Adware Helpers

Adware Helpers Description

Adware Helpers is an adware infection that affects computers running the Windows OS and is poorly protected from Potentially Unwanted Programs. There are several ways in which Adware Helpers may enter a computer automatically. Once installed, Adware Helpers may make various potentially unsafe changes to the affected computer, changing its settings and attempting to expose the computer user to low quality marketing or advertising material. Once Adware Helpers is installed, Adware Helpers may make the affected computer nearly impossible to use due to the many intrusive symptoms and myriad of problems that may be associated with Adware Helpers and similar adware threats. Because of this, computer users should get the partnership of a meritorious anti-malware tool to remove Adware Helpers immediately from the affected computer.

Adware Helpers May Make Unwanted Changes to Your PC Settings

There are several problems associated with Adware Helpers. Adware Helpers is considered much more harmful than other adware infections due to the level of the symptoms associated with this adware infection. Adware Helpers uses an inordinately high number of files to install itself on the affected computer and, at the moment of this writing, is distributed globally, affecting computers in countries all around the world. Malware experts found several symptoms that may be caused by an Adware Helpers infection:

  1. Adware Helpers may cause unwanted changes to a computer's settings.
  2. Adware Helpers may cause severe performance problems on the affected computer. Computers affected by Adware Helpers can get stuck frequently or freeze. In some cases, Adware Helpers may damage to the affected computer's boot sector which may be linked to Adware Helpers or to other threat that is also associated with this adware infection.
  3. Adware Helpers may change your Web browser settings, decreasing your security and making it more vulnerable to other forms of threats.
  4. Adware Helpers may change your Web browser's homepage and default search engine, exposing computer users to unwanted websites and advertising material as soon as they launch their Web browser.
  5. Adware Helpers may redirect search results and other browser activity, forcing computer users to visit websites associated with Adware Helpers repeatedly.
  6. Adware Helpers may cause your Web browser to display pop-up advertisements, suspicious error messages, fake system alerts and pop-up windows containing potentially unsafe websites or online content that may expose your computer to other types of threats.
Aliases: VBS/Agent.NSW!tr.dldr [Fortinet], Trojan.Amonetize.9614 [DrWeb], VBS/TrojanDownloader.Agent.NSW, Dropped:Application.Downloader.YW, Win32/Trojan.89f, Trojan.MSIL.Agent.77, Pakes2_c.BIVB [AVG], Adware/Linkury [Fortinet], PUA.MSIL.Toolbar [Ikarus], Adware.Agent.33792.E[h], Trojan.Adware.Linkury.6, TR/Zusy.33792.15, W32/Trojan.WRMN-5068, Generic PUA AO (PUA) [Sophos] and Gen:Variant.Adware.Linkury [F-Secure].

