Sgoope

Description:	Adware
Risk Level:	Low
Date of First Occurence:	Friday, May 09, 2008
Software Developer:	(unknown)
Brief Info:	Adware Software that is displaying pop-up/pop-under windows containing advertisements when the primary user interface is not visible or displayed advertisements are not related to the product.
Removal:	This threat can be removed using "Spyware Terminator"

RIMUOVI SPYWARE »

Geographical Distribution of Threat "Sgoope"

Threat Info

View All

Detected Items

Detected Files: %PROGRAMFILES%\CallIT\SGooPE\g4Audio.ocx MD5: E5151CC08DCD14865AD4655D1EA83DDC Size:106496 MD5: 832CCC039E1984EF85E3202A424A72E1 Size:98304 MD5: C9F96E11B3DBFAB923FD2FF2ED13CBCC Size:98304 %PROGRAMFILES%\CallIT\SGooPE\SPMess.dll MD5: A65DAC0D55F478C53B4D890C11BE0E43 Size:77824 MD5: 40653375D7FBD3B08680BB801A5E0F1B Size:77824 %PROGRAMFILES%\CallIT\SGooPE\SPConn.dll MD5: 1817E9DB52F6742B73CB457A15BB9ED6 Size:151552 %PROGRAMFILES%\CallIT\SGooPE\SPCallSKYPE.dll MD5: 7A4359A3BEBA01917B73590805446BE3 Size:73728 MD5: 64024D132F4D1B227A38EE315ECD4B9D Size:73728 %PROGRAMFILES%\CallIT\SGooPE\SPCallRTC.dll MD5: A771F8D9CFD5D382879E4233510E1463 Size:73728 MD5: 876330932268949099ED49E091ABEADB Size:73728 %PROGRAMFILES%\CallIT\SGooPE\SPCallG4.dll MD5: 6945490980D815B96B6EE760D45ED51B Size:94208 MD5: 71A56BD9C07476E14A208FCE7FDB157E Size:94208 MD5: 56A49D70218BC01A8AF63509500F3919 Size:98304 %PROGRAMFILES%\CallIT\SGooPE\SPCall.dll MD5: AD8B34C98ED4E7B6AE938FC952626E91 Size:65536 MD5: 61F8666C91CB28EC99332FCF2E3CE96F Size:65536 MD5: 51786A06F369C90BA5B6F8F42404860E Size:65536 %PROGRAMFILES%\CallIT\SGooPE\shdocvw.dll MD5: 1DE9634C6A171770C6503EA67734CB83 Size:1492480 %PROGRAMFILES%\CallIT\SGooPE\SGooPEUpdater.exe MD5: EF028FE5CBF05B2C3B63FF375E4C6CF6 Size:131072 %PROGRAMFILES%\CallIT\SGooPE\G4Phone.ocx MD5: 5604462DD88AFC26B83F85E041A7F562 Size:356352 MD5: 3F17CE13E7BA107DAC8ED3B55EA9EAED Size:356352 MD5: AA9E2AF64870719DA581F5997A1E014E Size:356352 %PROGRAMFILES%\CallIT\SGooPE\ftp40.ocx MD5: 5A27BE24071DA4D042B514A06D0C2D4B Size:110464 %PROGRAMFILES%\CALLIT\SGOOPE\SGOOPE.EXE MD5: 2C43742045BB0157FBC60B40733572DB Size:1671168 %PROGRAMFILES%\CallIT\SGooPE\SGooPE.exe MD5: 4150E875E2FBC19315F9E0F0503333F9 Size:1671168 MD5: 182614BE05DA8CC06E35338350E1F315 Size:1662976
Detected Files with variable Filenames:

Detecting items list:

Files by Name %PROGRAMFILES%\CallIT\SGooPE\ftp40.ocx %PROGRAMFILES%\CallIT\SGooPE\g4Audio.ocx %PROGRAMFILES%\CallIT\SGooPE\G4Phone.ocx %PROGRAMFILES%\CallIT\SGooPE\SGooPE.exe %PROGRAMFILES%\CallIT\SGooPE\SGOOPEupdater.exe %PROGRAMFILES%\CallIT\SGooPE\SPCall.dll %PROGRAMFILES%\CallIT\SGooPE\SPCallG4.dll %PROGRAMFILES%\CallIT\SGooPE\SPCallRTC.dll %PROGRAMFILES%\CallIT\SGooPE\SPCallSKYPE.dll %PROGRAMFILES%\CallIT\SGooPE\SPConn.dll %PROGRAMFILES%\CallIT\SGooPE\SPMess.dll %START_PROGRAMS%\SGOOPE\SGOOPE.lnk %DESKTOP%\SGOOPE.lnk %APPDATA%\SGooPE\HTML\templatebottom.htm %APPDATA%\SGooPE\HTML\templatetop.htm %APPDATA%\SGooPE\SMILEYS\SMILEY01.bmp %APPDATA%\SGooPE\SMILEYS\SMILEY02.bmp %APPDATA%\SGooPE\SMILEYS\SMILEY03.bmp %APPDATA%\SGooPE\WAV\1.wav %APPDATA%\SGooPE\WAV\ringin.wav
Files by Directories %PROGRAMFILES%\CallIT\SGooPE %START_PROGRAMS%\SGOOPE %APPDATA%\SGooPE
Files by CLSID or Name CLSID=286E51B7-1E50-4B7A-B29C-77E1630CA583 CLSID=33337170-F789-11CE-86F8-0020AFD8C6DB CLSID=5E44580A-C478-44A9-801C-967B7276ACD3 CLSID=BB3784C3-E63E-40DD-8888-F1DB02CA3046 CLSID=C2C2D92A-4DF3-445D-89F2-3F8197429C7D CLSID=D9C30395-F423-48C1-88F7-6EA78F2026B4
Registry Keys HKCR\etShapedForm.ShapedForm HKCR\SkypeAPI.Access HKCR\SkypeAPI.Access.1 HKCR\SkypeAPI.Call HKCR\SkypeAPI.Call.1 HKCR\SkypeAPI.Conversion HKCR\SkypeAPI.Conversion.1 HKCR\SkypeAPI.Profile HKCR\SkypeAPI.Profile.1 HKCR\SkypeAPI.UI HKCR\SkypeAPI.UI.1 HKCR\SPCall.IPCall HKCR\SPCallG4.IPCall HKCR\SPCallRTC.IPCall HKCR\SPCallSkype.IPCall HKCR\SPConn.Connection HKCR\SPMess.MessengerApp HKCU\Software\Microsoft\Installer\Features\FA5B0671A2B38E948ADBFDD0BEFD30D8 HKCU\Software\Microsoft\Installer\Products\FA5B0671A2B38E948ADBFDD0BEFD30D8 HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\SGOOPE HKCU\Software\SGooPE HKCU\Software\VB and VBA Program Settings\OsenXPSuite2006 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1760B5AF-3B2A-49E8-A8BD-DF0DEBDF038D}
Registry Values HKCU\Software\Microsoft\Installer\UpgradeCodes\847341D640C980747A3765A9A56DE242 ValueName=FA5B0671A2B38E948ADBFDD0BEFD30D8 HKCU\Software\Microsoft\Windows\CurrentVersion\Run ValueName=SGooPE HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs ValueName=%SystemDiskRoot%\Program Files\CallIT\SGooPE\ftp40.ocx HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs ValueName=%SystemDiskRoot%\Program Files\CallIT\SGooPE\g4Audio.ocx HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs ValueName=%SystemDiskRoot%\Program Files\CallIT\SGooPE\G4Phone.ocx HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs ValueName=%SystemDiskRoot%\Program Files\CallIT\SGooPE\SGooPE.exe HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs ValueName=%SystemDiskRoot%\Program Files\CallIT\SGooPE\SGOOPEupdater.exe HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs ValueName=%SystemDiskRoot%\Program Files\CallIT\SGooPE\SPCall.dll HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs ValueName=%SystemDiskRoot%\Program Files\CallIT\SGooPE\SPCallG4.dll HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs ValueName=%SystemDiskRoot%\Program Files\CallIT\SGooPE\SPCallRTC.dll HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs ValueName=%SystemDiskRoot%\Program Files\CallIT\SGooPE\SPCallSKYPE.dll HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs ValueName=%SystemDiskRoot%\Program Files\CallIT\SGooPE\SPConn.dll HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs ValueName=%SystemDiskRoot%\Program Files\CallIT\SGooPE\SPMess.dll HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs ValueName=%SystemDiskRoot%\WINDOWS\System32\ActiveS.dll HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs ValueName=%SystemDiskRoot%\WINDOWS\System32\etShapedForm.ocx HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs ValueName=%SystemDiskRoot%\WINDOWS\System32\osenxpresources.dll HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs ValueName=%SystemDiskRoot%\WINDOWS\System32\osenxpsuite2006r.dll HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs ValueName=%SystemDiskRoot%\WINDOWS\System32\osenxpsuite2006r.ocx HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs ValueName=%SystemDiskRoot%\WINDOWS\System32\osenxpsuite2006r.tlb

« Go to Software Database

Cerca nel nostro database dei software

Sfoglia il database dei software

Ultimissime notizie sui Malware

23. settembre 2011

Among one of the most active spywares currently is without a doubt Trojan.MicroFake.ba. It attacks in conjunction with Rogue antispyware applications and forces users to purchase these fake applications. Using rootkit techniques is very typical of this Trojan to help it hide from users and the system, making it hard to trace. We recommend regular updating of our database and an active real-time protection with antivirus.

Notizie sui vecchi malware »