Monday, November 24, 2008

AdRotator Adware

Removing AdRotator
Categories: Adware
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits
AdRotator Also known as:

[Kaspersky]AdWare.Win32.TrafficSol.g,AdWare.Win32.TrafficSol.f;
[McAfee]Adware-BitLocker;
[Other]Adware.Win32/AdRotator,Adware.Win32.AdRotator,Adware.Begin2search
Visible Symptoms:
Files in system folders:
[%PROFILE_TEMP%]\sa4
[%SYSTEM%]\adrot-uninst.exe
[%SYSTEM%]\adrotate.dll
[%SYSTEM%]\adrotate.dll_tobedeleted
[%SYSTEM%]\adrotate1.dll
[%SYSTEM%]\adspipe.dll
[%SYSTEM%]\adssite-remove.exe
[%SYSTEM%]\gzmrot-uninst.exe
[%SYSTEM%]\gzmrotate.dll
[%SYSTEM%]\nsz2E5.dll
[%WINDOWS%]\vs.bin
[%PROFILE_TEMP%]\sa4
[%SYSTEM%]\adrot-uninst.exe
[%SYSTEM%]\adrotate.dll
[%SYSTEM%]\adrotate.dll_tobedeleted
[%SYSTEM%]\adrotate1.dll
[%SYSTEM%]\adspipe.dll
[%SYSTEM%]\adssite-remove.exe
[%SYSTEM%]\gzmrot-uninst.exe
[%SYSTEM%]\gzmrotate.dll
[%SYSTEM%]\nsz2E5.dll
[%WINDOWS%]\vs.bin

How to detect AdRotator:

Files:
[%PROFILE_TEMP%]\sa4
[%SYSTEM%]\adrot-uninst.exe
[%SYSTEM%]\adrotate.dll
[%SYSTEM%]\adrotate.dll_tobedeleted
[%SYSTEM%]\adrotate1.dll
[%SYSTEM%]\adspipe.dll
[%SYSTEM%]\adssite-remove.exe
[%SYSTEM%]\gzmrot-uninst.exe
[%SYSTEM%]\gzmrotate.dll
[%SYSTEM%]\nsz2E5.dll
[%WINDOWS%]\vs.bin
[%PROFILE_TEMP%]\sa4
[%SYSTEM%]\adrot-uninst.exe
[%SYSTEM%]\adrotate.dll
[%SYSTEM%]\adrotate.dll_tobedeleted
[%SYSTEM%]\adrotate1.dll
[%SYSTEM%]\adspipe.dll
[%SYSTEM%]\adssite-remove.exe
[%SYSTEM%]\gzmrot-uninst.exe
[%SYSTEM%]\gzmrotate.dll
[%SYSTEM%]\nsz2E5.dll
[%WINDOWS%]\vs.bin

