IEPlugin

Description:	Spyware
Risk Level:	High
Date of First Occurence:	Wednesday, April 16, 2008
Software Developer:	IE Plugin Limited
Brief Info:	IEPlugin displays an advertisement when it sees a targeted keyword.
Removal:	This threat can be removed using "Spyware Terminator"

SCAN & REMOVE NOW »

Geographical Distribution of Threat "IEPlugin"

Threat Info

View All

Detected Items

Detected Files: %WINDIR%\dsr.dll MD5: 38EE1BD59165FDD85DEEF431BF0B0EAB Size:286720 MD5: 5FE6E378BFF919E8C456CA4870B3D1C3 Size:205 MD5: 6981E38A62C1DBFCE7FEC5DEC1FB5C0E Size:65536 %WINDIR%\winserv.exe MD5: F8571F149D00125628216BEC4450FACD Size:1069568 MD5: 8EB0980881DB87322833C32A01CEE048 Size:41984 MD5: CC046DBB38C697E7309D6F89D7A64D24 Size:1159680 MD5: B5782EA21D69BDF63F23A103604FCC84 Size:196608 MD5: B4A2548FB3E95BF0C5310F57B301CDAA Size:72704 %WINDIR%\dsr.exe MD5: A878331ADF7DDD5FB64C90B6E5110DEE Size:189859 MD5: 442683D6813554D7BD9D45B0C30BE29A Size:132210 MD5: 02826702921EA59880E91C32FA4A71B7 Size:458752 MD5: 19DCE1D81C09B74E2E8F3A4A5DA5EB12 Size:22850 MD5: F46606ADA4ED228488347AC1B451E44A Size:122552 %WINDIR%\systb.exe MD5: 3065F0007ED3DB3FE0686A71CF74F19B Size:189992 MD5: 454713770034E321482A255C5C043B34 Size:229376 MD5: 32FE288ED8356525627D6F4F7332330F Size:94449 MD5: 7AA603A4B0D725CE200E7A89487DDD8E Size:11636 MD5: E9FF0AC1EB4E9B379AC57DCA1A68E0AE Size:189983 MD5: 90C3468D15551BCAC5E59AFBBABE9EDE Size:189873 MD5: 86E5E034AB3B5B1AC8499A1F372537D4 Size:83927 MD5: 98EFC20657ADD691B5AB69A980B81F9E Size:173995 MD5: A215B2AC4C59B769B7B9881E501367AA Size:186277 MD5: 334D6E442531B5C09844F920E3756E8F Size:182183 MD5: 13889EA20D7E167AD135665E184E5194 Size:11767 MD5: 396503385543BADF8A51597120361AB7 Size:12028 and more.... %WINDIR%\pxckdlauninstall.exe MD5: 5195E7D9BA423409AFECE22E5F8333B6 Size:110592 MD5: B50B711252E8BFCD95DC1AF6015AD940 Size:65536 %WINDIR%\wdskctl.exe MD5: CD074582EAC0C9C7E1AD8F63ED1DF03F Size:86016 MD5: B82FA6F0BB6884279B61842D8A0FFFE3 Size:86016 %WINDIR%\systb.dll MD5: 531C422D37C747EC4B86396FF8E00C1A Size:401408 MD5: 2A0212B045D5809B328CA1CAAB4596DD Size:286720 MD5: A86DB094CBB069BE721E841C0B630A3B Size:207 MD5: F9809EC8CC478B20F524C4D06E714B3A Size:286720 MD5: 35EC081FD52E872ECF8D61CDFF3445BF Size:196608 MD5: 