Tuesday, February 3, 2009

Grokster Adware

Click here to remove Grokster malware
Grokster description:
Grokster Category:Adware,Worm,Hijacker,Toolbar
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.

Worms can be classified according to the propagation method they use,
i.e. how they deliver copies of themselves to new victim machines.
Worms can also be classified by installation method, launch method and finally according
to characteristics standard to all malware: polymorphism, stealth etc.

Many of the worms which managed to cause significant outbreaks use more then
one propagation method as well as more than one infection technique.
The methods are listed separately below.
When the default home page is hijacked, the browser opens to the web page set by the hijacker
instead of the user's designated home page. In some cases, the hijacker may block users from
restoring their desired home page.
Toolbar presents itself as a helpful add-on for Internet Explorer but it is a real pest.
It replaces your start page, continuosly open a number of pop up windows and so on.

Detection Grokster :

Grokster Files:
[%DESKTOP%]\get $10 free now at zodiac casino.url
[%DESKTOP%]\high rollers club casino.url
[%DESKTOP%]\my grokster files.lnk
[%DESKTOP%]\my grokster.lnk
[%DESKTOP%]\spors interaction casino.url
[%DESKTOP%]\sportsbook.url
[%PROFILE%]\administrator\start menu\programs\grokster\check for grokster updates.lnk
[%PROFILE%]\administrator\start menu\programs\grokster\grokster on the web.lnk
[%PROFILE%]\administrator\start menu\programs\grokster\launch grokster.lnk
[%PROFILE%]\administrator\start menu\programs\grokster\my grokster files.lnk
[%PROFILE%]\administrator\start menu\sportsbook.url
[%PROFILE_TEMP%]\cpr_in.exe
[%PROFILE_TEMP%]\ferretbar.exe
[%PROFILE_TEMP%]\grokstersetup.exe
[%PROFILE_TEMP%]\inst_bpc.exe
[%PROFILE_TEMP%]\searchlocate.exe
[%PROFILE_TEMP%]\supportinstall.exe
[%PROFILE_TEMP%]\sysren.exe
[%PROGRAMS%]\grokster\check for grokster updates.lnk
[%PROGRAMS%]\grokster\grokster on the web.lnk
[%PROGRAMS%]\grokster\launch grokster.lnk
[%PROGRAMS%]\grokster\my grokster files.lnk
[%PROGRAMS%]\grokster\uninstall grokster.lnk
[%STARTUP%]\update grokster.lnk
[%SYSTEM%]\gr03.dll
[%SYSTEM%]\gr0ck03.dll
[%WINDOWS%]\cache371\b_371_0_1_503300.htm
[%WINDOWS%]\cache371\b_371_0_1_523000.htm
[%WINDOWS%]\cache371\b_371_0_1_532400.htm
[%WINDOWS%]\cache371\b_371_0_1_534700.htm
[%WINDOWS%]\cache371\b_371_0_1_537300.htm
[%WINDOWS%]\cache371\b_525100.htm
[%WINDOWS%]\cache371\b_561000.htm
[%WINDOWS%]\cache371\t_b_371_2_1_577800.htm
[%WINDOWS%]\cache371\t_b_371_2_1_755100.htm
[%WINDOWS%]\cache371\t_b_371_2_2_568100.htm
[%WINDOWS%]\cache371\t_b_371_2_2_570100.htm
[%WINDOWS%]\cache371\t_b_371_2_2_572300.htm
[%WINDOWS%]\cache371\t_b_371_2_2_573900.htm
[%WINDOWS%]\cache371\t_b_371_2_2_576000.htm
[%WINDOWS%]\cache371\t_b_371_2_2_703900.htm
[%WINDOWS%]\cache371\t_b_371_2_3_778600.htm
[%WINDOWS%]\cache371\t_b_501000.htm
[%WINDOWS%]\cache371\t_b_525100.htm
[%WINDOWS%]\cache371\t_b_561000.htm
[%WINDOWS%]\cache371\t_b_605600.htm
[%WINDOWS%]\cache371\t_b_605800.htm
[%DESKTOP%]\get $10 free now at zodiac casino.url
[%DESKTOP%]\high rollers club casino.url
[%DESKTOP%]\my grokster files.lnk
[%DESKTOP%]\my grokster.lnk
[%DESKTOP%]\spors interaction casino.url
[%DESKTOP%]\sportsbook.url
[%PROFILE%]\administrator\start menu\programs\grokster\check for grokster updates.lnk
[%PROFILE%]\administrator\start menu\programs\grokster\grokster on the web.lnk
[%PROFILE%]\administrator\start menu\programs\grokster\launch grokster.lnk
[%PROFILE%]\administrator\start menu\programs\grokster\my grokster files.lnk
[%PROFILE%]\administrator\start menu\sportsbook.url
[%PROFILE_TEMP%]\cpr_in.exe
[%PROFILE_TEMP%]\ferretbar.exe
[%PROFILE_TEMP%]\grokstersetup.exe
[%PROFILE_TEMP%]\inst_bpc.exe
[%PROFILE_TEMP%]\searchlocate.exe
[%PROFILE_TEMP%]\supportinstall.exe
[%PROFILE_TEMP%]\sysren.exe
[%PROGRAMS%]\grokster\check for grokster updates.lnk
[%PROGRAMS%]\grokster\grokster on the web.lnk
[%PROGRAMS%]\grokster\launch grokster.lnk
[%PROGRAMS%]\grokster\my grokster files.lnk
[%PROGRAMS%]\grokster\uninstall grokster.lnk
[%STARTUP%]\update grokster.lnk
[%SYSTEM%]\gr03.dll
[%SYSTEM%]\gr0ck03.dll
[%WINDOWS%]\cache371\b_371_0_1_503300.htm
[%WINDOWS%]\cache371\b_371_0_1_523000.htm
[%WINDOWS%]\cache371\b_371_0_1_532400.htm
[%WINDOWS%]\cache371\b_371_0_1_534700.htm
[%WINDOWS%]\cache371\b_371_0_1_537300.htm
[%WINDOWS%]\cache371\b_525100.htm
[%WINDOWS%]\cache371\b_561000.htm
[%WINDOWS%]\cache371\t_b_371_2_1_577800.htm
[%WINDOWS%]\cache371\t_b_371_2_1_755100.htm
[%WINDOWS%]\cache371\t_b_371_2_2_568100.htm
[%WINDOWS%]\cache371\t_b_371_2_2_570100.htm
[%WINDOWS%]\cache371\t_b_371_2_2_572300.htm
[%WINDOWS%]\cache371\t_b_371_2_2_573900.htm
[%WINDOWS%]\cache371\t_b_371_2_2_576000.htm
[%WINDOWS%]\cache371\t_b_371_2_2_703900.htm
[%WINDOWS%]\cache371\t_b_371_2_3_778600.htm
[%WINDOWS%]\cache371\t_b_501000.htm
[%WINDOWS%]\cache371\t_b_525100.htm
[%WINDOWS%]\cache371\t_b_561000.htm
[%WINDOWS%]\cache371\t_b_605600.htm
[%WINDOWS%]\cache371\t_b_605800.htm

Grokster Folders:
[%PROFILE%]\documents\softwrap\groksterfrtrial1
[%PROFILE%]\start menu\programs\grokster
[%PROGRAM_FILES%]\gatinst
[%PROGRAM_FILES%]\grokster
[%PROGRAM_FILES%]\grokstersupport

Grokster Registry Keys:
HKEY_CLASSES_ROOT\bidll.bidllobj.1
HKEY_CLASSES_ROOT\clsid\{952ec978-4920-4f18-8237-91d69b54c580}
HKEY_CLASSES_ROOT\clsid\{d6ca5d91-5ea2-4654-9b75-499267012611}
HKEY_CLASSES_ROOT\interface\{43e7f027-c2d6-41b3-a5de-261e0e42211c}
HKEY_CLASSES_ROOT\interface\{92b1c4ac-39a6-469c-a1e4-bd3ddc6f8425}
HKEY_CLASSES_ROOT\magnet
HKEY_CLASSES_ROOT\signingmodule.signingmodule
HKEY_CLASSES_ROOT\signingmodule.signingmodule.1
HKEY_CLASSES_ROOT\typelib\{5830698f-7fc0-40cd-a453-9a0cafdf3a64}
HKEY_CLASSES_ROOT\typelib\{676f6d1d-c559-42a9-860b-27c1477b7179}
HKEY_CLASSES_ROOT\typelib\{c03ec1bf-654e-4b01-bd4e-0902ad31f8c6}
HKEY_CURRENT_USER\software\grokster
HKEY_LOCAL_MACHINE\software\grokster
HKEY_LOCAL_MACHINE\software\microsoft\mediaplayer\shimexclusionlist\grokster.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\grokster
HKEY_LOCAL_MACHINE\software\wast
HKEY_LOCAL_MACHINE\software\wise solutions\wiseupdate\apps\grokster

Grokster Registry Values:
HKEY_CURRENT_USER\software\appconf
HKEY_CURRENT_USER\software\microsoft\internet explorer\toolbar\webbrowser
HKEY_CURRENT_USER\software\softomate\batoolbar
HKEY_CURRENT_USER\software\softomate\batoolbar
HKEY_CURRENT_USER\software\softomate\batoolbar
HKEY_CURRENT_USER\software\softomate\batoolbar
HKEY_CURRENT_USER\software\softomate\batoolbar
HKEY_CURRENT_USER\software\softomate\batoolbar
HKEY_LOCAL_MACHINE\software\dvx
HKEY_LOCAL_MACHINE\software\dvx
HKEY_LOCAL_MACHINE\software\dvx
HKEY_LOCAL_MACHINE\software\dvx
HKEY_LOCAL_MACHINE\software\dvx
HKEY_LOCAL_MACHINE\software\lnplpp
HKEY_LOCAL_MACHINE\software\lnplpp
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\explorer bars
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\main
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\control panel\cpls
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\products\c8d617f6f8933d11581e000540386890\usage
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\relevantknowledge
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\relevantknowledge
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\toolbarbesttoolbarstoolbar.besttoolbarstoolbarobjectietoolbar
HKEY_LOCAL_MACHINE\software\sys ren
HKEY_LOCAL_MACHINE\software\sys ren
HKEY_LOCAL_MACHINE\software\sys ren
HKEY_LOCAL_MACHINE\software\sys ren
HKEY_LOCAL_MACHINE\software\sys ren
HKEY_LOCAL_MACHINE\software\sys ren
HKEY_LOCAL_MACHINE\software\sys ren
HKEY_LOCAL_MACHINE\software\sys ren
HKEY_LOCAL_MACHINE\software\wise solutions\wiseupdate\apppaths

Removing Grokster:

you can run trial version of ExterminateIt, or remove Grokster manually.

To completely manually remove Grokster malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Grokster.

Read also:
ShellDoor Trojan Symptoms
Canadian Trojan Information
Removing Ultimate Cleaner Ransomware
Removing Nuvens.JU+B49168 Trojan
FastTracker Spyware Symptoms

Posted by ylekybuhulaf at 2:57 AM

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)