Henbang Trojan

Virus description: Henbang
Category:Trojan,Adware
Another names:

[Kaspersky]Adware.Win32.Henbang.r,AdWare.Win32.Hengbang.s,AdWare.Win32.Henbang.q,AdWare.Win32.Henbang.p,AdWare.Win32.Henbang.t;
[McAfee]Adware-Henbang;
[Other]Adware.Henbang

Henbang Detection :

Files:
[%DESKTOP%]\henbang secretary.lnk
[%PROFILE%]\start menu\henbang secretary.lnk
[%PROFILE_TEMP%]\hdp\adoc.txt
[%PROGRAMS%]\henbang secretary\henbang secretary.lnk
[%PROGRAMS%]\henbang secretary\readme.lnk
[%SYSTEM%]\drivers\khdap.sys
[%SYSTEM%]\drivers\madbp.sys
[%SYSTEM%]\drivers\pupw.sys
[%SYSTEM%]\drivers\ustqilnr.sys
[%SYSTEM%]\hap.dll
[%SYSTEM%]\hbcf.ini
[%SYSTEM%]\hber.ini
[%SYSTEM%]\hbhap.dll
[%SYSTEM%]\hbhsy.ini
[%SYSTEM%]\hbu.ini
[%SYSTEM%]\hda.ini
[%SYSTEM%]\hdp.ini
[%SYSTEM%]\hdpconfig.ini
[%SYSTEM%]\hsy.ini
[%SYSTEM%]\popcounts.ini
[%SYSTEM%]\unregister.ini
[%SYSTEM%]\webad.dll
[%SYSTEM%]\winhtp.dll
[%WINDOWS%]\hb24065.log
[%WINDOWS%]\hbsetup.log
[%WINDOWS%]\hburl.ini
[%WINDOWS%]\henbang.INI
[%WINDOWS%]\hunt.dll
[%DESKTOP%]\henbang secretary.lnk
[%PROFILE%]\start menu\henbang secretary.lnk
[%PROFILE_TEMP%]\hdp\adoc.txt
[%PROGRAMS%]\henbang secretary\henbang secretary.lnk
[%PROGRAMS%]\henbang secretary\readme.lnk
[%SYSTEM%]\drivers\khdap.sys
[%SYSTEM%]\drivers\madbp.sys
[%SYSTEM%]\drivers\pupw.sys
[%SYSTEM%]\drivers\ustqilnr.sys
[%SYSTEM%]\hap.dll
[%SYSTEM%]\hbcf.ini
[%SYSTEM%]\hber.ini
[%SYSTEM%]\hbhap.dll
[%SYSTEM%]\hbhsy.ini
[%SYSTEM%]\hbu.ini
[%SYSTEM%]\hda.ini
[%SYSTEM%]\hdp.ini
[%SYSTEM%]\hdpconfig.ini
[%SYSTEM%]\hsy.ini
[%SYSTEM%]\popcounts.ini
[%SYSTEM%]\unregister.ini
[%SYSTEM%]\webad.dll
[%SYSTEM%]\winhtp.dll
[%WINDOWS%]\hb24065.log
[%WINDOWS%]\hbsetup.log
[%WINDOWS%]\hburl.ini
[%WINDOWS%]\henbang.INI
[%WINDOWS%]\hunt.dll

Folders:
[%COMMON_PROGRAMS%]\ºÜ°ôÈí¼þ
[%PROGRAMS%]\ºÜ°ôÈí¼þ
[%PROGRAM_FILES%]\HBClient
[%PROGRAM_FILES%]\Henbang Applications

Registry Keys:
HKEY_CLASSES_ROOT\browserassistant.browserhap
HKEY_CLASSES_ROOT\browserassistant.browserhap.1
HKEY_CLASSES_ROOT\clsid\{038318e8-0c2d-4df5-a7af-b4fb373f501e}
HKEY_CLASSES_ROOT\clsid\{2d6f6bff-1796-4779-9ba3-5f20f17e5cea}
HKEY_CLASSES_ROOT\clsid\{3ed9ffda-79db-4b2d-99b7-16ea3c4a3a92}
HKEY_CLASSES_ROOT\clsid\{616d4040-5712-4f0f-bcf1-5c6420a99e14}
HKEY_CLASSES_ROOT\clsid\{ae22afe5-1ef4-4d25-9e23-d2825fb17da1}
HKEY_CLASSES_ROOT\clsid\{aef6f648-78d8-4456-bee7-5ade23d209fd}
HKEY_CLASSES_ROOT\downloadstart.downloadvalue
HKEY_CLASSES_ROOT\downloadstart.downloadvalue.1
HKEY_CLASSES_ROOT\hbhelper.hbactivex
HKEY_CLASSES_ROOT\hbhelper.hbactivex.1
HKEY_CLASSES_ROOT\hbhelper.hbobject
HKEY_CLASSES_ROOT\hbhelper.hbobject.1
HKEY_CLASSES_ROOT\interface\{03cdc6b3-5bc5-4cf4-a0f8-78f7d2a68039}
HKEY_CLASSES_ROOT\interface\{1363f829-37f1-4763-9fba-e8bb564d95ee}
HKEY_CLASSES_ROOT\interface\{71246576-0183-4c11-af74-d377ec2209c4}
HKEY_CLASSES_ROOT\interface\{cf1c62e9-ac73-4647-a99c-d2213ffda728}
HKEY_CLASSES_ROOT\interface\{ef991b92-4308-454c-94bb-e0322a511bab}
HKEY_CLASSES_ROOT\monitor.urlmonitor
HKEY_CLASSES_ROOT\monitor.urlmonitor.1
HKEY_CLASSES_ROOT\typelib\{01fbe0ba-8fdf-4360-8af3-a931ff140cd2}
HKEY_CLASSES_ROOT\typelib\{25e5e3d6-0c5c-44bd-a4be-7a1c1285d1bb}
HKEY_CLASSES_ROOT\typelib\{315a06d6-fca7-45ea-b77d-ee7b90041224}
HKEY_CLASSES_ROOT\typelib\{ae9c1b10-c380-4363-8620-7c6311169baa}
HKEY_CLASSES_ROOT\typelib\{b58a1efb-3dee-4493-93b9-4de3f99c8aee}
HKEY_CLASSES_ROOT\xpwindow.xwindow
HKEY_CLASSES_ROOT\xpwindow.xwindow.1
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\ext\stats\{3ed9ffda-79db-4b2d-99b7-16ea3c4a3a92}
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\ext\stats\{616d4040-5712-4f0f-bcf1-5c6420a99e14}
HKEY_CURRENT_USER\software\microsoft\windows\shellnoroam\muicache\[%PROGRAM_FILES%]\hbclient
HKEY_CURRENT_USER\software\microsoft\windows\shellnoroam\muicache\[%PROGRAM_FILES%]\henban~1\hdp
HKEY_LOCAL_MACHINE\software\hap
HKEY_LOCAL_MACHINE\software\hdp
HKEY_LOCAL_MACHINE\software\henbang applications
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{3ed9ffda-79db-4b2d-99b7-16ea3c4a3a92}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{616d4040-5712-4f0f-bcf1-5c6420a99e14}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{ae22afe5-1ef4-4d25-9e23-d2825fb17da1}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{aef6f648-78d8-4456-bee7-5ade23d209fd}
HKEY_LOCAL_MACHINE\software\wise solutions\wise installation system\repair\[%PROGRAM_FILES%]\henbang applications\hdp\hbhdp.log\icons

Registry Values:
HKEY_CLASSES_ROOT\appid\{038318e8-0c2d-4df5-a7af-b4fb373f501e}
HKEY_CLASSES_ROOT\interface\{ee7ea3ac-3a3b-4170-abed-56e5efbfcfac}\typelib
HKEY_CURRENT_USER\software\winrar sfx
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run, helperdll=rundll32 [%SYSTEM%]\drivers\pupw.sys
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\hap
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\hap
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\hap
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\hap
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\hapHKEY_CLASSES_ROOT
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\hbhelper
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\hbhelper
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\hbhelper
HKEY_LOCAL_MACHINE\software\richmedia

Removing Henbang:

you can run trial version of ExterminateIt, or remove Henbang manually..


ExterminateIt effectively and automatically removes Trojan Horses, Rootkits, Backdoors, spyware, botnets, keystroke loggers, dialers and other malicious software(malware) from you computer.

Download ExterminateIt! to instantly get rid of Henbang!


Also Be Aware of the Following Threats:
Removing Files.Secure Ransomware
Integr Trojan Cleaner
Removing Pointex.Server Backdoor
Removing Zlob.Fam.XPasswordManager Trojan