5DE35123AF5A01643A73196A25BD3444 Size:401408 MD5: D14DDA6CF3FFB23BF5608E6AC4D50860 Size:278528 MD5: E4A89AED7CB56B8F106C34C545F432E5 Size:286720 MD5: 89E15A2D190749863DF465B49658E682 Size:311296 MD5: 4579108CDA3CEBC6432027A86E7B7A9B Size:286720 MD5: 72E975A12690BCF4A928767AB954F3FA Size:40529 %TEMP%\THI7A0B.tmp\wupdt.exe MD5: 90657E7EFAE1604B7DF1DF3F205E2521 Size:65536 %WINDIR%\temp\se.dll MD5: 34AC2E4CB45E3CBA8A443C4FAB4C056D Size:18432 MD5: 6168E40B02786DE77576AC8E3F29F55A Size:18432 %WINDIR%\snbho.exe MD5: E22ABF857569F1D0C04056D19434CA1E Size:189037 %WINDIR%\pxckdla.exe MD5: A3C6B36EBFE5B46AC285E6F566FAE3AA Size:65536 %TEMP%\se.dll MD5: 86845DFAAB47DF0C12801B01AACD0385 Size:18432 MD5: 6D394016C8D8C145BA6FBDFD48B2EAF3 Size:31172 MD5: B4192E54EF4CAC24242CD4A90053AE36 Size:18432 MD5: E347D9CAA853255C15D91B20843275A2 Size:18432 MD5: A82D707D66769FEE4E534E4B63BAE60A Size:18432 MD5: 86FCF88EB325E0E35FB89BAA2BCCAF21 Size:17408 %WINDIR%\WINSERV.EXE MD5: D3BDC2AF32128FEF237E7AC4CF4DA351 Size:34304 %WINDIR%\Wupdt.exe MD5: 7FE176190A1ADEAD5C4A92EF4878CC59 Size:204800 MD5: CB35BBA1DA7AE7F3B3DD05D7B779EDAD Size:204800 MD5: 6C46E7B76ADFD38E7A6A955A3118A955 Size:65536 MD5: 3A3295B33C433D87C0149D4387ED5935 Size:18944 MD5: 76E380B5775CF38529CDF90AD72D7241 Size:204800 MD5: D749EFE3136925047A8E45DE492FC5FA Size:44032 MD5: 39A915F93C86F19585AC1E8E4AAC63E8 Size:65536 %TEMP%\ICD1.tmp\wupdt.exe MD5: 8FFD12EEACA49AA8255C334A5C3BE33E Size:65536
Detected Files with variable Filenames: MD5: 5C6B46C6597BB60BEDD2317AAA50D22F Size: 33280 %TEMP%\THI100C.tmp\wupdt.exe %WINDIR%\wupdt.exe %TEMP%\THI7BCB.tmp\wupdt.exe %TEMP%\THI4EDE.tmp\wupdt.exe %TEMP%\THI7FC0.tmp\wupdt.exe %TEMP%\THI52FC.tmp\wupdt.exe %TEMP%\THI36CC.tmp\wupdt.exe %TEMP%\THI236F.tmp\wupdt.exe %TEMP%\THI6852.tmp\wupdt.exe %TEMP%\THI5B77.tmp\wupdt.exe %TEMP%\THI5D2C.tmp\wupdt.exe and next 11 variations. MD5: 8DCE46BB098A48E482D460C5AB70E78A Size: 73728 %WINDIR%\wupdt.exe %TEMP%\THI7AEE.tmp\wupdt.exe %TEMP%\THI45AC.tmp\wupdt.exe %TEMP%\THI3243.tmp\wupdt.exe %TEMP%\.