Sunday, November 9, 2008

Marketscore Adware

Removing Marketscore
Categories: Adware,Spyware
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits
Spyware programs can collect various types of personal information,
such as Internet surfing habit, sites that have been visited,
but can also interfere with user control of the computer in other ways,
such as installing additional software, redirecting Web browser activity,
accessing websites blindly that will cause more harmful viruses,
or diverting advertising revenue to a third party.
Visible Symptoms:
Files in system folders:
[%PROFILE_TEMP%]\temp.fr????
[%PROFILE_TEMP%]\~os67.tmp\rk.exe
[%SYSTEM%]\mksc.exe
[%SYSTEM%]\okshook.dll
[%SYSTEM%]\osconfig.dll
[%SYSTEM%]\osmim.dll
[%SYSTEM%]\osmim.dll_tobedeleted
[%SYSTEM%]\osrouter.dll
[%SYSTEM%]\ossproxy.exe
[%SYSTEM%]\rk.bin
[%SYSTEM%]\rk.exe
[%PROFILE%]\Configuraci%F3n local\Temp\temp.fr????
[%SYSTEM%]\csloa.dll
[%WINDOWS%]\system\nscheck.exe
[%WINDOWS%]\system\nscheck.lgc
[%PROFILE_TEMP%]\temp.fr????
[%PROFILE_TEMP%]\~os67.tmp\rk.exe
[%SYSTEM%]\mksc.exe
[%SYSTEM%]\okshook.dll
[%SYSTEM%]\osconfig.dll
[%SYSTEM%]\osmim.dll
[%SYSTEM%]\osmim.dll_tobedeleted
[%SYSTEM%]\osrouter.dll
[%SYSTEM%]\ossproxy.exe
[%SYSTEM%]\rk.bin
[%SYSTEM%]\rk.exe
[%PROFILE%]\Configuraci%F3n local\Temp\temp.fr????
[%SYSTEM%]\csloa.dll
[%WINDOWS%]\system\nscheck.exe
[%WINDOWS%]\system\nscheck.lgc

How to detect Marketscore:

Files:
[%PROFILE_TEMP%]\temp.fr????
[%PROFILE_TEMP%]\~os67.tmp\rk.exe
[%SYSTEM%]\mksc.exe
[%SYSTEM%]\okshook.dll
[%SYSTEM%]\osconfig.dll
[%SYSTEM%]\osmim.dll
[%SYSTEM%]\osmim.dll_tobedeleted
[%SYSTEM%]\osrouter.dll
[%SYSTEM%]\ossproxy.exe
[%SYSTEM%]\rk.bin
[%SYSTEM%]\rk.exe
[%PROFILE%]\Configuraci%F3n local\Temp\temp.fr????
[%SYSTEM%]\csloa.dll
[%WINDOWS%]\system\nscheck.exe
[%WINDOWS%]\system\nscheck.lgc
[%PROFILE_TEMP%]\temp.fr????
[%PROFILE_TEMP%]\~os67.tmp\rk.exe
[%SYSTEM%]\mksc.exe
[%SYSTEM%]\okshook.dll
[%SYSTEM%]\osconfig.dll
[%SYSTEM%]\osmim.dll
[%SYSTEM%]\osmim.dll_tobedeleted
[%SYSTEM%]\osrouter.dll
[%SYSTEM%]\ossproxy.exe
[%SYSTEM%]\rk.bin
[%SYSTEM%]\rk.exe
[%PROFILE%]\Configuraci%F3n local\Temp\temp.fr????
[%SYSTEM%]\csloa.dll
[%WINDOWS%]\system\nscheck.exe
[%WINDOWS%]\system\nscheck.lgc

Registry Keys:
HKEY_CURRENT_USER\software\netsetter
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{35B7E48B-9D81-4C6C-9578-5FD4F620D886}
HKEY_LOCAL_MACHINE\software\netsetter\osmim
HKEY_CLASSES_ROOT\clsid\{b2c03e2e-2219-4ff9-810a-540aca63f8d9}
HKEY_CLASSES_ROOT\interface\{f88527e2-a8a7-4227-8683-05cfa4eec511}
HKEY_CLASSES_ROOT\nsconfig.nsbrowserconfig
HKEY_CLASSES_ROOT\typelib\{169c7855-c096-4d45-803b-6441552a7e92}
HKEY_LOCAL_MACHINE\software\classes\clsid\{2f9bfca0-082b-4aaf-96e5-6dc17ebc8335}
HKEY_LOCAL_MACHINE\software\classes\interface\{f88527e2-a8a7-4227-8683-05cfa4eec511}
HKEY_LOCAL_MACHINE\software\classes\nsconfig.nsbrowserconfig
HKEY_LOCAL_MACHINE\software\classes\nsconfig.nsbrowserconfig.2
HKEY_LOCAL_MACHINE\software\classes\typelib\{169c7855-c096-4d45-803b-6441552a7e92}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{2f9bfca0-082b-4aaf-96e5-6dc17ebc8335}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{35b7e48b-9d81-4c6c-9578-5fd4f620d886}

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\systemcertificates\root\certificates\a32c2b8361ca79fb7dcd14cbda793d0df855991c
HKEY_LOCAL_MACHINE\software\microsoft\systemcertificates\root\certificates\f8d953700e84f3945390c81a1a3bf929c8a29eb7
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\systemcertificates\root\certificates\a32c2b8361ca79fb7dcd14cbda793d0df855991c
HKEY_LOCAL_MACHINE\software\microsoft\systemcertificates\root\certificates\a32c2b8361ca79fb7dcd14cbda793d0df855991c
HKEY_LOCAL_MACHINE\software\microsoft\systemcertificates\root\certificates\f8d953700e84f3945390c81a1a3bf929c8a29eb7
HKEY_LOCAL_MACHINE\software\microsoft\systemcertificates\root\certificates\f8d953700e84f3945390c81a1a3bf929c8a29eb7
HKEY_LOCAL_MACHINE\software\microsoft\systemcertificates\root\certificates\f8d953700e84f3945390c81a1a3bf929c8a29eb7
HKEY_LOCAL_MACHINE\software\microsoft\systemcertificates\root\certificates\f8d953700e84f3945390c81a1a3bf929c8a29eb7
HKEY_LOCAL_MACHINE\software\microsoft\systemcertificates\root\certificates\f8d953700e84f3945390c81a1a3bf929c8a29eb7
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%SYSTEM%]/csloa.d__
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%SYSTEM%]/csloa.d__
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%SYSTEM%]/okshook.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%SYSTEM%]/okshook.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%SYSTEM%]/osconfig.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%SYSTEM%]/osconfig.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%SYSTEM%]/osmim.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%SYSTEM%]/osmim.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%SYSTEM%]/ossproxy.ex_
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%SYSTEM%]/ossproxy.ex_

Removing Marketscore:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)