Technical Information

File System Details

Adware Helpers creates the following file(s):
# File Name Size MD5 Detection Count
1 %ALLUSERSPROFILE%\yahoochrome_d\system2011.exe 579,848 d45fbd188324d89e83e4c329bc80ca6e 7,987
2 %SYSTEMDRIVE%\Users\ips57\AppData\Local\prunld5404\he92324.exe\he92324.exe 636,921 43154f0af9b3d690e6562c16141944e5 7,381
3 c:\users\joel morais\appdata\local\temp\giojrcmwd\nnhgdx.exe 6,610,989 39b3f88b49546d163a04900f625138b9 6,964
4 %WINDIR%\woehptunafhkdu.boehp\woehptunafhkdu.boehp 736,768 7121d807de3d9bd0ab0b11f07cb88b6c 1,099
5 %PROGRAMFILES%\m2iynmuy\njjjnzzjote.exe\njjjnzzjote.exe 2,090,320 506fa89c3a8044d1a6d8889bf213f433 758
6 %SYSTEMDRIVE%\users\steven\appdata\local\microsoft\windows\office\documents\365\alphapassive.msi\alphapassive.msi 249,856 ddf9bf09f6aa5a7726863448c53d5c14 462
7 %SYSTEMDRIVE%\users\pablo_000\appdata\roaming\crmsvc\crmsvc.exe\crmsvc.exe 1,411,584 1b738db8087a83d31afce54d3ddfa746 325
8 %PROGRAMFILES(x86)%\name\9180135.exe\9180135.exe 1,024,000 51181fc0f1d99d95c5bffc0f0aa22378 295
9 %PROGRAMFILES%\em43zsg403\em43zsg40.exe\em43zsg40.exe 856,576 4fb6e7664f0495d7abf9dc2bfc4b6ce2 226
10 %PROGRAMFILES(x86)%\vhbwajswu\uhbryw.dll\file.dll 283,648 b3c1ddaf626d5809f18563a9834c1fd0 194
11 QW1.exe 502,715 864f9b8a42f237540d2a7212db86e66f 145
12 %COMMONPROGRAMFILES(x86)%\gammacereslwi\gammacereslwi.exe\gammacereslwi.exe 950,992 3432d4dd2b4011f35217bd54ee884730 143
13 %WINDIR%\243124d579b30a70cae52a7ca1d43b0d.dll\243124d579b30a70cae52a7ca1d43b0d.dll 1,150,464 697b339a848572dd37ad98c9e01d5f5a 58
14 %PROGRAMFILES(x86)%\yanqozjyhjqoc\rgiywtr.dll\rgiywtr.dll 3,464,107 da272b81d800c1a4341e67acbfd80f86 54
15 %PROGRAMFILES(x86)%\ez4y3ataw3y\r05hm.exe\r05hm.exe 754,176 45f53e51cf445c82a2f2dd06e66da7d7 44
16 C:\Users\Arjun Singh\AppData\Local\Temp\DhYimEoQU\DhYimEoQU.exe 959,472 1492f048f848431fd781fbd14a452916 42
17 C:\Users\sandy\AppData\Local\Temp\wxkYiwjjA\wxkYiwjjA.exe 633,642 2bf25ffa3ca8fad7cb506b274db42b59 38
18 %PROGRAMFILES(x86)%\noofccuskymcdeyiflr\ntqorqn.dll\ntqorqn.dll 3,442,603 0738f44ffd9f244ad0af37f1d116f72f 36
19 c:\windows\ztrmzgjmnznkzjqwzjy.exe 1,952,768 3ee6b3c07c13d026288a2774770b658a 35
20 %SYSTEMDRIVE%\users\afzal\appdata\local\temp\is-ddujs.tmp\up.exe\up.exe 56,832 260c76b80f893237dadabe14c05b28f0 25
21 C:\Users\Elian\AppData\Local\Temp\nsh5129.tmp 1,163,776 8a19ba332898c8eea92763628d7f1210 20
22 %PROGRAMFILES(x86)%\1odpazsferu\6qd88.exe\6qd88.exe 927,744 eb39c428d1feabf7be6f056654b04d2f 10
23 c:\users\user\appdata\local\microsoft\windows\temporary internet files\content.ie5\rx77imyp\cat[1].exe 2,300,928 0a6784ebe444a1b39609c13b900b3f81 10
24 C:\Users\Belly\AppData\Local\Finlab.exe 2,300,928 50e169ac6c21a64944c91332a96522fd 6
25 %COMMONPROGRAMFILES(x86)%\alphalabtle\alphalabtle.exe\alphalabtle.exe 1,516,128 6ee3cf1160c382c570628a551a538b2d 4
26 4fb2f0cd735bd3e8c2f96f6a44057675 262,656 4fb2f0cd735bd3e8c2f96f6a44057675 4
27 %PROGRAMFILES(x86)%\free wifi hotspot\ffproductupdater.exe 2,953,216 72c6efa543c19cb46d18a5a770f7a3df 1
28 C:\Users\user\AppData\Local\Temp\instloffer.exe 781,963 619efdbf4c7ef6147551a50d1bd40e69 1
More files

