Thursday, December 4, 2008

PeopleOnPage Hijacker

Removing PeopleOnPage
Categories: Hijacker,Toolbar
Hijackers are software programs that modify users' default browser home page,
search settings, error page settings, or desktop wallpaper without adequate notice, disclosure,
or user consent.
Toolbar presents itself as a helpful add-on for Internet Explorer but it is a real pest.
It replaces your start page, continuosly open a number of pop up windows and so on.

PeopleOnPage Also known as:

[Panda]Adware/Envolo

Visible Symptoms:
Files in system folders:
[%PROFILE_TEMP%]\autoupdate0\auto_update_install.exe
[%PROFILE_TEMP%]\auf0.exe
[%PROFILE_TEMP%]\AutoUpdate0\setup.inf
[%PROFILE_TEMP%]\AutoUpdate1\setup.inf
[%SYSTEM%]\auto_update_uninstall.exe
[%SYSTEM%]\auto_update_uninstall.log
[%WINDOWS%]\Temp\AutoUpdate1\setup.inf
[%PROFILE%]\locals~1\temp\autoupdate0\auto_update_install.exe
[%PROGRAM_FILES%]\stomps~1\spywar~1\tempfiles\libexpat.dll
[%SYSTEM%]\bi5.exe
[%WINDOWS%]\downloaded program files\activeinstall2.inf
[%WINDOWS%]\downloaded program files\aprload.exe
[%WINDOWS%]\downloaded program files\load.exe
[%WINDOWS%]\windows\system32\auto_update_uninstall.exe
[%PROFILE_TEMP%]\autoupdate0\auto_update_install.exe
[%PROFILE_TEMP%]\auf0.exe
[%PROFILE_TEMP%]\AutoUpdate0\setup.inf
[%PROFILE_TEMP%]\AutoUpdate1\setup.inf
[%SYSTEM%]\auto_update_uninstall.exe
[%SYSTEM%]\auto_update_uninstall.log
[%WINDOWS%]\Temp\AutoUpdate1\setup.inf
[%PROFILE%]\locals~1\temp\autoupdate0\auto_update_install.exe
[%PROGRAM_FILES%]\stomps~1\spywar~1\tempfiles\libexpat.dll
[%SYSTEM%]\bi5.exe
[%WINDOWS%]\downloaded program files\activeinstall2.inf
[%WINDOWS%]\downloaded program files\aprload.exe
[%WINDOWS%]\downloaded program files\load.exe
[%WINDOWS%]\windows\system32\auto_update_uninstall.exe

How to detect PeopleOnPage:

Files:
[%PROFILE_TEMP%]\autoupdate0\auto_update_install.exe
[%PROFILE_TEMP%]\auf0.exe
[%PROFILE_TEMP%]\AutoUpdate0\setup.inf
[%PROFILE_TEMP%]\AutoUpdate1\setup.inf
[%SYSTEM%]\auto_update_uninstall.exe
[%SYSTEM%]\auto_update_uninstall.log
[%WINDOWS%]\Temp\AutoUpdate1\setup.inf
[%PROFILE%]\locals~1\temp\autoupdate0\auto_update_install.exe
[%PROGRAM_FILES%]\stomps~1\spywar~1\tempfiles\libexpat.dll
[%SYSTEM%]\bi5.exe
[%WINDOWS%]\downloaded program files\activeinstall2.inf
[%WINDOWS%]\downloaded program files\aprload.exe
[%WINDOWS%]\downloaded program files\load.exe
[%WINDOWS%]\windows\system32\auto_update_uninstall.exe
[%PROFILE_TEMP%]\autoupdate0\auto_update_install.exe
[%PROFILE_TEMP%]\auf0.exe
[%PROFILE_TEMP%]\AutoUpdate0\setup.inf
[%PROFILE_TEMP%]\AutoUpdate1\setup.inf
[%SYSTEM%]\auto_update_uninstall.exe
[%SYSTEM%]\auto_update_uninstall.log
[%WINDOWS%]\Temp\AutoUpdate1\setup.inf
[%PROFILE%]\locals~1\temp\autoupdate0\auto_update_install.exe
[%PROGRAM_FILES%]\stomps~1\spywar~1\tempfiles\libexpat.dll
[%SYSTEM%]\bi5.exe
[%WINDOWS%]\downloaded program files\activeinstall2.inf
[%WINDOWS%]\downloaded program files\aprload.exe
[%WINDOWS%]\downloaded program files\load.exe
[%WINDOWS%]\windows\system32\auto_update_uninstall.exe

Folders:
[%PROGRAM_FILES%]\autoupdate

Registry Keys:
HKEY_LOCAL_MACHINE\Software\AutoLoader
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\autoupdate
HKEY_CLASSES_ROOT\clsid\{a1558b18-f76c-40fe-b358-9e47449f3cfe}
HKEY_CLASSES_ROOT\clsid\{b3be5046-8197-48fb-b89f-7c767316d03c}
HKEY_CLASSES_ROOT\popad.server
HKEY_CLASSES_ROOT\popad.server.1
HKEY_CURRENT_USER\software\microsoft\internet explorer\explorer bars\{8023a3e7-ab95-4c23-8313-0be9842cc70e}
HKEY_CURRENT_USER\software\microsoft\internet explorer\toolbar\webbrowser\{645fd3bc-c314-4f7a-9d2e-64d62a0fdd78}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%WINDOWS%]\downloaded program files\monpop.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\amserver
HKEY_USERS\.default\software\microsoft\internet explorer\explorer bars\{8023a3e7-ab95-4c23-8313-0be9842cc70e}
HKEY_USERS\.default\software\pop

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%WINDOWS%]/downloaded program files/aprload.bin
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%WINDOWS%]/downloaded program files/aprload.bin
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%WINDOWS%]/downloaded program files/load.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%WINDOWS%]/downloaded program files/load.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shareddlls
HKEY_USERS\.default\software\microsoft\internet explorer\toolbar\webbrowser

Removing PeopleOnPage:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Remove Centenary Trojan
Remove Blaze Trojan
BackDoor.ALP.gen Trojan Cleaner
BuddyPicture Spyware Symptoms

No comments: