fabarplus.dll - Dangerous

fabarplus.dll

Manual removal instructions:

Antivirus Report of fabarplus.dll:
fabarplus.dll Malware
fabarplus.dllDangerous
fabarplus.dllHigh Risk
fabarplus.dll
We suggest you to remove wiznaviguide_20080725_update.exe from your computer as soon as possible.
Wiznaviguide_20080725_update.exe is Trojan/Backdoor.
Kill the process wiznaviguide_20080725_update.exe and remove wiznaviguide_20080725_update.exe from Windows startup.

Malware dropper:
C:\sand-box\wiznaviguide_20080725_update.exe

Removed:
C:\Program Files\wiznavi_ieguideplus\fabhoplus.dll
C:\Program Files\wiznavi_ieguideplus\wiznaviguide_update.exe
-------------------------------------------------------------------------------------
Classification:
Code:
Antivirus Version Last Update Result
F-Secure 8.0.14470.0 2009.10.07 -
Kaspersky 7.0.0.125 2009.10.07 -
McAfee 5763 2009.10.06 -
Microsoft 1.5101 2009.10.07 -
NOD32 4485 2009.10.06 -
Symantec 1.4.4.12 2009.10.07 -

Additional information
File size: 1096669 bytes
MD5 : eb76271126aeac5872bec5846f283bca
SHA1 : fd3a2062e68da0c5e2051095e2b8e43e4a6fe843
-------------------------------------------------------------------------------------
Installation
When the program is executed, it creates the following registry subkeys and values:

----------------------------------
Keys added:10
----------------------------------
HKLM\SOFTWARE\Classes\CLSID\{1357616F-E51A-4B5C-8C81-E9AC2FC42509}
HKLM\SOFTWARE\Classes\CLSID\{1357616F-E51A-4B5C-8C81-E9AC2FC42509}\Implemented Categories
HKLM\SOFTWARE\Classes\CLSID\{1357616F-E51A-4B5C-8C81-E9AC2FC42509}\Implemented Categories\{00021493-0000-0000-C000-000000000046}
HKLM\SOFTWARE\Classes\CLSID\{1357616F-E51A-4B5C-8C81-E9AC2FC42509}\InprocServer32
HKLM\SOFTWARE\Classes\CLSID\{62B8225A-9DFC-484F-B497-13C567358051}
HKLM\SOFTWARE\Classes\CLSID\{62B8225A-9DFC-484F-B497-13C567358051}\InprocServer32
HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{1357616F-E51A-4B5C-8C81-E9AC2FC42509}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{62B8225A-9DFC-484F-B497-13C567358051}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wiznavi Guide Plus
HKLM\SOFTWARE\wiznaviguide_plus

----------------------------------
Values added:17
----------------------------------
HKLM\SOFTWARE\Classes\CLSID\{1357616F-E51A-4B5C-8C81-E9AC2FC42509}\Implemented Categories\{00021493-0000-0000-C000-000000000046}\: ""
HKLM\SOFTWARE\Classes\CLSID\{1357616F-E51A-4B5C-8C81-E9AC2FC42509}\InprocServer32\: "C:\Program Files\wiznavi_ieguideplus\fabarplus.dll"
HKLM\SOFTWARE\Classes\CLSID\{1357616F-E51A-4B5C-8C81-E9AC2FC42509}\InprocServer32\ThreadingModel: "Apartment"
HKLM\SOFTWARE\Classes\CLSID\{1357616F-E51A-4B5C-8C81-E9AC2FC42509}\: "A?A?µ?»cAI??®"
HKLM\SOFTWARE\Classes\CLSID\{62B8225A-9DFC-484F-B497-13C567358051}\InprocServer32\: "C:\Program Files\wiznavi_ieguideplus\fabhoplus.dll"
HKLM\SOFTWARE\Classes\CLSID\{62B8225A-9DFC-484F-B497-13C567358051}\InprocServer32\ThreadingModel: "Apartment"
HKLM\SOFTWARE\Classes\CLSID\{62B8225A-9DFC-484F-B497-13C567358051}\: "FreangBHO"
HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{1357616F-E51A-4B5C-8C81-E9AC2FC42509}\: ""
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{62B8225A-9DFC-484F-B497-13C567358051}\: ""
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wiznavi Guide Plus\DisplayName: "Internet Explorer Wiznavi Guide Plus"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wiznavi Guide Plus\UninstallString: ""C:\Program Files\wiznavi_ieguideplus\uninstall.exe""
HKLM\SOFTWARE\wiznaviguide_plus\ieguidever: "20080725"
HKLM\SOFTWARE\wiznaviguide_plus\sepver: "20080725"
HKLM\SOFTWARE\wiznaviguide_plus\addupver: "20080725"
HKLM\SOFTWARE\wiznaviguide_plus\pid: "notpid"
HKLM\SOFTWARE\wiznaviguide_plus\dir: "C:\Program Files\wiznavi_ieguideplus"
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\wiznaviguide_plus: "C:\Program Files\wiznavi_ieguideplus\wiznaviguide_update.exe"

----------------------------------
Values modified:0
----------------------------------

----------------------------------
Files added:7
----------------------------------
C:\Program Files\wiznavi_ieguideplus\config.exe
C:\Program Files\wiznavi_ieguideplus\fabarplus.dll
C:\Program Files\wiznavi_ieguideplus\fabhoplus.dll
C:\Program Files\wiznavi_ieguideplus\uninstall.exe
C:\Program Files\wiznavi_ieguideplus\wiznaviguide_plus.exe
C:\Program Files\wiznavi_ieguideplus\wiznaviguide_update.exe
C:\WINDOWS\system32\niebgt.dll

----------------------------------
Files deleted:1
----------------------------------
C:\sand-box\wiznaviguide_20080725_update.exe

----------------------------------
Files [attributes?] modified:0
----------------------------------

----------------------------------
Folders added:2
----------------------------------
C:\Program Files\wiznavi_ieguideplus
C:\Temp

----------------------------------
Folders deleted:0
----------------------------------

----------------------------------
Total changes:37
----------------------------------

-------------------------------------------------------------------------------------
Detected by UnHackMe:

Item Name: {62B8225A-9DFC-484F-B497-13C567358051}
Author: Unknown
Related File: C:\Program Files\wiznavi_ieguideplus\fabhoplus.dll
Type: Browser Helper Objects

Item Name: wiznaviguide_plus
Author:
Related File: C:\Program Files\wiznavi_ieguideplus\wiznaviguide_update.exe
Type: Registry Run

Removal Results: Success
Number of reboot: 1
-------------------------------------------------------------------------------------

Recommended software:
UnHackMe anti-rootkit and anti-malware
http://www.unhackme.com
RegRun Security Suite (Good choice for removal and protection)

Remove fabarplus.dll now!

Dmitry Sokolov:

I created UnHackMe in 2006 to fix the problem that antivioruses did not fix: detecting rootkits.

Since that time I work every day to fix the issues that antiviruses cannot.

If your antivirus have not helped you solve the problem, you should try UnHackMe.

We are a small company and you can ask me directly, if you have any questions.

Testimonials

You can read UnHackMe testimonials here.