IWon CoPilot

Description:	Spyware
Risk Level:	Low
Date of First Occurence:	Monday, April 21, 2008
Software Developer:	(unknown)
Brief Info:	Spyware is computer software that is installed surreptitiously on a personal computer to intercept or take partial control over the user's interaction with the computer, without the user's informed consent.
Removal:	This threat can be removed using "Spyware Terminator"

ENTFERNEN SPYWARE »

Geographical Distribution of Threat "IWon CoPilot"

Threat Info

View All

Detected Items

Detected Files: %PROGRAMFILES%\iWon\Messenger\bin\IWONPLAY.EXE MD5: 09FFC7EEE2BCA9E5AE3452A893639C6C Size:122880 %PROGRAMFILES%\iWon\Messenger\bin\IWONMSG.DLL MD5: AA2ADBF1A1FFCD8CF3179172472E3363 Size:360448 %PROGRAMFILES%\iWon\Messenger\bin\IWONHTML.DLL MD5: A5A040E761D2E564EADD99E9F632B66E Size:77824 %PROGRAMFILES%\iWon\Messenger\bin\I1IMPIPE.EXE MD5: 09423CA6FED3CA17A1A3ABCCB3A265DC Size:16384 %PROGRAMFILES%\iWon\Messenger\bin\I1HELPER.EXE MD5: 6FDCB4E610AC1CD61815F5ABDF90FCA4 Size:24576 %PROGRAMFILES%\iWon\Messenger\iMSetup.exe MD5: EE20DB6A8D46FE9DEA51F44DC61D52F6 Size:823296 MD5: 388967B0DE78DDD04834C9C17F7B03D5 Size:533672 %PROGRAMFILES%\iWon\Installr\i1Setup1.exe MD5: FF9E5135CC7AE75D2CA37687C345382F Size:110592 %PROGRAMFILES%\iWon\Installr\1.bin\I1EZSETP.DLL MD5: 619BB05E8B70B22AB1BBD2A7F84408D6 Size:86016 MD5: 13B48C987C45565F0BFF2429FC1E2A03 Size:90112 %PROGRAMFILES%\iWon\SrchAstt\i1SrchSp.exe MD5: D27CC2307F4A6AFB45C44364CBB4E15F Size:90112 %PROGRAMFILES%\iWon\iWonSlot\bin\iWonSlot.dll MD5: 311D362E9EE01543CA5B7F093284383B Size:131072 %PROGRAMFILES%\iWon\iWonSlot\bin\cpltSetp.exe MD5: 9C8CC9A2754D91F666A416AC36EA05B6 Size:319488 %PROGRAMFILES%\iWon\iWonBar\1.bin\IWONBAR.DLL MD5: 53161B143A222A822F6899A9509DC853 Size:139264 MD5: A27E35FBF2E8DEDBCBFAAF9168740F07 Size:241664 %PROGRAMFILES%\iWon\iWonBar\1.bin\IWON2NS.EXE MD5: 3D9FF43C5FF757D0055C43F1BB306D94 Size:24576 %PROGRAMFILES%\iWon\Messenger\2.backup\IWONPLAY.EXE MD5: AB161BF7C3B168835110F62B9E1CEFC4 Size:114688 %PROGRAMFILES%\iWon\Messenger\2.backup\IWONMSG.DLL MD5: 9D7CA4FD4A7D63FF67A399CF76BCF23B Size:360448 %PROGRAMFILES%\iWon\Messenger\2.backup\IWONIDLE.DLL MD5: 864EBF686877608B4E3952136AD50E4E Size:28672 %PROGRAMFILES%\iWon\Messenger\2.backup\IWONHTML.DLL MD5: EA0D7BDC82A77468EF041007A994448B Size:77824 %PROGRAMFILES%\iWon\Messenger\2.backup\I1IMPIPE.EXE MD5: A70D182B00481D1DC3F98CCC2CAB46E4 Size:16384 %PROGRAMFILES%\iWon\Messenger\2.backup\I1HELPER.EXE MD5: 611709559BA673C5B5DCEC78F1054DF5 Size:24576 %PROGRAMFILES%\iWon\iWonBar\3.bin\IWON2NS.EXE MD5: 937462025D9153110DB69368FDD70CE2 Size:24576 %PROGRAMFILES%\iWon\iWonBar\2.bin\IWONBAR.DLL MD5: 8C07DC656F456CECED5066BDE16B2F76 Size:233472 %PROGRAMFILES%\iWon\iWonBar\3.bin\IWONBAR.DLL MD5: 1CC657F139CA917CFCA29DD6369DAB49 Size:233472 %PROGRAMFILES%\iWon\SrchAstt\1.bin\I1SRCHAS.DLL MD5: A1CF0FD4B1459D4B736B83536C34BE08 Size:69632
Detected Files with variable Filenames: MD5: 258D021BFB18BB10AF80DA65198E9D54 Size: 131072 %PROGRAMFILES%\iWon\iWonSlot\1.bin\IWONSLOT.DLL %PROGRAMFILES%\iWon\iWonSlot\6.bin\IWONSLOT.DLL %PROGRAMFILES%\iWon\iWonSlot\5.bin\IWONSLOT.DLL %PROGRAMFILES%\iWon\iWonSlot\2.bin\IWONSLOT.DLL %PROGRAMFILES%\iWon\iWonSlot\3.bin\IWONSLOT.DLL %PROGRAMFILES%\iWon\iWonSlot\3.bin\iwonslot.dll.ren MD5: 0EEAEAD6592CBC1F74D03128422DCF0B Size: 28672 %PROGRAMFILES%\iWon\Messenger\bin\iWonIdle0.dll %PROGRAMFILES%\iWon\Messenger\bin\IWONIDLE.DLL MD5: 1E1D3E23D03A451D03DE7BE6D47BB28C Size: 32768 %PROGRAMFILES%\iWon\iWonBar\4.bin\NPIWON0.DLL %PROGRAMFILES%\iWon\iWonBar\1.bin\NPIWON0.DLL %PROGRAMFILES%\iWon\iWonBar\3.bin\NPIWON0.DLL %PROGRAMFILES%\iWon\iWonBar\6.bin\NPIWON0.DLL %PROGRAMFILES%\iWon\iWonBar\77.bin\NPIWON0.DLL %PROGRAMFILES%\iWon\iWonBar\2.bin\NPIWON0.DLL %PROGRAMFILES%\iWon\iWonBar\3.bin\npiwon0.dll.ren %PROGRAMFILES%\iWon\iWonBar\b.bin\NPIWON0.DLL MD5: D027067EACB87F2A946D2C6965D74082 Size: 241664 %PROGRAMFILES%\iWon\iWonBar\4.bin\IWONBAR.DLL %PROGRAMFILES%\iWon\iWonBar\1.bin\IWONBAR.DLL %PROGRAMFILES%\iWon\iWonBar\2.bin\IWONBAR.DLL %PROGRAMFILES%\iWon\iWonBar\3.bin\IWONBAR.DLL %PROGRAMFILES%\iWon\iWonBar\5.bin\IWONBAR.DLL %PROGRAMFILES%\iWon\iWonBar\6.bin\IWONBAR.DLL %PROGRAMFILES%\iWon\iWonBar\77.bin\IWONBAR.DLL %PROGRAMFILES%\iWon\iWonBar\76.bin\IWONBAR.DLL MD5: E7B54BA86B40E31C0123F6823D4E1746 Size: 24576 %PROGRAMFILES%\iWon\iWonBar\4.bin\IWON2NS.EXE %PROGRAMFILES%\iWon\iWonBar\1.bin\IWON2NS.EXE %PROGRAMFILES%\iWon\iWonBar\3.bin\IWON2NS.EXE %PROGRAMFILES%\iWon\iWonBar\6.bin\IWON2NS.EXE %PROGRAMFILES%\iWon\iWonBar\2.bin\IWON2NS.EXE %PROGRAMFILES%\iWon\iWonBar\b.bin\IWON2NS.EXE MD5: 770E5AA4E0DCDECC6E59711147D37645 Size: 110592 %PROGRAMFILES%\iWon\iWonBar\1.bin\I1POPSWT.DLL %PROGRAMFILES%\iWon\iWonBar\2.bin\i1popswt.dll.ren %PROGRAMFILES%\iWon\iWonBar\2.bin\I1POPSWT.DLL

