InnbannerBrowserEnhancer Spyware Profile

Title: InnbannerBrowserEnhancer

Also Known as: Trojan-Downloader.Win32.Agent.akwa

Severity scale: 78 (78 / 100)

InnbannerBrowserEnhancer is a spyware program that installs as a Browser Helper Object.  It pretends to be a Browser Enhancing tool, but it only collects personal information and delivers pop-up ads.  It was first discovered on October 16, 2008.

InnbannerBrowserEnhancer is a Trojan Downloader.  It is not only capable of downloading updates and pop-up ads, it can also download other spyware, adware, viruses and worms.  It is a highly dangerous program and should be removed immediately.

InnbannerBrowserEnhancer makes efforts to avoid detection and prevent removal.  Manual removal instructions are not recommended.  Instead, you should rely on a trusted antispyware program such as SpyZooka.

Download InnbannerBrowserEnhancer Remover

Also Known As:
Trojan-Downloader.Win32.Small.buy,
Trojan-Downloader.Win32.Agent.akwa,
not-a-virus:AdWare.Win32.Agent.fwv [Kaspersky Lab],
AdDestination, Trojan-Clicker.agent.eof,
trojan-clicker.win32.agent.eof,
RON Tool Innbanner

Associated Files:
%workingdir%[RandomName].exe
Md5 :00b1f9e2e585bdbd2f7461e613216e05
%workingdir%[RandomName].exe
Md5 :090d5e59d751407f56edc817d12df622
%workingdir%[RandomName].exe
Md5 :22dc9eb37c48287ed254e88e3de0bb39
%workingdir%[RandomName].exe
Md5 :25b67566e959e6b399db407caefeb4a3
%workingdir%[RandomName].exe
Md5 :421186dc932aa66a4807b65dc3af53bf
%workingdir%[RandomName].exe
Md5 :465a99f0543557f70f9129c99ac66ee2
%workingdir%[RandomName].exe
Md5 :6f74ea66f1952e44d74bff63fd01de0b
%workingdir%[RandomName].exe
Md5 :6f765393d3935695343c28681e91869c
%workingdir%[RandomName].exe
Md5 :a1a0d23e09120bcba0dc4d123b14316f
%workingdir%[RandomName].exe
Md5 :a255806d59b86dd0cce0acc5f3bd7960
%workingdir%[RandomName].exe
Md5 :a42f8db176ce5d4856e1a84870f72098
%workingdir%[RandomName].exe
Md5 :ac0d49c97ca2f09cc941b07a4a0e86b1
%workingdir%[RandomName].exe
Md5 :c358f55a57326fb43a0068f66c38c194
%workingdir%[RandomName].exe
Md5 :e1a893c6bd216548c24f4e17a7fb989d
%workingdir%[RandomName].exe
Md5 :e44de7e6ce319bd180b9972a2a9305b8
%workingdir%[RandomName].exe
Md5 :f2063570c44f8ba23714b9e7967b42f6
%temp%activation_key
Md5 :
%temp%ax125d8.tmp
Md5 :2f5a9cadd23ff63d1a70083cf6e65586
%temp%ax13048.tmp
Md5 :13c0f40c96466a48253ec92475bf8e75
%temp%ax14154.tmp
Md5 :9811fcb5e7ed249a08fda6ad99bc4684
%temp%ax16e26.tmp
Md5 :c6bd7f9bb8d22fde936c96dbb60f5f37
%temp%ax19ca5.tmp
Md5 :41ddf2d1f79e3826d763dbe21bc4ae31
%temp%ax1a766.tmp
Md5 :e8999ef60240187bf3b2e84d5923c652
%temp%ax1e97.tmp
Md5 :c62188f6a3267db53d4a151910be792c
%temp%ax1fbef.tmp
Md5 :83fb2eeef21622299a9a00d6a241e891
%temp%nsa18.tmp
Md5 :ed1d34418c3fedc50a9a1ceb2806c9eb
%temp%nsa3.tmp
Md5 :459a505852f393a995b0029fd3e1d40a
%temp%nsc18.tmp
Md5 :77982b05666201ae40b030e86c84fe83
%temp%nsc3.tmp
Md5 :662a2c9db2ac802d4d73fb6675610f62
%temp%nsf3.tmp
Md5 :61052c013e337398a0dba1c63a52445c
%temp%nsg18.tmp
Md5 :91b8df6766b26ddcf7edc0537e753601
%temp%nsh18.tmp
Md5 :3ffc43f56a6e066749bf50fdae479357
%temp%nsh3.tmp
Md5 :cf48a181189cf370e2b95a058d07e284
%temp%nsk3.tmp
Md5 :eb13265a45f1caae325baf923fe19847
%temp%nsl3.tmp
Md5 :211959a245089217c47e4558c6d1f138
%temp%nsl3.tmp
Md5 :cb3817cef8c4e2327efd05d5ed1819ac
%temp%nsn3.tmp
Md5 :1e92cfec025ccc70c70568a6bb80677e
%temp%nso18.tmp
Md5 :863761421c7318f4d981a070831bee9b
%temp%nsp3.tmp
Md5 :4263c02007b0e6f9959c557d5d562d3d
%temp%nsp3.tmp
Md5 :da1a6e277b5e88046691a06e21f0a11d
%temp%nsq3.tmp
Md5 :614913fc3125728fe52335d648ec68b1
%temp%nss18.tmp
Md5 :f443ab697eec87b9347a1ffea6caccc8
%temp%nsu18.tmp
Md5 :2efaef09e32367687b6a983c5ab77311
%temp%nsv3.tmp
Md5 :b9b88b5807a79dded782b8559d629b2c
%temp%nsv3.tmp
Md5 :ff3c9a3ddd985da74cdb4db5ad7054d8
%temp%nsx3.tmp
Md5 :ead6c58594d031800187a54be60cf12d
%temp%nsy3.tmp
Md5 :703332ab925b5ba4842c5e17d78de5ba
%userprofile%application datamicrosoftcryptorsas-1-5-21-1224276844-362458291-1934301488-1010
%userprofile%application datamicrosoftcryptorsas-1-5-21-24353318-3302364644-979050433-1010
%userprofile%application datamicrosoftcryptorsas-1-5-21-289085736-2271787734-4103687552-1010
%userprofile%application datamicrosoftcryptorsas-1-5-21-2988256311-3946079640-51841651-1010
%userprofile%application datamicrosoftcryptorsas-1-5-21-3225304627-1580765293-4017860140-1010
%userprofile%application datamicrosoftcryptorsas-1-5-21-3511687862-2401999178-1656882943-1010
%userprofile%application datamicrosoftcryptorsas-1-5-21-3844214322-2610908656-3284161240-1010
%userprofile%application datamicrosoftcryptorsas-1-5-21-3940780282-119073973-2237615918-1010

