567\TBAddr.dll
%Temp%\_tb_1404889567\TBBroker.exe
%Temp%\_tb_1404889567\TBProxy.dll
%Temp%\_tb_1404889567\tbspeed.dll
%Temp%\_tb_1404889567\TBUpdate.exe
%Temp%\_tb_1404889567\ToolBar.dll

Autostart registry keys:

HKLM\System\CurrentControlSet\Services\TBUpdate\Type: 10000000
HKLM\System\CurrentControlSet\Services\TBUpdate\Start: 02000000
HKLM\System\CurrentControlSet\Services\TBUpdate\ErrorControl: 01000000
HKLM\System\CurrentControlSet\Services\TBUpdate\DisplayName: Tencent Toolbar Update Service
HKLM\System\CurrentControlSet\Services\TBUpdate\ImagePath: %Program Files%\Tencent\barupdate\TBUpdate.exe /service

Detected by UnHackMe:

SOSOTOOLBARSETUP.EXE
Default location: %PROGRAM FILES%\TENCENT\QQTOOLBAR\INSTALLER\SOSOTOOLBARSETUP.EXE

Dropper information:
MD5: 5c20fb3fef8a68d7d61708cd7b9dfb0e
File size: 2124800 bytes

Leave a Reply

Privacy Policy      Terms and Conditions

Thank you for theme by IdeaBox       Credits: Thank you to www.icons8.com for Icons and Images