Adware.E404!ct

Adware.E404!ct Description

Type: Trojan

Adware.E404!ct is a potentially unwanted advertising program that surreptitiously infiltrates users' computers. Adware.E404!ct uses Browser Helper Objects to launch annoying advertisements according to a user's internet browsing activities. The advertisements may be displayed as pop-up windows or banners. Adware.E404!ct is also able to monitor a user's surfing habits and gather any other internet related information. The gathered information is later sent to a remote third party that may use it for malicious activities.

Aliases: Trojan.Bredolab.Gen!Pac.3, TROJ_FAKEAL.SMAC [TrendMicro], Trojan.Win32.Bredolab.Gen.pac (v) [Sunbelt], Sus/UnkPack-C [Sophos], Gen:Variant.Renos.21 [BitDefender], Trojan.Renos.Gen.15, Mal/Cognac-A [Sophos], TrojanDownloader:Win32/Renos.DZ [Microsoft], W32/Heuristic-USU!Eldorado [Authentium], BKDR_ULTIMATE.CJ [TrendMicro], a variant of Win32/Kryptik.AGY [NOD32], Artemis!135C4E5F27D7 [McAfee+Artemis], Backdoor.Win32.UltimateDefender.yt [F-Secure], Trojan.Generic.2333096 [BitDefender] and Generic14.ALSK [AVG].

Technical Information

File System Details

Adware.E404!ct creates the following file(s):
# File Name Size MD5
1 ywzE.tmp 23,040 30dd0e96b116d9364882aa034e9b3b3d
2 WinAvXX.exe 7,680 c99587940a6109a9b6274329863fe69f
3 nldfmtapowe.dll 241,664 4f05b3f81d5c5de25aeb8e4e12b1fa40
4 qrzsyr.dll 19,456 4fd5a45a4a58d5a02e1fdc03bbd119f9
5 kgqfweltgbn.dll 307,200 43c814a008c3df5526f5dc3f5f748bce
6 sysrest32.exe 34,304 8076ca097c94e04e176c0819773a6386
7 409271.dll 13,312 4705e0b048cbf041516812a6a3966a5d
8 818646.dll 13,824 c89b9723b8932666cc4fb8cceecbf9a1
9 763444.dll 15,360 7d2f42be7b3da1e9260582b2ecb11825
10 382077.dll 13,312 c0c37dec2ef1f6f1cb775c450a807764
11 286858.dll 13,824 19fe7fcc23afa9ecaf1093d9f7241b1b
12 394559.dll 13,312 39e90955020d8f5f2fea404f657bbfeb
13 gtxiz.exe 14,336 373437440d4794d7f595d12b3931b6bb
14 pg32.exe 84,992 938e4635667ad33133f42221d0c347eb
15 lsass.exe 351,744 3d270fc3baae30934b28d6d7da554acf
16 iftuyszv.exe 87,511 7cc85491b5a4c2c4ecbfdd4848a89b06
17 wmsdkns.exe 89,511 93520a7297b2be9a4878b2910c4f8e63
18 xwusuhzh.exe 87,511 47fb60490ddc7e07b25c6bd9700e02b0
19 ecjew.exe 23,552 6649a292ee55554b0a408c075341a85f
20 uoyzsydz.exe 89,561 1740f50296e1471232309e49afce76dd
21 mgmrwmrv.exe 89,107 a04a883bab89499ecbb219ca5858fd46
22 rxjddnvj.exe 91,667 e6a9d7e99c26d59a438432f5def9f75c
23 msmsgs.exe 5,481 91e2a8128cde75db5f1e8831a3cc615a
24 awlpwn.exe 157,184 06872765fe8301f2715c818d8c02fecf
More files

Registry Details

Adware.E404!ct creates the following registry entry or registry entries:
Cookies
gayfetish
maletube4free
malwarealarm
vcodec
File name without path
cgmopenbho.dll
Live Sex.lnk
SearchSettings.dll
www.youporn.com.lnk
CLSID
{0BD44AB1-76A7-4E05-92F4-4B065FE72BD6}
{144A6B24-0EBC-4D89-BF09-A06A718E57B5}
{15C7D7AD-A87A-4C0D-9D8B-637FCD3488EF}
{1D1B2879-99FF-11E3-8D96-D7ACAC95952A}
{3B7AAEB1-9F3D-4491-9C06-C7165CA8D058}
{3F5A62E2-51F2-11D3-A075-CC7364CAE42A}
{41eaa909-24be-4d24-877f-076a0576a6fd}
{4937D5D1-2039-409A-BD83-FEC9B39B2356}
{4D25F921-B9FE-4682-BF72-8AB8210D6D75}
{51B15F5A-E98B-4658-B9CB-9307B74773A7}
{56B38F40-4E70-11d4-A076-0080AD86BA2F}
{7265100a-17e1-41bf-bd08-63b95a25a9c3}
{878CA87E-BD03-4991-A1A8-A1EBEB50578F}
{94A5C93F-BD18-4C46-B777-C94C145C3CAB}
{9527D42F-D666-11D3-B8DD-00600838CD5F}
{9C22FF6B-11B2-43B0-9F1A-8B0C209C1FAB}
{A95B2816-1D7E-4561-A202-68C0DE02353A}
{AA1F9DDB-E605-4ba6-81D4-E427DEE012AD}
{BE1A344F-9FF5-4024-949B-52205E6DB2D0}
{C14E6230-757D-4246-81CE-B34E2940C722}
{CAF9D798-C659-4B9B-8E19-EE27C3D04EE7}
{CFEE97A3-4911-444D-8BE8-E243A23D3DE2}
{DF4E7A0C-E233-4906-B4C1-A404356541FF}
{fce1c203-ff2b-4ec1-9983-e2900d29bbd8}
Directory
%ProgramFiles%\LPVideoPlugin
%ProgramFiles%\NetProject
%ProgramFiles%\SiteEntry
%ProgramFiles%\Video ActiveX Access
%ProgramFiles%\Video ActiveX Object
%ProgramFiles%\Video Add-on
%ProgramFiles%\Web Technologies
%ProgramFiles%\WebMediaViewer
Run keys
msiexec.exe
Uninstaller
IE Custom Tools
IE Safety Features
Information Center
Safety Alerter 2006
Video ActiveX Object
Windows Safety Alert

More Details on Adware.E404!ct

The following cookies were found:
  • asecuremask
  • basic-codec
  • emcodec
  • gayfetish
  • iesafetywarning
  • maletube4free
  • malwarealarm
  • movieportal2008a
  • moviesportal2008yyy
  • protectstand
  • safetyonlinepage
  • themymoviessite
  • thesafetyfiles
  • vcodec
The following URL's were found:
Tip: We recommend blocking the domain names as well as the IP addresses associated with them.
  • 2009dr.com
  • 592dr.cn
  • 9cdn.com
  • caoqn888.cn
  • laoqn.com
  • netcdn.com

Site Disclaimer

Enigmasoftware.com is not associated, affiliated, sponsored or owned by the malware creators or distributors mentioned on this article. This article should NOT be mistaken or confused in being associated in any way with the promotion or endorsement of malware. Our intent is to provide information that will educate computer users on how to detect, and ultimately remove, malware from their computer with the help of SpyHunter and/or manual removal instructions provided on this article.

This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.