ibsvc.exe has 82 known versions, the most recent one is 15.9.28.27. It is started as a Windows Service called 'Updater Service' with the name 'IBUpdaterService'. In addition, it is run under the context of the SYSTEM account with extensive privileges (the administrator accounts have the same privileges). This is executed as a shared service (which simply means that this service can share a process with other Win32 services). The average file size is about 608.45 KB. It is an authenticode code-signed executable issued to Performersoft LLC by the certification authority GoDaddy.com. Some variations of the file have been seen to be installed with the program Updater Service from PerformerSoft LLC. During the process's lifecycle, the typical CPU resource utilization is about 0.0061% including both foreground and background operations, the average private memory consumption is about 6.33 MB with the maximum memory reaching around 6.99 MB. Addionally, typically read and write I/O disk operations is about 18 Bytes per minute for reads and 0 Bytes per minute for writes.
InstallBrain Updater Service is part of InstallBrain, a software bundler prorgam. The InstallBrain Updater Service will run in the background looking for possible updates to the various programs it has installed and if an update is found will automatically download and update those programs.
(Note, the behaviors below are for all versions of ibsvc.exe, select a unique version for details.)
Runs under 'SYSTEM\CurrentControlSet\Services' as a shared service by the Service Host (svchost.exe)
Based on 40+ industry antivirus scanners, 53 of them detected the following malware.
| Antivirus engine | Engine version | Detection | File version |
| Avira AntiVir |
7.11.105.64 |
Adware/InstallBrain.CE |
15.9.28.27 |
| avast! |
6.0.1289.0 |
Win32:InstallBrain-T [PUP] |
14.12.8.9 |
| avast! |
6.0.1289.0 |
Win32:InstallBrain-T [PUP] |
14.12.8.9 |
| avast! |
6.0.1289.0 |
Win32:InstallBrain-H [PUP] |
14.12.8.9 |
| avast! |
6.0.1289.0 |
Win32:InstallBrain-R [PUP] |
14.12.8.9 |
| Baidu Antivirus |
3.5.1.41473 |
Adware.Win32.Agent.45 |
15.9.28.27 |
| Commtouch |
5.4.1.7 |
W32/IBrain.C.gen!Eldorado |
14.12.8.9 |
| Comodo Internet Security |
17026 |
Application.Win32.InstallBrain.AF |
15.9.28.27 |
| Dr.Web |
7.0.4.09250 |
Adware.Downware.623 |
14.12.8.9 |
| Dr.Web |
7.0.4.09250 |
Adware.Downware.681 |
14.12.8.9 |
| Dr.Web |
7.0.4.09250 |
Adware.Downware.542 |
14.12.8.9 |
| Dr.Web |
8.13.8.10 |
Adware.Downware.710 |
14.12.8.9 |
| Dr.Web |
8.13.9.30 |
Adware.Downware.1295 |
15.9.28.27 |
| ESET NOD32 |
7.7593 |
a variant of Win32/InstallBrain.L |
14.12.8.9 |
| ESET NOD32 |
7.7738 |
a variant of Win32/InstallBrain.N |
14.12.8.9 |
| ESET NOD32 |
7.7930 |
a variant of Win32/InstallBrain.P |
14.12.8.9 |
| ESET NOD32 |
7.7991 |
a variant of Win32/InstallBrain.N |
14.12.8.9 |
| ESET NOD32 |
7.7463 |
a variant of Win32/InstallBrain.G |
14.12.8.9 |
| ESET NOD32 |
7.7718 |
a variant of Win32/InstallBrain.L |
14.12.8.9 |
| ESET NOD32 |
7.8297 |
a variant of Win32/InstallBrain.S |
14.12.8.9 |
| ESET NOD32 |
7.8859 |
a variant of Win32/InstallBrain.AC |
15.9.28.27 |
| Fortinet |
5.0.26.0 |
Adware/InstallBrain.OP |
14.12.8.9 |
| Fortinet |
5.0.43.0 |
Adware/InstallBrain.OP |
14.12.8.9 |
| F-Prot |
v6.4.7.1.166 |
W32/IBrain.C.gen!Eldorado |
14.12.8.9 |
| G Data |
13.9.22 |
Win32.Application.InstallBrain.B |
15.9.28.27 |
| K7 AntiVirus |
9.166.8625 |
Riskware |
14.12.8.9 |
| K7 AntiVirus |
9.172.9720 |
Riskware |
15.9.28.27 |
| K7GW |
12.7.0.14 |
Riskware |
15.9.28.27 |
| Malwarebytes |
1.62.0.140 |
PUP.BundleInstaller.IB |
14.12.8.9 |
| Malwarebytes |
1.62.0.140 |
PUP.BundleInstaller.IB |
14.12.8.9 |
| Malwarebytes |
1.75.0.1 |
PUP.BundleInstaller.IB |
14.12.8.9 |
| Malwarebytes |
1.75.0.1 |
Adware.InstallBrain |
15.9.28.27 |
| McAfee |
5.600.1067 |
Artemis!02D9E857ABE0 |
15.9.28.27 |
| McAfee Gateway Anti-Malware |
v2013-dat |
Artemis!02D9E857ABE0 |
15.9.28.27 |
| NANO AntiVirus |
0.22.8.50037 |
Trojan.Win32.Downware2.bcidsn |
14.12.8.9 |
| Norman |
6.08.06 |
W32/InstallBrain.FSDU |
14.12.8.9 |
| Norman |
6.08.06 |
InstallBrain.FBDR |
14.12.8.9 |
| PC Tools |
9.0.0.2 |
Trojan.ADH |
14.12.8.9 |
| Sophos |
4.83.0 |
InstallBrain |
14.12.8.9 |
| Sophos |
4.83.0 |
InstallBrain |
14.12.8.9 |
| Sophos |
4.93.0 |
InstallBrain |
15.9.28.27 |
| SUPERAntiSpyware |
5.6.0.1008 |
Trojan.Agent/Gen-InstallBrain |
14.12.8.9 |
| SUPERAntiSpyware |
5.6.0.1032 |
Trojan.Agent/Gen-Downware |
15.9.28.27 |
| Symantec |
20121.3.0.76 |
Trojan.ADH.2 |
14.12.8.9 |
| Trend Micro HouseCall |
9.700.0.1001 |
TROJ_GEN.RCBH1AL |
14.12.8.9 |
| Trend Micro HouseCall |
9.700.0.1001 |
TROJ_GEN.F47V1109 |
14.12.8.9 |
| Trend Micro HouseCall |
9.700.0.1001 |
HV_ZYX_BL132BC2.TOMC |
14.12.8.9 |
| Trend Micro HouseCall |
9.700.0.1001 |
TROJ_GEN.F47V0426 |
15.9.28.27 |
| VIPRE Antivirus |
14190 |
Trojan.Win32.Generic!SB.0 |
14.12.8.9 |
| VIPRE Antivirus |
15202 |
Trojan.Win32.Generic!BT |
14.12.8.9 |
| VIPRE Antivirus |
15476 |
Trojan.Win32.Generic!BT |
14.12.8.9 |
| VIPRE Antivirus |
17456 |
InstallBrain (fs) |
14.12.8.9 |
| VIPRE Antivirus |
21968 |
InstallBrain (fs) |
15.9.28.27 |
United States installs about 33.33% of Installer.
