InnbannerBrowserEnhancer is a spyware program that installs as a Browser Helper Object.  It pretends to be a Browser Enhancing tool, but it only collects personal information and delivers pop-up ads.  It was first discovered on October 16, 2008.

InnbannerBrowserEnhancer is a Trojan Downloader.  It is not only capable of downloading updates and pop-up ads, it can also download other spyware, adware, viruses and worms.  It is a highly dangerous program and should be removed immediately.

InnbannerBrowserEnhancer makes efforts to avoid detection and prevent removal.  Manual removal instructions are not recommended.  Instead, you should rely on a trusted antispyware program such as SpyZooka.

Also Known As:
Trojan-Downloader.Win32.Small.buy,
Trojan-Downloader.Win32.Agent.akwa,
not-a-virus:AdWare.Win32.Agent.fwv [Kaspersky Lab],
AdDestination, Trojan-Clicker.agent.eof,
trojan-clicker.win32.agent.eof,
RON Tool Innbanner

Associated Files:
%workingdir%[RandomName].exe
Md5 :00b1f9e2e585bdbd2f7461e613216e05
%workingdir%[RandomName].exe
Md5 :090d5e59d751407f56edc817d12df622
%workingdir%[RandomName].exe
Md5 :22dc9eb37c48287ed254e88e3de0bb39
%workingdir%[RandomName].exe
Md5 :25b67566e959e6b399db407caefeb4a3
%workingdir%[RandomName].exe
Md5 :421186dc932aa66a4807b65dc3af53bf
%workingdir%[RandomName].exe
Md5 :465a99f0543557f70f9129c99ac66ee2
%workingdir%[RandomName].exe
Md5 :6f74ea66f1952e44d74bff63fd01de0b
%workingdir%[RandomName].exe
Md5 :6f765393d3935695343c28681e91869c
%workingdir%[RandomName].exe
Md5 :a1a0d23e09120bcba0dc4d123b14316f
%workingdir%[RandomName].exe
Md5 :a255806d59b86dd0cce0acc5f3bd7960
%workingdir%[RandomName].exe
Md5 :a42f8db176ce5d4856e1a84870f72098
%workingdir%[RandomName].exe
Md5 :ac0d49c97ca2f09cc941b07a4a0e86b1
%workingdir%[RandomName].exe
Md5 :c358f55a57326fb43a0068f66c38c194
%workingdir%[RandomName].exe
Md5 :e1a893c6bd216548c24f4e17a7fb989d
%workingdir%[RandomName].exe
Md5 :e44de7e6ce319bd180b9972a2a9305b8
%workingdir%[RandomName].exe
Md5 :f2063570c44f8ba23714b9e7967b42f6
%temp%activation_key
Md5 :
%temp%ax125d8.tmp
Md5 :2f5a9cadd23ff63d1a70083cf6e65586
%temp%ax13048.tmp
Md5 :13c0f40c96466a48253ec92475bf8e75
%temp%ax14154.tmp
Md5 :9811fcb5e7ed249a08fda6ad99bc4684
