PennyBee is a software that usually installs without your knowledge with free software downloads. Identified the 08/24/2015.

Features:

– It belongs to a family of PUP (Potentially Unwanted Program).
– Vendor : PUP.Optional

Main actions :

– It installs as a process launched at startup of the system (RP),
– It installs as a service to be launched each time the system (O23),(SS/SR).
– It creates to many registry keys ‘Software’
– It creates additional folders (O43),
– It moved to the Windows prefetcher folder (O45).
– It creates an active incoming connection in the application of the firewall Windows exceptions (O87),

ZHPDiag report:

[MD5.B1F6C0D572E74B5DD467DBE8BCD3C0AF] – (…) — C:\ProgramData\IcyCarje\gigowmaw.exe [124880] [PID.352] [MD5.69B0588A999A4E3651823A09BB2E88B7] – (…) — C:\ProgramData\IcyCarje\gigoamaw.exe [124880] [PID.1544] [MD5.070E5820C5720B689C130A326A58D200] – (…) — C:\ProgramData\IcyCarje\gigo3maw.exe [98816] [PID.3632] O23 – Service: atuvpazpa (atuvpazpa) . (…) – C:\ProgramData\IcyCarje\gigoamaw.exe
O23 – Service: sihkahtaa (sihkahtaa) . (…) – C:\ProgramData\IcyCarje\gigowmaw.exe[MD5.69B0588A999A4E3651823A09BB2E88B7] [APT] [Tempo Runner gigo6maw] (…) — C:\ProgramData\IcyCarje\gigoamaw.exe [124880] O43 – CFD: 31/07/2014 – 19:51:36 – [] —-D C:\Program Files\PennyBee
O87 – FAEL: “{C39D458C-60F0-496A-a783-FA7A390BAFA9}” [In-None-P17-TRUE] .(…) — C:\ProgramData\IcyCarje\gigoamaw.exe
O87 – FAEL: “{5326545E-C27E-47FA-8748-5350F5E01548}” [In-None-P6-TRUE] .(…) — C:\ProgramData\IcyCarje\gigoamaw.exe
O87 – FAEL: “{D1292DFA-37F7-4597-A746-C30E5521B88B}” [In-None-P17-TRUE] .(…) — C:\ProgramData\IcyCarje\gigoamaw.exe
O87 – FAEL: “{D9E545E5-F50C-4803-8022-9C155AECC370}” [In-None-P6-TRUE] .(…) — C:\ProgramData\IcyCarje\gigoamaw.exe
O87 – FAEL: “{377D6288-B2FB-4DDC-9E3D-6A4219EC3109}” [In-None-P17-TRUE] .(…) — C:\ProgramData\IcyCarje\gigoamaw.exe
SR – Auto [2015/08/24 10:45:14] [ 124880] atuvpazpa (atuvpazpa) . (…) – C:\ProgramData\IcyCarje\gigoamaw.exe
SR – Auto [2015/08/24 10:45:08] [ 124880] sihkahtaa (sihkahtaa) . (…) – C:\ProgramData\IcyCarje\gigowmaw.exe

Alias:

PUP.Optional.PennyBee.A [ Malwarebytes Antimalware ]

Remove:

– Remove software in Windows Configuration Panel,
Remove with ZHPcleaner
ZHPCleaner_EN2
Diagnose with ZHPDiag
ZHPDiag_2-300x220

2016-12-30T07:34:23+00:00 Categories: Polluteware, PUP|Tags: , |Comments Off on PUP.Optional.PennyBee