IEPlugin

Description: Spyware
Risk Level: High
Date of First Occurence: Wednesday, April 16, 2008
Software Developer: IE Plugin Limited
Brief Info: IEPlugin displays an advertisement when it sees a targeted keyword.
Removal: This threat can be removed using "Spyware Terminator"

SCAN & REMOVE NOW »

Geographical Distribution of Threat "IEPlugin"

Threat Info

View All

Detected Items

  1. Detected Files: %WINDIR%\dsr.exe MD5: A878331ADF7DDD5FB64C90B6E5110DEE Size:189859 MD5: 02826702921EA59880E91C32FA4A71B7 Size:458752 MD5: 19DCE1D81C09B74E2E8F3A4A5DA5EB12 Size:22850 MD5: F46606ADA4ED228488347AC1B451E44A Size:122552 %WINDIR%\dsr.dll MD5: 5FE6E378BFF919E8C456CA4870B3D1C3 Size:205 MD5: 38EE1BD59165FDD85DEEF431BF0B0EAB Size:286720 MD5: 6981E38A62C1DBFCE7FEC5DEC1FB5C0E Size:65536 %WINDIR%\wdskctl.exe MD5: CD074582EAC0C9C7E1AD8F63ED1DF03F Size:86016 MD5: B82FA6F0BB6884279B61842D8A0FFFE3 Size:86016 %WINDIR%\winserv.exe MD5: 8EB0980881DB87322833C32A01CEE048 Size:41984 MD5: F8571F149D00125628216BEC4450FACD Size:1069568 MD5: CC046DBB38C697E7309D6F89D7A64D24 Size:1159680 MD5: B5782EA21D69BDF63F23A103604FCC84 Size:196608 MD5: B4A2548FB3E95BF0C5310F57B301CDAA Size:72704 %WINDIR%\systb.exe MD5: 3065F0007ED3DB3FE0686A71CF74F19B Size:189992 MD5: 32FE288ED8356525627D6F4F7332330F Size:94449 MD5: 454713770034E321482A255C5C043B34 Size:229376 MD5: E9FF0AC1EB4E9B379AC57DCA1A68E0AE Size:189983 MD5: 90C3468D15551BCAC5E59AFBBABE9EDE Size:189873 MD5: 86E5E034AB3B5B1AC8499A1F372537D4 Size:83927 MD5: 98EFC20657ADD691B5AB69A980B81F9E Size:173995 MD5: A215B2AC4C59B769B7B9881E501367AA Size:186277 MD5: 7AA603A4B0D725CE200E7A89487DDD8E Size:11636 MD5: 334D6E442531B5C09844F920E3756E8F Size:182183 MD5: 13889EA20D7E167AD135665E184E5194 Size:11767 MD5: 396503385543BADF8A51597120361AB7 Size:12028 and more.... %WINDIR%\systb.dll MD5: A86DB094CBB069BE721E841C0B630A3B Size:207 MD5: 531C422D37C747EC4B86396FF8E00C1A Size:401408 MD5: 2A0212B045D5809B328CA1CAAB4596DD Size:286720 MD5: F9809EC8CC478B20F524C4D06E714B3A Size:286720 MD5: 35EC081FD52E872ECF8D61CDFF3445BF Size:196608 MD5: 5DE35123AF5A01643A73196A25BD3444 Size:401408 MD5: D14DDA6CF3FFB23BF5608E6AC4D50860 Size:278528 MD5: E4A89AED7CB56B8F106C34C545F432E5 Size:286720 MD5: 89E15A2D190749863DF465B49658E682 Size:311296 MD5: 4579108CDA3CEBC6432027A86E7B7A9B Size:286720 MD5: 72E975A12690BCF4A928767AB954F3FA Size:40529 %TEMP%\se.dll MD5: 86845DFAAB47DF0C12801B01AACD0385 Size:18432 MD5: 6D394016C8D8C145BA6FBDFD48B2EAF3 Size:31172 MD5: B4192E54EF4CAC24242CD4A90053AE36 Size:18432 MD5: E347D9CAA853255C15D91B20843275A2 Size:18432 MD5: A82D707D66769FEE4E534E4B63BAE60A Size:18432 MD5: 86FCF88EB325E0E35FB89BAA2BCCAF21 Size:17408 %WINDIR%\pxckdlauninstall.exe MD5: 5195E7D9BA423409AFECE22E5F8333B6 Size:110592 MD5: B50B711252E8BFCD95DC1AF6015AD940 Size:65536 %WINDIR%\WINSERV.EXE MD5: D3BDC2AF32128FEF237E7AC4CF4DA351 Size:34304 %WINDIR%\snbho.exe MD5: E22ABF857569F1D0C04056D19434CA1E Size:189037 %WINDIR%\Wupdt.exe MD5: 7FE176190A1ADEAD5C4A92EF4878CC59 Size:204800 MD5: CB35BBA1DA7AE7F3B3DD05D7B779EDAD Size:204800 MD5: 6C46E7B76ADFD38E7A6A955A3118A955 Size:65536 MD5: 3A3295B33C433D87C0149D4387ED5935 Size:18944 MD5: 76E380B5775CF38529CDF90AD72D7241 Size:204800 MD5: D749EFE3136925047A8E45DE492FC5FA Size:44032 MD5: 39A915F93C86F19585AC1E8E4AAC63E8 Size:65536 %TEMP%\ICD1.tmp\wupdt.exe MD5: 8FFD12EEACA49AA8255C334A5C3BE33E Size:65536 %TEMP%\THI7A0B.tmp\wupdt.exe MD5: 90657E7EFAE1604B7DF1DF3F205E2521 Size:65536 %WINDIR%\pxckdla.exe MD5: A3C6B36EBFE5B46AC285E6F566FAE3AA Size:65536 %WINDIR%\temp\se.dll MD5: 6168E40B02786DE77576AC8E3F29F55A Size:18432