Registry Details

Adware Helpers creates the following registry entry or registry entries:
Directory
%ALLUSERSPROFILE%\19a87fa1ec024bbcbb41931263354405
%ALLUSERSPROFILE%\28341ff220e0446c9fff27c4493d622e
%ALLUSERSPROFILE%\Application Data\19a87fa1ec024bbcbb41931263354405
%ALLUSERSPROFILE%\Application Data\28341ff220e0446c9fff27c4493d622e
%ALLUSERSPROFILE%\Application Data\bProtectorForWindows
%ALLUSERSPROFILE%\Application Data\bzughXCIBIxiSQVB
%ALLUSERSPROFILE%\Application Data\GuaGua
%ALLUSERSPROFILE%\Application Data\haeha
%ALLUSERSPROFILE%\Application Data\MySampleService
%ALLUSERSPROFILE%\Application Data\QuestBrwSearch
%ALLUSERSPROFILE%\Application Data\xpekMjRorgkcLnVB
%ALLUSERSPROFILE%\bProtectorForWindows
%ALLUSERSPROFILE%\bzughXCIBIxiSQVB
%ALLUSERSPROFILE%\devnull
%ALLUSERSPROFILE%\GuaGua
%ALLUSERSPROFILE%\haeha
%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Shop More
%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Smart Application Controller
%ALLUSERSPROFILE%\MySampleService
%ALLUSERSPROFILE%\NetworkHostTask
%ALLUSERSPROFILE%\Pader
%ALLUSERSPROFILE%\QuestBrwSearch
%ALLUSERSPROFILE%\RarMemory
%ALLUSERSPROFILE%\sigmatechrvp
%ALLUSERSPROFILE%\xpekMjRorgkcLnVB
%APPDATA%\adgad
%APPDATA%\adgjd
%APPDATA%\adhad
%APPDATA%\aehad
%APPDATA%\aehae
%appdata%\AffiliatedUpdate
%APPDATA%\AzigcWig
%APPDATA%\behbe
%appdata%\beibe
%APPDATA%\bfibe
%APPDATA%\bfibf
%APPDATA%\cfibf
%APPDATA%\cficf
%APPDATA%\cfjcf
%APPDATA%\cgjcf
%APPDATA%\devnull
%APPDATA%\dgadg
%APPDATA%\dgjcg
%APPDATA%\dgjdg
%APPDATA%\dhadg
%APPDATA%\digitalsite
%APPDATA%\ehadh
%APPDATA%\ehaeh
%APPDATA%\ehbeh
%APPDATA%\eibei
%APPDATA%\fibei
%APPDATA%\Fibfi
%APPDATA%\ficfi
%APPDATA%\fjcfi
%APPDATA%\fjcfj
%APPDATA%\Fusion_ld
%APPDATA%\gadga
%APPDATA%\gadgj
%APPDATA%\Geunfy
%APPDATA%\gjcfj
%APPDATA%\gjcgj
%APPDATA%\gjdgj
%APPDATA%\hadga
%APPDATA%\hadha
%APPDATA%\haeha
%APPDATA%\hbehb
%APPDATA%\ibehb
%APPDATA%\ibeib
%APPDATA%\ibfib
%APPDATA%\icfic
%APPDATA%\jcfic
%APPDATA%\jcgjc
%APPDATA%\jdgjc
%appdata%\kpdown
%APPDATA%\lockhomepage
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Shop More
%APPDATA%\My-top-apps
%appdata%\NqVCodec
%APPDATA%\SaaYaa
%APPDATA%\SchedTaskSetup
%APPDATA%\ScreenMaker2
%APPDATA%\ShopMore
%APPDATA%\SimpleNotepad
%appdata%\Smart Application Controller
%APPDATA%\spi
%appdata%\topsadon
%APPDATA%\TrailerWatch
%APPDATA%\tweakcube3
%appdata%\UpdaterEX
%APPDATA%\UpdateServ
%APPDATA%\VooUpdate
%appdata%\wssvchost
%appdata%\Xeeedxi
%COMMONPROGRAMFILES%\Roraccoon
%COMMONPROGRAMFILES(x86)%\alphalabtle
%COMMONPROGRAMFILES(x86)%\Roraccoon
%COMMONPROGRAMFILES(x86)%\womanhydafo
%LOCALAPPDATA%\AdService
%LOCALAPPDATA%\adworld
%LOCALAPPDATA%\BrowserHelper
%LOCALAPPDATA%\brsrv
%LOCALAPPDATA%\geckof
%LOCALAPPDATA%\Google\Chrome\User Data\Default\Extensions\akacaahohfbbdgglkahhnobeigdeciab
%LOCALAPPDATA%\Google\Chrome\User Data\Default\Extensions\akicdgdnilccdncbngbkohgkoaeaildn
%LOCALAPPDATA%\Google\Chrome\User Data\Default\Extensions\akoefpoebeaikfcpoghppjcnhklffcjm
%LOCALAPPDATA%\Google\Chrome\User Data\Default\Extensions\beceginmcfcielpokhpefakdcneaabfo
%LOCALAPPDATA%\Google\Chrome\User Data\Default\Extensions\bpiopmneeadfapifejkfpahpljkicpik
%LOCALAPPDATA%\Google\Chrome\User Data\Default\Extensions\ecfpnbgianoaiocjciahnkfognimimhf
%LOCALAPPDATA%\Google\Chrome\User Data\Default\Extensions\eghdmifgjdoojlnpfflnpoeiebapknda
%LOCALAPPDATA%\Google\Chrome\User Data\Default\Extensions\faiaabbemgpndkgpjljhmjahkbpoopfp
%LOCALAPPDATA%\Google\Chrome\User Data\Default\Extensions\gmddfjhfjgbmabkihepijkanhmlooajl
%LOCALAPPDATA%\Google\Chrome\User Data\Default\Extensions\hkmchnencjegegndmipmfejhipafelid
