AbetterInternet

Description:	Adware
Risk Level:	High
Date of First Occurence:	Tuesday, April 15, 2008
Software Developer:	Direct Revenue, LLC
Brief Info:	BetterInternet is a Browser Helper Object that displays advertisements and downloads and installs files.
Removal:	This threat can be removed using "Spyware Terminator"

SCAN & REMOVE NOW »

Geographical Distribution of Threat "AbetterInternet"

Threat Info

View All

Detected Items

Detected Files: %TEMP%\drtemp\speer_v12.exe MD5: A784F2CD5682E3EB2C6CD6D118937B3F Size:70144 %SYSDIR%\HGAKHEG.DLL MD5: C167553BF656CB88B97D8DDC0F6A0913 Size:11962 %WINDIR%\biprep.exe MD5: 278EF801AED8D8A5620900B687E0590F Size:45056 MD5: 80D675351D8AD1834B315882670908CF Size:14336 MD5: CFFCBF2EF94664F6E4DBB89879BD1199 Size:13824 MD5: C067D41DA0E759A506E4F52460B7C139 Size:15360 MD5: 8FA446731117CE0FDB9D755F1024274E Size:184320 MD5: E5AE9A9C34DCF4EAD2F14ADB7769508A Size:13568 MD5: 4011C1AC664A61F01DC49D1129CDFCC4 Size:17408 MD5: 838BAE22A5496C32A0626014DDB41D79 Size:184320 MD5: 0F1130FCF9A2189F4875F22E668C7382 Size:13568 MD5: 4AD2A5F45FA260360582388AB26B3253 Size:17408 MD5: 86247D1ABAC8811B875BF39D43FC1765 Size:26112 MD5: 76D63F7AB633476BFE851C25213CA017 Size:53248 and more.... %TEMP%\ACUPG.EXE MD5: E1BAF09DF629EB8256E01646897815FB Size:11970 MD5: 19A4614D83A85C19E74127BB48D59C13 Size:70144 MD5: 18DD3C6B6781D6FF7CA837DDDD4F526A Size:47332 MD5: B978F2EC6EF5D60765ADD078F065C163 Size:55492 %WINDIR%\WUPDSNFF.EXE MD5: 456EB5ED4EDF229B9825ED05F92856C2 Size:70144 MD5: D6F64D97C378315838F2795788AEC256 Size:66560 MD5: 68D86986DEA81CD9AE538A303F0667E3 Size:163840 MD5: D62FF545FAB9752A9A616EFF1FCFEDE7 Size:70144 MD5: F9531200C381331A6FE0A59DBCFEB55E Size:65536 MD5: 8BF77E196F0710DFBC0BA7C911DA78B1 Size:61410 MD5: 849BDD612AD1079F2129D1DCB78A0C5C Size:47081 MD5: 4EA20CEEA3ED293659DFAD881FA47440 Size:70144 MD5: CEE369637D635DD4361878B2082EF3D4 Size:70144 MD5: D7652A3A2DF401135E604ADEF43BDC1B Size:30705 %WINDIR%\Banner.exe MD5: 475505074B8A2F375A82BC688C2DF026 Size:65536 %WINDIR%\inst\3p.exe MD5: 2ADFD5BC2F134830E1506C5CD1FAD157 Size:70144 MD5: 59CF63BCAF6E1B283633066E3879964E Size:147031 %TEMP%\drtemp\pynupg.exe MD5: 35BA2AA22EF11B468B478176D21A1A7D Size:70656 %TEMP%\drtemp\bho_prob.exe MD5: 3C480A2659E1AE453F97AAB50F6F8911 Size:70656 %TEMP%\Crsreco.exe MD5: F10094E542AC7E7D98FB98CF3A24FC33 Size:226 %TEMP%\drtemp\polall1s.exe MD5: 437173CE14C486B99A9B97E82A2991CB Size:45568 %WINDIR%\hostprep.exe MD5: 5046E7A724D191698FD57B00DB7B19C6 Size:32768 %WINDIR%\bi.dll MD5: 0E3C273C26031D2D622861300CB6C9D8 Size:13056 MD5: BE70C7C5A2975E41877AF06222025389 Size:13824 MD5: 79B6DED33123102122F748EFA7C30E9A Size:17152 MD5: 6507B77F26C1705A278841AA4351025F Size:10496 MD5: FAEBC6FEEA7F53A1524CA636AB68BC3E Size:26112 MD5: 0E0BA864427AA6E5C09468A5ADD77A38 Size:17152 MD5: 07670DCDCCA92C10F3A38EA18197AC09 Size:23552 MD5: 5BC53FF30B9B98BB59FF3E56A6D11B5C Size:14336 MD5: 396053B75F464CB21B78ACA7DF2976EF Size:31744 MD5: 9D57482B38045A7AEBF4882BFA895BD3 Size:28160 MD5: 7E90FEDC2A548A8C118ECE5C86CA5B46 Size:19456 MD5: 89DB4BCEE3C49708517873582A15B032 Size:9728 and more.... %SYSDIR%\bh.dll MD5: 9FD4F296B298085A6DB0A75CDE547EE9 Size:69632 MD5: EA7FBF55B963ABDB493F772077CA306C Size:119808 MD5: BB9D7687141B2528F0D9848F2AC35534 Size:18797 MD5: 44B0E69A1F608951B453EC971845AA44 Size:81920 %WINDIR%\banner.dll MD5: 65E27FB81E55F890970A34FA33CEBF46 Size:90112 %TEMP%\drtemp\boncpar.exe MD5: D09B7C8AF94BDD9BB7269CB28AFC13FF Size:19968 %TEMP%\drtemp\thnall1p.exe MD5: AE4CE12CA9D8711551D8CB9FE70D123A Size:70656 %TEMP%\drtemp\thin-134-1-x-x.exe MD5: E756E994E1CCF87352294AAD2A141CA3 Size:70656 %TEMP%\drtemp\MMaker4b.exe MD5: BDE866715F2DA4768EC00ED9D6B722EE Size:364616 %TEMP%\bi.dll MD5: 5676FAA0895057A0E4128953AE610283 Size:147456 %SYSDIR%\banner.dll MD5: A8E77F0F3B2D23336459894895C81FFD Size:4096 %TEMP%\drtemp\thin-94-3-x-x.exe MD5: 42C6FAC7DB4020297ED69C182740E158 Size:70656 %TEMP%\drtemp\thin-94-1-x-x.exe MD5: 48A4CC13F2FAC594895A45C3D1FBF8D4 Size:70144 %TEMP%\drtemp\abiuninst.exe MD5: 96B2FE249FE98CB40DCCD82DEBFCC447 Size:16384 %WINDIR%\alchem.exe MD5: 64EB8065CD0194D7CE61818924CDE177 Size:641490 MD5: 5ADFB9EA09C5504932FFD9B0305F8F93 Size:18944 MD5: 3A3295B33C433D87C0149D4387ED5935 Size:18944 %TEMP%\drtemp\NEWALL1T.EXE MD5: 3A4AECCB18A422AFE2D21CC07A16E0C5 Size:70656 %WINDIR%\bannerads.dll MD5: 0E0D1CE61BA18A2C2FC0AB3546A0BD3D Size:69632 %PROGRAMFILES%\netturbotrial\UNWISE.EXE MD5: 3A938ED2427DF10E571041069E6980CB Size:162304 %TEMP%\belt.exe MD5: 39FB764C842827F294A15F3439D9B63D Size:90112 %WINDIR%\biprep.exe MD5: 98ED5ED64091E72A57B786140C433E05 Size:184320 MD5: 5EB3391ADE44B5B9FC3C8869A182E077 Size:29440 MD5: 2DAA8407BB31351A209FA293BBD08EA1 Size:29184 MD5: 8113D1533C9088885059D1C21EFEA618 Size:15104 MD5: E3366ADB0493DDF1803A8F598FF83329 Size:12800 MD5: E06CDF85C80969C6033652A13AF0E59C Size:23552 MD5: 606EF36F2424D7627CD199B8943BC942 Size:21504 %TEMP%\drtemp\polall1l.exe MD5: 4E7D8E7AF1C02F075894C6AF1526A44D Size:38400 %WINDIR%\bi.dll MD5: A80F9269DA29E5E44862EB1A2A106AC7 Size:18432 MD5: 707C55DC24900179061C4BEFFBA59511 Size:12544 MD5: DE5D0804A4813767AE176FECC3D6FE44 Size:11776 MD5: CE3AF1A6136ACB2ACA7B7EF2938EA0D0 Size:11520 %TEMP%\drtemp\thin-137-1-x-x.exe MD5: B1DDA994417FDEED5E52F47FDD7C6FE8 Size:70656 %TEMP%\drtemp\farmmext.exe MD5: 1080B27DFFC31319A7D7FC1BEF109DE9 Size:69632 %TEMP%\drtemp\RemoveFt.exe MD5: F96FC096C02B972E725D575A8E613D32 Size:162304 %TEMP%\drtemp\thnall2c.exe MD5: 6A6685F5989EE1CC253FB75F4CF12DE9 Size:70656
Detected Files with variable Filenames: MD5: A6DDD314DF702F38DE44CD8944D6C417 Size: 245850 %WINDIR%\alchem.exe %TEMP%\alchem.exe MD5: 78DE1CE7C1E214DFBE4D71888382F5E0 Size: 151552 %WINDIR%\bi.dll %TEMP%\bi.dll MD5: F7B7E0251A5F3C084FEA32653CE200A0 Size: 70656 %TEMP%\drtemp\INTLRECO.exe %TEMP%\drtemp\intlreco.exe.ren MD5: D01C2586FCD825D3E10C892051F2899A Size: 151552 %WINDIR%\bi.dll %TEMP%\bi.dll MD5: A4E2A9A38E834F6FDA7049261BAC6A62 Size: 70656 %TEMP%\drtemp\mm_reco.exe %TEMP%\drtemp\wupdsnff.exe %TEMP%\drtemp\wupdsnff.exe.ren %TEMP%\drtemp\mm_reco.exe.ren MD5: 18394D8D0F4D971784F4548EAE6B7C8C Size: 143360 %TEMP%\bi.dll %WINDIR%\bi.dll MD5: EC94DC08D6F87E8B3FCBF87BD99ABA78 Size: 32768 %TEMP%\preinsbi.exe %WINDIR%\preinsbi.exe MD5: C0081D2BFCF4473A1A45ACFAB63A0F21 Size: 70656 %TEMP%\drtemp\thnall1b.exe %TEMP%\drtemp\thnall1b.exe.ren %TEMP%\drtemp\thnall2r.exe MD5: 04DE096F8E03D04E61E269005E5F8DBA Size: 70656 %TEMP%\drtemp\thin-144-1-x-x.exe %TEMP%\drtemp\thin-144-1-x-x.exe.ren