  2. Detected Files with variable Filenames: MD5: 1E583E4BF55ED1D919A4823C39E392B7 Size: 65536 %WINDIR%\Wupdt.exe %TEMP%\THI2E08.tmp\wupdt.exe %TEMP%\.\wupdt.exe MD5: 8DCE46BB098A48E482D460C5AB70E78A Size: 73728 %TEMP%\.\wupdt.exe %WINDIR%\Wupdt.exe %TEMP%\THI7F14.tmp\wupdt.exe %TEMP%\THI78D2.tmp\wupdt.exe %TEMP%\THI7438.tmp\wupdt.exe %TEMP%\THI6772.tmp\wupdt.exe %TEMP%\THI6296.tmp\wupdt.exe %TEMP%\THI39D2.tmp\wupdt.exe %TEMP%\THI1A8D.tmp\wupdt.exe %TEMP%\THI10F6.tmp\wupdt.exe %TEMP%\THI7AEE.tmp\wupdt.exe and next 103 variations. MD5: 5C6B46C6597BB60BEDD2317AAA50D22F Size: 33280 %TEMP%\THI7BCB.tmp\wupdt.exe %TEMP%\THI4EDE.tmp\wupdt.exe %TEMP%\THI36CC.tmp\wupdt.exe %TEMP%\THI236F.tmp\wupdt.exe %TEMP%\THI6852.tmp\wupdt.exe %TEMP%\THI5B77.tmp\wupdt.exe %TEMP%\THI7FC0.tmp\wupdt.exe %WINDIR%\wupdt.exe %TEMP%\THI5D2C.tmp\wupdt.exe %TEMP%\THI1079.tmp\wupdt.exe %TEMP%\DrTemp\wupdt.exe and next 9 variations. MD5: 992853307AE5A17C142691CE1B18102A Size: 69632 %WINDIR%\Wupdt.exe %TEMP%\ICD2.tmp\wupdt.exe %TEMP%\ICD1.tmp\wupdt.exe MD5: CC423465A16660534375DADA857E3FEE Size: 65536 %TEMP%\THI2CE9.tmp\wupdt.exe %TEMP%\THI684.tmp\wupdt.exe %TEMP%\THI3181.tmp\wupdt.exe %TEMP%\THI6A3E.tmp\wupdt.exe %TEMP%\THI21C7.tmp\wupdt.exe %TEMP%\THI79F9.tmp\wupdt.exe %TEMP%\THI5054.tmp\wupdt.exe %WINDIR%\Wupdt.exe %TEMP%\THI6981.tmp\wupdt.exe %TEMP%\THI5C2E.tmp\wupdt.exe %TEMP%\THI682.tmp\wupdt.exe and next 56 variations. MD5: C6FA71B2555C0D85C0F3B490F58B2658 Size: 33792 %WINDIR%\Wupdt.exe %TEMP%\.\wupdt.exe MD5: D5022DC34654317FCB05CD915B4FEEBD Size: 18432 %USERPROFILE%\LOCALS~1\temp\se.dll %TEMP%\se.dll MD5: 6D394016C8D8C145BA6FBDFD48B2EAF3 Size: 31172 %TEMP%\se.dll %USERPROFILE%\LOCALS~1\temp\se.dll MD5: AA6BE72104BE5EB9B5B133CE5642BE24 Size: 69632 %WINDIR%\wupdt.exe %TEMP%\ICD3.tmp\wupdt.exe %TEMP%\ICD1.tmp\wupdt.exe MD5: 9530855700A92911DF7EE1CB58E09B0F Size: 17408 %USERPROFILE%\LOCALS~1\temp\se.dll %TEMP%\se.dll MD5: F5D8D2BFBBCA26E64933760E2833FD91 Size: 73728 %TEMP%\.\wupdt.exe %TEMP%\THI91F.tmp\wupdt.exe %TEMP%\THI7F5E.tmp\wupdt.exe %TEMP%\THI71A1.tmp\wupdt.exe %TEMP%\THI6DB0.tmp\wupdt.exe %TEMP%\THI677.tmp\wupdt.exe %TEMP%\THI6590.tmp\wupdt.exe %TEMP%\THI62CF.tmp\wupdt.exe %TEMP%\THI61AC.tmp\wupdt.exe %TEMP%\THI4BC1.tmp\wupdt.exe %TEMP%\THI3399.tmp\wupdt.exe and next 3 variations. MD5: A16CE6CF99255A01C126BA5B0EBC7C75 Size: 18432 %USERPROFILE%\LOCALS~1\temp\se.dll %TEMP%\se.dll MD5: 4EC1F93E69060234D08DFE2026643331 Size: 17408 %USERPROFILE%\LOCALS~1\temp\se.dll %TEMP%\se.dll MD5: 39A915F93C86F19585AC1E8E4AAC63E8 Size: 65536 %WINDIR%\Wupdt.exe %TEMP%\THI543.tmp\wupdt.exe %TEMP%\THI3871.tmp\wupdt.exe %TEMP%\THI7863.tmp\wupdt.exe %TEMP%\THI6B86.tmp\wupdt.exe %TEMP%\THI268A.tmp\wupdt.exe %TEMP%\THI2656.tmp\wupdt.exe %TEMP%\THI6DB6.tmp\wupdt.exe %TEMP%\THI64C5.tmp\wupdt.exe %TEMP%\THI6483.tmp\wupdt.exe %TEMP%\THI5B93.tmp\wupdt.exe and next 0 variations. MD5: 3427A0658114EED9DFF12CBAB2242111 Size: 18432 %USERPROFILE%\LOCALS~1\temp\se.dll %TEMP%\se.dll