%LOCALAPPDATA%\Google\Chrome\User Data\Default\Extensions\knbdkcpkcpmiakimkhhmlgkjmchgahil
%LOCALAPPDATA%\Google\Chrome\User Data\Default\Extensions\phpimijlgpmombeojojagjijabpmfleb
%LOCALAPPDATA%\Host Service
%LOCALAPPDATA%\HttpFilter
%LOCALAPPDATA%\Mojorojo
%LOCALAPPDATA%\monotype
%LOCALAPPDATA%\OneClick
%LOCALAPPDATA%\packagest
%LOCALAPPDATA%\ShdUpdate
%LOCALAPPDATA%\TECHP-Browser
%LOCALAPPDATA%\TrailerWatch
%LOCALAPPDATA%\unityp
%LOCALAPPDATA%\WhiteClick
%LOCALAPPDATA%\Win_update
%LOCALAPPDATA%\xmarin
%LOCALAPPDATA%\xpon
%LOCALAPPDATA%\{57B961E5-7311-0D5D-1E89-28B53AE1D42D}
%PROGRAMFILES%\applica
%PROGRAMFILES%\awda
%PROGRAMFILES%\CKCpTyVyQIE
%PROGRAMFILES%\clipandbuy
%PROGRAMFILES%\Clteyghuwph
%PROGRAMFILES%\Corteli
%programfiles%\dataflow
%PROGRAMFILES%\devnull
%PROGRAMFILES%\EatPizza
%PROGRAMFILES%\fileassociationmanager
%PROGRAMFILES%\Ghostery Storage Server
%PROGRAMFILES%\GoogleTranslateForChrome
%PROGRAMFILES%\GoogleTranslateForOpera
%PROGRAMFILES%\GoogleTranslator
%PROGRAMFILES%\guagua
%PROGRAMFILES%\Icoon
%PROGRAMFILES%\IDO
%PROGRAMFILES%\InstallX
%PROGRAMFILES%\jetstrmedia
%PROGRAMFILES%\meirenli
%programfiles%\Micrasoft
%PROGRAMFILES%\Miped\QWiget
%PROGRAMFILES%\name
%PROGRAMFILES%\NbbDohHftPUn
%PROGRAMFILES%\ndfs
%PROGRAMFILES%\Phagege
%PROGRAMFILES%\programs
%PROGRAMFILES%\Qagr
%PROGRAMFILES%\QuestBrwSearch
%PROGRAMFILES%\RemindMessage
%PROGRAMFILES%\rZdaClXBU
%PROGRAMFILES%\SGPSA
%PROGRAMFILES%\Shop More
%PROGRAMFILES%\Smart Application Controller
%PROGRAMFILES%\TmtkControl
%PROGRAMFILES%\TweakCube3
%PROGRAMFILES%\Vittalia
%PROGRAMFILES%\VVSN
%PROGRAMFILES%\W3i
%PROGRAMFILES%\wannenginput
%PROGRAMFILES%\wannengzip
%PROGRAMFILES%\Windows7Master
%PROGRAMFILES%\zaabzoubi
%PROGRAMFILES%\ZDE5YjFmMGQxMDdkNz
%PROGRAMFILES(x86)%\applica
%PROGRAMFILES(x86)%\awda
%PROGRAMFILES(x86)%\CKCpTyVyQIE
%PROGRAMFILES(x86)%\clipandbuy
%PROGRAMFILES(x86)%\Clteyghuwph
%PROGRAMFILES(x86)%\Corteli
%programfiles(x86)%\dataflow
%PROGRAMFILES(x86)%\devnull
%PROGRAMFILES(x86)%\EatPizza
%PROGRAMFILES(x86)%\fileassociationmanager
%PROGRAMFILES(X86)%\Gebac
%PROGRAMFILES(x86)%\Ghostery Storage Server
%PROGRAMFILES(x86)%\GoogleTranslateForChrome
%PROGRAMFILES(x86)%\GoogleTranslateForOpera
%PROGRAMFILES(x86)%\GoogleTranslator
%PROGRAMFILES(x86)%\guagua
%PROGRAMFILES(x86)%\Icoon
%PROGRAMFILES(x86)%\IDO
%PROGRAMFILES(x86)%\InstallX
%PROGRAMFILES(x86)%\jetstrmedia
%PROGRAMFILES(x86)%\meirenli
%programfiles(x86)%\Micrasoft
%PROGRAMFILES(x86)%\Miped\QWiget
%PROGRAMFILES(x86)%\Mozilla Firefox\distribution\bundles\{9746ad1f-7f2a-4bc8-a61c-2f73d969472d}
%PROGRAMFILES(x86)%\name
%PROGRAMFILES(x86)%\NbbDohHftPUn
%PROGRAMFILES(x86)%\ndfs
%PROGRAMFILES(x86)%\oPKmscYuxO
%PROGRAMFILES(x86)%\Phagege
%PROGRAMFILES(x86)%\programs
%PROGRAMFILES(x86)%\Programz\Programz
%programfiles(x86)%\qingfengrili
%PROGRAMFILES(x86)%\QuestBrwSearch
%PROGRAMFILES(x86)%\RemindMessage
%PROGRAMFILES(x86)%\rZdaClXBU
%PROGRAMFILES(x86)%\SGPSA
%PROGRAMFILES(x86)%\Shop More
%PROGRAMFILES(x86)%\Smart Application Controller
%PROGRAMFILES(x86)%\smartinline
%PROGRAMFILES(x86)%\TmtkControl
%PROGRAMFILES(x86)%\TweakCube3
%PROGRAMFILES(X86)%\Vittalia
%PROGRAMFILES(x86)%\VVSN
%PROGRAMFILES(x86)%\W3i
%PROGRAMFILES(x86)%\wannenginput
%PROGRAMFILES(x86)%\wannengzip
%PROGRAMFILES(x86)%\Windows7Master
%PROGRAMFILES(x86)%\zaabzoubi
%TEMP%\Fusion_ld
%USERPROFILE%\AppData\LocalLow\Flagfox
%USERPROFILE%\AppData\LocalLow\rlsoft
%USERPROFILE%\Configuración local\Datos de programa\OneClick
%USERPROFILE%\Configurações Locais\Dados de aplicativos\OneClick
%USERPROFILE%\Local Settings\Application Data\AdService
%UserProfile%\Local Settings\Application Data\BrowserHelper
%USERPROFILE%\Local Settings\Application Data\geckof
