Categories: Trojan,BHO
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
The BHO (Browser Helper Object) waits for the user to post personal information to a monitored website.
As this information is entered by the user, it is captured by the BHO and sent back to the attacker.
[Kaspersky]AdWare.Win32.PrutiyScan.ak,AdWare.Win32.PurityScan.ak,Trojan-Downloader.Win32.PurityScan.cl,Trojan-Downloader.Win32.PurityScan.eb,AdWare.Win32.PurityScan.gl;
[McAfee]Adware-ClickSpring;
[Other]Win32/Clspring.GB,Adware.Purityscan,Win32/Clspring.FZ,Adware.PurityScan,ClickSpring.PuritySCAN,purityscan,Win32/Clspring.GG,ClickSpring,Win32/Clspring.GR,Win32/Clspring.GW,Troj/PurScan-BE,Win32/Clspring!generic,Adware:Win32/ClickSpring.PuritySCAN,Win32/Clspring.GZ,Trojan.AdclickerVisible Symptoms:
Files in system folders:
[%APPDATA%]\CROSOF~1.NET\msconfig.exe
[%APPDATA%]\FNTS~1\msiexec.exe
[%APPDATA%]\YMBOLS~1\lsass.exe
[%INTERNET_CACHE%]\Content.IE5\4LM3S9IZ\116[1].net
[%INTERNET_CACHE%]\Content.IE5\5461ZY3K\!update-4395[1].0000
[%INTERNET_CACHE%]\content.ie5\5MOG1H6V\!update-4395[1].0000
[%INTERNET_CACHE%]\content.ie5\DSUZ3EO9\!update-4395[1].0000
[%INTERNET_CACHE%]\Content.IE5\KLYBC1E3\!update-4395[1].0000
[%PROFILE_TEMP%]\!update.exe
[%PROFILE_TEMP%]\!update.exe.ren
[%PROFILE_TEMP%]\b116.exe
[%PROFILE_TEMP%]\sdexe.exe
[%PROFILE_TEMP%]\YazzleBundle-1281.exe
[%PROFILE_TEMP%]\yazzlesnet.exe
[%PROGRAM_FILES%]\ASEMBL~1\nopdb.exe
[%PROGRAM_FILES%]\RACLE~1\tracert.exe
[%PROGRAM_FILES_COMMON%]\%A5%CCICRO~1.NET\svchost.exe
[%PROGRAM_FILES_COMMON%]\ASEMBL~1\services.exe
[%SYSTEM%]\ICROSO~1.NET\lsass.exe
[%SYSTEM%]\ICROSO~1.NET\tracert.exe
[%SYSTEM%]\regedit.dll
[%SYSTEM%]\smss.dll
[%SYSTEM%]\SSTEM3~1\dexplore.exe
[%SYSTEM%]\wuauboot.dll
[%WINDOWS%]\CROSOF~1.NET\winlogon.exe
[%WINDOWS%]\YAXUninst.exe
[%SYSTEM%]\Outerinfo-1199.exe
[%APPDATA%]\CROSOF~1.NET\msconfig.exe
[%APPDATA%]\FNTS~1\msiexec.exe
[%APPDATA%]\YMBOLS~1\lsass.exe
[%INTERNET_CACHE%]\Content.IE5\4LM3S9IZ\116[1].net
[%INTERNET_CACHE%]\Content.IE5\5461ZY3K\!update-4395[1].0000
[%INTERNET_CACHE%]\content.ie5\5MOG1H6V\!update-4395[1].0000
[%INTERNET_CACHE%]\content.ie5\DSUZ3EO9\!update-4395[1].0000
[%INTERNET_CACHE%]\Content.IE5\KLYBC1E3\!update-4395[1].0000
[%PROFILE_TEMP%]\!update.exe
[%PROFILE_TEMP%]\!update.exe.ren
[%PROFILE_TEMP%]\b116.exe
[%PROFILE_TEMP%]\sdexe.exe
[%PROFILE_TEMP%]\YazzleBundle-1281.exe
[%PROFILE_TEMP%]\yazzlesnet.exe
[%PROGRAM_FILES%]\ASEMBL~1\nopdb.exe
[%PROGRAM_FILES%]\RACLE~1\tracert.exe
[%PROGRAM_FILES_COMMON%]\%A5%CCICRO~1.NET\svchost.exe
[%PROGRAM_FILES_COMMON%]\ASEMBL~1\services.exe
[%SYSTEM%]\ICROSO~1.NET\lsass.exe
[%SYSTEM%]\ICROSO~1.NET\tracert.exe
[%SYSTEM%]\regedit.dll
[%SYSTEM%]\smss.dll
[%SYSTEM%]\SSTEM3~1\dexplore.exe
[%SYSTEM%]\wuauboot.dll
[%WINDOWS%]\CROSOF~1.NET\winlogon.exe
[%WINDOWS%]\YAXUninst.exe
[%SYSTEM%]\Outerinfo-1199.exe How to detect Clspring:
Files:
[%APPDATA%]\CROSOF~1.NET\msconfig.exe
[%APPDATA%]\FNTS~1\msiexec.exe
[%APPDATA%]\YMBOLS~1\lsass.exe
[%INTERNET_CACHE%]\Content.IE5\4LM3S9IZ\116[1].net
[%INTERNET_CACHE%]\Content.IE5\5461ZY3K\!update-4395[1].0000
[%INTERNET_CACHE%]\content.ie5\5MOG1H6V\!update-4395[1].0000
[%INTERNET_CACHE%]\content.ie5\DSUZ3EO9\!update-4395[1].0000
[%INTERNET_CACHE%]\Content.IE5\KLYBC1E3\!update-4395[1].0000
[%PROFILE_TEMP%]\!update.exe
[%PROFILE_TEMP%]\!update.exe.ren
[%PROFILE_TEMP%]\b116.exe
[%PROFILE_TEMP%]\sdexe.exe
[%PROFILE_TEMP%]\YazzleBundle-1281.exe
[%PROFILE_TEMP%]\yazzlesnet.exe
[%PROGRAM_FILES%]\ASEMBL~1\nopdb.exe
[%PROGRAM_FILES%]\RACLE~1\tracert.exe
[%PROGRAM_FILES_COMMON%]\%A5%CCICRO~1.NET\svchost.exe
[%PROGRAM_FILES_COMMON%]\ASEMBL~1\services.exe
[%SYSTEM%]\ICROSO~1.NET\lsass.exe
[%SYSTEM%]\ICROSO~1.NET\tracert.exe
[%SYSTEM%]\regedit.dll
[%SYSTEM%]\smss.dll
[%SYSTEM%]\SSTEM3~1\dexplore.exe
[%SYSTEM%]\wuauboot.dll
[%WINDOWS%]\CROSOF~1.NET\winlogon.exe
[%WINDOWS%]\YAXUninst.exe
[%SYSTEM%]\Outerinfo-1199.exe
[%APPDATA%]\CROSOF~1.NET\msconfig.exe
[%APPDATA%]\FNTS~1\msiexec.exe
[%APPDATA%]\YMBOLS~1\lsass.exe
[%INTERNET_CACHE%]\Content.IE5\4LM3S9IZ\116[1].net
[%INTERNET_CACHE%]\Content.IE5\5461ZY3K\!update-4395[1].0000
[%INTERNET_CACHE%]\content.ie5\5MOG1H6V\!update-4395[1].0000
[%INTERNET_CACHE%]\content.ie5\DSUZ3EO9\!update-4395[1].0000
[%INTERNET_CACHE%]\Content.IE5\KLYBC1E3\!update-4395[1].0000
[%PROFILE_TEMP%]\!update.exe
[%PROFILE_TEMP%]\!update.exe.ren
[%PROFILE_TEMP%]\b116.exe
[%PROFILE_TEMP%]\sdexe.exe
[%PROFILE_TEMP%]\YazzleBundle-1281.exe
[%PROFILE_TEMP%]\yazzlesnet.exe
[%PROGRAM_FILES%]\ASEMBL~1\nopdb.exe
[%PROGRAM_FILES%]\RACLE~1\tracert.exe
[%PROGRAM_FILES_COMMON%]\%A5%CCICRO~1.NET\svchost.exe
[%PROGRAM_FILES_COMMON%]\ASEMBL~1\services.exe
[%SYSTEM%]\ICROSO~1.NET\lsass.exe
[%SYSTEM%]\ICROSO~1.NET\tracert.exe
[%SYSTEM%]\regedit.dll
[%SYSTEM%]\smss.dll
[%SYSTEM%]\SSTEM3~1\dexplore.exe
[%SYSTEM%]\wuauboot.dll
[%WINDOWS%]\CROSOF~1.NET\winlogon.exe
[%WINDOWS%]\YAXUninst.exe
[%SYSTEM%]\Outerinfo-1199.exe
Folders:
[%PROGRAMS%]\Outerinfo
[%PROGRAM_FILES%]\Outerinfo
Registry Keys:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\outerinfo
HKEY_CLASSES_ROOT\clsid\{2e9d4c81-9f27-4c14-b804-7b0f6bc88a4f}
HKEY_CLASSES_ROOT\clsid\{55bb27b1-b15e-b2df-2c22-bcce64b8e8b7}
HKEY_CLASSES_ROOT\clsid\{661d9ab6-595d-0b89-2bc2-0295c1a289b1}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{2e9d4c81-9f27-4c14-b804-7b0f6bc88a4f}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{55bb27b1-b15e-b2df-2c22-bcce64b8e8b7}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{661d9ab6-595d-0b89-2bc2-0295c1a289b1}
HKEY_LOCAL_MACHINE\software\outerinfo
Registry Values:
HKEY_CURRENT_USER\software\microsoft\internet explorer\urlsearchhooks
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_CURRENT_USER\software\mozilla\firefox\extensions
Removing Clspring:
You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.
Or buy it to remove ALL viruses from your computer.Also Be Aware of the Following Threats:
Removing Win32.Nuker.NuKe Trojan
Pigeon.ERN Trojan Information
iconinstaller Trojan Removal
No comments:
Post a Comment