Risk

RiskWare.IESettingsChanger information

Malware Removal

The RiskWare.IESettingsChanger is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What RiskWare.IESettingsChanger virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • A file was accessed within the Public folder.
  • Sample contains Overlay data
  • Presents an Authenticode digital signature
  • Uses Windows utilities for basic functionality
  • Authenticode signature is invalid
  • Attempts to modify browser security settings
  • Touches a file containing cookies, possibly for information gathering
  • Clears web history
  • Yara detections observed in process dumps, payloads or dropped files

How to determine RiskWare.IESettingsChanger?


File Info:

name: 9BA88AB824D5E66C45BD.mlw
path: /opt/CAPEv2/storage/binaries/55bd3abf185a2408a64fd507696cbacd8fde88c27ff56f2127d810f6d09f9c78
crc32: D079EE7B
md5: 9ba88ab824d5e66c45bd5f1f5e42ae4d
sha1: f2ddfb6668ea02c1802ba006f1f0a154996bd22c
sha256: 55bd3abf185a2408a64fd507696cbacd8fde88c27ff56f2127d810f6d09f9c78
sha512: 5d11d44eea0117a11687089662fa5b7b21790b67bbd5c218c9166ca3ec4b6200b18cd03951828cde4d11b3312277574736d9754f9196bab9e592dba0fb0ea2d2
ssdeep: 3072:DqYrVCwZOyzLDdzZ6TuZZ6Tug9GtFM3e0/dqnqfV0tMsovCDg5ArzD:uY3zz6I6T96M3eedqnqfV0usovhmrH
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T13A443A23BA942015F12349B0DCF682A7597ABC361990DD4B73C0BF0E7975683A5B1B2F
sha3_384: 8a9d12d7a5815690b0b0ad9a6226c4e87d068b0f399d9a18e23fc6d2fbef2d7fc108c5fda41de8dd91453f1c7064a55c
ep_bytes: 68a0324000e8f0ffffff000048000000
timestamp: 2023-10-26 10:25:42

Version Info:

Translation: 0x0409 0x04b0
Comments: Update Internet Explorer Settings to work smoothly with CompuOffice Online
CompanyName: PSPL
LegalCopyright: © Professional Softec Pvt. Ltd.
ProductName: IESettings
FileVersion: 1.00.0339
ProductVersion: 1.00.0339
InternalName: IESettings
OriginalFilename: IESettings.exe

RiskWare.IESettingsChanger also known as:

BkavW32.Common.E96057BC
DrWebTrojan.MulDrop24.19942
MicroWorld-eScanApplication.HackTool.BCC
MalwarebytesRiskWare.IESettingsChanger
ZillyaTrojan.IESettingsAGen.Win32.1
K7AntiVirusUnwanted-Program ( 005ae5211 )
K7GWUnwanted-Program ( 005ae5211 )
ESET-NOD32a variant of Win32/IESettings_AGen.D potentially unsafe
BitDefenderApplication.HackTool.BCC
NANO-AntivirusTrojan.Win32.IESettingsAGen.kecpdh
EmsisoftApplication.HackTool.BCC (B)
SophosGeneric Reputation PUA (PUA)
GDataApplication.HackTool.BCC
WebrootW32.Trojan.Gen
Antiy-AVLRiskWare/Win32.IESettings
MAXmalware (ai score=79)
VBA32BScope.Trojan.VBKrypt
Cylanceunsafe
RisingPUF.IESettings!8.16A74 (TFE:4:SU0c4QzJ5yH)
YandexRiskware.Agent!DsTcAVWhU9g
MaxSecureTrojan.Malware.220645816.susgen
FortinetRiskware/IESettings_AGen
DeepInstinctMALICIOUS

How to remove RiskWare.IESettingsChanger?

RiskWare.IESettingsChanger removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment