Zwinky-MWS

Description:	Adware
Risk Level:	Low
Date of First Occurence:	Monday, April 14, 2008
Software Developer:	(unknown)
Brief Info:	Zwinky is an adware application which displays advertisements when the browser is active.
Removal:	This threat can be removed using "Spyware Terminator"

RIMUOVI SPYWARE »

Geographical Distribution of Threat "Zwinky-MWS"

Threat Info

View All

Detected Items

Detected Files: %DOWNLOADEDPROGRAMFILES%\ZwinkyInitialSetup1.0.1.1.exe MD5: 474F7CBB3EBEEDB493CC95F2A4D55E3D Size:132768 %DOWNLOADEDPROGRAMFILES%\ZwinkyInitialSetup1.0.1.0.exe MD5: 512CF1345C219300ABF33F24A10B52F8 Size:133024 %DOWNLOADEDPROGRAMFILES%\ZwinkyInitialSetup1.0.0.15.exe MD5: 89B4ACF0B1BCF67EF4E196563142F210 Size:116560
Detected Files with variable Filenames: MD5: 3BC43CEB571B95C7E13299F725B48571 Size: 110592 %SystemDiskRoot%\Documents and Settings\Faith Isaac Jacob\Local Settings\Temp\ICD1.tmp\f3Setup1.exe f:\Documents and Settings\Ariell-Star\Local Settings\Temp\ICD1.tmp\f3Setup1.exe %TEMP%\ICD1.tmp\f3Setup1.exe %SystemDiskRoot%\Documents and Settings\Kids\Local Settings\Temp\ICD1.tmp\f3Setup1.exe

Detecting items list:

Files by Name %PROGRAMFILES%\MyWebSearch\bar\1.bin\F3BROVLY.DLL %PROGRAMFILES%\MyWebSearch\bar\1.bin\F3CJPEG.DLL %PROGRAMFILES%\MyWebSearch\bar\1.bin\F3DTACTL.DLL %PROGRAMFILES%\MyWebSearch\bar\1.bin\F3HISTSW.DLL %PROGRAMFILES%\MyWebSearch\bar\1.bin\F3HTMLMU.DLL %PROGRAMFILES%\MyWebSearch\bar\1.bin\F3HTTPCT.DLL %PROGRAMFILES%\MyWebSearch\bar\1.bin\F3IMSTUB.DLL %PROGRAMFILES%\MyWebSearch\bar\1.bin\F3POPSWT.DLL %PROGRAMFILES%\MyWebSearch\bar\1.bin\F3PSSAVR.SCR %PROGRAMFILES%\MyWebSearch\bar\1.bin\F3REPROX.DLL %PROGRAMFILES%\MyWebSearch\bar\1.bin\F3RESTUB.DLL %PROGRAMFILES%\MyWebSearch\bar\1.bin\F3SCHMON.EXE %PROGRAMFILES%\MyWebSearch\bar\1.bin\F3SCRCTR.DLL %PROGRAMFILES%\MyWebSearch\bar\1.bin\F3SHLLVW.DLL %PROGRAMFILES%\MyWebSearch\bar\1.bin\F3WPHOOK.DLL %PROGRAMFILES%\MyWebSearch\bar\1.bin\M3HTML.DLL %PROGRAMFILES%\MyWebSearch\bar\1.bin\M3IDLE.DLL %PROGRAMFILES%\MyWebSearch\bar\1.bin\M3IMPIPE.EXE %PROGRAMFILES%\MyWebSearch\bar\1.bin\M3MSG.DLL %PROGRAMFILES%\MyWebSearch\bar\1.bin\M3OUTLCN.DLL %PROGRAMFILES%\MyWebSearch\bar\1.bin\M3PLUGIN.DLL %PROGRAMFILES%\MyWebSearch\bar\1.bin\M3SKIN.DLL %PROGRAMFILES%\MyWebSearch\bar\1.bin\M3SKPLAY.EXE %PROGRAMFILES%\MyWebSearch\bar\1.bin\MWSBAR.DLL %PROGRAMFILES%\MyWebSearch\bar\1.bin\MWSOEMON.EXE %PROGRAMFILES%\MyWebSearch\bar\1.bin\MWSOEPLG.DLL %PROGRAMFILES%\MyWebSearch\bar\1.bin\MWSOESTB.DLL %PROGRAMFILES%\MyWebSearch\bar\1.bin\NPMYWEBS.DLL %PROGRAMFILES%\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL %DOWNLOADEDPROGRAMFILES%\f3initialsetup1.0.0.15.inf %DOWNLOADEDPROGRAMFILES%\ZwinkyInitialSetup*
Files by MD5 MD5: 3BC43CEB571B95C7E13299F725B48571 Size: 110592
Files by Directories %PROGRAMFILES%\FunWebProducts %PROGRAMFILES%\MyWebSearch
Files by CLSID or Name CLSID=0F8ECF4F-3646-4C3A-8881-8E138FFCAF70 CLSID=25560540-9571-4D7B-9389-0F166788785A CLSID=2EFF3CF7-99C1-4c29-BC2B-68E057E22340 CLSID=3DC201FB-E9C9-499C-A11F-23C360D7C3F8 CLSID=3E720452-B472-4954-B7AA-33069EB53906 CLSID=53CED2D0-5E9A-4761-9005-648404E6F7E5 CLSID=63D0ED2C-B45B-4458-8B3B-60C69BBBD83C CLSID=7473D292-B7BB-4f24-AE82-7E2CE94BB6A9 CLSID=84DA4FDF-A1CF-4195-8688-3E961F505983 CLSID=8E6F1832-9607-4440-8530-13BE7C4B1D14 CLSID=98D9753D-D73B-42D5-8C85-4469CDA897AB CLSID=ADB01E81-3C79-4272-A0F1-7B2BE7A782DC CLSID=B813095C-81C0-4E40-AA14-67520372B987 CLSID=C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7 CLSID=D778513B-1C40-4819-B0C5-49E40B39AFD0 CLSID=E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612
Registry Keys HKCR\MyWebSearch.ChatSessionPlugin HKCR\MyWebSearch.ChatSessionPlugin.1 HKCR\MyWebSearch.HTMLPanel HKCR\MyWebSearch.HTMLPanel.1 HKCR\MyWebSearch.OutlookAddin HKCR\MyWebSearch.OutlookAddin.1 HKCR\MyWebSearch.PseudoTransparentPlugin HKCR\MyWebSearch.PseudoTransparentPlugin.1 HKCR\MyWebSearchToolBar.SettingsPlugin HKCR\MyWebSearchToolBar.SettingsPlugin.1 HKCR\MyWebSearchToolBar.ToolbarPlugin HKCR\MyWebSearchToolBar.ToolbarPlugin.1 HKCU\Software\MyWebSearch HKLM\SOFTWARE\Fun Web Products HKLM\SOFTWARE\FunWebProducts HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall HKLM\SOFTWARE\MyWebSearch
Registry Values HKCU\Software\Microsoft\Windows\CurrentVersion\Run ValueName=MyWebSearch Email Plugin HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ValueName=My Web Search Bar HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ValueName=MyWebSearch Email Plugin

« Go to Software Database

Cerca nel nostro database dei software

Sfoglia il database dei software

Ultimissime notizie sui Malware

23. settembre 2011

Among one of the most active spywares currently is without a doubt Trojan.MicroFake.ba. It attacks in conjunction with Rogue antispyware applications and forces users to purchase these fake applications. Using rootkit techniques is very typical of this Trojan to help it hide from users and the system, making it hard to trace. We recommend regular updating of our database and an active real-time protection with antivirus.

Notizie sui vecchi malware »