%temp%ax16e26.tmp
Md5 :c6bd7f9bb8d22fde936c96dbb60f5f37
%temp%ax19ca5.tmp
Md5 :41ddf2d1f79e3826d763dbe21bc4ae31
%temp%ax1a766.tmp
Md5 :e8999ef60240187bf3b2e84d5923c652
%temp%ax1e97.tmp
Md5 :c62188f6a3267db53d4a151910be792c
%temp%ax1fbef.tmp
Md5 :83fb2eeef21622299a9a00d6a241e891
%temp%nsa18.tmp
Md5 :ed1d34418c3fedc50a9a1ceb2806c9eb
%temp%nsa3.tmp
Md5 :459a505852f393a995b0029fd3e1d40a
%temp%nsc18.tmp
Md5 :77982b05666201ae40b030e86c84fe83
%temp%nsc3.tmp
Md5 :662a2c9db2ac802d4d73fb6675610f62
%temp%nsf3.tmp
Md5 :61052c013e337398a0dba1c63a52445c
%temp%nsg18.tmp
Md5 :91b8df6766b26ddcf7edc0537e753601
%temp%nsh18.tmp
Md5 :3ffc43f56a6e066749bf50fdae479357
%temp%nsh3.tmp
Md5 :cf48a181189cf370e2b95a058d07e284
%temp%nsk3.tmp
Md5 :eb13265a45f1caae325baf923fe19847
%temp%nsl3.tmp
Md5 :211959a245089217c47e4558c6d1f138
%temp%nsl3.tmp
Md5 :cb3817cef8c4e2327efd05d5ed1819ac
%temp%nsn3.tmp
Md5 :1e92cfec025ccc70c70568a6bb80677e
%temp%nso18.tmp
Md5 :863761421c7318f4d981a070831bee9b
%temp%nsp3.tmp
Md5 :4263c02007b0e6f9959c557d5d562d3d
%temp%nsp3.tmp
Md5 :da1a6e277b5e88046691a06e21f0a11d
%temp%nsq3.tmp
Md5 :614913fc3125728fe52335d648ec68b1
%temp%nss18.tmp
Md5 :f443ab697eec87b9347a1ffea6caccc8
%temp%nsu18.tmp
Md5 :2efaef09e32367687b6a983c5ab77311
%temp%nsv3.tmp
Md5 :b9b88b5807a79dded782b8559d629b2c
%temp%nsv3.tmp
Md5 :ff3c9a3ddd985da74cdb4db5ad7054d8
%temp%nsx3.tmp
Md5 :ead6c58594d031800187a54be60cf12d
%temp%nsy3.tmp
Md5 :703332ab925b5ba4842c5e17d78de5ba
%userprofile%application datamicrosoftcryptorsas-1-5-21-1224276844-362458291-1934301488-1010
%userprofile%application datamicrosoftcryptorsas-1-5-21-24353318-3302364644-979050433-1010
%userprofile%application datamicrosoftcryptorsas-1-5-21-289085736-2271787734-4103687552-1010
%userprofile%application datamicrosoftcryptorsas-1-5-21-2988256311-3946079640-51841651-1010
%userprofile%application datamicrosoftcryptorsas-1-5-21-3225304627-1580765293-4017860140-1010
%userprofile%application datamicrosoftcryptorsas-1-5-21-3511687862-2401999178-1656882943-1010
%userprofile%application datamicrosoftcryptorsas-1-5-21-3844214322-2610908656-3284161240-1010
%userprofile%application datamicrosoftcryptorsas-1-5-21-3940780282-119073973-2237615918-1010

