Adware.Pirrit

Adware.Pirrit Description

Adware.macOS.Pirrit, Pirrit Mac Adware, or simply Pirrit, is a piece of Adware aimed at bombarding PC users with annoying pop-ups. Having bugged Windows-based machines, Pirrit has now set eyes on macOS systems, as well. Pirrit flags as a Potentially Unwanted Program (PUP) due to the intrusive nature of the ads that come with it.

A Nerve-Wracking Experience

Imagine being flooded with miscellaneous ads, banners, pop-ups, coupons, and surveys, which keep popping up while you are browsing the web. They disrupt your activity and lead you straight to a variety of suspicious websites you’ve never seen before. That’s what Pirrit does, and that’s when you should raise a red flag signifying that your Mac has come under an adware attack. Albeit a low-level threat, adware tools like Pirrit may bring you to malware-infested sites anytime. Moreover, those sites may turn out to contain much more severe pieces of malware hidden beneath the sea of pop-ups and banners generated by Pirrit itself. In the worst-case scenario, Pirrit may lead you to a Trojan capable of harvesting your banking details, login credentials, or other personal data. What is more, some victims have even complained about having had their microphones and cameras hijacked. That's why letting the Pirrit Adware reside in your Mac is a no-go.

Distribution Tactics and Operation

Adware.macOS.Pirrit typically comes as part of software bundles of popular programs users can get from the Internet. Besides the core tools, those bundles may often include lots of additional, often superfluous programs. Unless you uncheck them before installation, you will get them all, which increases the prospect of getting an adware infection like the Pirrit. Once installed, Pirrit may perform many actions such as:

  • Highlighting particular words during web browsing.
  • Placing hyperlinks within the viewed web content.
  • Loading pop-ups until they’ve covered your whole screen, etc.

You will easily recognize you have a Pirrit adware infection when you scroll over the embedded links. If you click on a Pirrit-generated ad, the crooks behind the Adware will earn a dime or two. That explains why they have been exploiting Pirrit to plague Windows-based machines for more than six years. Here are some of Pirrit's aliases over that time:

Adware.Win32.Tirrip.f, Generic5.AUTI [AVG], Riskware/Pirrit [Fortinet], Win32.Adware.Tirrip.Wrqs, Win32/AdWare.Pirrit.A, Trj/CI.A [Panda], AdWare.Tirrip, Win32.Troj.Tirrip.f.(kcloud), GrayWare[AdWare:not-a-virus]/Win32.Tirrip [Antiy-AVL], SPR/Tool.63488.4, AdWare/Tirrip.f, RDN/Generic PUP.x!c2y [McAfee-GW-Edition], Adware.Tirrip.Win32.6, Adware.Pirrit.2 [DrWeb] and ApplicUnwnt [Comodo].

Pirrit Removal

Like any other piece of Adware, you can either delete Pirrit manually or automatically. The latter method stands a much higher chance of cleaning up all the residual files, regardless of their destination folders. So, waste no time running a reputable AV solution to regain control of your Mac.

Aliases: Adware.Win32.Tirrip.f, Generic5.AUTI [AVG], Riskware/Pirrit [Fortinet], Win32.Adware.Tirrip.Wrqs, Win32/AdWare.Pirrit.A, Trj/CI.A [Panda], AdWare.Tirrip, Win32.Troj.Tirrip.f.(kcloud), GrayWare[AdWare:not-a-virus]/Win32.Tirrip [Antiy-AVL], SPR/Tool.63488.4, AdWare/Tirrip.f, RDN/Generic PUP.x!c2y [McAfee-GW-Edition], Adware.Tirrip.Win32.6, Adware.Pirrit.2 [DrWeb] and ApplicUnwnt [Comodo].