\wupdt.exe %TEMP%\THI5B2C.tmp\wupdt.exe %TEMP%\THI3F1.tmp\wupdt.exe %TEMP%\THI121A.tmp\wupdt.exe %TEMP%\THI4A95.tmp\wupdt.exe %TEMP%\THI7F14.tmp\wupdt.exe %TEMP%\THI78D2.tmp\wupdt.exe and next 108 variations. MD5: 992853307AE5A17C142691CE1B18102A Size: 69632 %WINDIR%\Wupdt.exe %TEMP%\ICD2.tmp\wupdt.exe %TEMP%\ICD1.tmp\wupdt.exe MD5: CC423465A16660534375DADA857E3FEE Size: 65536 %TEMP%\THI2CE9.tmp\wupdt.exe %TEMP%\THI79F9.tmp\wupdt.exe %TEMP%\THI5054.tmp\wupdt.exe %TEMP%\THI6A3E.tmp\wupdt.exe %TEMP%\THI21C7.tmp\wupdt.exe %TEMP%\THI6D99.tmp\wupdt.exe %WINDIR%\Wupdt.exe %TEMP%\THI684.tmp\wupdt.exe %TEMP%\THI3181.tmp\wupdt.exe %TEMP%\THI6981.tmp\wupdt.exe %TEMP%\THI5C2E.tmp\wupdt.exe and next 56 variations. MD5: 1E583E4BF55ED1D919A4823C39E392B7 Size: 65536 %WINDIR%\wupdt.exe %TEMP%\THI2E08.tmp\wupdt.exe %TEMP%\.\wupdt.exe MD5: C6FA71B2555C0D85C0F3B490F58B2658 Size: 33792 %WINDIR%\Wupdt.exe %TEMP%\.\wupdt.exe MD5: AA6BE72104BE5EB9B5B133CE5642BE24 Size: 69632 %WINDIR%\Wupdt.exe %TEMP%\ICD3.tmp\wupdt.exe %TEMP%\ICD1.tmp\wupdt.exe MD5: 57FF14494C9E2EC9F706DE6E078ADD51 Size: 18432 %USERPROFILE%\LOCALS~1\temp\se.dll %TEMP%\se.dll MD5: D5022DC34654317FCB05CD915B4FEEBD Size: 18432 %USERPROFILE%\LOCALS~1\temp\se.dll %TEMP%\se.dll MD5: 6D394016C8D8C145BA6FBDFD48B2EAF3 Size: 31172 %TEMP%\se.dll %USERPROFILE%\LOCALS~1\temp\se.dll MD5: 9530855700A92911DF7EE1CB58E09B0F Size: 17408 %USERPROFILE%\LOCALS~1\temp\se.dll %TEMP%\se.dll MD5: F5D8D2BFBBCA26E64933760E2833FD91 Size: 73728 %TEMP%\.\wupdt.exe %TEMP%\THI91F.tmp\wupdt.exe %TEMP%\THI7F5E.tmp\wupdt.exe %TEMP%\THI71A1.tmp\wupdt.exe %TEMP%\THI6DB0.tmp\wupdt.exe %TEMP%\THI677.tmp\wupdt.exe %TEMP%\THI6590.tmp\wupdt.exe %TEMP%\THI62CF.tmp\wupdt.exe %TEMP%\THI61AC.tmp\wupdt.exe %TEMP%\THI4BC1.tmp\wupdt.exe %TEMP%\THI3399.tmp\wupdt.exe and next 3 variations. MD5: A16CE6CF99255A01C126BA5B0EBC7C75 Size: 18432 %USERPROFILE%\LOCALS~1\temp\se.dll %TEMP%\se.dll MD5: 4EC1F93E69060234D08DFE2026643331 Size: 17408 %USERPROFILE%\LOCALS~1\temp\se.dll %TEMP%\se.dll MD5: 39A915F93C86F19585AC1E8E4AAC63E8 Size: 65536 %WINDIR%\Wupdt.exe %TEMP%\THI543.tmp\wupdt.exe %TEMP%\THI3871.tmp\wupdt.exe %TEMP%\THI7863.tmp\wupdt.exe %TEMP%\THI6B86.tmp\wupdt.exe %TEMP%\THI268A.tmp\wupdt.exe %TEMP%\THI2656.tmp\wupdt.exe %TEMP%\THI6DB6.tmp\wupdt.exe %TEMP%\THI64C5.tmp\wupdt.exe %TEMP%\THI6483.tmp\wupdt.exe %TEMP%\THI5B93.tmp\wupdt.exe and next 0 variations. MD5: 3427A0658114EED9DFF12CBAB2242111 Size: 18432 %USERPROFILE%\LOCALS~1\temp\se.dll %TEMP%\se.dll