%UserProfile%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bpiopmneeadfapifejkfpahpljkicpik
%USERPROFILE%\Local Settings\Application Data\Host Service
%USERPROFILE%\Local Settings\Application Data\Mojorojo
%USERPROFILE%\Local Settings\Application Data\monotype
%USERPROFILE%\Local Settings\Application Data\OneClick
%USERPROFILE%\Local Settings\Application Data\packagest
%UserProfile%\Local Settings\Application Data\ShdUpdate
%USERPROFILE%\Local Settings\Application Data\unityp
%USERPROFILE%\Local Settings\Application Data\Win_update
%USERPROFILE%\Local Settings\Application Data\xmarin
%USERPROFILE%\Local Settings\Application Data\xpon
%windir%\cpuessentials/165271
%WINDIR%\CpuEssentials\165271
%WINDIR%\CpuEssentials\16841
%WINDIR%\cWinInfos\16610
%WINDIR%\cWinInfos\168271
%WINDIR%\Microsoft.NET\assembly\GAC_MSIL\WhiteClick
%windir%\multisessions\1612262
%windir%\superex
%WINDIR%\system32\config\systemprofile\appdata\local\WhiteClick
%WINDIR%\SystemNode
%WINDIR%\syswow64\config\systemprofile\appdata\local\WhiteClick
%WINDIR%\Syswow64\config\systemprofile\AppData\Roaming\lockhomepage
%WINDIR%\SysWOW64\CpuHeatMapping\16641
%WINDIR%\SysWOW64\CpuHeatMapping\168302
%WINDIR%\WinEssentials/516
%WINDIR%\WinInfos\16610
%WINDIR%\WinKit
%WINDIR%\xBooster
Regexp file mask
%ALLUSERSPROFILE%\Application Data\beleza.exe
%ALLUSERSPROFILE%\arros.vbs
%ALLUSERSPROFILE%\beleza.exe
%ALLUSERSPROFILE%\Microsoft Frame\Windows-Frame.exe
%ALLUSERSPROFILE%\updater\check-update.exe
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\Shortcut to Primary output from Start (Active).lnk
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\WindowsDefenderUpdate.exe
%APPDATA%\Microsoft\WindowsDefenderUpdate.exe
%APPDATA%\NotepadApp\Notices.exe
%APPDATA%\ServiceControl\svcctl.exe
%APPDATA%\SNDA\SDUpdate\SDDUpdateSvc.dll
%APPDATA%\TextEditor\Daemon\TextEditor.exe
%APPDATA%\WindowsDefenderUpdate.exe
%LOCALAPPDATA%\dsisetup[NUMBERS].exe
%LOCALAPPDATA%\intmanager\int.exe
%LOCALAPPDATA%\nmorok.dll
%LOCALAPPDATA%\Programs\GEN\GEN.exe
%LOCALAPPDATA%\scinfo\scinfo.exe
%LOCALAPPDATA%\Unify3D\WebPlayer\Unify3DWebPlayerUpdate.exe
%LOCALAPPDATA%\updt.js
%LOCALAPPDATA%\wupdate\wupdate.exe
%PROGRAMFILES%\AdBlocker\AdBlockerService.exe
%PROGRAMFILES%\AdBlocker\Service.WinServiceHost.exe
%PROGRAMFILES%\FastWeb\config_ns1.dat
%PROGRAMFILES%\FastWeb\fastweb.exe
%PROGRAMFILES%\rsp.exe
%PROGRAMFILES%\SoftUpgrade\softup.exe
%PROGRAMFILES%\Windows Service\service.exe
%PROGRAMFILES(x86)%\AdBlocker\AdBlockerService.exe
%PROGRAMFILES(x86)%\AdBlocker\Service.WinServiceHost.exe
%PROGRAMFILES(x86)%\FastWeb\config_ns1.dat
%PROGRAMFILES(x86)%\FastWeb\fastweb.exe
%PROGRAMFILES(x86)%\IeAdsBlocker.dll
%PROGRAMFILES(x86)%\rsp.exe
%PROGRAMFILES(x86)%\SoftUpgrade\softup.exe
%PROGRAMFILES(x86)%\Windows Service\service.exe
%TEMP%\AmazonShoppingAssistant.exe
%TEMP%\DMR\dmr_[NUMBERS].exe
%TEMP%\UuU.uUu
%TEMP%\VirusRemover.exe
%TEMP%\whiteclick[RANDOM CHARACTERS].exe
%TEMP%\XVD.exe
%TEMP%\XxX.xXx
%USERPROFILE%\appinfo.exe
%USERPROFILE%\Documents\opinion\opinion.exe
%USERPROFILE%\Downloads\[RANDOM CHARACTERS] [RANDOM CHARACTERS] Neverwinter.ico
%USERPROFILE%\Downloads\Play Crossout.ico
%USERPROFILE%\Downloads\Play Warframe.ico
%USERPROFILE%\Downloads\This computer is BLOCKED[RANDOM CHARACTERS]
%USERPROFILE%\Local Settings\Application Data\dsisetup[NUMBERS].exe
%USERPROFILE%\Local Settings\Application Data\wupdate\wupdate.exe
%WINDIR%\AdBlock.exe
%WINDIR%\Provider32\Provider.dll
%WINDIR%\system32\drivers\geckof.sys
%WINDIR%\system32\drivers\packagest.sys
%WINDIR%\system32\drivers\unityp.sys
%WINDIR%\System32\Tasks\CheckControllerUpdatesUA
%WINDIR%\System32\Tasks\Microsoft\Windows\DeviceSettings\Kergedomclujers
%WINDIR%\System32\Tasks\newspagesnethowknowsm[RANDOM CHARACTERS]
%WINDIR%\System32\Tasks\newstop5orgwnorsm[RANDOM CHARACTERS]
%WINDIR%\System32\Tasks\PPI Update
%WINDIR%\System32\Tasks\ShopMore[NUMBERS]
%WINDIR%\systwin.exe
%WINDIR%\Tasks\PPI Update.job
Uninstaller
119
adworldads
Amazon assistant 1.0
Amazon assistant 2.0
AppHelper
Applica
AS
bdraw
Corteli File Checker
disk genius 2.02
Ebayssistant 1.0
ExtensionGoogleTranslate
farmer 1.0
Gebac_is1
Host Service
Look Picture Tool
Navigator
NetStream
pro 1.0
Programz 1.03
QWiget 1.0.1
ShopMore
soundplay 3.0
telezilla
TrailerWatch
TweakCube3
Windows7Master
Yahooassistant 1.0
{0D447139-C8C5-4061-8B4A-0FBE91965131}
{1fd06d23-1810-464b-b9c5-b92c28776962}_is1
{27097E83-0712-446C-821A-C2DBB0C1CDE1}
{2C1A121C-292F-460D-BA62-3B9886D0DE46}_is1
{42F8C402-22B5-42FC-BB6C-88BF4BE304E5}_is1
{6C044E1B-C2BD-4B47-9913-40407FA5854E}
{78CA4ACE-D7CF-418B-B212-8E51822B566E}
{A6AE177E-D46B-4463-AA69-B9F818E0DC4A}_is1
{AD427252-C069-49F6-A0DC-C3235CF6576D}
{C9AE19A8-4589-460C-9685-74467F26FE77}_is1
{d35e5e88-e5b8-447f-b6f4-66bc7aa638d1}
{F4139563-A744-450D-89B3-94C19B0A5DAF}
CLSID
{01F45309-5DDE-36CD-B0E6-C9B4BED4752B}
{198A2D6D-5D0E-4C79-9416-AA889D7CA7A6}
{27C942C5-C8BC-3CA5-AE2E-991157272004}
{354DF0BE-BE17-48C2-A4F7-BC51531779BC}
{361474FA-43A4-7088-66F5-BED6EB5500C1}
{44CB13F1-7D39-3519-958E-C7F88D27E4F5}
{4DA424B1-5AD8-3EA8-B023-96DAB08B716B}
{4E22700E-7CA9-30A1-9687-4CC130BB6388}
{616B5130-44B2-3A0B-A4D3-483417633159}
{66EBAC84-2D58-FD6A-7D99-20491A619549}
{87E1A3FC-FED3-3FF7-A11C-8443C6251976}
{9EBCA256-0416-39AD-889D-824BD3171B53}
{B6D84C58-041F-4216-9905-2D1E9742B524}
{BA7B8F39-DF7F-4A98-83E9-57CE6ED9CA24}
{C35B7206-62EB-F808-5475-18A6FDE7DD94}
{C379EAD1-CB34-4B09-AF6B-7E587F8BCD80}
Registry key
Software\5c55da8cbc3ab845
Software\AppDataLow\Software\Flagfox
Software\Ashampoo\Ashampoo Gadge It\THIS IS WIIIGET!
SOFTWARE\Classes\AppID\Flagfox.DLL
SOFTWARE\Classes\Flagfox.QTimeCpio
SOFTWARE\Classes\Flagfox.QTimeCpio.1
SOFTWARE\Classes\Installer\Products\931744D05C8C1604B8A4F0EB19691513
SOFTWARE\Classes\Installer\Products\ECA4AC87FC7DB8142B21E81528B265E6
SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\srv.desk-top-app.info
Software\CoinisRevShare
SOFTWARE\Cpu Heat Mapping
Software\DEF001
SOFTWARE\devnull\NetAdapter
Software\Flagfox
Software\GabPath
Software\Google\Chrome\PreferenceMACs\Default\extensions.settings\phpimijlgpmombeojojagjijabpmfleb
Software\InstallPath
SOFTWARE\MaxPower
SOFTWARE\meirenli
Software\Microsoft\Internet Explorer\Approved Extensions\{BA7B8F39-DF7F-4A98-83E9-57CE6ED9CA24}
Software\Microsoft\Internet Explorer\DOMStorage\adnetworkperformance.com
Software\Microsoft\Internet Explorer\DOMStorage\analyticwbb.com
Software\Microsoft\Internet Explorer\DOMStorage\bengalflorican.com
Software\Microsoft\Internet Explorer\DOMStorage\cmptch.com
Software\Microsoft\Internet Explorer\DOMStorage\davebestdeals.com
Software\Microsoft\Internet Explorer\DOMStorage\love.bengalflorican.com
Software\Microsoft\Internet Explorer\DOMStorage\pstatic.davebestdeals.com
Software\Microsoft\Internet Explorer\DOMStorage\static.cmptch.com
Software\Microsoft\Internet Explorer\DOMStorage\static.donation-tools.org
Software\Microsoft\Internet Explorer\DOMStorage\www.adnetworkperformance.com
Software\Microsoft\Internet Explorer\DOMStorage\www.analyticwbb.com
Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\adworld.exe
SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION\ExploreMedia.exe
SOFTWARE\Microsoft\Tracing\CpuEssentials_RASAPI32
SOFTWARE\Microsoft\Tracing\CpuEssentials_RASMANCS
SOFTWARE\Microsoft\Tracing\CpuHeatMapping_RASAPI32
