Logo_Malware
1stBrowser is a program that usually installs without your knowledge via free software downloads. Identified the 09/22/2015.

Features:

– It belongs to a family of PUP (Potentially Unwanted Program).
– Vendor : PUP.Optional

Main actions :

– It settled in the Base of registers to be launched each time the system (O4).
– It hijack key Winsock with its own resource (O10)
– It installs as a program (O42),
– It creates to many registry keys ‘Software’
– It creates additional folders (O43),
– It moved to the Windows prefetcher folder (O45).
– It modifies the startup of browsers Mozilla Firefox and Internet Explorer (O68),
– It creates an active incoming connection in the application of the firewall Windows exceptions (O87),

ZHPDiag report:

[MD5.B80529C560ECB4CBA23A712B38A80D1B] – (…) — C:\Users\Coolman\AppData\Local\1stBrowser\Application\crash_service.exe [326768] [PID.5316] [MD5.D0B8860D790ED7E242A15BF30F063A80] – (.The 1stBrowser Authors – 1stBrowser.) — C:\Users\Coolman\AppData\Local\1stBrowser\Application\1stbrowser.exe [857200] [PID.5424] O4 – HKCU\..\Run: [CrashService] . (…) — C:\Users\Coolman\AppData\Local\1stBrowser\Application\crash_service.exe
O4 – HKCU\..\Run: [1stbrowser] . (.The 1stBrowser Authors – 1stBrowser.) — C:\Users\Coolman\AppData\Local\1stBrowser\Application\1stbrowser.exe
O4 – HKUS\S-1-5-21-3521852937-3570538319-709203234-1000\..\Run: [CrashService] . (…) — C:\Users\Coolman\AppData\Local\1stBrowser\Application\crash_service.exe
O4 – HKUS\S-1-5-21-3521852937-3570538319-709203234-1000\..\Run: [1stbrowser] . (.The 1stBrowser Authors – 1stBrowser.) — C:\Users\Coolman\AppData\Local\1stBrowser\Application\1stbrowser.exe
O42 – Logiciel: 1stBrowser – (.Sien S.A..) [HKCU] — 1stBrowser
HKCU\SOFTWARE\1stbrowser
O43 – CFD: 2015/09/22 01:14:47 – [] D — C:\Users\Coolman\AppData\Local\1stBrowser
O43 – CFD: 2015/09/22 01:10:00 – [] D — C:\Users\Coolman\AppData\Local\1stbrowserUninstall
O43 – CFD: 2015/09/22 01:09:57 – [] D — C:\Users\Coolman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\1stBrowser
O61 – LFC: 2015/09/22 01:05:23 A . (.SIEN S.A..) — C:\Users\Coolman\AppData\Local\1stbrowserUninstall\1stbrowserUninstall.exe [2069640] O61 – LFC: 2015/09/22 01:38:51 A . (..) — C:\Users\Coolman\AppData\Local\1stBrowser\User Data\ev_hashes_whitelist.bin [674082] O61 – LFC: 2015/09/16 14:49:23 A . (.The 1stBrowser Authors.) — C:\Users\Coolman\AppData\Local\1stBrowser\Application\1stbrowser.exe [857200] O67 – Shell Spawning: [HKCU\..\open\Command] (.The 1stBrowser Authors – 1stBrowser.) — C:\Users\Coolman\AppData\Local\1stBrowser\Application\1stbrowser.exe
O68 – StartMenuInternet: [HKLM\..\InstallInfo\ShowIconsCommand] (.The 1stBrowser Authors – 1stBrowser.) — C:\Users\Coolman\AppData\Local\1stBrowser\Application\1stbrowser.exe
O87 – FAEL: “{BD589E9F-8853-44B6-88F2-07B5FC9169C2}” [In-None-P17-TRUE] .(.The 1stBrowser Authors – 1stBrowser.) — C:\Users\Coolman\AppData\Local\1stBrowser\Application\1stbrowser.exe

Alias:

Agnitum Outpost: Win32.Neshta.A
AhnLab V3 Security: Win32/Neshta
Avira AntiVirus: W32/Neshta.A
Antiy Labs AVL: Virus/Win32.Neshta.a
avast!: Win32:Apanas [Trj] AVG: Worm/Delf
Lavasoft Ad-Aware: Win32.Neshta.A
Baidu Antivirus: Virus.Win32.Neshta.$a
Bitdefender: Win32.Neshta.A
Bkav FE: W32.NeshtaB.PE
Clam AntiVirus: W32.Neshuta.A
CMC Antivirus: Virus.Win32.Neshta!O
Comodo Security: Win32.Neshta.A
Dr.Web: Win32.HLLP.Neshta
Emsisoft Anti-Malware: Win32.Neshta

Remove:

– Remove software via Windows Configuration Panel,
Remove with ZHPcleaner
ZHPCleaner_EN2
Diagnose with ZHPDiag
ZHPDiag_2-300x220

2016-12-30T07:34:24+00:00 Categories: Polluteware, PUP|Tags: , |Comments Off on PUP.Optional.1stBrowser