Home Malware Programs Browser Hijackers 46.161.41.220

46.161.41.220

Posted: May 4, 2015

Threat Metric

Ranking: 14,525
Threat Level: 2/10
Infected PCs: 11,535
First Seen: July 24, 2009
Last Seen: September 15, 2023
OS(es) Affected: Windows

46.161.41.220 is an IP address that may be associated with remote attacks against infected PCs. These attacks could transfer gathered information out of your computer, install new threats or allow third parties to control the system. If you are receiving multiple alerts regarding contact with 46.161.41.220, malware researchers advise assuming that your PC is compromised. Appropriate anti-malware solutions should be implemented as soon as possible to prevent any contact with 46.161.41.220 from allowing further damage to occur.

The Address Your Browser Keeps Revisiting

IP addresses are universal labels for Internet-capable devices and are no more inherently harmful than brand names or website URLs. Nonetheless, malware researchers sometimes find specific addresses being repeatedly used for illicit activities, including, in particular, threat-related network communications. 46.161.41.220 is one IP address to be reused routinely for such purposes, with most confirmed incidents taking place in mid-2014.

PC users with unprotected systems are not necessarily able to see any symptoms of a successful attack communicating through 46.161.41.220. However, for PC users with appropriate network security, symptoms can be identified as pop-up alerts warning of unauthorized contact with compromised websites. Other issues that may arise from 46.161.41.220-based attacks include:

  • Your PC may have reduced performance, including system slowdowns, unexplained spikes in resource usage or arbitrary crashes.
  • You may identify new, randomly named files maintained in memory (viewable through Task Manager and similar memory monitoring utilities).
  • An installed Web browser, such as Internet Explorer, may be maintaining itself continuously in memory, even if there aren't visible browser windows.

These symptoms are typical, but not necessarily mandatory side effects of the installation of threats with backdoor-based features. Malware researchers have seen them used to install threatening software, reconfigure your system settings and transfer collected passwords (and other information) from an infected PC to a remote server. Currently, 46.161.41.220 is strongly linked to 'zombie' botnets, which specialize in controlling infected PCs en masse for harmful acts that may range from mining Bitcoins to launching DDoS attacks.

Wiping 46.161.41.220 out of Your Address Book

Although most 46.161.41.220 incidents are a year old, malware researchers continue to see 46.161.41.220 being exploited for illicit activities even into 2015. Domains that associate themselves with 46.161.41.220, such as sheepdog-shop.com, should be avoided as direct threats to your PC. Even accidental contact with 46.161.41.220 or a site related to 46.161.41.220 may force your browser to load scripts that could launch attacks or cause other forms of damage.

Normally, avoiding sites known for having relationships with 46.161.41.220 should be sufficient to protect a canny Web surfer. However, the 46.161.41.220 campaigns also show the necessity of having passive network security. PC users who expose their PCs to threats, and allow it to initiate network traffic with 46.161.41.220, are unlikely to see any symptoms, without security products to detect and block 46.161.41.220's websites.

Aliases

Trojan Horse [Symantec]Medium Risk Malware [Prevx1]Ad-Spyware.VirtualNetwork.D.67 [McAfee-GW-Edition]potentially unwanted program Generic PUP [McAfee]Win32/AMalum.ABXV [eTrust-Vet]TrojWare.Win32.ConnectionServices.aa [Comodo]W32/FakeAlert.AL.gen!Eldorado [Authentium]ADSPY/VirtualNetwork.D.67 [AntiVir]Win-Trojan/Connectionservices.185856 [AhnLab-V3]BitAccelerator [Sophos]Suspicious File [eSafe]Win32:Connection-G [Avast]ADSPY/VirtualNetwork.D.15 [AntiVir]Malicious Software [Prevx1]Generic Malware [Panda]
More aliases (38)

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:



D:\Program Files (x86)\BitAccelerator\BitAccelerator.dll File name: BitAccelerator.dll
Size: 92.16 KB (92160 bytes)
MD5: 428e71739b68ab2a5687ae5a7fa830fc
Detection count: 5,021
File type: Dynamic link library
Mime Type: unknown/dll
Path: D:\Program Files (x86)\BitAccelerator\BitAccelerator.dll
Group: Malware file
Last Updated: August 4, 2021
C:\Program Files\BitAccelerator\BitAccelerator.dll File name: BitAccelerator.dll
Size: 14.33 KB (14336 bytes)
MD5: 8461225012c9239467a108f9297d5bea
Detection count: 4,626
File type: Dynamic link library
Mime Type: unknown/dll
Path: C:\Program Files\BitAccelerator\BitAccelerator.dll
Group: Malware file
Last Updated: February 6, 2023
%PROGRAMFILES%\BitAccelerator\BitAccelerator.dll File name: BitAccelerator.dll
Size: 14.33 KB (14336 bytes)
MD5: bd2705643c170069d43d7d7d9039f905
Detection count: 248
File type: Dynamic link library
Mime Type: unknown/dll
Path: %PROGRAMFILES%\BitAccelerator
Group: Malware file
Last Updated: June 13, 2014
%PROGRAMFILES%\BitAccelerator\BitAccelerator.dll File name: BitAccelerator.dll
Size: 272.38 KB (272384 bytes)
MD5: 08777d9332bac801ed6dc8fca60d298c
Detection count: 86
File type: Dynamic link library
Mime Type: unknown/dll
Path: %PROGRAMFILES%\BitAccelerator
Group: Malware file
Last Updated: June 13, 2014
%PROGRAMFILES%\BitAccelerator\BitAccelerator.dll File name: BitAccelerator.dll
Size: 204.29 KB (204293 bytes)
MD5: 75381ce6b7e79719f01722aadf78d9db
Detection count: 60
File type: Dynamic link library
Mime Type: unknown/dll
Path: %PROGRAMFILES%\BitAccelerator
Group: Malware file
Last Updated: June 13, 2014
%PROGRAMFILES%\BitAccelerator\BitAccelerator.dll File name: BitAccelerator.dll
Size: 92.16 KB (92160 bytes)
MD5: 9827372ff17b025db016fa0e2657864b
Detection count: 42
File type: Dynamic link library
Mime Type: unknown/dll
Path: %PROGRAMFILES%\BitAccelerator
Group: Malware file
Last Updated: June 13, 2014
%PROGRAMFILES%\BitAccelerator\BitAccelerator.dll File name: BitAccelerator.dll
Size: 92.16 KB (92160 bytes)
MD5: bcc68dfab2381259780b7899fa3cb061
Detection count: 21
File type: Dynamic link library
Mime Type: unknown/dll
Path: %PROGRAMFILES%\BitAccelerator
Group: Malware file
Last Updated: December 20, 2019
%PROGRAMFILES%\BitAccelerator\BitAccelerator.dll File name: BitAccelerator.dll
Size: 14.33 KB (14336 bytes)
MD5: 769f927acc15235b9a2fc557f648c5fd
Detection count: 21
File type: Dynamic link library
Mime Type: unknown/dll
Path: %PROGRAMFILES%\BitAccelerator
Group: Malware file
Last Updated: June 13, 2014
VirtualNetwork.dll File name: VirtualNetwork.dll
Size: 185.85 KB (185856 bytes)
MD5: 73df8137c08b550dfdb1b098d3169c6f
Detection count: 20
File type: Dynamic link library
Mime Type: unknown/dll
Group: Malware file
Last Updated: December 11, 2009
%TEMP%\489e3534eafa66627902508a2183b65f\BitAcceleratorDDLRinstaller.exe File name: BitAcceleratorDDLRinstaller.exe
Size: 349.26 KB (349262 bytes)
MD5: 0aeee84477946732ce6166e9f70bc132
Detection count: 12
File type: Executable File
Mime Type: unknown/exe
Path: %TEMP%\489e3534eafa66627902508a2183b65f
Group: Malware file
Last Updated: August 8, 2020
%PROGRAMFILES%\BitAccelerator\BitAccelerator.dll File name: BitAccelerator.dll
Size: 194.97 KB (194979 bytes)
MD5: 0ce91816162744dd32a58ecdef392826
Detection count: 9
File type: Dynamic link library
Mime Type: unknown/dll
Path: %PROGRAMFILES%\BitAccelerator
Group: Malware file
Last Updated: June 13, 2014
%USERPROFILE%\Downloads\BitAcceleratorv02.exe File name: BitAcceleratorv02.exe
Size: 104.75 KB (104750 bytes)
MD5: 1f0e11ba1b18e64179aaff2b8647bb8e
Detection count: 5
File type: Executable File
Mime Type: unknown/exe
Path: %USERPROFILE%\Downloads
Group: Malware file
Last Updated: June 13, 2014

Registry Modifications

The following newly produced Registry Values are:

CLSID{334C6DE3-3FE2-4ED4-9D51-538C3A55E706}{3AC7D000-0444-4011-A43C-D7796E97E0D1}{CAC42510-9B41-42c1-9DCD-7282A2D07C61}HKEY..\..\..\..{RegistryKeys}SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{CAC42510-9B41-42c1-9DCD-7282A2D07C61}SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{CAC42510-9B41-42c1-9DCD-7282A2D07C61}

Additional Information

The following directories were created:
%PROGRAMFILES%\BitAccelerator%PROGRAMFILES(x86)%\BitAccelerator
Loading...