SOFTWARE\Microsoft\Tracing\CpuHeatMapping_RASMANCS
SOFTWARE\Microsoft\Tracing\OfferInstaller_RASAPI32
SOFTWARE\Microsoft\Tracing\OfferInstaller_RASMANCS
SOFTWARE\Microsoft\Tracing\Smad_RASMANCS
SOFTWARE\Microsoft\Windows Node
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Atiwedom
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CheckControllerUpdatesUA
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lengegrawoward
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Pherpght
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\AdServiceGroup
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\AdsServiceGroup
SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{BA7B8F39-DF7F-4A98-83E9-57CE6ED9CA24}
Software\Microsoft\Windows\CurrentVersion\Run\ShopMore
Software\Microsoft\Windows\CurrentVersion\Run\THIS IS WIIIGET!
Software\RuanMei\TweakCube3
Software\SaaYaa
Software\SetupCompany
Software\ShopMore
Software\Ultimate-Discounter
Software\Windows7Master
Software\Wizzlabs
SOFTWARE\Wow6432Node\Classes\AppID\Flagfox.DLL
SOFTWARE\Wow6432Node\Cpu Essentials
SOFTWARE\Wow6432Node\Cpu Heat Mapping
SOFTWARE\Wow6432Node\devnull\NetAdapter
SOFTWARE\Wow6432Node\MaxPower
SOFTWARE\Wow6432Node\meirenli
SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION\ExploreMedia.exe
SOFTWARE\Wow6432Node\Microsoft\Windows Node
SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost\AdServiceGroup
SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost\AdsServiceGroup
SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{BA7B8F39-DF7F-4A98-83E9-57CE6ED9CA24}
SOFTWARE\Wow6432Node\qingfengrili
SOFTWARE\Wow6432Node\RuanMei\TweakCube3
Software\Wow6432Node\Windows7Master
SYSTEM\ControlSet001\services\AdService
SYSTEM\ControlSet001\services\AdsService
SYSTEM\ControlSet001\services\Bokvunnu
SYSTEM\ControlSet001\services\Citdhwa
SYSTEM\ControlSet001\services\Corteli File Checker
SYSTEM\ControlSet001\services\Ghostery Storage Server
SYSTEM\ControlSet001\services\HNService
SYSTEM\ControlSet001\Services\My Sample Service
SYSTEM\ControlSet001\services\Windows Node
SYSTEM\ControlSet001\services\zigipyro
SYSTEM\ControlSet002\services\AdService
SYSTEM\ControlSet002\services\AdsService
SYSTEM\ControlSet002\services\Bokvunnu
SYSTEM\ControlSet002\services\Citdhwa
SYSTEM\ControlSet002\services\Corteli File Checker
SYSTEM\ControlSet002\services\Ghostery Storage Server
SYSTEM\ControlSet002\services\HNService
SYSTEM\ControlSet002\Services\My Sample Service
SYSTEM\ControlSet002\services\Windows Node
SYSTEM\ControlSet002\services\zigipyro
SYSTEM\CurrentControlSet\services\AdService
SYSTEM\CurrentControlSet\services\AdsService
SYSTEM\CurrentControlSet\services\Bokvunnu
SYSTEM\CurrentControlSet\services\Citdhwa
SYSTEM\CurrentControlSet\services\Corteli File Checker
SYSTEM\CurrentControlSet\Services\CpuHeatMapping
SYSTEM\CurrentControlSet\services\Ghostery Storage Server
SYSTEM\CurrentControlSet\services\HNService
SYSTEM\CurrentControlSet\Services\My Sample Service
SYSTEM\CurrentControlSet\services\Windows Node
SYSTEM\CurrentControlSet\services\zigipyro
File name without path
Adult Dating.ico
big_bang_empire.lnk
BigFarm.lnk
chrome-extension_beceginmcfcielpokhpefakdcneaabfo_0.localstorage
http_digimatic.biz_0.localstorage
http_digimatic.biz_0.localstorage-journal
http_q2u3z6t7.ssl.hwcdn.net_0.localstorage
http_q2u3z6t7.ssl.hwcdn.net_0.localstorage-journal
http_tvoy-million.co_0.localstorage
http_tvoy-million.co_0.localstorage-journal
love.bengalflorican[1].xml
QWiget.lnk
RelieveStressPaint.lnk
static.cmptch[1].xml
tweakcube[1].js
Win iPhone X.ico
www.adnetworkperformance[1].xml
www.analyticwbb[1].xml
www.donation-tools[1].xml
www.downloadappsoft[1].xml

