IPSSVC.EXE

Maintenance Manager

Lenovo (Japan) Ltd.

The executable IPSSVC.EXE has been detected as malware by 30 anti-virus scanners. It runs as a windows Service named “IPS Core Service”. Accoriding to the detections, it is a variant of Zbot (Zeus), a trojan that attempts to steal confidential information (online credentials, and banking details) from a compromised computer and send it to online criminals via a command-and-control server.
Publisher:
Lenovo Group Limited  (signed by Lenovo (Japan) Ltd.)

Product:
Maintenance Manager

Description:
IPS Core Service

Version:
3, 0, 3, 0

MD5:
7b06cbf098f24071e221a9563e56797c

SHA-1:
7b66aeec08fa566632f37922cf07c1f1680b264b

Scanner detections:
30 / 68

Status:
Malware

Analysis date:
12/27/2024 1:49:38 AM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
Win-Trojan/Patched.DD
2011.09.12

Avira AntiVirus
TR/Spy.ZBot.108080
7.11.14.189

avast!
Win32:Patched-WQ [Trj]
2014.9-170221

AVG
Win32/Katusha.A
2018.0.2460

Bitdefender
Trojan.Generic.6135727
1.0.20.260

Clam AntiVirus
Trojan.Patched-167
0.98/18011

Comodo Security
TrojWare.Win32.Patched.HN
10098

Dr.Web
Trojan.Starter.1695
9.0.1.052

Emsisoft Anti-Malware
Trojan-Spy.Win32.Zbot!IK
8.17.02.21.09

ESET NOD32
Win32/Patched.HN
11.6460

Fortinet FortiGate
W32/Zbot.W!tr
2/21/2017

F-Prot
W32/Patched.G
v6.4.6.2.117

F-Secure
Trojan.Generic.6135727
11.2017-21-02_3

G Data
Trojan.Generic.6135727
17.2.22

IKARUS anti.virus
Trojan-Spy.Win32.Zbot
t3scan.1.1.107.0

K7 AntiVirus
Trojan
13.112.5128

Kaspersky
Trojan.Win32.Patched
14.0.0.-1204

McAfee
W32/Katusha
5600.6116

Microsoft Security Essentials
Virus:Win32/Patchload.O
1.163.1557.0

Norman
W32/Patched.BH
11.20170221

nProtect
Trojan/W32.Agent.108080
11.09.13.01

Panda Antivirus
W32/Katusha.BN
17.02.21.09

Quick Heal
W32.Patchload.O
2.17.11.00

Rising Antivirus
Win32.Loader.li
23.00.65.17219

Sophos
W32/Patched-AK
4.69

Trend Micro House Call
PTCH_KATUSHA.W
7.2.52

Trend Micro
PTCH_KATUSHA.W
10.465.21

Vba32 AntiVirus
Trojan-Spy.Zbot.gen
3.12.16.4

VIPRE Antivirus
Virus.Win32.Agent.mpq
10464

ViRobot
Win32.Patched.BE
2011.9.10.4666

File size:
105.5 KB (108,080 bytes)

Copyright:
Copyright (C) Lenovo 2005, 2007

Original file name:
IPSSVC.EXE

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Windows\System32\ipssvc.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
11/7/2006 1:00:00 AM

Valid to:
11/8/2007 12:59:59 AM

Subject:
CN=Lenovo (Japan) Ltd., OU=Research & Development 1, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Lenovo (Japan) Ltd., L=Yamato-shi, S=Kanagawa, C=JP

Issuer:
CN=VeriSign Class 3 Code Signing 2004 CA, OU=Terms of use at https://www.verisign.com/rpa (c)04, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
4D3F41B8F9DD4F74BEF0B262A06C34DB

File PE Metadata
Compilation timestamp:
1/30/2007 7:14:43 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
8.0

Entry address:
0x1A4CC

Entry point:
68, 0A, 58, 40, 00, E9, 34, 06, 00, 00, E8, 0F, 00, 00, 00, 43, 72, 65, 61, 74, 65, 50, 72, 6F, 63, 65, 73, 73, 57, 00, 58, C3, 90, E8, 18, 00, 00, 00, 5C, 00, 73, 00, 79, 00, 73, 00, 74, 00, 65, 00, 6D, 00, 72, 00, 6F, 00, 6F, 00, 74, 00, 00, 00, 58, C3, 90, E8, 1E, 00, 00, 00, 5C, 00, 5C, 00, 2E, 00, 5C, 00, 67, 00, 6C, 00, 6F, 00, 62, 00, 61, 00, 6C, 00, 72, 00, 6F, 00, 6F, 00, 74, 00, 00, 00, 58, C3, 90, E8, 12, 00, 00, 00, 6B, 00, 65, 00, 72, 00, 6E, 00, 65, 00, 6C, 00, 33, 00, 32, 00, 00, 00, 58, C3...
 
[+]

Code size:
68 KB (69,632 bytes)

Service
Display name:
IPS Core Service

Service name:
IPSSVC

Type:
Win32OwnProcess, InteractiveProcess

Group:
Extended Base

Depends on:
RPCSS PROCDD


Remove IPSSVC.EXE - Powered by Reason Core Security