Threat Information for "E2give Plug-in"

Removal Top

StopSign will automatically remove this infection with a paid membership.

Summary Top
  • Name: E2give Plug-in
  • Aliases:TR/VB.QN.1, W32/Trojan.CKU, Win32:VB-ME, PSW.Generic.YGU, Trojan.Spy.VB.L, TrojanSpy.VB.eh
  • Date Discovered: 2006-09-15
  • Protection Added: 2006-09-15
Description Top 
-- Ease of Removal

1: Runs as a BHO or shell extension
2: Injects DLLs into running processes
3: File names uniquely generated
4: Creates new unique registry entries

-- Damage/Intrusion/Annoyance

1: Displays targeted popup advertisements
2: Creates new files
3: Autoruns at startup without an option to be disabled

-- Propagation/Saturation

1: Infects by Active-X Control
2: Bundled with third-party applications
3: Installed by other infections
Technical Details Top
  • Added Directory/File:
    FilePath: %SYSTEMDIR%\*.exe MD5: e0c2ef89947bdfe90063a283ae5ffe88
  • Added Directory/File:
    FilePath: %SYSTEMDIR%\inicfg32.dll
  • Added Directory/File:
    FilePath: %CACHE%\inicfg32*.dll
  • Added Directory/File:
    FilePath: %SYSTEMDIR%\*_32.dll FileSize: 52224
  • Added Directory/File:
    FilePath: %PROGRAMFILESDIR%\E2G\IeBHOs.dll
  • Added Directory/File:
    FilePath: %CACHE%\data*.bin
  • Added Directory/File:
    FilePath: %SYSTEMDIR%\??????.exe MD5: 4fd45c19ddc997a8e5116d28e9919dd3
  • Added Directory/File:
    FilePath: %TEMPDIR%\??.exe
  • Added Directory/File:
    FilePath: %SYSTEMDIR%\key.~
  • Added Directory/File:
    FilePath: %SYSTEMDIR%\*.exe FileSize: 69632
  • Added Directory/File:
    FilePath: %SYSTEMDIR%\log.~
  • Added Directory/File:
    FilePath: %SYSTEMDIR%\iniwin32.dll
  • Added Directory/File:
    FilePath: %CACHE%\iniwin32*.dll
  • Added Directory/File:
    FilePath: %SYSTEMDIR%\*.exe FileSize: 68096
  • Added Directory/File:
    FilePath: %PROGRAMFILESDIR%\E2G
  • Added Directory/File:
    FilePath: %CACHE%\*.exe MD5: f1ead5d3df6cad5871f6723f2b80dd5d
  • Added Directory/File:
    FilePath: %SYSTEMDIR%\*_32.exe FileSize: 52224
  • Added Directory/File:
    FilePath: %PROGRAMFILESDIR%\E2G\data??
  • Added Directory/File:
    FilePath: %TEMPDIR%\nein.exe
  • Added Directory/File:
    FilePath: %SYSTEMDIR%\*.exe MD5: acbcc4069bd20a165ed34bc44db4a063
  • Added Directory/File:
    FilePath: %SYSTEMDIR%\*.exe MD5: 976753dd82759b6ca8f5c4b62cc25f92
  • Added Directory/File:
    FilePath: %SYSTEMDIR%\data.~
  • Added Directory/File:
    FilePath: %ROOTDRIVE%~
  • Added Registry Key:
    Key: HKLM\SOFTWARE\Classes\CLSID\{4A5B7A65-A413-4E05-A38C-5D6555096E28}
  • Added Registry Key:
    Key: HKLM\SOFTWARE\Classes\AppID\IeBHOs.DLL
  • Added Registry Key:
    Key: HKLM\SOFTWARE\Classes\TypeLib\{3B99F202-145A-4E5A-AC7B-88A36910BF5E}
  • Added Registry Key:
    Key: HKLM\SOFTWARE\Classes\CLSID\{4A5B60D5-BE42-4D66-96A5-74B8B2710C64}
  • Added Registry Key:
    Key: HKLM\SOFTWARE\Classes\IeBHOs.Control
  • Added Registry Key:
    Key: HKLM\SOFTWARE\Classes\CLSID\{4A5B1D5B-05BD-4965-9FB7-83C92A2EB711}
  • Added Registry Key:
    Key: HKLM\SOFTWARE\Classes\CLSID\{4A5B8B85-99B9-473F-A561-DCD728BD0E2B}
  • Added Registry Key:
    Key: HKCU\Software\PTech
  • Added Registry Key:
    Key: HKLM\SOFTWARE\Classes\CLSID\{4A5AB4C0-71F3-45CA-A5B4-CD62EB2E462C}
  • Added Registry Key:
    Key: HKLM\SOFTWARE\Classes\CLSID\{4A5B1665-1144-44D4-B9AC-299E3905D581}
  • Added Registry Key:
    Key: HKLM\SOFTWARE\Classes\TypeLib\{3B99F202-145A-4E5A-AC7B-88A36910BF5E}
  • Added Registry Key:
    Key: HKLM\SOFTWARE\Classes\AppID\{3B99F202-145A-4E5A-AC7B-88A36910BF5E}
  • Added Registry Key:
    Key: HKLM\%BHOREG%\{3643ABC2-21BF-46B9-B230-F247DB0C6FD6}
  • Added Registry Key:
    Key: HKLM\SOFTWARE\Classes\CLSID\{4A5B1F6B-005E-4CB4-B7B0-331A8FE6167E}
  • Added Registry Key:
    Key: HKLM\SOFTWARE\Classes\IeBHOs.Control.1
  • Added Registry Key:
    Key: HKLM\SOFTWARE\Classes\CLSID\{4A5B6259-BBC8-4E5C-8933-92DFEA3AD8AD}
  • Added Registry Key:
    Key: HKLM\SOFTWARE\Classes\CLSID\{4A5B228C-08E4-410D-AA45-3CE38E324611}
  • Added Registry Key:
    Key: HKLM\SOFTWARE\E2G
  • Added Registry Key:
    Key: HKLM\SOFTWARE\Classes\CLSID\{4A5AD5DE-4B4D-4B52-B537-DC24A04076BC}
  • Added Registry Key:
    Key: HKLM\%CURRENTVERSIONREG%\Uninstall\e2g Plugin
  • Added Registry Key:
    Key: HKLM\SOFTWARE\Classes\CLSID\{4A5B87EE-9A41-4A4E-9FCB-921809D1961E}
  • Added Registry Key:
    Key: HKLM\SOFTWARE\Classes\CLSID\{3643ABC2-21BF-46B9-B230-F247DB0C6FD6}
  • Added Registry Key:
    Key: HKCR\CLSID\{4A5B1665-1144-44D4-B9AC-299E3905D581}
  • Added Registry Data:
    Key: HKCU\%CURRENTVERSIONREG%\Policies\Explorer\Run Value: [RANDOM VALUE] Data: %SYSTEMDIR%\??????.exe
  • Added Registry Data:
    Key: HKCU\%CURRENTVERSIONREG%\RunOnce Value: [RANDOM VALUE] Data: %SYSTEMDIR%\??????.exe
  • Added Registry Data:
    Key: HKCU\%CURRENTVERSIONREG%\Policies\Explorer\Run Value: [RANDOM VALUE] Data: %SYSTEMDIR%\msrvbv.exe
  • Added Module:
    Process: *.exe Module: %SYSTEMDIR%\iniwin32.dll
  • Removed Module:
    Process: *.exe Module: %PROGRAMFILESDIR%\E2G\IeBHOs.dll
  • Removed Module:
    Process: *.exe Module: %SYSTEMDIR%\inicfg32.dll