PUP.InstallBrain

Posted: January 11, 2013

Threat Metric

The Threat Meter is a malware assessment that SpywareRemove.com's research team is able to give every identifiable malware threat. Our Threat Meter includes several criteria based off of specific malware threats to value their severity, reach and volume. The Threat Meter is able to give you a numerical breakdown of each threat's initial Threat Level, Detection Count, Volume Count, Trend Path and Percentage Impact. The overall ranking of each threat in the Threat Meter is a basic breakdown of how all threats are ranked within our own extensive malware database. The scoring for each specific malware threat can be easily compared to other emerging threats to draw a contrast in its particular severity. The Threat Meter is a useful tool in the endeavor of seeking a solution to remove a threat or pursue additional analytical research for all types of computer users.

The following fields listed on the Threat Meter containing a specific value, are explained in detail below:

Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.

Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.

Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.

Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.

% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.

Ranking:	6,866
Threat Level:	1/10
Infected PCs:	35,502

First Seen:	January 11, 2013
Last Seen:	March 6, 2025
OS(es) Affected:	Windows

InstallBrain is associated with Potentially Unwanted Programs. The wide variability and likelihood of poor safety standards in InstallBrain's promoted software cause malware researchers to advise deleting InstallBrain and other products associated with InstallBrain, as a default response. Impartial removal of InstallBrain may be responsible for other issues, such as failure to load Windows during the system boot process. For avoiding these side effects, you should use anti-malware products in lieu of the uninstall methods recommended for 'safe' software.

The Brain Directing Other Threats into Your Browser

InstallBrain (or the InstallBrain Updater Service) is a free software-promotional platform that installs other PUPs and displays additional download links through browser pop-up windows. InstallBrain has shown significant variations in which software InstallBrain distributes, but specializes in video codecs, software updates, system performance optimizers, movie players and miscellaneous file utility products.

InstallBrain also has been connected to browser-based tactics that try to compromise your PC with your misinformed consent. Attacks like the 'Please Install Codec Performer Update' Fake Pop-Up Alert or the 'Please Install the Latest Video Converter' Pop-Up may include labels of being delivered by InstallBrain. However, they may provide fraudulent information about the versions of software on your PC. These pop-ups may load at random intervals.

Previous versions of InstallBrain payloads have included members of the Sefnit family (a group of Bitcoin miners) and Adware.BrowserProtect (a browser hijacker). Both of these PC threats have personalized file downloading capabilities, and malware experts classify the former as threats, rather than a PUP like InstallBrain.

Being Brainier about Your Browsing than InstallBrain

Even with its numerous and flexible software-promoting campaigns, InstallBrain primarily endangers PC users who are careless about their file downloading habits. Always verifying the safe source of a software update can protect you from 'consensual' InstallBrain downloads, but, even if you ignore its pop-up links, InstallBrain remains a probable danger to your PC. Removing InstallBrain, while it should be possible for any good anti-adware or anti-malware product, also should involve a full scan of your PC. Lesser deletion methods may remove InstallBrain improperly, or fail to remove threats that were installed by InstallBrain.

InstallBrain, sometimes referred to as W32/Brantall, may not be a threat, but shows most of the characteristics of a program that promotes untrustworthy and typically threatening PUPs. Like many PUPs that aren't browser add-ons, InstallBrain should be assumed to be active, by default, until you take steps that could disable InstallBrain. A professional removal of InstallBrain also should remove the Registry changes that are responsible for launching InstallBrain when your OS starts.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:

%PROGRAMFILES%\InstallBrainService\InstallBrainService.exe

File name: InstallBrainService.exe
Size: 475.47 KB (475472 bytes)
MD5: 91333c04d588dee3addafd2f1b9c7095
Detection count: 593
File type: Executable File
Mime Type: unknown/exe
Path: %PROGRAMFILES%\InstallBrainService
Group: Malware file
Last Updated: January 14, 2017

1944df25b6fd7c5fa9e42ff8bef38cd2

File name: 1944df25b6fd7c5fa9e42ff8bef38cd2
Size: 388.37 KB (388376 bytes)
MD5: 1944df25b6fd7c5fa9e42ff8bef38cd2
Detection count: 2
Group: Malware file
Last Updated: January 15, 2013

77371b9678258eff4dc7b9fb269799e9

File name: 77371b9678258eff4dc7b9fb269799e9
Size: 554.4 KB (554400 bytes)
MD5: 77371b9678258eff4dc7b9fb269799e9
Detection count: 0
Group: Malware file
Last Updated: January 15, 2013

More files

Additional Information

The following directories were created:

%ALLUSERSPROFILE%\Application Data\InstallBrainService%ALLUSERSPROFILE%\InstallBrainService%PROGRAMFILES%\InstallBrainService%PROGRAMFILES(x86)%\InstallBrainService