Loading ...
Español
Português|
|
Tweet |  More |
Adware.Webmoner Description
Adware.Webmoner is a non-malicious but annoying joke program. Adware.Webmoner will secretly infiltrate a system and display advertisements for downloadsgospel.com.br and jesusvoltara.com.br. Adware.Webmoner is not used to swindle victims and can be removed with a computer security application.
Type: Adware
How Can You Detect Adware.Webmoner?
Adware.Webmoner Removal Details
Adware.Webmoner creates the following files in the system:
- %Temp%\dat1.tmp
Adware.Webmoner creates the following registry entries:
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{82184935-B894-4AB2-8590-603BA7D74B71}\LocalServer32]
- (Default) = “eProtocol”
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\[filename of the sample #1 without extension].eProtocol]
- CLSID = “{07B65360-C445-11CE-AFDE-00AA006C14F4}”
- [HKEY_CURRENT_USER\Software\Microsoft\ActiveMovie\devenum\{E0F158E1-CB04-11D0-BD4E-00A0C911CE86}\Default DirectSound Device]
- FilterData = 02 00 00 00 00 00 80 00 01 00 00 00 00 00 00 00 30 70 69 33 02 00 00 00 00 00 00 00 08 00 00 00 00 00 00 00 00 00 00 00 30 74 79 33 00 00 00 00 A8 00 00 00 B8 00 00 00 31 74 79 33 00 00 00 00 A8 00 00 00 C8 00 00 00 32 74 79 33 00 00 00 00 A8 00 00 0
- 0 = E0 5A 00 00 65 68 63 66 00 00 00 00 00 00 00 00 02 01 00 00 00 00 00 00 01 00 20 00 49 00 00 00 40 00 64 00 65 00 76 00 69 00 63 00 65 00 3A 00 64 00 6D 00 6F 00 3A 00 7B 00 32 00 45 00 45 00 42 00 34 00 41 00 44 00 46 00 2D 00 34 00 35 00 37 00 38 0
- [HKEY_CURRENT_USER\Software\NATATA eBook\The Real Princess{F61B9126-7CC2-4BB1-B0BD-E7A872CACCE2}]
- [HKEY_CURRENT_USER\Software\NATATA eBook]
- (Default) = “[filename of the sample #1 without extension].eProtocol”
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{82184935-B894-4AB2-8590-603BA7D74B71}]
- (Default) = “{82184935-B894-4AB2-8590-603BA7D74B71}”
- FriendlyName = “Default MidiOut Device”
- MidiOutId = 0xFFFFFFFF
- CLSID = “{79376820-07D0-11CF-A24D-0020AFD79767}”
- [HKEY_CURRENT_USER\Software\Microsoft\Multimedia\ActiveMovie\Filter Cache]
- eBook = “”
- exe = “1″
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{82184935-B894-4AB2-8590-603BA7D74B71}\ProgID]
- (Default) = “[file and pathname of the sample #1]”
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\[filename of the sample #1 without extension].eProtocol\Clsid]
- [HKEY_CURRENT_USER\Software\Microsoft\ActiveMovie\devenum\{4EFE2452-168A-11D1-BC76-00C04FB9453B}\Default MidiOut Device]
- FilterData = 02 00 00 00 00 00 80 00 01 00 00 00 00 00 00 00 30 70 69 33 02 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 30 74 79 33 00 00 00 00 38 00 00 00 48 00 00 00 6D 69 64 73 00 00 10 00 80 00 00 AA 00 38 9B 71 00 00 00 00 00 00 00 00 00 00 00 0
- FriendlyName = “Default DirectSound Device”
- DSGuid = “{00000000-0000-0000-0000-000000000000}”
- [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
- exeal = “0″
- The Real Princess{F61B9126-7CC2-4BB1-B0BD-E7A872CACCE2} = 00 00 00 00 80 B9 E3 40
Important Article Disclaimer
This entry was last updated on 11/29/10 and posted on 11/29/10.
You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.
Adware.Webmoner
Leave a Comment
Note: Abusive comments are not allowed. Please do not post comments regarding technical support issues. ESG customers that have issues with SpyHunter should open a customer support ticket.