Detecting items list:

Files by Name %Windir%\pxckdla.exe %Windir%\pxckdlauninstall.exe %TEMP%\*\wupdt.exe %TEMP%\se.dll %userprofile%\LOCALS~1\temp\se.dll %Windir%\Wupdt.exe %Windir%\wdskctl.exe %Windir%\systb.dll %Windir%\systb.exe %Windir%\se.dll %Windir%\temp\se.dll %Windir%\snbho.exe %Windir%\winserv.exe %Windir%\rgrt.exe %Windir%\dsr.exe %Windir%\dsr.dll %Windir%\pxckdlauninstall.exe %Windir%\package_IEPLUGIN4.exe %sysdir%\jnbnx.exe
Files by CLSID or Name CLSID=a80f2db2-80a9-4834-8f5a-4ab70f4ef4c3 CLSID=01F44A8A-8C97-4325-A378-76E68DC4AB2E CLSID=1C896551-8B92-4907-8C06-15DB2D1F874A CLSID=D36F70B1-7DF5-4FD4-A765-70CCC8F72CD7 CLSID=E2BF1BF3-1FDB-4C93-8874-0B09E71C594C CLSID=F3155057-4C2C-4078-8576-50486693FD49 CLSID=69135BDE-5FDC-4B61-98AA-82AD2091BCCC CLSID=00F1D395-4744-40F0-A611-980F61AE2C59 CLSID=8B51FC2F-C687-40A3-B54A-BB9EBF8D407F CLSID=CE27D4DF-714B-4427-95EB-923FE53ADF8E CLSID=E2D2FE40-5674-4B77-802B-EC86B6C2C41D CLSID=E311D3A5-4A3B-4E49-9E0A-B40FAE1F0B28 CLSID=F9B9C9A3-9D2D-423D-ABA5-80D83A915023 CLSID=220959EA-B54C-4201-8DF2-1CFAC8B59FD7 CLSID=3E589169-86AD-44FE-B426-F0BF105D5582 CLSID=6A288140-3E1C-4CD9-AAC5-E20FDD4F5D64 CLSID=7371AD3F-C419-4DC0-8E8A-E21FAFAD53E0 CLSID=98B2DDBA-6DA2-4421-AF2B-814E98F53649 CLSID=E4458B4A-6149-4450-84F2-864ADB7E8C52 CLSID=0667935E-6350-4BF3-9F97-952363D87C1F CLSID=0F72A081-4DCA-4288-970E-2F7DBBF8B54C CLSID=7092C637-9298-4ACD-8E4D-E7C8157ABDCC CLSID=C43CB2BC-DE30-4FDA-B982-9312ED9940F6 CLSID=D2378491-228B-4398-A041-8967952E79EF CLSID=F8084C00-5E03-4B9F-8846-EFE24334C44A CLSID=57ADD57B-173E-418A-8F70-17E5C9F2BCC9 CLSID=58D419E8-1321-4DD2-A6FC-7B41C14DCD79 CLSID=8F73AC0F-5769-4282-8762-B396A3BFF377
Registry Keys HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Upspiral Desktop Search HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\intexp HKCU\Software\intexp HKCU\Software\inst HKCU\Software\dsktb HKCU\Software\dsrch HKCU\Software\Classes\Remove
Registry Values HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage ValueName=C:/WINDOWS/wupdt.exe HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage ValueName=C:/WINNT/wupdt.exe HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ValueName=win server updt HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ValueName=win server HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ValueName=wdskctl HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs ValueName=%SystemDiskRoot%\windows\wupdt.exe HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs ValueName=%SystemDiskRoot%\winnt\wupdt.exe

« Go to Software Database

Search in Our Software Database

Browse Software Database

Latest Malware News

September 23, 2011

Among one of the most active spywares currently is without a doubt Trojan.MicroFake.ba. It attacks in conjunction with Rogue antispyware applications and forces users to purchase these fake applications. Using rootkit techniques is very typical of this Trojan to help it hide from users and the system, making it hard to trace. We recommend regular updating of our database and an active real-time protection with antivirus.

Older malware news »