InnbannerBrowserEnhancer Spyware Profile

Title: InnbannerBrowserEnhancer

Also Known as: Trojan-Downloader.Win32.Agent.akwa

Severity scale: 78 (78 / 100)

InnbannerBrowserEnhancer is a spyware program that installs as a Browser Helper Object.  It pretends to be a Browser Enhancing tool, but it only collects personal information and delivers pop-up ads.  It was first discovered on October 16, 2008.

InnbannerBrowserEnhancer is a Trojan Downloader.  It is not only capable of downloading updates and pop-up ads, it can also download other spyware, adware, viruses and worms.  It is a highly dangerous program and should be removed immediately.

InnbannerBrowserEnhancer makes efforts to avoid detection and prevent removal.  Manual removal instructions are not recommended.  Instead, you should rely on a trusted antispyware program such as SpyZooka.

Download InnbannerBrowserEnhancer Remover

Also Known As:
Trojan-Downloader.Win32.Small.buy,
Trojan-Downloader.Win32.Agent.akwa,
not-a-virus:AdWare.Win32.Agent.fwv [Kaspersky Lab],
AdDestination, Trojan-Clicker.agent.eof,
trojan-clicker.win32.agent.eof,
RON Tool Innbanner

Associated Files:
%workingdir%[RandomName].exe
Md5 :00b1f9e2e585bdbd2f7461e613216e05
%workingdir%[RandomName].exe
Md5 :090d5e59d751407f56edc817d12df622
%workingdir%[RandomName].exe
Md5 :22dc9eb37c48287ed254e88e3de0bb39
%workingdir%[RandomName].exe
Md5 :25b67566e959e6b399db407caefeb4a3
%workingdir%[RandomName].exe
Md5 :421186dc932aa66a4807b65dc3af53bf
%workingdir%[RandomName].exe
Md5 :465a99f0543557f70f9129c99ac66ee2
%workingdir%[RandomName].exe
Md5 :6f74ea66f1952e44d74bff63fd01de0b
%workingdir%[RandomName].exe
Md5 :6f765393d3935695343c28681e91869c
%workingdir%[RandomName].exe
Md5 :a1a0d23e09120bcba0dc4d123b14316f
%workingdir%[RandomName].exe
Md5 :a255806d59b86dd0cce0acc5f3bd7960
%workingdir%[RandomName].exe
Md5 :a42f8db176ce5d4856e1a84870f72098
%workingdir%[RandomName].exe
Md5 :ac0d49c97ca2f09cc941b07a4a0e86b1
%workingdir%[RandomName].exe
Md5 :c358f55a57326fb43a0068f66c38c194
%workingdir%[RandomName].exe
Md5 :e1a893c6bd216548c24f4e17a7fb989d
%workingdir%[RandomName].exe
Md5 :e44de7e6ce319bd180b9972a2a9305b8
%workingdir%[RandomName].exe
Md5 :f2063570c44f8ba23714b9e7967b42f6
%temp%activation_key
Md5 :
%temp%ax125d8.tmp
Md5 :2f5a9cadd23ff63d1a70083cf6e65586
%temp%ax13048.tmp
Md5 :13c0f40c96466a48253ec92475bf8e75
%temp%ax14154.tmp
Md5 :9811fcb5e7ed249a08fda6ad99bc4684
%temp%ax16e26.tmp
Md5 :c6bd7f9bb8d22fde936c96dbb60f5f37
%temp%ax19ca5.tmp
Md5 :41ddf2d1f79e3826d763dbe21bc4ae31
%temp%ax1a766.tmp
Md5 :e8999ef60240187bf3b2e84d5923c652
%temp%ax1e97.tmp
Md5 :c62188f6a3267db53d4a151910be792c
%temp%ax1fbef.tmp
Md5 :83fb2eeef21622299a9a00d6a241e891
%temp%nsa18.tmp
Md5 :ed1d34418c3fedc50a9a1ceb2806c9eb
%temp%nsa3.tmp
Md5 :459a505852f393a995b0029fd3e1d40a
%temp%nsc18.tmp
Md5 :77982b05666201ae40b030e86c84fe83
%temp%nsc3.tmp
Md5 :662a2c9db2ac802d4d73fb6675610f62
%temp%nsf3.tmp
Md5 :61052c013e337398a0dba1c63a52445c
%temp%nsg18.tmp
Md5 :91b8df6766b26ddcf7edc0537e753601
%temp%nsh18.tmp
Md5 :3ffc43f56a6e066749bf50fdae479357
%temp%nsh3.tmp
Md5 :cf48a181189cf370e2b95a058d07e284
%temp%nsk3.tmp
Md5 :eb13265a45f1caae325baf923fe19847
%temp%nsl3.tmp
Md5 :211959a245089217c47e4558c6d1f138
%temp%nsl3.tmp
Md5 :cb3817cef8c4e2327efd05d5ed1819ac
%temp%nsn3.tmp
Md5 :1e92cfec025ccc70c70568a6bb80677e
%temp%nso18.tmp
Md5 :863761421c7318f4d981a070831bee9b
%temp%nsp3.tmp
Md5 :4263c02007b0e6f9959c557d5d562d3d
%temp%nsp3.tmp
Md5 :da1a6e277b5e88046691a06e21f0a11d
%temp%nsq3.tmp
Md5 :614913fc3125728fe52335d648ec68b1
%temp%nss18.tmp
Md5 :f443ab697eec87b9347a1ffea6caccc8
%temp%nsu18.tmp
Md5 :2efaef09e32367687b6a983c5ab77311
%temp%nsv3.tmp
Md5 :b9b88b5807a79dded782b8559d629b2c
%temp%nsv3.tmp
Md5 :ff3c9a3ddd985da74cdb4db5ad7054d8
%temp%nsx3.tmp
Md5 :ead6c58594d031800187a54be60cf12d
%temp%nsy3.tmp
Md5 :703332ab925b5ba4842c5e17d78de5ba
%userprofile%application datamicrosoftcryptorsas-1-5-21-1224276844-362458291-1934301488-1010
%userprofile%application datamicrosoftcryptorsas-1-5-21-24353318-3302364644-979050433-1010
%userprofile%application datamicrosoftcryptorsas-1-5-21-289085736-2271787734-4103687552-1010
%userprofile%application datamicrosoftcryptorsas-1-5-21-2988256311-3946079640-51841651-1010
%userprofile%application datamicrosoftcryptorsas-1-5-21-3225304627-1580765293-4017860140-1010
%userprofile%application datamicrosoftcryptorsas-1-5-21-3511687862-2401999178-1656882943-1010
%userprofile%application datamicrosoftcryptorsas-1-5-21-3844214322-2610908656-3284161240-1010
%userprofile%application datamicrosoftcryptorsas-1-5-21-3940780282-119073973-2237615918-1010

