InstallProvider

Description:	Toolbar
Risk Level:	Low
Date of First Occurence:	Monday, April 21, 2008
Software Developer:	(unknown)
Brief Info:	Toolbar/adware that creates pop-ups and advertisements on an infected computer.
Removal:	This threat can be removed using "Spyware Terminator"

SCAN & REMOVE NOW »

Geographical Distribution of Threat "InstallProvider"

Threat Info

View All

Detected Items

Detected Files: %PROGRAMFILES%\Install Provider\InstallProvider.dll MD5: C8EDA7967DEDC3662FACD8F59C1AD249 Size:166400 MD5: 9BC6FD65A3B5570B0D97A2A5FFD9B53D MD5: 9BC6FD65A3B5570B0D97A2A5FFD9B53D Size:847872 MD5: 4364672D4DC4453A6F5B265B0574D9D8 Size:847872 MD5: 82845216601E990077B25011ED252A48 Size:172032 MD5: 54D1ED6A1B2067839BFB33FBAEE5DD4B Size:167424 MD5: DB85F168640EAA36277C36AC3D485699 Size:167424 MD5: 5432FC3F9B8EBFCEE7D21019BBBECD51 Size:162816
Detected Files with variable Filenames: MD5: 4D0284C3006DD03D47D14BF683A6F4D4 Size: 172032 %PROGRAMFILES%\Install Provider\InstallProvider_1.dll %PROGRAMFILES%\Install Provider\InstallProvider.dll MD5: 9BC6FD65A3B5570B0D97A2A5FFD9B53D Size: 847872 %PROGRAMFILES%\Install Provider\InstallProvider.dll %PROGRAMFILES%\Install Provider\installprovider.dll.ren MD5: 4364672D4DC4453A6F5B265B0574D9D8 Size: 847872 %PROGRAMFILES%\Install Provider\InstallProvider.dll %PROGRAMFILES%\Install Provider\InstallProvider_1.dll MD5: 82845216601E990077B25011ED252A48 Size: 172032 %PROGRAMFILES%\Install Provider\InstallProvider.dll %PROGRAMFILES%\Install Provider\InstallProvider.dll.ren MD5: 372AE671B9C4CB4EA0EBBD011E48EDEF Size: 166400 %PROGRAMFILES%\Install Provider\InstallProvider_1.dll %PROGRAMFILES%\Install Provider\InstallProvider_2.dll

Detecting items list:

Files by Name %ProgramFiles%\Install Provider\data.ini %ProgramFiles%\Install Provider\InstallProvider.dll %ProgramFiles%\Install Provider\InstallProvider.dlldat
Files by Directories %ProgramFiles%\Install Provider
Files by CLSID or Name CLSID=A9344DE7-59F2-40F8-9AE7-C203B67444DA CLSID=F93C5BFF-16F9-4DC5-B78C-EC46F896EE56
Registry Keys HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Install Provider HKLM\SOFTWARE\Install Provider HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A9344DE7-59F2-40F8-9AE7-C203B67444DA} HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F93C5BFF-16F9-4DC5-B78C-EC46F896EE56}
Registry Values HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser ValueName={A9344DE7-59F2-40F8-9AE7-C203B67444DA}

« Go to Software Database

Search in Our Software Database

Browse Software Database

Latest Malware News

September 23, 2011

Among one of the most active spywares currently is without a doubt Trojan.MicroFake.ba. It attacks in conjunction with Rogue antispyware applications and forces users to purchase these fake applications. Using rootkit techniques is very typical of this Trojan to help it hide from users and the system, making it hard to trace. We recommend regular updating of our database and an active real-time protection with antivirus.

Older malware news »