Author Topic: iBryte Desktop??  (Read 2511 times)

Offline lordsearider

  • Newbie
  • *
  • Posts: 2
    • Personal Message (Offline)
iBryte Desktop??
« on: April 23, 2012, 06:50:46 PM »
I have been seaching for information for "Ibryte Desktop". what i have found is that it is a "Malware" through posting on other forums.

I currently have a icon on my task bar for this program. i am unaware what it is or what it does. when you right click on it it gives you two options,"pause slider" & Exit.

Other forums are telling me that it is a malware that copies passwords and user names. Used a full scan with avast and found nothing. looked in control panel-remove programs (win 7) and could not find program. Dis find a exe file in regestery and deleted file. However Icon is still present.

Can you guys verify if this is indeed a malware and advise how to remove it?

Offline Pondus

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 21800
  • Gender: Male
    • Personal Message (Offline)
Re: iBryte Desktop??
« Reply #1 on: April 23, 2012, 07:18:49 PM »
Try a quick scan with malwarebytes

You may post the scan log here

« Last Edit: April 23, 2012, 07:22:54 PM by Pondus »
Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


Offline lordsearider

  • Newbie
  • *
  • Posts: 2
    • Personal Message (Offline)
Re: iBryte Desktop??
« Reply #2 on: April 23, 2012, 08:34:41 PM »
downloaded malwarebytes and scaned ....

/23/2012 3:59:12 PM
mbam-log-2012-04-23 (16-02-13).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 215797
Time elapsed: 2 minute(s), 18 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 1
C:\Users\larry\AppData\LocalLow\iBryte\Implementations\browseforchange\Assemblies\1\BrowserObjects.dll (Adware.IBryte) -> No action taken.

Registry Keys Detected: 31
HKCR\CLSID\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.Funmoods) -> No action taken.
HKCR\funmoods.funmoodsHlpr.1 (PUP.Funmoods) -> No action taken.
HKCR\funmoods.funmoodsHlpr (PUP.Funmoods) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.Funmoods) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.Funmoods) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.Funmoods) -> No action taken.
HKCR\CLSID\{75A4D144-506D-4BE5-81DB-EC7DA1E7F840} (PUP.Funmoods) -> No action taken.
HKCR\TypeLib\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706} (PUP.Funmoods) -> No action taken.
HKCR\esrv.funmoodsESrvc.1 (PUP.Funmoods) -> No action taken.
HKCR\esrv.funmoodsESrvc (PUP.Funmoods) -> No action taken.
HKCR\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439} (PUP.Funmoods) -> No action taken.
HKCR\escort.escortIEPane.1 (PUP.Funmoods) -> No action taken.
HKCR\escort.escortIEPane (PUP.Funmoods) -> No action taken.
HKCR\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> No action taken.
HKCR\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} (PUP.Funmoods) -> No action taken.
HKCR\funmoods.dskBnd.1 (PUP.Funmoods) -> No action taken.
HKCR\funmoods.dskBnd (PUP.Funmoods) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> No action taken.
HKCR\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13} (PUP.Funmoods) -> No action taken.
HKCR\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} (PUP.Funmoods) -> No action taken.
HKCR\funmoodsApp.appCore.1 (PUP.Funmoods) -> No action taken.
HKCR\funmoodsApp.appCore (PUP.Funmoods) -> No action taken.
HKCR\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9} (PUP.Funmoods) -> No action taken.
HKCR\f (PUP.Funmoods) -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{65bcd620-07dd-012f-819f-073cf1b8f7c6} (Adware.GamePlayLab) -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C87FC351-A80D-43E9-9A86-CF1E29DC443A} (PUP.Funmoods) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLab) -> No action taken.
HKCU\SOFTWARE\FUNMOODS\FUNMOODS (PUP.Funmoods) -> No action taken.
HKLM\SOFTWARE\Google\chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki (PUP.Funmoods) -> No action taken.
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\FUNMOODS (PUP.Funmoods) -> No action taken.

Registry Values Detected: 5
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|iBryte browseforchange Desktop (Adware.IBryte) -> Data: C:\Program Files (x86)\iBryte\browseforchange\ibrytedesktop.exe -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Data: Funmoods Toolbar -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Data:  -> No action taken.
HKCU\Software\Funmoods\funmoods|tlbrSrchUrl (PUP.Funmoods) -> Data: http://start.funmoods.com/results.php?f=3&a=ironto&q= -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\funmoods|UninstallString (PUP.Funmoods) -> Data: "C:\Program Files (x86)\Funmoods\funmoods\1.5.19.3\uninstall.exe" -> No action taken.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 2
C:\Program Files (x86)\Funmoods\funmoods\1.5.19.3 (PUP.Funmoods) -> No action taken.
C:\Program Files (x86)\Funmoods\funmoods\1.5.19.3\bh (PUP.Funmoods) -> No action taken.

Files Detected: 14
C:\Users\larry\AppData\LocalLow\iBryte\Implementations\browseforchange\Assemblies\1\BrowserObjects.dll (Adware.IBryte) -> No action taken.
C:\Program Files (x86)\iBryte\browseforchange\iBryteDesktop.exe (Adware.IBryte) -> No action taken.
C:\Program Files (x86)\Funmoods\funmoods\1.5.19.3\bh\funmoods.dll (PUP.Funmoods) -> No action taken.
C:\Program Files (x86)\Funmoods\funmoods\1.5.19.3\funmoodssrv.exe (PUP.Funmoods) -> No action taken.
C:\Program Files (x86)\Funmoods\funmoods\1.5.19.3\funmoodsTlbr.dll (PUP.Funmoods) -> No action taken.
C:\Program Files (x86)\Funmoods\funmoods\1.5.19.3\funmoodsApp.dll (PUP.Funmoods) -> No action taken.
C:\Program Files (x86)\Funmoods\funmoods\1.5.19.3\funmoodsEng.dll (PUP.Funmoods) -> No action taken.
C:\Users\larry\AppData\Local\Temp\is1373634743\IWantThis_US.exe (Adware.GamePlayLabs) -> No action taken.
C:\Users\larry\AppData\Local\Temp\is1566002423\IWantThis.exe (Adware.GamePlayLabs) -> No action taken.
C:\Users\larry\AppData\Local\Temp\~nsu.tmp\Au_.exe (Adware.GamePlayLabs) -> No action taken.
C:\Users\larry\Local Settings\Temporary Internet Files\Content.IE5\HHT8HP3Z\FLVPlayerSetup (1).exe (PUP.Adware.InstallCore) -> No action taken.
C:\Program Files (x86)\Funmoods\funmoods\1.5.19.3\escortShld.dll (PUP.Funmoods) -> No action taken.
C:\Program Files (x86)\Funmoods\funmoods\1.5.19.3\funmoodsOEM.crx (PUP.Funmoods) -> No action taken.
C:\Program Files (x86)\Funmoods\funmoods\1.5.19.3\uninstall.exe (PUP.Funmoods) -> No action taken.

(end)


I saved this before i deleted the reference's to IBryte i believe there was around 6

now the Icon no longer comes up on restart thank you.

Why did Avast not find it or protect from it?

Offline Pondus

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 21800
  • Gender: Male
    • Personal Message (Offline)
Re: iBryte Desktop??
« Reply #3 on: April 23, 2012, 10:53:10 PM »
Quote
Why did Avast not find it or protect from it?
No security program have 100% detection....

most of the detections are detected as PUP = Possible Unwanted Program
PUP scan is turned off in default avast settings....
Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


 

Google Chrome

AVAST recommends using the FREE Google Chrome™ browser.

Download Google Chrome Now