Technical Information

File System Details

Adware.Pirrit creates the following file(s):
# File Name Size MD5 Detection Count
1 %WINDIR%wauctla.exe 188,928 f2f28eaa6b0151e390d507749878cf13 3,993
2 C:\Users\Ray\AppData\Local\Helper\chrome32.exe\chrome32.exe 188,416 bca990ab0c7b58d89a8e792d6aef4f7c 457
3 %PROGRAMFILES%\WinSystem\Cleaner\WinSystemCleaner.exe 831,488 61e5aa1b041054d1f0f8d900e9320ade 320
4 %SystemDrive%\Users\JoanBrenda\AppData\Local\FileImportProgram\FileImportProgram.exe 98,341 9e9b754b9ca5081a4eca625567e1262d 191
5 %LOCALAPPDATA%\GUIRootSoftware\GUIRootSoftware.exe 98,341 152531bfef6e09defb06c29b0c6b0235 191
6 C:\Users\Ray\AppData\Local\Helper\chrome64.exe\chrome64.exe 243,712 37d6647b3610d838f0fd92d6a72d8462 182
7 C:\Windows\system32\openmemdiag_64\openmemdiag_64.exe\openmemdiag_64.exe 83,456 726790ac4efe16ff25705c76c299d02b 167
8 C:\Program Files (x86)\Windows Network Accelerater\v3\vxmclient.exe\vxmclient.exe 4,586,400 3f6ddb4b5a066321544176c599b53a70 147
9 %USERPROFILE%\Local Settings\Application Data\DriverFreewareOS\DriverFreewareOS.exe 98,341 6af6c4cdf188f4e31a4d0f23224c4b79 138
10 %WINDIR%\SysWOW64\DatabaseFAT32Firmware\DatabaseFAT32Firmware.exe 68,096 8793f40f334723b0dc967c43d0413fd9 118
11 %SystemDrive%\Users\???\AppData\Local\CGICompilerIcon\CGICompilerIcon.exe 98,341 03dd7325372577b1f918f1dc43d4e8cd 107
12 %LOCALAPPDATA%\ExportFunctionGamma\ExportFunctionGamma.exe 98,341 72d0641e3b4f1e6523f58ca948f0771e 84
13 %LOCALAPPDATA%\CronDirect3dWinsock\CronDirect3dWinsock.exe 98,341 45d02e3c3e7c34539980b2cfdc0e739f 82
14 %LOCALAPPDATA%\ExportInterpreterODBC\ExportInterpreterODBC.exe 98,341 c5a19d1aba6f3fa39d9c8b229ffef6b3 76
15 %SystemDrive%\Users\Tammy\AppData\Local\CompileMinimalSnapshot\CompileMinimalSnapshot.exe 98,341 9db5393724c9795221e46bc262c6f765 73
16 %SystemDrive%\Users\Guest\AppData\Local\DashboardMacroMotion\DashboardMacroMotion.exe 98,341 cb54914a0ec158e62d341ef14f20111c 73
17 %LOCALAPPDATA%\DefaultGammaTooltip\DefaultGammaTooltip.exe 98,341 b64eb5d608203fb2fec787b7451ad7e2 73
18 %SystemDrive%\Users\Tammy\AppData\Local\AppOfficeRegister\AppOfficeRegister.exe 98,341 67b3efe0675d8787bced4027e43325f2 72
19 %LOCALAPPDATA%\FinderGUIOCR\FinderGUIOCR.exe 98,341 1bc29840497317001b6e2b46b8013dda 72
20 %USERPROFILE%\Local Settings\Application Data\Direct3dProcessSnapshot\Direct3dProcessSnapshot.exe 98,341 b32e9d254583d8050bf7621e09a9f4ba 70
21 %USERPROFILE%\Local Settings\Application Data\JAVAOpenScreenshot\JAVAOpenScreenshot.exe 98,341 c2c8c46de2752cd14c1485b51c18e079 70
22 %PROGRAMFILES%\WinSystem\Updater\WinSystemUpdater.exe 240,640 988b0aa8ed363cf2e31a6e0baf737b97 33
23 %WINDIR%\SysWOW64\DebuggerOCRSDK\DebuggerOCRSDK.exe 69,120 fabcb1eb1b0f2a204029837753694955 31
24 %LOCALAPPDATA%\ApplicationClipboardDock\ApplicationClipboardDock.exe 158,720 84c299db01efbd675ceecfe10b148c9a 10
25 %LOCALAPPDATA%\mswsocktspkgProvider\mswsocktspkgProvider.exe 209,408 b313522f02b459116dd6ec13f24712dd 5
26 %LOCALAPPDATA%\sharewaresdiagschdProt\sharewaresdiagschdProt.exe 209,408 16d2a7efcec5a4d3f63f3865aa79e150 2
More files

