We received the file INFORMATION-CODEDOWNLOADER.EXE and detected that INFORMATION-CODEDOWNLOADER.EXE is not good.
INFORMATION-CODEDOWNLOADER.EXE is Adware. You should remove the file INFORMATION-CODEDOWNLOADER.EXE.
Kill the process INFORMATION-CODEDOWNLOADER.EXE and remove INFORMATION-CODEDOWNLOADER.EXE from Windows.
Malware Analysis of INFORMATION-CODEDOWNLOADER.EXE
Full path on a computer: %Program Files%\Information\Information-codedownloader.exe
Detected by UnHackMe:
INFORMATION-CODEDOWNLOADER.EXE
Default location: %Program Files%\Information\Information-codedownloader.exe
Removal Results: Success
Number of reboot: 1
INFORMATION-CODEDOWNLOADER.EXE is known as:
Adware.PUP.Optional.Information.A, Adware.Crossid, Crossrider (fs), a variant of Win32.Toolbar.CrossRider.X, Adware.CrossRider.X
INFORMATION-CODEDOWNLOADER.EXE hash:
- MD5: 05ca89378594053d6efda2d49821c112
The file tries to connect to the dangerous web site.
How to quickly detect INFORMATION-CODEDOWNLOADER.EXE presence?
![]( "Registry")
Registry:
![]( "Folders")
Folders:
![]( "Files")
Files:
Registry:- HKLM\Software\Classes\CLSID\{11111111-1111-1111-1111-110511031168}\InprocServer32\: “%Program Files%\Information\Information-bho.dll”
- HKLM\Software\Classes\CLSID\{22222222-2222-2222-2222-220522032268}\InprocServer32\: “%Program Files%\Information\Information-bho.dll”
- HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Information\DisplayName: “Information”
- HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Information\UninstallString: “%Program Files%\Information\Uninstall.exe /fromcontrolpanel=1″
Folders:- %Appdata%\Mozilla\Firefox\Profiles\profile.default\extensions\ce85a36c-113a-4928-aa86-88a31bd595e7@aa144f8a-c1f6-481f-991c-18bf0472c970.com
- %Local Appdata%\Google\Chrome\User Data\Default\Extensions\mgacjdfplhakjfljpbbagagjcbccpmnl
- %Temp%\nsj9.tmp
- %Temp%\nsj9.tmp\extensionData
- %Temp%\nsr3.tmp
- %Program Files%\Information
Files:- %Temp%\GetCC.dll
- %Temp%\information.exe
- %Temp%\nsr3.tmp\CLR.dll
- %Temp%\SendMsg.dll
- %Program Files%\Information\50368.crx
- %Program Files%\Information\50368.xpi
- %Program Files%\Information\5b05dac8-0aa2-495d-a550-eaac5235a2fb-2.exe
- %Program Files%\Information\5b05dac8-0aa2-495d-a550-eaac5235a2fb-3.exe
- %Program Files%\Information\5b05dac8-0aa2-495d-a550-eaac5235a2fb-4.exe
- %Program Files%\Information\5b05dac8-0aa2-495d-a550-eaac5235a2fb-5.exe
- %Program Files%\Information\background.html
- %Program Files%\Information\Information-bg.exe
- %Program Files%\Information\Information-bho.dll
- %Program Files%\Information\Information-codedownloader.exe
- %Program Files%\Information\Information.ico
- %Program Files%\Information\Uninstall.exe
- %Program Files%\Information\utils.exe
- %WinDir%\Tasks\5b05dac8-0aa2-495d-a550-eaac5235a2fb-1.job
- %WinDir%\Tasks\5b05dac8-0aa2-495d-a550-eaac5235a2fb-2.job
- %WinDir%\Tasks\5b05dac8-0aa2-495d-a550-eaac5235a2fb-3.job
- %WinDir%\Tasks\5b05dac8-0aa2-495d-a550-eaac5235a2fb-4.job
- %WinDir%\Tasks\5b05dac8-0aa2-495d-a550-eaac5235a2fb-5.job