Detecting items list:

Files by Name %PROGRAMFILES%\iWon\Installr\1.bin\I1EZSETP.DLL %PROGRAMFILES%\iWon\iWonBar\1.bin\IWON2NS.EXE %PROGRAMFILES%\iWon\iWonBar\1.bin\IWONBAR.DLL %PROGRAMFILES%\iWon\iWonBar\1.bin\NPIWON0.DLL %DOWNLOADEDPROGRAMFILES%\i1initialsetup1.0.0.14.inf
Files by Directories %PROGRAMFILES%\iWon %PROGRAMFILES%\iWon\iWonBar\Cache %PROGRAMFILES%\iWon\iWonBar\History %PROGRAMFILES%\iWon\iWonBar\Settings
Files by CLSID or Name CLSID=10125C2E-6821-4070-B24E-2E992501AD55 CLSID=277E1FE1-CF65-11D3-B377-0800460222F0 CLSID=58384780-211C-11d4-AEB7-0050DAC24E8F CLSID=6D54A7C1-C379-11D3-B377-0800460222F0 CLSID=7631768F-511E-41d8-BADB-604B0034776B CLSID=C298FB42-E3E2-11D3-ADCD-0050DAC24E8F CLSID=CA0B9B6D-C2AF-11D3-B376-0800460222F0 CLSID=CA0B9B71-C2AF-11D3-B376-0800460222F0
Registry Keys HKCR\IWonToolbar.iWonNetscapeShutdown HKCR\IWonToolbar.iWonNetscapeShutdown.1 HKCR\IWonToolbar.iWonNetscapeStartup HKCR\IWonToolbar.iWonNetscapeStartup.1 HKLM\SOFTWARE\iWon HKLM\SOFTWARE\iWon\iWonBar HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C298FB42-E3E2-11D3-ADCD-0050DAC24E8F} HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iWonCoPilot

« Go to Software Database

Suchen Sie unsere Software Datenbank

Surfen Sie die Software Datenbank

Neueste Malware Nachrichten

23. September 2011

Among one of the most active spywares currently is without a doubt Trojan.MicroFake.ba. It attacks in conjunction with Rogue antispyware applications and forces users to purchase these fake applications. Using rootkit techniques is very typical of this Trojan to help it hide from users and the system, making it hard to trace. We recommend regular updating of our database and an active real-time protection with antivirus.

Ältere Malware Nachrichten »