%windir%system32_ifjmixgtdcqussq.dll
Md5 :895aa31b947cc32eb0f6e5b13eaa0575
%windir%system32_ifjmixgtdcqussq.dll
Md5 :8ac87c4b354c242b11f15e9db0db94ee
%windir%system32_ifjmixgtdcqussq.dll
Md5 :d13e4ad28bd09b738a0184b3413ceb5a
%windir%system32_pvdvjmupepsz.dll
Md5 :b7251daa5f21ef9d2fac6294ac933e62
%windir%system32_ueykzibjrehhqgaft.dll
Md5 :3d51d19529bb965e1b86e7bdc27b0691
%windir%system32_ueykzibjrehhqgaft.dll
Md5 :8a918a8f6ad9cfa5431d0e746afe44b8
%windir%system32_ueykzibjrehhqgaft.dll
Md5 :d677863e4d40643af59c0e5d9d61a468
%windir%system32askxgkxgoclhyr.exe
Md5 :5aadfcc7d3849da47a0856991f440d03
%windir%system32askxgkxgoclhyr.exe
Md5 :70e5a6137c881498ddbde9a32e9dfd38
%windir%system32ifjmixgtdcqussq.dll
Md5 :378fee00c930192598abaa9a88b8e714
%windir%system32ifjmixgtdcqussq.dll
Md5 :4bed0b220916a9c334be761cabb44764
%windir%system32ifjmixgtdcqussq.dll
Md5 :6eb794c4fe0d69cfe3929ec894bbbc70
%windir%system32ifjmixgtdcqussq.dll
Md5 :ab256c1de352360522e145860a00c012
%windir%system32ifjmixgtdcqussq.dll
Md5 :b40f457a69efbf20593717259ae36c33
%windir%system32ifjmixgtdcqussq.dll
Md5 :cf51bf7504baf0899a93e08bd6f5f7af
%windir%system32khoiqpufesoz.exe
Md5 :5aadfcc7d3849da47a0856991f440d03
%windir%system32khoiqpufesoz.exe
Md5 :70e5a6137c881498ddbde9a32e9dfd38
%windir%system32nkusjtleqet.exe
Md5 :5aadfcc7d3849da47a0856991f440d03
%windir%system32pvdvjmupepsz.dll
Md5 :0dec8ebf604195713f6744f2024614f2
%windir%system32pvdvjmupepsz.dll
Md5 :1cabdd145ce5145dec8f50e8abb1a58d
%windir%system32pvdvjmupepsz.dll
Md5 :1dc3f1d0e480c6ab07bfe322a945ec7d
%windir%system32pvdvjmupepsz.dll
Md5 :7166441aa357ba24d098bf9cd33d67a4
%windir%system32qtcmxzodfugjl.dll
Md5 :553da8ccf8709ca964713775adf6f0e7
%windir%system32qtcmxzodfugjl.dll
Md5 :e25c2da209fb32825ade82723dc04237
%windir%system32ueykzibjrehhqgaft.dll
Md5 :9cc9e4db2b1965c8a4a1bcf8a0d22336
%windir%system32ueykzibjrehhqgaft.dll
Md5 :b4ceda2e04a59c7f00b182c8fcbf9521
%windir%system32ueykzibjrehhqgaft.dll
Md5 :cdafb34a4fcba4f21cdb2187c8001a30
%windir%system32ueykzibjrehhqgaft.dll
Md5 :f01cd081695cae1485ee1b1ec8e70ef5
%windir%system32waticucmjmbgpatix.exe
Md5 :5aadfcc7d3849da47a0856991f440d03
%windir%system32waticucmjmbgpatix.exe
Md5 :70e5a6137c881498ddbde9a32e9dfd38
HKEY_CLASSES_ROOTCLSID{017359B3-E3F6-B43A-6C87-029137A236A8}
HKEY_CLASSES_ROOTCLSID{0EDD0048-942B-57B9-4A8E-5FCBEFE8C711}
HKEY_CLASSES_ROOTCLSID{7A20ABE9-D72B-6326-8D11-FBB609C6B10D}
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{017359B3-E3F6-B43A-6C87-029137A236A8}
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{0EDD0048-942B-57B9-4A8E-5FCBEFE8C711}
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{7A20ABE9-D72B-6326-8D11-FBB609C6B10D}
HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionUninstallaskxgkxgoclhyr
HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionUninstallkhoiqpufesoz
HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionUninstallnkusjtleqet
HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionUninstallwaticucmjmbgpatix

[HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{939b1d4a-e885-609f-4c3c-bc946ca326e1}InProcServer32]
(Default) = “%System%ofxchulshqxfpmsnh.dll”
ThreadingModel = “Apartment”
[HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{939b1d4a-e885-609f-4c3c-bc946ca326e1}]
(Default) = “innbanner browser enhancer”
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{939b1d4a-e885-609f-4c3c-bc946ca326e1}]
NoExplorer = “”"”
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
mjcdnuhzxlmraj = “%System%Rundll32.exe “%System%ofxchulshqxfpmsnh.dll” EntryPoint”

so that ofxchulshqxfpmsnh.dll runs every time Windows starts
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstallqukxtvvyvmhgoxwcy]
DisplayName = “RON Tool Innbanner”
UninstallString = “%System%qukxtvvyvmhgoxwcy.exe”
NoModify = 0×00000000
NoRepair = 0×00000000
DisplayVersion = “2.1.2.5″
[HKEY_CURRENT_USERSoftware{2D410C4C-1755-D0C2-A0B0-8184A14538E5}]
aff_id = “innbanner”
day = 0×0000001D

Download InnbannerBrowserEnhancer Remover
 

Leave a Reply

Yes Scan My PcFor FREE!

  • AlphaAV

    AlphaAV is a rogue antivirus application that is promoted through Trojan horse programs. They download it and install it secretly, then the user is bombarded with false security alerts and phony scans. The scans will inevitably generate bogus results and then pressure the user into paying to register the useless program.
    If purchased, the user will [...]

  • Soft Barrier

    There are a lot of malicious programs out there and Soft Barrier is one of them. It uses Trojan horses to sneak onto the computers of unsuspecting users. Once installed, it creates numerous files that can slow down a PC’s performance. It then creates a number of fake security alerts and runs false systems scans. [...]

  • NetSpy

    Net Spy is known as a keylogger. This means that it records every keystroke made and sends it to a remote users. It is marketed as commercial surveillance software that tracks keystrokes, takes screen shots, and records addresses of various sites visited by the infected computer. Click the button below for a free scan to [...]

  • Win32.Knightseven Trojan

    Win32.Knightseven is a backdoor spyware program.  It functions in the same way that many legitimate remote administration programs do.  The difference is these programs use the access to your PC as a way to gather data or use your machine to its dirty work.  This pest will leave the following fingerprint f39f27410b37e9d1.
    However, understand these backdoor [...]

© 2010 SpyZooka Blog – Easy Spyware Removal All rights reserved. Powered by Wordpress. Designed by Woo Themes