%windir%system32_ifjmixgtdcqussq.dll
Md5 :895aa31b947cc32eb0f6e5b13eaa0575
%windir%system32_ifjmixgtdcqussq.dll
Md5 :8ac87c4b354c242b11f15e9db0db94ee
%windir%system32_ifjmixgtdcqussq.dll
Md5 :d13e4ad28bd09b738a0184b3413ceb5a
%windir%system32_pvdvjmupepsz.dll
Md5 :b7251daa5f21ef9d2fac6294ac933e62
%windir%system32_ueykzibjrehhqgaft.dll
Md5 :3d51d19529bb965e1b86e7bdc27b0691
%windir%system32_ueykzibjrehhqgaft.dll
Md5 :8a918a8f6ad9cfa5431d0e746afe44b8
%windir%system32_ueykzibjrehhqgaft.dll
Md5 :d677863e4d40643af59c0e5d9d61a468
%windir%system32askxgkxgoclhyr.exe
Md5 :5aadfcc7d3849da47a0856991f440d03
%windir%system32askxgkxgoclhyr.exe
Md5 :70e5a6137c881498ddbde9a32e9dfd38
%windir%system32ifjmixgtdcqussq.dll
Md5 :378fee00c930192598abaa9a88b8e714
%windir%system32ifjmixgtdcqussq.dll
Md5 :4bed0b220916a9c334be761cabb44764
%windir%system32ifjmixgtdcqussq.dll
Md5 :6eb794c4fe0d69cfe3929ec894bbbc70
%windir%system32ifjmixgtdcqussq.dll
Md5 :ab256c1de352360522e145860a00c012
%windir%system32ifjmixgtdcqussq.dll
Md5 :b40f457a69efbf20593717259ae36c33
%windir%system32ifjmixgtdcqussq.dll
Md5 :cf51bf7504baf0899a93e08bd6f5f7af
%windir%system32khoiqpufesoz.exe
Md5 :5aadfcc7d3849da47a0856991f440d03
%windir%system32khoiqpufesoz.exe
Md5 :70e5a6137c881498ddbde9a32e9dfd38
%windir%system32nkusjtleqet.exe
Md5 :5aadfcc7d3849da47a0856991f440d03
%windir%system32pvdvjmupepsz.dll
Md5 :0dec8ebf604195713f6744f2024614f2
%windir%system32pvdvjmupepsz.dll
Md5 :1cabdd145ce5145dec8f50e8abb1a58d
%windir%system32pvdvjmupepsz.dll
Md5 :1dc3f1d0e480c6ab07bfe322a945ec7d
%windir%system32pvdvjmupepsz.dll
Md5 :7166441aa357ba24d098bf9cd33d67a4
%windir%system32qtcmxzodfugjl.dll
Md5 :553da8ccf8709ca964713775adf6f0e7
%windir%system32qtcmxzodfugjl.dll
Md5 :e25c2da209fb32825ade82723dc04237
%windir%system32ueykzibjrehhqgaft.dll
Md5 :9cc9e4db2b1965c8a4a1bcf8a0d22336
%windir%system32ueykzibjrehhqgaft.dll
Md5 :b4ceda2e04a59c7f00b182c8fcbf9521
%windir%system32ueykzibjrehhqgaft.dll
Md5 :cdafb34a4fcba4f21cdb2187c8001a30
%windir%system32ueykzibjrehhqgaft.dll
Md5 :f01cd081695cae1485ee1b1ec8e70ef5
%windir%system32waticucmjmbgpatix.exe
Md5 :5aadfcc7d3849da47a0856991f440d03
%windir%system32waticucmjmbgpatix.exe
Md5 :70e5a6137c881498ddbde9a32e9dfd38
HKEY_CLASSES_ROOTCLSID{017359B3-E3F6-B43A-6C87-029137A236A8}
HKEY_CLASSES_ROOTCLSID{0EDD0048-942B-57B9-4A8E-5FCBEFE8C711}
HKEY_CLASSES_ROOTCLSID{7A20ABE9-D72B-6326-8D11-FBB609C6B10D}
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{017359B3-E3F6-B43A-6C87-029137A236A8}
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{0EDD0048-942B-57B9-4A8E-5FCBEFE8C711}
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{7A20ABE9-D72B-6326-8D11-FBB609C6B10D}
HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionUninstallaskxgkxgoclhyr
HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionUninstallkhoiqpufesoz
HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionUninstallnkusjtleqet
HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionUninstallwaticucmjmbgpatix

[HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{939b1d4a-e885-609f-4c3c-bc946ca326e1}InProcServer32]
(Default) = “%System%ofxchulshqxfpmsnh.dll”
ThreadingModel = “Apartment”
[HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{939b1d4a-e885-609f-4c3c-bc946ca326e1}]
(Default) = “innbanner browser enhancer”
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{939b1d4a-e885-609f-4c3c-bc946ca326e1}]
NoExplorer = “”"”
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
mjcdnuhzxlmraj = “%System%Rundll32.exe “%System%ofxchulshqxfpmsnh.dll” EntryPoint”

so that ofxchulshqxfpmsnh.dll runs every time Windows starts
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstallqukxtvvyvmhgoxwcy]
DisplayName = “RON Tool Innbanner”
UninstallString = “%System%qukxtvvyvmhgoxwcy.exe”
NoModify = 0×00000000
NoRepair = 0×00000000
DisplayVersion = “2.1.2.5″
[HKEY_CURRENT_USERSoftware{2D410C4C-1755-D0C2-A0B0-8184A14538E5}]
aff_id = “innbanner”
day = 0×0000001D

Download InnbannerBrowserEnhancer Remover
 

Leave a Reply

Yes Scan My PcFor FREE!

  • Error Doctor 2009 Is Fake Antispyware

    Too often people are duped into investing in fake antispyware software that does nothing but harm their computers and put their personal information at risk. Error doctor 2009 is one of these programs, and if you have found it on your computer, it is imperative that you take steps to remove it immediately. The longer [...]

  • Spyware Profile for Win32.Allaple

    Win32.Allaple is able to enter your system as a backdoor Trojan.  Its Trojan abilities allow it to enter secretly and it will continue to run silently and undetected.  Once it has entered, it will open up a backdoor that will allow a hacker to enter.  The hacker will be able to have complete control of [...]

  • Avoid Antispyware Pro 2009

    When spyware developers stumble across a scam that works, you can bet they’ll run with it until they can run no more. They’ll take a “successful” program and replicate it over and over, just changing the name enough to avoid major detection. Such is the case with antispyware pro 2009, a rogue antispyware application in [...]

  • Remove WindowSystemSuite

    WindowSystemSuite is a rogue security program designed by hackers to convince users that their computer is infected, and that they must buy their program in order to eliminate these threats. WindowSystemSuite uses aggressive and misleading security alerts to alarm the user. This malware may install additional spyware, and is capable of disabling or deleting system [...]

© 2010 SpyZooka Blog – Easy Spyware Removal All rights reserved. Powered by Wordpress. Designed by Woo Themes