Registry Keys:
HKEY_CLASSES_ROOT\adrotator.application
HKEY_CLASSES_ROOT\adrotator.rotator
HKEY_CLASSES_ROOT\adrotator.rotator.1
HKEY_CLASSES_ROOT\adspipe.adbot
HKEY_CLASSES_ROOT\adspipe.adbot.1
HKEY_CLASSES_ROOT\adssite.ad
HKEY_CLASSES_ROOT\adssite.ad.1
HKEY_CLASSES_ROOT\bannerrotator.rotator
HKEY_CLASSES_ROOT\bannerrotator.rotator.1
HKEY_CLASSES_ROOT\bannerrotator.rotator2
HKEY_CLASSES_ROOT\bannerrotator.rotator2.1
HKEY_CLASSES_ROOT\clsid\{3e7145b1-ea07-42ce-9299-11df39ff54bd}
HKEY_CLASSES_ROOT\clsid\{49c96360-9da5-4e3a-8ff4-fad8e79dabf2}
HKEY_CLASSES_ROOT\CLSID\{BCBCEE7B-2001-4971-B991-EB6E81C96CC5}
HKEY_CLASSES_ROOT\clsid\{d117a61f-92c3-4450-a0c8-f425b14d4127}
HKEY_CLASSES_ROOT\clsid\{e954db82-1533-4714-92f2-59c98d5c18cc}
HKEY_CLASSES_ROOT\CLSID\{F31B3634-12AA-41CA-B021-0685C3B3E4CA}
HKEY_CLASSES_ROOT\extrotator.rotator
HKEY_CLASSES_ROOT\extrotator.rotator.1
HKEY_CLASSES_ROOT\interface\{407fc66d-6224-4aeb-aa79-8aecb1c4d4a1}
HKEY_CLASSES_ROOT\interface\{4cde7971-1026-41ae-9818-31a9e5779441}
HKEY_CLASSES_ROOT\interface\{81b7f2df-3427-4704-b441-f74a4de94ce1}
HKEY_CLASSES_ROOT\interface\{e90e3ac0-be24-4751-b40f-ee40aa742132}
HKEY_CLASSES_ROOT\interface\{fea9cb23-100c-4b57-8038-932c9f2fe5fa}
HKEY_CLASSES_ROOT\rotator.gizmo2
HKEY_CLASSES_ROOT\rotator.gizmo2.1
HKEY_CLASSES_ROOT\typelib\{2ed7cd5f-aee2-4b09-82f4-c96eb7c02c87}\1.0
HKEY_CLASSES_ROOT\typelib\{5dbd13bc-c3f8-4846-ad3e-ba3479a5d3f1}\1.0
HKEY_CLASSES_ROOT\typelib\{7dabffeb-649f-4077-9e03-202688d77676}
HKEY_CLASSES_ROOT\typelib\{defdeada-c390-4eb9-97fa-59d56b21e5d5}
HKEY_CURRENT_USER\software\microsoft\adssite
HKEY_CURRENT_USER\software\microsoft\gizmo
HKEY_CURRENT_USER\software\microsoft\hid_layer
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\ext\stats\{d117a61f-92c3-4450-a0c8-f425b14d4127}
HKEY_LOCAL_MACHINE\software\microsoft\rotator
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BCBCEE7B-2001-4971-B991-EB6E81C96CC5}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{e954db82-1533-4714-92f2-59c98d5c18cc}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F31B3634-12AA-41CA-B021-0685C3B3E4CA}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\adrotator
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\adssite
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\rightonadz
HKEY_LOCAL_MACHINE\software\slmss
HKEY_CLASSES_ROOT\clsid\{36a91cec-6c71-4758-b492-397bfc8e96a2}
HKEY_CLASSES_ROOT\clsid\{6fa3df44-d34d-4538-9b82-136d43126f30}
HKEY_CLASSES_ROOT\clsid\{bcbcee7b-2001-4971-b991-eb6e81c96cc5}
HKEY_CLASSES_ROOT\clsid\{eec590d8-0a3c-4464-bb20-25a4747992f9}
HKEY_CLASSES_ROOT\clsid\{f31b3634-12aa-41ca-b021-0685c3b3e4ca}
HKEY_CLASSES_ROOT\interface\{9692b9e8-ca84-4724-a68f-5f3000738411}
HKEY_CLASSES_ROOT\rotator.gizmo
HKEY_CLASSES_ROOT\rotator.gizmo.1
HKEY_CLASSES_ROOT\typelib\{0445b750-4a14-48d9-a4c7-86d3950ea021}
HKEY_CLASSES_ROOT\typelib\{2fc7756c-ad52-414a-85c2-179f3157505b}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\49c96360-9da5-4e3a-8ff4-fad8e79dabf2}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{36a91cec-6c71-4758-b492-397bfc8e96a2}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{6fa3df44-d34d-4538-9b82-136d43126f30}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{bcbcee7b-2001-4971-b991-eb6e81c96cc5}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{d117a61f-92c3-4450-a0c8-f425b14d4127}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{f31b3634-12aa-41ca-b021-0685c3b3e4ca}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\blingads
HKEY_LOCAL_MACHINE\software\mwsvm

Registry Values:
HKEY_CURRENT_USER\software\microsoft\internet explorer\urlsearchhooks
HKEY_LOCAL_MACHINE\software\jawa32
HKEY_LOCAL_MACHINE\software\jawa32
HKEY_LOCAL_MACHINE\software\jawa32
HKEY_LOCAL_MACHINE\software\jawa32
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\software\microsoft\internet explorer\urlsearchhooks
HKEY_LOCAL_MACHINE\software\jawa32
HKEY_LOCAL_MACHINE\software\jawa32
HKEY_LOCAL_MACHINE\software\jawa32
HKEY_LOCAL_MACHINE\software\jawa32
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing AdRotator:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
SillyDl.DBZ Trojan Information

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)