Detecting items list:

  1. Files by Name %Windir%\pxckdla.exe %Windir%\pxckdlauninstall.exe %TEMP%\*\wupdt.exe %TEMP%\se.dll %userprofile%\LOCALS~1\temp\se.dll %Windir%\Wupdt.exe %Windir%\wdskctl.exe %Windir%\systb.dll %Windir%\systb.exe %Windir%\se.dll %Windir%\temp\se.dll %Windir%\snbho.exe %Windir%\winserv.exe %Windir%\rgrt.exe %Windir%\dsr.exe %Windir%\dsr.dll %Windir%\pxckdlauninstall.exe %Windir%\package_IEPLUGIN4.exe %sysdir%\jnbnx.exe
  2. Files by CLSID or Name CLSID=a80f2db2-80a9-4834-8f5a-4ab70f4ef4c3 CLSID=01F44A8A-8C97-4325-A378-76E68DC4AB2E CLSID=1C896551-8B92-4907-8C06-15DB2D1F874A CLSID=D36F70B1-7DF5-4FD4-A765-70CCC8F72CD7 CLSID=E2BF1BF3-1FDB-4C93-8874-0B09E71C594C CLSID=F3155057-4C2C-4078-8576-50486693FD49 CLSID=69135BDE-5FDC-4B61-98AA-82AD2091BCCC CLSID=00F1D395-4744-40F0-A611-980F61AE2C59 CLSID=8B51FC2F-C687-40A3-B54A-BB9EBF8D407F CLSID=CE27D4DF-714B-4427-95EB-923FE53ADF8E CLSID=E2D2FE40-5674-4B77-802B-EC86B6C2C41D CLSID=E311D3A5-4A3B-4E49-9E0A-B40FAE1F0B28 CLSID=F9B9C9A3-9D2D-423D-ABA5-80D83A915023 CLSID=220959EA-B54C-4201-8DF2-1CFAC8B59FD7 CLSID=3E589169-86AD-44FE-B426-F0BF105D5582 CLSID=6A288140-3E1C-4CD9-AAC5-E20FDD4F5D64 CLSID=7371AD3F-C419-4DC0-8E8A-E21FAFAD53E0 CLSID=98B2DDBA-6DA2-4421-AF2B-814E98F53649 CLSID=E4458B4A-6149-4450-84F2-864ADB7E8C52 CLSID=0667935E-6350-4BF3-9F97-952363D87C1F CLSID=0F72A081-4DCA-4288-970E-2F7DBBF8B54C CLSID=7092C637-9298-4ACD-8E4D-E7C8157ABDCC CLSID=C43CB2BC-DE30-4FDA-B982-9312ED9940F6 CLSID=D2378491-228B-4398-A041-8967952E79EF CLSID=F8084C00-5E03-4B9F-8846-EFE24334C44A CLSID=57ADD57B-173E-418A-8F70-17E5C9F2BCC9 CLSID=58D419E8-1321-4DD2-A6FC-7B41C14DCD79 CLSID=8F73AC0F-5769-4282-8762-B396A3BFF377
  3. Registry Keys HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Upspiral Desktop Search HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\intexp HKCU\Software\intexp HKCU\Software\inst HKCU\Software\dsktb HKCU\Software\dsrch HKCU\Software\Classes\Remove
  4. Registry Values HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage ValueName=C:/WINDOWS/wupdt.exe HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage ValueName=C:/WINNT/wupdt.exe HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ValueName=win server updt HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ValueName=win server HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ValueName=wdskctl HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs ValueName=%SystemDiskRoot%\windows\wupdt.exe HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs ValueName=%SystemDiskRoot%\winnt\wupdt.exe

« Go to Software Database