Threat Information for "E2give Plug-in"

Removal Top

StopSign will automatically remove this infection with a paid membership.

Summary Top
  • Name: E2give Plug-in
  • Aliases:TR/Spy.VB.EH.41, Win32:VB-ME, PSW.Generic2.DYX, TrojanSpy.VB.eh, BackDoor.Generic.1273, Win32/SillyDL.2vk!Trojan
  • Date Discovered: 2006-08-22
  • Protection Added: 2006-08-28
Description Top 
-- Ease of Removal

1: File names uniquely generated
2: File contents uniquely generated
3: Injects DLLs into running processes
4: Runs as a BHO or shell extension
5: Consistent file contents
6: Consistently named
7: Creates new registry entries with consistent data

-- Damage/Intrusion/Annoyance

1: Displays targeted popup advertisements
2: Creates new files
3: Autoruns at startup without an option to be disabled

-- Propagation/Saturation

1: Installed by other infections
Technical Details Top
  • Added Directory/File:
    FilePath: %CACHE%\data*.bin
  • Added Directory/File:
    FilePath: %SYSTEMDIR%\*.exe MD5: acbcc4069bd20a165ed34bc44db4a063
  • Added Directory/File:
    FilePath: %TEMPDIR%\??.exe
  • Added Directory/File:
    FilePath: %SYSTEMDIR%\data.~
  • Added Directory/File:
    FilePath: %SYSTEMDIR%\*.exe MD5: e0c2ef89947bdfe90063a283ae5ffe88
  • Added Directory/File:
    FilePath: %PROGRAMFILESDIR%\E2G
  • Added Directory/File:
    FilePath: %ROOTDRIVE%~
  • Added Directory/File:
    FilePath: %SYSTEMDIR%\*_32.dll FileSize: 52224
  • Added Directory/File:
    FilePath: %PROGRAMFILESDIR%\E2G\data??
  • Added Directory/File:
    FilePath: %CACHE%\*.exe MD5: f1ead5d3df6cad5871f6723f2b80dd5d
  • Added Directory/File:
    FilePath: %SYSTEMDIR%\??????.exe MD5: 4fd45c19ddc997a8e5116d28e9919dd3
  • Added Directory/File:
    FilePath: %TEMPDIR%\nein.exe
  • Added Directory/File:
    FilePath: %SYSTEMDIR%\key.~
  • Added Directory/File:
    FilePath: %SYSTEMDIR%\log.~
  • Added Directory/File:
    FilePath: %SYSTEMDIR%\inicfg32.dll
  • Added Directory/File:
    FilePath: %SYSTEMDIR%\*.exe FileSize: 69632
  • Added Directory/File:
    FilePath: %SYSTEMDIR%\*.exe FileSize: 68096
  • Added Directory/File:
    FilePath: %PROGRAMFILESDIR%\E2G\IeBHOs.dll
  • Added Directory/File:
    FilePath: %CACHE%\inicfg32*.dll
  • Added Directory/File:
    FilePath: %SYSTEMDIR%\*_32.exe FileSize: 52224
  • Added Registry Key:
    Key: HKLM\SOFTWARE\Classes\CLSID\{4A5B6259-BBC8-4E5C-8933-92DFEA3AD8AD}
  • Added Registry Key:
    Key: HKLM\SOFTWARE\E2G
  • Added Registry Key:
    Key: HKLM\SOFTWARE\Classes\CLSID\{4A5B228C-08E4-410D-AA45-3CE38E324611}
  • Added Registry Key:
    Key: HKLM\SOFTWARE\Classes\CLSID\{4A5AD5DE-4B4D-4B52-B537-DC24A04076BC}
  • Added Registry Key:
    Key: HKLM\%CURRENTVERSIONREG%\Uninstall\e2g Plugin
  • Added Registry Key:
    Key: HKLM\SOFTWARE\Classes\CLSID\{4A5B87EE-9A41-4A4E-9FCB-921809D1961E}
  • Added Registry Key:
    Key: HKLM\SOFTWARE\Classes\CLSID\{3643ABC2-21BF-46B9-B230-F247DB0C6FD6}
  • Added Registry Key:
    Key: HKCR\CLSID\{4A5B1665-1144-44D4-B9AC-299E3905D581}
  • Added Registry Key:
    Key: HKLM\SOFTWARE\Classes\AppID\IeBHOs.DLL
  • Added Registry Key:
    Key: HKLM\SOFTWARE\Classes\TypeLib\{3B99F202-145A-4E5A-AC7B-88A36910BF5E}
  • Added Registry Key:
    Key: HKLM\SOFTWARE\Classes\IeBHOs.Control
  • Added Registry Key:
    Key: HKLM\SOFTWARE\Classes\CLSID\{4A5B60D5-BE42-4D66-96A5-74B8B2710C64}
  • Added Registry Key:
    Key: HKLM\SOFTWARE\Classes\CLSID\{4A5B1D5B-05BD-4965-9FB7-83C92A2EB711}
  • Added Registry Key:
    Key: HKCU\Software\PTech
  • Added Registry Key:
    Key: HKLM\SOFTWARE\Classes\CLSID\{4A5B8B85-99B9-473F-A561-DCD728BD0E2B}
  • Added Registry Key:
    Key: HKLM\SOFTWARE\Classes\CLSID\{4A5AB4C0-71F3-45CA-A5B4-CD62EB2E462C}
  • Added Registry Key:
    Key: HKLM\SOFTWARE\Classes\CLSID\{4A5B1665-1144-44D4-B9AC-299E3905D581}
  • Added Registry Key:
    Key: HKLM\SOFTWARE\Classes\AppID\{3B99F202-145A-4E5A-AC7B-88A36910BF5E}
  • Added Registry Key:
    Key: HKLM\%BHOREG%\{3643ABC2-21BF-46B9-B230-F247DB0C6FD6}
  • Added Registry Key:
    Key: HKLM\SOFTWARE\Classes\IeBHOs.Control.1
  • Added Registry Data:
    Key: HKCU\%CURRENTVERSIONREG%\Policies\Explorer\Run Value: [RANDOM VALUE] Data: %SYSTEMDIR%\??????.exe
  • Added Registry Data:
    Key: HKCU\%CURRENTVERSIONREG%\RunOnce Value: [RANDOM VALUE] Data: %SYSTEMDIR%\??????.exe
  • Added Registry Data:
    Key: HKCU\%CURRENTVERSIONREG%\Policies\Explorer\Run Value: [RANDOM VALUE] Data: %SYSTEMDIR%\msrvbv.exe
  • Removed Module:
    Process: *.exe Module: %SYSTEMDIR%\inicfg32.dll
  • Removed Module:
    Process: *.exe Module: %PROGRAMFILESDIR%\E2G\IeBHOs.dll