Registry Details

Adware.Pirrit creates the following registry entry or registry entries:
Directory
%AppData%\Pirrit
%LOCALAPPDATA%\Pirrit Suggestor
%LOCALAPPDATA%\PirritSuggestor
%PROGRAMFILES%\Pirrit
%PROGRAMFILES%\Windows Network Accelerater
%PROGRAMFILES(x86)%\Pirrit
%PROGRAMFILES(x86)%\Windows Network Accelerater
%USERPROFILE%\Local Settings\Application Data\PirritSuggestor
Regexp file mask
%PROGRAMFILES%\WinSystem\Cleaner\WinSystemCleaner.exe
%PROGRAMFILES%\WinSystem\Services\WinSystemServices.exe
%PROGRAMFILES%\WinSystem\Updater\WinSystemUpdater.exe
Registry key
SOFTWARE\Classes\Pirrit.PirritHelper
Software\Microsoft\Internet Explorer\Approved Extensions\{D40C654D-7C51-4EB3-95B2-1E23905C2A2D}
SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{d40c654d-7c51-4eb3-95b2-1e23905c2a2d}
Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D40C654D-7C51-4EB3-95B2-1E23905C2A2D}
Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D40C654D-7C51-4EB3-95B2-1E23905C2A2D}
Software\Pirrit
SOFTWARE\Pirrit Solutions
SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{d40c654d-7c51-4eb3-95b2-1e23905c2a2d}
SOFTWARE\Wow6432Node\Pirrit
SOFTWARE\Wow6432Node\Pirrit Solutions
SYSTEM\ControlSet001\services\PirritDesktop
SYSTEM\ControlSet001\services\PirritUpdater
SYSTEM\CurrentControlSet\services\PirritDesktop
SYSTEM\CurrentControlSet\services\PirritUpdater
CLSID
{D40C654D-7C51-4EB3-95B2-1E23905C2A2D}

Site Disclaimer

Enigmasoftware.com is not associated, affiliated, sponsored or owned by the malware creators or distributors mentioned on this article. This article should NOT be mistaken or confused in being associated in any way with the promotion or endorsement of malware. Our intent is to provide information that will educate computer users on how to detect, and ultimately remove, malware from their computer with the help of SpyHunter and/or manual removal instructions provided on this article.

This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.


HTML is not allowed.

By JubileeX in Adware, Mac Malware
Threat Scorecard
?
The ESL Threat Scorecard is an assessment report that is given to every malware threat that has been collected and analyzed through our Malware Research Center. The ESL Threat Scorecard evaluates and ranks each threat by using several metrics such as trends, incidents and severity over time.

In addition to the effective scoring for each threat, we are able to interpret anonymous geographic data to list the top three countries infected with a particular threat. The data used for the ESL Threat Scorecard is updated daily and displayed based on trends for a 30-day period. The ESL Threat Scorecard is a useful tool for a wide array of computer users from end users seeking a solution to remove a particular threat or security experts pursuing analysis and research data on emerging threats.

Each of the fields listed on the ESL Threat Scorecard, containing a specific value, are as follows:

Ranking: The current ranking of a particular threat among all the other threats found on our malware research database.

Threat Level: The level of threat a particular computer threat could have on an infected computer. The threat level is based on a particular threat's behavior and other risk factors. We rate the threat level as low, medium or high. The different threat levels are discussed in the SpyHunter Risk Assessment Model.

Infected Computer: The number of confirmed and suspected cases of a particular threat detected on infected computers retrieved from diagnostic and scan log reports generated by SpyHunter's Spyware Scanner.

% Change: The daily percent change in the frequency of infected computers of a specific threat. The formula for percent changes results from current trends of a specific threat. An increase in the rankings of a specific threat yields a recalculation of the percentage of its recent gain. When a specific threat's ranking decreases, the percentage rate reflects its recent decline. For a specific threat remaining unchanged, the percent change remains in its current state. The % Change data is calculated and displayed in three different date ranges, in the last 24 hours, 7 days and 30 days. Next to the percentage change is the trend movement a specific malware threat does, either upward or downward, in the rankings. Each level of movement is color coded: a green up-arrow (∧) indicates a rise, a red down-arrow (∨) indicates a decline, and a brown equal symbol (=) indicates no change or plateaued.

Top 3 Countries Infected: Lists the top three countries a particular threat has targeted the most over the past month. This data allows computer users to track the geographic distribution of a particular threat throughout the world.
Threat Level: 2
Infected Computers: 127,118