More Details on Adware Helpers

The following cookies were found:
  • ww7.greefl.com

Site Disclaimer

Enigmasoftware.com is not associated, affiliated, sponsored or owned by the malware creators or distributors mentioned on this article. This article should NOT be mistaken or confused in being associated in any way with the promotion or endorsement of malware. Our intent is to provide information that will educate computer users on how to detect, and ultimately remove, malware from their computer with the help of SpyHunter and/or manual removal instructions provided on this article.

This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.

One Comment

  • ralph palmer:
    5 years ago Reply

    help is needed. nothing works for me. have been tryiing all I know for three days.I was told it would be easy to get rid of safe search. not true.

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.

Comment (1)
By GoldSparrow in Adware
Threat Scorecard
?
The ESL Threat Scorecard is an assessment report that is given to every malware threat that has been collected and analyzed through our Malware Research Center. The ESL Threat Scorecard evaluates and ranks each threat by using several metrics such as trends, incidents and severity over time.

In addition to the effective scoring for each threat, we are able to interpret anonymous geographic data to list the top three countries infected with a particular threat. The data used for the ESL Threat Scorecard is updated daily and displayed based on trends for a 30-day period. The ESL Threat Scorecard is a useful tool for a wide array of computer users from end users seeking a solution to remove a particular threat or security experts pursuing analysis and research data on emerging threats.

Each of the fields listed on the ESL Threat Scorecard, containing a specific value, are as follows:

Ranking: The current ranking of a particular threat among all the other threats found on our malware research database.

Threat Level: The level of threat a particular computer threat could have on an infected computer. The threat level is based on a particular threat's behavior and other risk factors. We rate the threat level as low, medium or high. The different threat levels are discussed in the SpyHunter Risk Assessment Model.

Infected Computer: The number of confirmed and suspected cases of a particular threat detected on infected computers retrieved from diagnostic and scan log reports generated by SpyHunter's Spyware Scanner.

% Change: The daily percent change in the frequency of infected computers of a specific threat. The formula for percent changes results from current trends of a specific threat. An increase in the rankings of a specific threat yields a recalculation of the percentage of its recent gain. When a specific threat's ranking decreases, the percentage rate reflects its recent decline. For a specific threat remaining unchanged, the percent change remains in its current state. The % Change data is calculated and displayed in three different date ranges, in the last 24 hours, 7 days and 30 days. Next to the percentage change is the trend movement a specific malware threat does, either upward or downward, in the rankings. Each level of movement is color coded: a green up-arrow (∧) indicates a rise, a red down-arrow (∨) indicates a decline, and a brown equal symbol (=) indicates no change or plateaued.

Top 3 Countries Infected: Lists the top three countries a particular threat has targeted the most over the past month. This data allows computer users to track the geographic distribution of a particular threat throughout the world.
Ranking: N/A
Threat Level: 2
Infected Computers: 4,846,956