Detecting items list:

Files by Name %TEMP%\alchem.exe %TEMP%\banner.exe %TEMP%\belt.exe %TEMP%\preinsbi.exe %windir%\belt.exe %TEMP%\ACUPG.EXE %windir%\alchem.exe %TEMP%\Crsreco.exe %windir%\preinsbi.exe %windir%\Crsreco.exe %sysdir%\Crsreco.exe %windir%\banner*.exe %windir%\inst\3p.exe %windir%\lastgood\biprep.exe %DOWNLOADEDPROGRAMFILES%\payload2.inf %windir%\biprep.exe %windir%\preinsbi.exe %SYSDIR%\59ac6bev.exe %windir%\banner*.dll %windir%\bh.dll %sysdir%\banner.dll %sysdir%\bh.dll %windir%\banner.dll %windir%\WUPDSNFF.EXE %windir%\bh.dll %windir%\cleanhistories.dll %windir%\n.dll %sysdir%\HGAKHEG.DLL %TEMP%\bi.dll %COMMONFILES%\betterinternet\ssuvtmr.dll %COMMONFILES%\betterinternet\ssuvtmr6.dll %COMMONFILES%\betterinternet\utils_21.dll %COMMONFILES%\betterinternet\vbalicom6.dll %windir%\bi.dll %windir%\hostprep.exe %COMMONFILES%\betterinternet\utils_21.dll %commonfiles%\betterinternet, inc\ssubtmr.dll %commonfiles%\betterinternet, inc\ssubtmr6.dll %commonfiles%\betterinternet, inc\utils_21.dll %commonfiles%\betterinternet, inc\ssubtmr.dll\vbalicom6.dll
Files by MD5 MD5: 2ADFD5BC2F134830E1506C5CD1FAD157 Size: 70144
Files by Directories %TEMP%\drtemp %COMMONFILES%\betterinternet %programfiles%\netturbotrial %commonfiles%\betterinternet, inc
Files by CLSID or Name CLSID=00000000-59d4-4008-9058-080011001200 CLSID=000006b1-19b5-414a-849f-2a3c64ae6939 CLSID=38601801-2ff5-4a62-95da-d2007161c1b4 CLSID=79849612-a98f-45b8-95e9-4d13c7b6b35c CLSID=00000097-7c67-4ba6-8b42-05128941688a CLSID=000006b1-19b5-414a-849f-2a3c64ae6939 CLSID=ddffa75a-e81d-4454-89fc-b9fd0631e726 CLSID=000006b1-19b5-414a-849f-2a3c64ae6939 CLSID=230c3786-1c2c-45bd-9d2d-9d277fce6289 CLSID=92daf5c1-2135-4e0c-b7a0-259abfcd3904 CLSID=92daf5c1-2135-4e0c-b7a0-259abfcd3904 CLSID=ddffa75a-e81d-4454-89fc-b9fd0631e726 CLSID=ddffa75a-e81d-4454-89fc-b9fd0631e726 CLSID=bb0d5adc-028d-4185-9288-722ddce2c757
Registry Keys HKLM\software\microsoft\windows\currentversion\uninstall\abi-1 HKLM\software\microsoft\windows\currentversion\uninstall\dbi HKLM\software\twaintec HKLM\software\dbi HKLM\software\dbi\bii1d2ofsdist
Registry Values HKLM\software\microsoft\windows\currentversion\run ValueName=59ac6bev HKLM\software\microsoft\windows\currentversion\run ValueName=belt HKLM\software\microsoft\windows\currentversion\run ValueName=lkmkrlj

« Go to Software Database

Search in Our Software Database

Browse Software Database

Latest Malware News

July 02, 2009

A growing trend of Internet abuse focusses on media frenzy. The death of famous pop singer Michael Jackson just confirms this trend. Mostly, the targets of such abuse are social networks whose members are lured to attackers’ websites using various offers to view videos or news about the singer, etc. Easy targets of such attacks are celebrity fan sites. Other abusive means are instant messengers and spam emails. Be careful when you receive similar messages, open only verified links, and activate the real-time shield of your security software.

Older malware news »