wiznaviguide_20080725_update.exe - Dangerous
wiznaviguide_20080725_update.exe
Manual removal instructions:
Antivirus Report of wiznaviguide_20080725_update.exe:
wiznaviguide_20080725_update.exe
We suggest you to remove wiznaviguide_20080725_update.exe from your computer as soon as possible.
Wiznaviguide_20080725_update.exe is Trojan/Backdoor.
Kill the process wiznaviguide_20080725_update.exe and remove wiznaviguide_20080725_update.exe from Windows startup.
Malware dropper:
C:\sand-box\wiznaviguide_20080725_update.exe
Removed:
C:\Program Files\wiznavi_ieguideplus\fabhoplus.dll
C:\Program Files\wiznavi_ieguideplus\wiznaviguide_update.exe
-------------------------------------------------------------------------------------
Classification:
Code:
Antivirus Version Last Update Result
F-Secure 8.0.14470.0 2009.10.07 -
Kaspersky 7.0.0.125 2009.10.07 -
McAfee 5763 2009.10.06 -
Microsoft 1.5101 2009.10.07 -
NOD32 4485 2009.10.06 -
Symantec 1.4.4.12 2009.10.07 -
Additional information
File size: 1096669 bytes
MD5 : eb76271126aeac5872bec5846f283bca
SHA1 : fd3a2062e68da0c5e2051095e2b8e43e4a6fe843
-------------------------------------------------------------------------------------
Installation
When the program is executed, it creates the following registry subkeys and values:
----------------------------------
Keys added:10
----------------------------------
HKLM\SOFTWARE\Classes\CLSID\{1357616F-E51A-4B5C-8C81-E9AC2FC42509}
HKLM\SOFTWARE\Classes\CLSID\{1357616F-E51A-4B5C-8C81-E9AC2FC42509}\Implemented Categories
HKLM\SOFTWARE\Classes\CLSID\{1357616F-E51A-4B5C-8C81-E9AC2FC42509}\Implemented Categories\{00021493-0000-0000-C000-000000000046}
HKLM\SOFTWARE\Classes\CLSID\{1357616F-E51A-4B5C-8C81-E9AC2FC42509}\InprocServer32
HKLM\SOFTWARE\Classes\CLSID\{62B8225A-9DFC-484F-B497-13C567358051}
HKLM\SOFTWARE\Classes\CLSID\{62B8225A-9DFC-484F-B497-13C567358051}\InprocServer32
HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{1357616F-E51A-4B5C-8C81-E9AC2FC42509}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{62B8225A-9DFC-484F-B497-13C567358051}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wiznavi Guide Plus
HKLM\SOFTWARE\wiznaviguide_plus
----------------------------------
Values added:17
----------------------------------
HKLM\SOFTWARE\Classes\CLSID\{1357616F-E51A-4B5C-8C81-E9AC2FC42509}\Implemented Categories\{00021493-0000-0000-C000-000000000046}\: ""
HKLM\SOFTWARE\Classes\CLSID\{1357616F-E51A-4B5C-8C81-E9AC2FC42509}\InprocServer32\: "C:\Program Files\wiznavi_ieguideplus\fabarplus.dll"
HKLM\SOFTWARE\Classes\CLSID\{1357616F-E51A-4B5C-8C81-E9AC2FC42509}\InprocServer32\ThreadingModel: "Apartment"
HKLM\SOFTWARE\Classes\CLSID\{1357616F-E51A-4B5C-8C81-E9AC2FC42509}\: "A?A?µ?»cAI??®"
HKLM\SOFTWARE\Classes\CLSID\{62B8225A-9DFC-484F-B497-13C567358051}\InprocServer32\: "C:\Program Files\wiznavi_ieguideplus\fabhoplus.dll"
HKLM\SOFTWARE\Classes\CLSID\{62B8225A-9DFC-484F-B497-13C567358051}\InprocServer32\ThreadingModel: "Apartment"
HKLM\SOFTWARE\Classes\CLSID\{62B8225A-9DFC-484F-B497-13C567358051}\: "FreangBHO"
HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{1357616F-E51A-4B5C-8C81-E9AC2FC42509}\: ""
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{62B8225A-9DFC-484F-B497-13C567358051}\: ""
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wiznavi Guide Plus\DisplayName: "Internet Explorer Wiznavi Guide Plus"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wiznavi Guide Plus\UninstallString: ""C:\Program Files\wiznavi_ieguideplus\uninstall.exe""
HKLM\SOFTWARE\wiznaviguide_plus\ieguidever: "20080725"
HKLM\SOFTWARE\wiznaviguide_plus\sepver: "20080725"
HKLM\SOFTWARE\wiznaviguide_plus\addupver: "20080725"
HKLM\SOFTWARE\wiznaviguide_plus\pid: "notpid"
HKLM\SOFTWARE\wiznaviguide_plus\dir: "C:\Program Files\wiznavi_ieguideplus"
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\wiznaviguide_plus: "C:\Program Files\wiznavi_ieguideplus\wiznaviguide_update.exe"
----------------------------------
Values modified:0
----------------------------------
----------------------------------
Files added:7
----------------------------------
C:\Program Files\wiznavi_ieguideplus\config.exe
C:\Program Files\wiznavi_ieguideplus\fabarplus.dll
C:\Program Files\wiznavi_ieguideplus\fabhoplus.dll
C:\Program Files\wiznavi_ieguideplus\uninstall.exe
C:\Program Files\wiznavi_ieguideplus\wiznaviguide_plus.exe
C:\Program Files\wiznavi_ieguideplus\wiznaviguide_update.exe
C:\WINDOWS\system32\niebgt.dll
----------------------------------
Files deleted:1
----------------------------------
C:\sand-box\wiznaviguide_20080725_update.exe
----------------------------------
Files [attributes?] modified:0
----------------------------------
----------------------------------
Folders added:2
----------------------------------
C:\Program Files\wiznavi_ieguideplus
C:\Temp
----------------------------------
Folders deleted:0
----------------------------------
----------------------------------
Total changes:37
----------------------------------
-------------------------------------------------------------------------------------
Detected by UnHackMe:
Item Name: {62B8225A-9DFC-484F-B497-13C567358051}
Author: Unknown
Related File: C:\Program Files\wiznavi_ieguideplus\fabhoplus.dll
Type: Browser Helper Objects
Item Name: wiznaviguide_plus
Author:
Related File: C:\Program Files\wiznavi_ieguideplus\wiznaviguide_update.exe
Type: Registry Run
Removal Results: Success
Number of reboot: 1
-------------------------------------------------------------------------------------
Recommended software:
UnHackMe anti-rootkit and anti-malware
http://www.unhackme.com
RegRun Security Suite (Good choice for removal and protection)
| wiznaviguide_20080725_update.exe | Malware |
| wiznaviguide_20080725_update.exe | Dangerous |
| wiznaviguide_20080725_update.exe | High Risk |
Wiznaviguide_20080725_update.exe is Trojan/Backdoor.
Kill the process wiznaviguide_20080725_update.exe and remove wiznaviguide_20080725_update.exe from Windows startup.
Malware dropper:
C:\sand-box\wiznaviguide_20080725_update.exe
Removed:
C:\Program Files\wiznavi_ieguideplus\fabhoplus.dll
C:\Program Files\wiznavi_ieguideplus\wiznaviguide_update.exe
-------------------------------------------------------------------------------------
Classification:
Code:
Antivirus Version Last Update Result
F-Secure 8.0.14470.0 2009.10.07 -
Kaspersky 7.0.0.125 2009.10.07 -
McAfee 5763 2009.10.06 -
Microsoft 1.5101 2009.10.07 -
NOD32 4485 2009.10.06 -
Symantec 1.4.4.12 2009.10.07 -
Additional information
File size: 1096669 bytes
MD5 : eb76271126aeac5872bec5846f283bca
SHA1 : fd3a2062e68da0c5e2051095e2b8e43e4a6fe843
-------------------------------------------------------------------------------------
Installation
When the program is executed, it creates the following registry subkeys and values:
----------------------------------
Keys added:10
----------------------------------
HKLM\SOFTWARE\Classes\CLSID\{1357616F-E51A-4B5C-8C81-E9AC2FC42509}
HKLM\SOFTWARE\Classes\CLSID\{1357616F-E51A-4B5C-8C81-E9AC2FC42509}\Implemented Categories
HKLM\SOFTWARE\Classes\CLSID\{1357616F-E51A-4B5C-8C81-E9AC2FC42509}\Implemented Categories\{00021493-0000-0000-C000-000000000046}
HKLM\SOFTWARE\Classes\CLSID\{1357616F-E51A-4B5C-8C81-E9AC2FC42509}\InprocServer32
HKLM\SOFTWARE\Classes\CLSID\{62B8225A-9DFC-484F-B497-13C567358051}
HKLM\SOFTWARE\Classes\CLSID\{62B8225A-9DFC-484F-B497-13C567358051}\InprocServer32
HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{1357616F-E51A-4B5C-8C81-E9AC2FC42509}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{62B8225A-9DFC-484F-B497-13C567358051}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wiznavi Guide Plus
HKLM\SOFTWARE\wiznaviguide_plus
