PehPai

Description:	Adware
Risk Level:	Low
Date of First Occurence:	Friday, May 09, 2008
Software Developer:	(unknown)
Brief Info:	Adware Software that is displaying pop-up/pop-under windows containing advertisements when the primary user interface is not visible or displayed advertisements are not related to the product.
Removal:	This threat can be removed using "Spyware Terminator"

REMOVER SPYWARE »

Geographical Distribution of Threat "PehPai"

Threat Info

View All

Detected Items

Detected Files: %APPDATA%\ZapSpot\ZapSpot.exe MD5: 06298F678A45AC5FE2808A5F2B4AFC7D Size:761930 MD5: 19DB77BA1CC8FD332BB69A7F4F3ED186 Size:594456 MD5: 2C7DCA7CB12B3231578B43A0759ACCE9 Size:761930 MD5: 7FE70A18C1AA62F22EA3D19A9795745A Size:741450 MD5: D5A0A59BF590C0B49545A1A6A4FB8026 Size:786432 MD5: F70E877957F3298693EEEBF72064CB97 Size:737816 MD5: DBA7650ADE5256D86DE92D5D34CFA9BB Size:750104 MD5: 3D095A7A143BEE4F5504F93AB3B53C2D Size:479800 MD5: 5D8369B1A7A54625DFF3BBC61F20C7A3 Size:753738 MD5: CD161B41D95DC4D90F2CE2CB4ADF9B0C Size:729162 MD5: 78BAFD3BA306A06C660BEA3EBB534371 Size:881176 MD5: 827F768069F0EBFD3191092E2E8E6746 Size:754200 and more.... %APPDATA%\ZapSpot\System\Etc\P3OfrMgr.exe MD5: DAECB3058E717724FCEA6FAAB440085D Size:278528 MD5: 89298414C8A5BCAF84CE9247FABB8F26 Size:274432 %USERDOCUMENTS%\My ZapSpot\GoldDiver.exe MD5: A7D2002A22EB44EB67F25F57B1F110CB Size:792055 MD5: 947F18F3C1E1D1D97691FCAD6F7DE1F4 Size:826452 MD5: 2D2EFFF0CAFA6D15DE0C292501BCF269 Size:658784 %USERDOCUMENTS%\My ZapSpot\22 - GoldDiver.exe MD5: C26F54C55B56C50A524D86AFCE9F695A Size:669952 %USERDOCUMENTS%\My ZapSpot\08 - FROG.exe MD5: 622B67D976DF3D67F95CBDFDCE0CDCC5 Size:664080 %USERDOCUMENTS%\My ZapSpot\Bully Frog.exe MD5: 7C45AEF38151FCC51CB21DC02F4B2D96 Size:664656 %USERDOCUMENTS%\My ZapSpot\nightsparks.exe MD5: 2C3B8AD150A4432245E0B8B02280B958 Size:693144 MD5: 2200043517F659E202906B3D52E9B83E Size:693144 %USERDOCUMENTS%\My ZapSpot\hotdogvendor.exe MD5: 3CA6F3A8385B3630B522461276746B2C Size:678496 %USERDOCUMENTS%\My ZapSpot\colorbreak.exe MD5: 00D77CB0C94D01756DB09BBB5000ADF1 Size:446032 %USERDOCUMENTS%\My ZapSpot\BubbleBound.exe MD5: 4186439A45F7A68A7878D41D5D913797 Size:663816 MD5: F4963631740CBE9CE8F908B04836E6AA Size:757100 %USERDOCUMENTS%\My ZapSpot\Ameba.exe MD5: B64A2F5F822F25F0FE928124D2D4CFD5 Size:649504 %USERDOCUMENTS%\My ZapSpot\xmas.exe MD5: DE61837A87D9F2F68995B380DEA5E3C5 Size:782769 MD5: 7A6F26152F5BD0261334426BDA99904B Size:817166 MD5: 429CD9E621AB219686F8C2581359D7F2 Size:799153 MD5: E9ED72B0A32CA90DA3847C5C7F5E42BC Size:643456 MD5: D70AAF2CB32F7228EA3AF63688D7525F Size:784343 %USERDOCUMENTS%\My ZapSpot\sortsport.exe MD5: C589D8351C1D180F9867DFB406436EA3 Size:868833 %USERDOCUMENTS%\My ZapSpot\Jewels.exe MD5: BA8852F6FEF3A38B03AC2ED585CF05A0 Size:806060 %USERDOCUMENTS%\My ZapSpot\GALACTICMENACE.EXE MD5: C6C394AA88237816D174B8B187BC20E5 Size:844378 %USERDOCUMENTS%\My ZapSpot\FenceOut.exe MD5: D35D3366B8E5007BECD04E94F4ED04D5 Size:806307 %USERDOCUMENTS%\My ZapSpot\colorbreak2.exe MD5: 25B4F7B28B95FCA6E3A119FBF29624C3 Size:1003593 %USERDOCUMENTS%\My ZapSpot\ColorBreak.exe MD5: 6E5117F93BC3ABDC85B990F18BB9C0F4 Size:773119 %USERDOCUMENTS%\My ZapSpot\PehPai[1].exe MD5: 10D39744030FF278B0B879313A115E2C Size:436848 %USERDOCUMENTS%\My ZapSpot\MudSlinger.exe MD5: EA5A75E323585FC47648C4217CD89118 Size:841451 %USERDOCUMENTS%\My ZapSpot\moeboid.exe MD5: D59629ACC0D77F5B7FDCF95F32712B2A Size:826367 MD5: A2A77DC0448C1F0C91E121EC562ABF21 Size:877613 %USERDOCUMENTS%\My ZapSpot\HotDogVendor.exe MD5: D20E3CA5D5BBE913AD5E721520CD1B2F Size:830155 %USERDOCUMENTS%\My ZapSpot\golddiver.exe MD5: 9F052842842646A5C569A1F35FFDFD5C Size:808439 MD5: 8FEDE69E64CF39D8AE6447BB5FD8A115 Size:794624 %USERDOCUMENTS%\My ZapSpot\fenceout.exe MD5: E0A9A95A3885FA7E20B75E5ECB6F8828 Size:822691 %USERDOCUMENTS%\My ZapSpot\latest.exe MD5: 61D7C3DB7211C5315F2983D99BD17A33 Size:1045300 %USERDOCUMENTS%\My ZapSpot\hallowmeenies.exe MD5: 48A9F382A6C03DA68CB4B3CB759681D6 Size:922992 MD5: 2282346007C432578BE9D71ABC5BBE42 Size:852606 %USERDOCUMENTS%\My ZapSpot\galactic.exe MD5: C9704B38CAAF9DB0A6D71F5354883741 Size:912008 %USERDOCUMENTS%\My ZapSpot\Galactic Menace.exe MD5: 3D5844E6322F950E2A545AA03BA4796D Size:722275 %USERDOCUMENTS%\My ZapSpot\mudsling.exe MD5: B23EF769D2B4C5A0A70685DF122A62FC Size:655632 %USERDOCUMENTS%\My ZapSpot\fncout.exe MD5: 83E645C09ED14A1EDFDF2CB9C9AFC37E Size:673824 %USERDOCUMENTS%\My ZapSpot\CavemanCards.exe MD5: B1529F25574B9CDF8FDCEFCE933E1805 Size:665096 %USERDOCUMENTS%\My ZapSpot\JEWELS.EXE MD5: 6DC49E8226E54940F2AD05E0566DA5D2 Size:830304 %USERDOCUMENTS%\My ZapSpot\CAVEMANCARDS.EXE MD5: 192A38943311214B21BE898FC3F1FB71 Size:825616 %USERDOCUMENTS%\My ZapSpot\G029 ?.exe MD5: E69BE114CF60D5CB1A460A81CDE56380 Size:478840 %APPDATA%\ZapSpot\ZapSpot.exe MD5: 23119E387156B6771C15A59DB0F8DF8E Size:479800 MD5: 17EA0B1FB3C513E4C20002D2EDA143D3 Size:831562 MD5: 67D3B860B1DFFC0579394B8649A86149 Size:496136 MD5: 56FDC79A6ADE2613DCC7FF14AC38CA15 Size:606744 MD5: BCF7D49A46B7A8065A100816202BD6CB Size:737354 %USERDOCUMENTS%\My ZapSpot\HIGHSEAS.EXE MD5: 182C2B4E6C4A53CB4D51800B6C2757CB Size:770956 %USERDOCUMENTS%\My ZapSpot\RUNTURKEYRUN.EXE MD5: F9A69068E3AC5DB9924DEC69BD4B9795 Size:768462 %USERDOCUMENTS%\My ZapSpot\COLORBREAK.EXE MD5: B431B487A1AA4D961A31FA2C9FC0235A Size:769864 %USERDOCUMENTS%\My ZapSpot\BullyFrog.exe MD5: 32FD001A29639E278EF9DECA792A544C Size:825335 %USERDOCUMENTS%\My ZapSpot\G080 ?? ? (??).EXE MD5: C7D98F8ED7D5F9E22EBE0007767ADE9C Size:730503 %USERDOCUMENTS%\My ZapSpot\G053 ???.exe MD5: 351B707002BC4822AF7B033F02861BFB Size:855567 %USERDOCUMENTS%\My ZapSpot\myhouse.exe MD5: C8710F501EEE45F2C5D0625A3D174E18 Size:853885 %USERDOCUMENTS%\My ZapSpot\colorbre.exe MD5: A8154EE1230CC465FA5532D9F310D3E1 Size:677792 %USERDOCUMENTS%\My ZapSpot\Moeboid.exe MD5: DBBBA4B6044FA8685188902D68FAEBD1 Size:809983
Detected Files with variable Filenames: MD5: 4965BE66D33F87075D1F47908B97408B Size: 853929 %USERDOCUMENTS%\My ZapSpot\NightSparks[1].exe %USERDOCUMENTS%\My ZapSpot\NIGHTSPARKS.EXE MD5: CBC138EC008374E46F78B1C52F9F6E63 Size: 802897 %USERDOCUMENTS%\My ZapSpot\ColorBreak2[1].exe %USERDOCUMENTS%\My ZapSpot\COLORBREAK2.EXE MD5: FC261801B0F12C7612A204C6277A1F89 Size: 766888 %USERDOCUMENTS%\My ZapSpot\RunTurkeyRun[1].exe %USERDOCUMENTS%\My ZapSpot\RunTurkeyRun.exe MD5: DBA515C99AFF74E1BBC04E85558B644C Size: 825067 %USERDOCUMENTS%\My ZapSpot\mudslinger[1].exe %USERDOCUMENTS%\My ZapSpot\MUDSLINGER.EXE MD5: 8274118935D7BFD94D98E9F59DEE18B4 Size: 813771 %USERDOCUMENTS%\My ZapSpot\HotdogVendor[1].exe %USERDOCUMENTS%\My ZapSpot\HOTDOGVENDOR.EXE %USERDOCUMENTS%\My ZapSpot\Hotdog Vendor v 1.exe MD5: 521D8850BC4338757A1D501A11C5F4E6 Size: 446032 %USERDOCUMENTS%\My ZapSpot\colorbreak.exe %USERDOCUMENTS%\My ZapSpot\.exe MD5: 4163EDD30716969D313657DB8413F074 Size: 663816 %USERDOCUMENTS%\My ZapSpot\BubbleBound.exe %USERDOCUMENTS%\My ZapSpot\Bubble Bound.exe %USERDOCUMENTS%\My ZapSpot\?.exe MD5: A1531D12654EF09F7B493BAA0818F41A Size: 640224 %USERDOCUMENTS%\My ZapSpot\31 - runturkeyrun.exe %USERDOCUMENTS%\My ZapSpot\runturkeyrun.exe MD5: 97C87E0918885C2AF1F7804C3DE35B5B Size: 977670 %USERDOCUMENTS%\My ZapSpot\LATEST.EXE %USERDOCUMENTS%\My ZapSpot\MYHOUSE.EXE MD5: 7A6F26152F5BD0261334426BDA99904B Size: 817166 %USERDOCUMENTS%\My ZapSpot\xmas.exe %USERDOCUMENTS%\My ZapSpot\?.EXE MD5: 2200043517F659E202906B3D52E9B83E Size: 693144 %USERDOCUMENTS%\My ZapSpot\nightsparks.exe %USERDOCUMENTS%\My ZapSpot\.EXE MD5: D243B118F6D92FD7C29BCF1342109333 Size: 678496 %USERDOCUMENTS%\My ZapSpot\??.exe %USERDOCUMENTS%\My ZapSpot\hotdog.exe MD5: 75D4CC15E88E6FDF9933BE12E928A8D4 Size: 661952 %USERDOCUMENTS%\My ZapSpot\?.exe %USERDOCUMENTS%\My ZapSpot\§?ö.exe

Detecting items list:

Files by Name %APPDATA%\ZapSpot\ZapSpot.exe %APPDATA%\ZapSpot\Games\{681FDB0B-DF7A-4E91-9445-0D7CF22687E7}\{681FDB0B-DF7A-4E91-9445-0D7CF22687E7}.gam %APPDATA%\ZapSpot\System\Core.ZDT %APPDATA%\ZapSpot\System\Outbox.ZDT %APPDATA%\ZapSpot\System\Etc\P3OfrMgr.exe %APPDATA%\ZapSpot\System\Skins\ani-logomain-117x84.gif %APPDATA%\ZapSpot\System\Skins\asl-big-about-83x28x2.gif %APPDATA%\ZapSpot\System\Skins\asl-big-games-83x30x2.gif %APPDATA%\ZapSpot\System\Skins\asl-big-home-83x28x2.gif %APPDATA%\ZapSpot\System\Skins\asl-big-join-83x28x2.gif %APPDATA%\ZapSpot\System\Skins\asl-big-support-83x28x2.gif %APPDATA%\ZapSpot\System\Skins\asl-icn-mini-about-32x32x2.gif %APPDATA%\ZapSpot\System\Skins\asl-icn-mini-games-32x32x2.gif %APPDATA%\ZapSpot\System\Skins\asl-icn-mini-home-32x32x2.gif %APPDATA%\ZapSpot\System\Skins\asl-icn-mini-join-32x32x2.gif %APPDATA%\ZapSpot\System\Skins\asl-icn-mini-support-32x32x2.gif %APPDATA%\ZapSpot\System\Skins\asl-zs-instr-52x52x2.gif %APPDATA%\ZapSpot\System\Skins\asl-zs-mail-52x52x2.gif %APPDATA%\ZapSpot\System\Skins\asl-zs-new-52x52x2.gif %APPDATA%\ZapSpot\System\Skins\asl-zs-pause-52x52x2.gif %APPDATA%\ZapSpot\System\Skins\asl-zs-resume-52x52x2.gif %APPDATA%\ZapSpot\System\Skins\asl-zs-retgame-52x52x2.gif %APPDATA%\ZapSpot\System\Skins\btn-all-games-154x55.gif %APPDATA%\ZapSpot\System\Skins\btn-card-games-154x55.gif %APPDATA%\ZapSpot\System\Skins\btn-relaxing-games-160x55.gif %APPDATA%\ZapSpot\System\Skins\btn-sweating-games-153x57.gif %APPDATA%\ZapSpot\System\Skins\btn-thinking-games-156x57.gif %APPDATA%\ZapSpot\System\Skins\default.skn %APPDATA%\ZapSpot\System\Skins\img-gamearea-593x433.gif %APPDATA%\ZapSpot\System\Skins\img-logomain-small-39x29.gif %APPDATA%\ZapSpot\System\Skins\img-main-640x452.gif %APPDATA%\ZapSpot\System\Skins\img-main-800x572.gif %APPDATA%\ZapSpot\System\Skins\img-poweredby-126x34.gif %APPDATA%\ZapSpot\System\Skins\txt-seemore-128x35.gif %DESKTOP%\ZapSpot.lnk %START_PROGRAMSALL%\ZapSpot.lnk %USERDOCUMENTS%\My ZapSpot\PehPai.exe
Files by Directories %APPDATA%\ZapSpot %USERDOCUMENTS%\My ZapSpot
Registry Keys HKCR\ZapSpot.ZML.1 HKCU\Software\P3 HKCU\Software\P3\P3OfrMgr

« Go to Software Database

Pesquisar em nosso banco de dados de software

Navegar pelo Banco de dados

Últimas notícias sobre Malware

23. Setembro 2011

Among one of the most active spywares currently is without a doubt Trojan.MicroFake.ba. It attacks in conjunction with Rogue antispyware applications and forces users to purchase these fake applications. Using rootkit techniques is very typical of this Trojan to help it hide from users and the system, making it hard to trace. We recommend regular updating of our database and an active real-time protection with antivirus.

Notícias anteriores sobre malware »