Monday, February 2, 2009

Ebates.MoneyMaker Adware

Removing Ebates.MoneyMaker
Categories: Adware,Hacker Tool
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.

Hacker Tools are designed to penetrate remote computers
in order to use them as zombies or to download other malicious programs to computer.

Ebates.MoneyMaker Also known as:

[Panda]Adware/MoeMoney,Adware/TopMoxie,HackTool/Jkill.A

Visible Symptoms:
Files in system folders:
[%PROFILE_TEMP%]\djebmm350.exe
[%PROFILE_TEMP%]\temp.fr????\Ap350\psid399.dat
[%PROFILE_TEMP%]\temp.fr????\Sy350\Html\popo350a_counv.htm
[%PROFILE_TEMP%]\temp.fr????\Sy350\Html\popo350a_couyv.htm
[%PROFILE_TEMP%]\temp.fr????\Sy350\Html\popo350a_non.htm
[%PROFILE_TEMP%]\temp.fr????\Sy350\Html\popo350a_nv.htm
[%PROFILE_TEMP%]\temp.fr????\Sy350\Html\pref350a_dis.htm
[%PROFILE_TEMP%]\temp.fr????\Sy350\Html\scri350a.htm
[%PROFILE_TEMP%]\temp.fr????\Sy350\Html\spec350a_yv.htm
[%PROFILE_TEMP%]\temp.fr????\Sy350\Sy350\350_0.dat
[%PROFILE_TEMP%]\temp.fr????\Sy350\Sy350\350_2.dat
[%PROFILE_TEMP%]\THI11E0.tmp\TRebates.exe
[%PROFILE_TEMP%]\THI2BE3.tmp\TRebates.exe
[%PROFILE_TEMP%]\THI376A.tmp\MMaker4b.exe
[%PROFILE_TEMP%]\THI575D.tmp\TRebates.exe
[%PROFILE_TEMP%]\THI76A.tmp\MMaker4b.exe
[%PROGRAM_FILES%]\couponsandoffers\System\Code\o.class
[%PROGRAM_FILES%]\couponsandoffers\System\Temp\couponsandoffers.exe
[%PROGRAM_FILES%]\LimeShop\Popup.exe
[%DESKTOP%]\earn money.lnk
[%PROFILE_TEMP%]\ebatesmoemoneymaker.exe
[%PROGRAM_FILES%]\care2gtu\popup.exe
[%PROGRAM_FILES%]\couponsandoffers\couponsandoffers1.exe
[%STARTMENU%]\casino.url
[%WINDOWS%]\dkry.exe
[%PROFILE_TEMP%]\djebmm350.exe
[%PROFILE_TEMP%]\temp.fr????\Ap350\psid399.dat
[%PROFILE_TEMP%]\temp.fr????\Sy350\Html\popo350a_counv.htm
[%PROFILE_TEMP%]\temp.fr????\Sy350\Html\popo350a_couyv.htm
[%PROFILE_TEMP%]\temp.fr????\Sy350\Html\popo350a_non.htm
[%PROFILE_TEMP%]\temp.fr????\Sy350\Html\popo350a_nv.htm
[%PROFILE_TEMP%]\temp.fr????\Sy350\Html\pref350a_dis.htm
[%PROFILE_TEMP%]\temp.fr????\Sy350\Html\scri350a.htm
[%PROFILE_TEMP%]\temp.fr????\Sy350\Html\spec350a_yv.htm
[%PROFILE_TEMP%]\temp.fr????\Sy350\Sy350\350_0.dat
[%PROFILE_TEMP%]\temp.fr????\Sy350\Sy350\350_2.dat
[%PROFILE_TEMP%]\THI11E0.tmp\TRebates.exe
[%PROFILE_TEMP%]\THI2BE3.tmp\TRebates.exe
[%PROFILE_TEMP%]\THI376A.tmp\MMaker4b.exe
[%PROFILE_TEMP%]\THI575D.tmp\TRebates.exe
[%PROFILE_TEMP%]\THI76A.tmp\MMaker4b.exe
[%PROGRAM_FILES%]\couponsandoffers\System\Code\o.class
[%PROGRAM_FILES%]\couponsandoffers\System\Temp\couponsandoffers.exe
[%PROGRAM_FILES%]\LimeShop\Popup.exe
[%DESKTOP%]\earn money.lnk
[%PROFILE_TEMP%]\ebatesmoemoneymaker.exe
[%PROGRAM_FILES%]\care2gtu\popup.exe
[%PROGRAM_FILES%]\couponsandoffers\couponsandoffers1.exe
[%STARTMENU%]\casino.url
[%WINDOWS%]\dkry.exe

How to detect Ebates.MoneyMaker:

Files:
[%PROFILE_TEMP%]\djebmm350.exe
[%PROFILE_TEMP%]\temp.fr????\Ap350\psid399.dat
[%PROFILE_TEMP%]\temp.fr????\Sy350\Html\popo350a_counv.htm
[%PROFILE_TEMP%]\temp.fr????\Sy350\Html\popo350a_couyv.htm
[%PROFILE_TEMP%]\temp.fr????\Sy350\Html\popo350a_non.htm
[%PROFILE_TEMP%]\temp.fr????\Sy350\Html\popo350a_nv.htm
[%PROFILE_TEMP%]\temp.fr????\Sy350\Html\pref350a_dis.htm
[%PROFILE_TEMP%]\temp.fr????\Sy350\Html\scri350a.htm
[%PROFILE_TEMP%]\temp.fr????\Sy350\Html\spec350a_yv.htm
[%PROFILE_TEMP%]\temp.fr????\Sy350\Sy350\350_0.dat
[%PROFILE_TEMP%]\temp.fr????\Sy350\Sy350\350_2.dat
[%PROFILE_TEMP%]\THI11E0.tmp\TRebates.exe
[%PROFILE_TEMP%]\THI2BE3.tmp\TRebates.exe
[%PROFILE_TEMP%]\THI376A.tmp\MMaker4b.exe
[%PROFILE_TEMP%]\THI575D.tmp\TRebates.exe
[%PROFILE_TEMP%]\THI76A.tmp\MMaker4b.exe
[%PROGRAM_FILES%]\couponsandoffers\System\Code\o.class
[%PROGRAM_FILES%]\couponsandoffers\System\Temp\couponsandoffers.exe
[%PROGRAM_FILES%]\LimeShop\Popup.exe
[%DESKTOP%]\earn money.lnk
[%PROFILE_TEMP%]\ebatesmoemoneymaker.exe
[%PROGRAM_FILES%]\care2gtu\popup.exe
[%PROGRAM_FILES%]\couponsandoffers\couponsandoffers1.exe
[%STARTMENU%]\casino.url
[%WINDOWS%]\dkry.exe
[%PROFILE_TEMP%]\djebmm350.exe
[%PROFILE_TEMP%]\temp.fr????\Ap350\psid399.dat
[%PROFILE_TEMP%]\temp.fr????\Sy350\Html\popo350a_counv.htm
[%PROFILE_TEMP%]\temp.fr????\Sy350\Html\popo350a_couyv.htm
[%PROFILE_TEMP%]\temp.fr????\Sy350\Html\popo350a_non.htm
[%PROFILE_TEMP%]\temp.fr????\Sy350\Html\popo350a_nv.htm
[%PROFILE_TEMP%]\temp.fr????\Sy350\Html\pref350a_dis.htm
[%PROFILE_TEMP%]\temp.fr????\Sy350\Html\scri350a.htm
[%PROFILE_TEMP%]\temp.fr????\Sy350\Html\spec350a_yv.htm
[%PROFILE_TEMP%]\temp.fr????\Sy350\Sy350\350_0.dat
[%PROFILE_TEMP%]\temp.fr????\Sy350\Sy350\350_2.dat
[%PROFILE_TEMP%]\THI11E0.tmp\TRebates.exe
[%PROFILE_TEMP%]\THI2BE3.tmp\TRebates.exe
[%PROFILE_TEMP%]\THI376A.tmp\MMaker4b.exe
[%PROFILE_TEMP%]\THI575D.tmp\TRebates.exe
[%PROFILE_TEMP%]\THI76A.tmp\MMaker4b.exe
[%PROGRAM_FILES%]\couponsandoffers\System\Code\o.class
[%PROGRAM_FILES%]\couponsandoffers\System\Temp\couponsandoffers.exe
[%PROGRAM_FILES%]\LimeShop\Popup.exe
[%DESKTOP%]\earn money.lnk
[%PROFILE_TEMP%]\ebatesmoemoneymaker.exe
[%PROGRAM_FILES%]\care2gtu\popup.exe
[%PROGRAM_FILES%]\couponsandoffers\couponsandoffers1.exe
[%STARTMENU%]\casino.url
[%WINDOWS%]\dkry.exe

Folders:
[%PROGRAM_FILES%]\ebatesmoemoneymaker
[%PROGRAM_FILES%]\ebates_moemoneymaker
[%PROGRAM_FILES%]\webrebates
[%PROGRAM_FILES%]\websearch

Registry Keys:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\{6685509E-B47B-4f47-8E16-9A5F3A62F683}
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\{7F241C00-DAB6-11d5-AAA8-0001028DF1BC}
HKEY_CURRENT_USER\software\microsoft\internet explorer\menuext\ebates
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\ext\stats\{6685509e-b47b-4f47-8e16-9a5f3a62f683}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\ebatesver2.xml
HKEY_CURRENT_USER\software\microsoft\internet explorer\extensions\cmdmapping\{6685509e-b47b-4f47-8e16-9a5f3a62f683}
HKEY_CURRENT_USER\software\microsoft\internet explorer\extensions\cmdmapping\{7f241c00-dab6-11d5-aaa8-0001028df1bc}
HKEY_CURRENT_USER\software\microsoft\internet explorer\extensions\{6685509e-b47b-4f47-8e16-9a5f3a62f683}
HKEY_CURRENT_USER\software\microsoft\internet explorer\extensions\{7f241c00-dab6-11d5-aaa8-0001028df1bc}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\ebatesver2.xml

Registry Values:
HKEY_CURRENT_USER\software\microsoft\internet explorer\extensions\cmdmapping
HKEY_CURRENT_USER\software\microsoft\internet explorer\extensions\cmdmapping
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\software\microsoft\internet explorer\extensions\cmdmapping
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing Ebates.MoneyMaker:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Remove Pigeon.AWY Trojan

No comments: