What is insidminer.exe and trii.exe?

Today I was helping out a guy with some malware removal. We found a file called insidminer.exe on his computer. The file properties shows another filename: trii.exe.

I don’t know what it does, but it is malware for sure. Check out the results from the anti-virus scanners:

  • Avast Win32:Malware-gen
  • Ikarus Win32.SuspectCrc
  • Commtouch W32/Trojan.GOEZ-4180
  • Comodo UnclassifiedMalware
  • AhnLab-V3 Trojan/Win32.Agent
  • NANO-Antivirus Trojan.Win32.Stealer.brdryl
  • VIPRE Trojan.Win32.Generic!BT
  • Kaspersky Trojan.Win32.Agent.zzet
  • DrWeb Trojan.PWS.Stealer.715
  • Emsisoft Trojan.GenericKDV.950289 (B)
  • MicroWorld-eScan Trojan.GenericKDV.950289
  • BitDefender Trojan.GenericKDV.950289
  • F-Secure Trojan.GenericKDV.950289
  • GData Trojan.GenericKDV.950289
  • Symantec Trojan.Gen
  • PCTools Trojan.Gen
  • TrendMicro-HouseCall TROJ_SPNR.08E513
  • TrendMicro TROJ_SPNR.08E513
  • Panda Trj/CI.A
  • AntiVir TR/Kazy.165574
  • K7AntiVirus Riskware
  • K7GW Riskware
  • McAfee RDN/Generic PWS.y!ly
  • McAfee-GW-Edition RDN/Generic PWS.y!ly
  • Fortinet MSIL/Kryptik.JC
  • Sophos Mal/Generic-S
  • Norman Inject.RAT
  • AVG Generic32.BSUW
  • ESET-NOD32 a variant of MSIL/Kryptik.JC

What is LemurLeap, updateLemurLeap.exe and LemurLeapBHO.dll? – Removal instructions

Lemur Leap, or LemurLeap, is an adware programs that will pop up coupons when browsing the web.

LemurLeap is easy to uninstall. Just go to the Control Panel and uninstall it there. If that did not work, please let me know and I’ll provide alternative uninstall instructions.

Here are the scan results from VirusTotal for one of the LemurLeap files:

  • VIPRE Yontoo (fs)
  • Kingsoft Win32.Troj.Generic.a.(kcloud)
  • TrendMicro-HouseCall TROJ_GEN.F47V0904
  • Malwarebytes PUP.Optional.LemurLeap.A
  • DrWeb Adware.Plugin.100
  • ESET-NOD32 a variant of MSIL/BrowseFox.A

Over and out…

What is jet.exe by Performersoft?

Today I stumbled upon a new web browser called Jet. It looks very much like Chrome, after looking more carefully I could see that it was build with the Chromium framework.

Jet.exe is detected by some anti-virus programs:

  • Comodo UnclassifiedMalware
  • TrendMicro-HouseCall TROJ_GEN.F47V0816
  • VIPRE InstallBrain (fs)
  • AntiVir APPL/InstallBrain.BY

What is LizardLink and Lizardlinkbho.dll?

LizardLink is the new kid on the Adware block. I was about to quote the relevant parts of the LizardBar license, but they have published the license as a huge image 🙂

If you are interested, here it is:

http://wac.edgecastcdn.net/800952/7a8f3a64-075b-46fa-9878-2cfc99ad8130-www/Asset/LocalizedImage/terms

And the anti-virus programs have started to pick it up:

  • Kingsoft Win32.Troj.Generic.a.(kcloud)
  • Malwarebytes PUP.Optional.Lizardlink.A
  • ESET-NOD32 probably a variant of Win32/BrowseFox.A
  • DrWeb Adware.Plugin.100

What is SaveNShare?

SaveNShare is a browser plugin that shows coupons when browsing the web. You can uninstall it from the Windows Control Panel.

Anti-virus scan results, thanks to VirusTotal:

  • Avast Win32:MultiPlug-Y [PUP]
  • Ikarus Win32.SuspectCrc
  • Kingsoft Win32.HeurC.KVM099.a.(kcloud)
  • VIPRE Trojan.Win32.Generic!BT
  • K7AntiVirus Riskware
  • Malwarebytes PUP.Optional.MultiPlug.A
  • Baidu-International Malware.Win32.BHO.40
  • VBA32 BScope.Adware.MegaSearch
  • Comodo ApplicUnwnt
  • Rising AdWare.Win32.MutiPlug.a
  • DrWeb Adware.Plugin.31
  • TrendMicro-HouseCall ADW_MULTIPLUG
  • TrendMicro ADW_MULTIPLUG
  • ESET-NOD32 a variant of Win32/Adware.MultiPlug.I

What is TriggerKMS.exe?

TriggerKMS.exe is some sort of hacking software that allows people to get illegal access to software. If you got TriggerKMS.exe on your machine and you don’t know how it got there, chances are you have unknowingly bought some cracked software.

These are the scan results for TriggerKMS.exe. Obviously it’s bad news to have it running on your computer:

  • Symantec WS.Reputation.1
  • Fortinet W32/SPNR.0BGF13!tr
  • TrendMicro-HouseCall TROJ_SPNR.0BGF13
  • TrendMicro TROJ_SPNR.0BGF13
  • AVG Dropper.Generic8.ATNA
  • McAfee Artemis!467F99DC502F
  • McAfee-GW-Edition Artemis!467F99DC502F