PUP.Optional.1stBrowser

Logo_Malware
1stBrowser is a program that usually installs without your knowledge via free software downloads. Identified the 09/22/2015.

Features:

– It belongs to a family of PUP (Potentially Unwanted Program).
– Vendor : PUP.Optional

Main actions :

– It settled in the Base of registers to be launched each time the system (O4).
– It hijack key Winsock with its own resource (O10)
– It installs as a program (O42),
– It creates to many registry keys ‘Software’
– It creates additional folders (O43),
– It moved to the Windows prefetcher folder (O45).
– It modifies the startup of browsers Mozilla Firefox and Internet Explorer (O68),
– It creates an active incoming connection in the application of the firewall Windows exceptions (O87),

ZHPDiag report:

– (…) — C:UsersCoolmanAppDataLocal1stBrowserApplicationcrash_service.exe
– (.The 1stBrowser Authors – 1stBrowser.) — C:UsersCoolmanAppDataLocal1stBrowserApplication1stbrowser.exe
O4 – HKCU..Run: . (…) — C:UsersCoolmanAppDataLocal1stBrowserApplicationcrash_service.exe
O4 – HKCU..Run: . (.The 1stBrowser Authors – 1stBrowser.) — C:UsersCoolmanAppDataLocal1stBrowserApplication1stbrowser.exe
O4 – HKUSS-1-5-21-3521852937-3570538319-709203234-1000..Run: . (…) — C:UsersCoolmanAppDataLocal1stBrowserApplicationcrash_service.exe
O4 – HKUSS-1-5-21-3521852937-3570538319-709203234-1000..Run: . (.The 1stBrowser Authors – 1stBrowser.) — C:UsersCoolmanAppDataLocal1stBrowserApplication1stbrowser.exe
O42 – Logiciel: 1stBrowser – (.Sien S.A..) — 1stBrowser
HKCUSOFTWARE1stbrowser
O43 – CFD: 2015/09/22 01:14:47 – [] D — C:UsersCoolmanAppDataLocal1stBrowser
O43 – CFD: 2015/09/22 01:10:00 – [] D — C:UsersCoolmanAppDataLocal1stbrowserUninstall
O43 – CFD: 2015/09/22 01:09:57 – [] D — C:UsersCoolmanAppDataRoamingMicrosoftWindowsStart MenuPrograms1stBrowser
O61 – LFC: 2015/09/22 01:05:23 A . (.SIEN S.A..) — C:UsersCoolmanAppDataLocal1stbrowserUninstall1stbrowserUninstall.exe
O61 – LFC: 2015/09/22 01:38:51 A . (..) — C:UsersCoolmanAppDataLocal1stBrowserUser Dataev_hashes_whitelist.bin
O61 – LFC: 2015/09/16 14:49:23 A . (.The 1stBrowser Authors.) — C:UsersCoolmanAppDataLocal1stBrowserApplication1stbrowser.exe
O67 – Shell Spawning: (.The 1stBrowser Authors – 1stBrowser.) — C:UsersCoolmanAppDataLocal1stBrowserApplication1stbrowser.exe
O68 – StartMenuInternet: (.The 1stBrowser Authors – 1stBrowser.) — C:UsersCoolmanAppDataLocal1stBrowserApplication1stbrowser.exe
O87 – FAEL: “{BD589E9F-8853-44B6-88F2-07B5FC9169C2}” .(.The 1stBrowser Authors – 1stBrowser.) — C:UsersCoolmanAppDataLocal1stBrowserApplication1stbrowser.exe

Alias:

Agnitum Outpost: Win32.Neshta.A
AhnLab V3 Security: Win32/Neshta
Avira AntiVirus: W32/Neshta.A
Antiy Labs AVL: Virus/Win32.Neshta.a
avast!: Win32:Apanas AVG: Worm/Delf
Lavasoft Ad-Aware: Win32.Neshta.A
Baidu Antivirus: Virus.Win32.Neshta.$a
Bitdefender: Win32.Neshta.A
Bkav FE: W32.NeshtaB.PE
Clam AntiVirus: W32.Neshuta.A
CMC Antivirus: Virus.Win32.Neshta!O
Comodo Security: Win32.Neshta.A
Dr.Web: Win32.HLLP.Neshta
Emsisoft Anti-Malware: Win32.Neshta

Remove:

– Remove software via Windows Configuration Panel,
Remove with ZHPcleaner

Diagnose with ZHPDiag

1 Vote2 Votes3 Votes4 Votes5 Votes (No Ratings Yet)
SOSVirusLoading...

Leave a Comment