----------------------------------
Values added:17
----------------------------------
HKLM\SOFTWARE\Classes\CLSID\{1357616F-E51A-4B5C-8C81-E9AC2FC42509}\Implemented Categories\{00021493-0000-0000-C000-000000000046}\: ""
HKLM\SOFTWARE\Classes\CLSID\{1357616F-E51A-4B5C-8C81-E9AC2FC42509}\InprocServer32\: "C:\Program Files\wiznavi_ieguideplus\fabarplus.dll"
HKLM\SOFTWARE\Classes\CLSID\{1357616F-E51A-4B5C-8C81-E9AC2FC42509}\InprocServer32\ThreadingModel: "Apartment"
HKLM\SOFTWARE\Classes\CLSID\{1357616F-E51A-4B5C-8C81-E9AC2FC42509}\: "A?A?µ?»cAI??®"
HKLM\SOFTWARE\Classes\CLSID\{62B8225A-9DFC-484F-B497-13C567358051}\InprocServer32\: "C:\Program Files\wiznavi_ieguideplus\fabhoplus.dll"
HKLM\SOFTWARE\Classes\CLSID\{62B8225A-9DFC-484F-B497-13C567358051}\InprocServer32\ThreadingModel: "Apartment"
HKLM\SOFTWARE\Classes\CLSID\{62B8225A-9DFC-484F-B497-13C567358051}\: "FreangBHO"
HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{1357616F-E51A-4B5C-8C81-E9AC2FC42509}\: ""
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{62B8225A-9DFC-484F-B497-13C567358051}\: ""
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wiznavi Guide Plus\DisplayName: "Internet Explorer Wiznavi Guide Plus"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wiznavi Guide Plus\UninstallString: ""C:\Program Files\wiznavi_ieguideplus\uninstall.exe""
HKLM\SOFTWARE\wiznaviguide_plus\ieguidever: "20080725"
HKLM\SOFTWARE\wiznaviguide_plus\sepver: "20080725"
HKLM\SOFTWARE\wiznaviguide_plus\addupver: "20080725"
HKLM\SOFTWARE\wiznaviguide_plus\pid: "notpid"
HKLM\SOFTWARE\wiznaviguide_plus\dir: "C:\Program Files\wiznavi_ieguideplus"
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\wiznaviguide_plus: "C:\Program Files\wiznavi_ieguideplus\wiznaviguide_update.exe"
----------------------------------
Values modified:0
----------------------------------
----------------------------------
Files added:7
----------------------------------
C:\Program Files\wiznavi_ieguideplus\config.exe
C:\Program Files\wiznavi_ieguideplus\fabarplus.dll
C:\Program Files\wiznavi_ieguideplus\fabhoplus.dll
C:\Program Files\wiznavi_ieguideplus\uninstall.exe
C:\Program Files\wiznavi_ieguideplus\wiznaviguide_plus.exe
C:\Program Files\wiznavi_ieguideplus\wiznaviguide_update.exe
C:\WINDOWS\system32\niebgt.dll
----------------------------------
Files deleted:1
----------------------------------
C:\sand-box\wiznaviguide_20080725_update.exe
----------------------------------
Files [attributes?] modified:0
----------------------------------
----------------------------------
Folders added:2
----------------------------------
C:\Program Files\wiznavi_ieguideplus
C:\Temp
----------------------------------
Folders deleted:0
----------------------------------
----------------------------------
Total changes:37
----------------------------------
-------------------------------------------------------------------------------------
Detected by UnHackMe:
Item Name: {62B8225A-9DFC-484F-B497-13C567358051}
Author: Unknown
Related File: C:\Program Files\wiznavi_ieguideplus\fabhoplus.dll
Type: Browser Helper Objects
Item Name: wiznaviguide_plus
Author:
Related File: C:\Program Files\wiznavi_ieguideplus\wiznaviguide_update.exe
Type: Registry Run
Removal Results: Success
Number of reboot: 1
-------------------------------------------------------------------------------------
Recommended software:
UnHackMe anti-rootkit and anti-malware
http://www.unhackme.com
RegRun Security Suite (Good choice for removal and protection)
Dmitry Sokolov:
I created UnHackMe in 2006 to fix the problem that antivioruses did not fix: detecting rootkits.
Since that time I work every day to fix the issues that antiviruses cannot.
If your antivirus have not helped you solve the problem, you should try UnHackMe.
We are a small company and you can ask me directly, if you have any questions.