%windir%system32_ifjmixgtdcqussq.dll
Md5 :895aa31b947cc32eb0f6e5b13eaa0575
%windir%system32_ifjmixgtdcqussq.dll
Md5 :8ac87c4b354c242b11f15e9db0db94ee
%windir%system32_ifjmixgtdcqussq.dll
Md5 :d13e4ad28bd09b738a0184b3413ceb5a
%windir%system32_pvdvjmupepsz.dll
Md5 :b7251daa5f21ef9d2fac6294ac933e62
%windir%system32_ueykzibjrehhqgaft.dll
Md5 :3d51d19529bb965e1b86e7bdc27b0691
%windir%system32_ueykzibjrehhqgaft.dll
Md5 :8a918a8f6ad9cfa5431d0e746afe44b8
%windir%system32_ueykzibjrehhqgaft.dll
Md5 :d677863e4d40643af59c0e5d9d61a468
%windir%system32askxgkxgoclhyr.exe
Md5 :5aadfcc7d3849da47a0856991f440d03
%windir%system32askxgkxgoclhyr.exe
Md5 :70e5a6137c881498ddbde9a32e9dfd38
%windir%system32ifjmixgtdcqussq.dll
Md5 :378fee00c930192598abaa9a88b8e714
%windir%system32ifjmixgtdcqussq.dll
Md5 :4bed0b220916a9c334be761cabb44764
%windir%system32ifjmixgtdcqussq.dll
Md5 :6eb794c4fe0d69cfe3929ec894bbbc70
%windir%system32ifjmixgtdcqussq.dll
Md5 :ab256c1de352360522e145860a00c012
%windir%system32ifjmixgtdcqussq.dll
Md5 :b40f457a69efbf20593717259ae36c33
%windir%system32ifjmixgtdcqussq.dll
Md5 :cf51bf7504baf0899a93e08bd6f5f7af
%windir%system32khoiqpufesoz.exe
Md5 :5aadfcc7d3849da47a0856991f440d03
%windir%system32khoiqpufesoz.exe
Md5 :70e5a6137c881498ddbde9a32e9dfd38
%windir%system32nkusjtleqet.exe
Md5 :5aadfcc7d3849da47a0856991f440d03
%windir%system32pvdvjmupepsz.dll
Md5 :0dec8ebf604195713f6744f2024614f2
%windir%system32pvdvjmupepsz.dll
Md5 :1cabdd145ce5145dec8f50e8abb1a58d
%windir%system32pvdvjmupepsz.dll
Md5 :1dc3f1d0e480c6ab07bfe322a945ec7d
%windir%system32pvdvjmupepsz.dll
Md5 :7166441aa357ba24d098bf9cd33d67a4
%windir%system32qtcmxzodfugjl.dll
Md5 :553da8ccf8709ca964713775adf6f0e7
%windir%system32qtcmxzodfugjl.dll
Md5 :e25c2da209fb32825ade82723dc04237
%windir%system32ueykzibjrehhqgaft.dll
Md5 :9cc9e4db2b1965c8a4a1bcf8a0d22336
%windir%system32ueykzibjrehhqgaft.dll
Md5 :b4ceda2e04a59c7f00b182c8fcbf9521
%windir%system32ueykzibjrehhqgaft.dll
Md5 :cdafb34a4fcba4f21cdb2187c8001a30
%windir%system32ueykzibjrehhqgaft.dll
Md5 :f01cd081695cae1485ee1b1ec8e70ef5
%windir%system32waticucmjmbgpatix.exe
Md5 :5aadfcc7d3849da47a0856991f440d03
%windir%system32waticucmjmbgpatix.exe
Md5 :70e5a6137c881498ddbde9a32e9dfd38
HKEY_CLASSES_ROOTCLSID{017359B3-E3F6-B43A-6C87-029137A236A8}
HKEY_CLASSES_ROOTCLSID{0EDD0048-942B-57B9-4A8E-5FCBEFE8C711}
HKEY_CLASSES_ROOTCLSID{7A20ABE9-D72B-6326-8D11-FBB609C6B10D}
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{017359B3-E3F6-B43A-6C87-029137A236A8}
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{0EDD0048-942B-57B9-4A8E-5FCBEFE8C711}
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{7A20ABE9-D72B-6326-8D11-FBB609C6B10D}
HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionUninstallaskxgkxgoclhyr
HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionUninstallkhoiqpufesoz
HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionUninstallnkusjtleqet
HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionUninstallwaticucmjmbgpatix

[HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{939b1d4a-e885-609f-4c3c-bc946ca326e1}InProcServer32]
(Default) = “%System%ofxchulshqxfpmsnh.dll”
ThreadingModel = “Apartment”
[HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{939b1d4a-e885-609f-4c3c-bc946ca326e1}]
(Default) = “innbanner browser enhancer”
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{939b1d4a-e885-609f-4c3c-bc946ca326e1}]
NoExplorer = “”””
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
mjcdnuhzxlmraj = “%System%Rundll32.exe “%System%ofxchulshqxfpmsnh.dll” EntryPoint”

so that ofxchulshqxfpmsnh.dll runs every time Windows starts
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstallqukxtvvyvmhgoxwcy]
DisplayName = “RON Tool Innbanner”
UninstallString = “%System%qukxtvvyvmhgoxwcy.exe”
NoModify = 0x00000000
NoRepair = 0x00000000
DisplayVersion = “2.1.2.5”
[HKEY_CURRENT_USERSoftware{2D410C4C-1755-D0C2-A0B0-8184A14538E5}]
aff_id = “innbanner”
day = 0x0000001D