Adware.Webmoner
Adware.Webmoner is a non-malicious but annoying joke program. Adware.Webmoner will secretly infiltrate a system and display advertisements for downloadsgospel.com.br and jesusvoltara.com.br. Adware.Webmoner is not used to swindle victims and can be removed with a computer security application.
Table of Contents
SpyHunter Detects & Remove Adware.Webmoner
File System Details
Adware.Webmoner may create the following file(s):
| # | File Name | MD5 |
Detections
Detections: The number of confirmed and suspected cases of a particular threat detected on
infected computers as reported by SpyHunter.
|
|---|---|---|---|
| 1. | %Temp%\dat1.tmp | ||
| 2. | CLADD | ec37d748b61130617d4665e061872a58 | 0 |
| 3. | CLADD | 31cce7398ef631c8106a15a4c256313d | 0 |
| 4. | CLADD | fad7d90398aa4b62d2292da94320c373 | 0 |
| 5. | CLADD | 009a29295ad377551986d3d1edb7f0fc | 0 |
| 6. | CLADD | dd79a315a543354fb37373f24987ab4a | 0 |
| 7. | CLADD | 75b624899cea6436149865b20519ccb7 | 0 |
| 8. | CLADD | f7ad08332591c08631c1306a49795d0f | 0 |
| 9. | CLADD | b591d63fb2cf72c8b445a8bc8958cbad | 0 |
| 10. | CLADD | 2174125132ca5977c2913d7cd3c17155 | 0 |
| 11. | CLADD | c3b13093bce469f8024f4a0e2f129cbb | 0 |
| 12. | CLADD | 8c860b90d7366028c4c0ff9e2da998e7 | 0 |
| 13. | CLADD | 71e079e9f52b86a9bd76b6c566fe25af | 0 |
| 14. | CLADD | 12dbfe974c3847c1048c185a6cd8be2a | 0 |
| 15. | CLADD | 3457e02e0b8cc9fc3f43390d63acc20a | 0 |
| 16. | CLADD | 729b90bcd5c98a60df09b29f11117fcc | 0 |
| 17. | CLADD | 72be8b34bec1fd1e6ff4010285d8fcc0 | 0 |
| 18. | CLADD | 0aee05709410da244c138d542fc12c84 | 0 |
| 19. | CLADD | 2112350f98d76fb1bb44b6a4904f7d72 | 0 |
| 20. | CLADD | e653dccd8f794603c76fdb227ec7883b | 0 |
| 21. | CLADD | 0da430f07388d2c2711d27e1c4f8f971 | 0 |
| 22. | CLADD | 4fc79cdea465965f15c670ccceddef07 | 0 |
| 23. | CLADD | f034b1a747f4829717b37dc3eb80947d | 0 |
| 24. | CLADD | fd9791cbd2909ba1c4f66dfba9dbfd6d | 0 |
| 25. | CLADD | 522047756886975768386681c8929e0d | 0 |
| 26. | CLADD | cb54ab182566a2cb0c744f0f7384d968 | 0 |
| 27. | CLADD | bac9c8d0036fbeada394e4ca8571ca80 | 0 |
| 28. | CLADD | c0686a3b9a0e77dd2c166160f4184aed | 0 |
Registry Details
Adware.Webmoner may create the following registry entry or registry entries:
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{82184935-B894-4AB2-8590-603BA7D74B71}\LocalServer32]
(Default) = "eProtocol"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\[filename of the sample #1 without extension].eProtocol]
CLSID = "{07B65360-C445-11CE-AFDE-00AA006C14F4}"
[HKEY_CURRENT_USER\Software\Microsoft\ActiveMovie\devenum\{E0F158E1-CB04-11D0-BD4E-00A0C911CE86}\Default DirectSound Device]
FilterData = 02 00 00 00 00 00 80 00 01 00 00 00 00 00 00 00 30 70 69 33 02 00 00 00 00 00 00 00 08 00 00 00 00 00 00 00 00 00 00 00 30 74 79 33 00 00 00 00 A8 00 00 00 B8 00 00 00 31 74 79 33 00 00 00 00 A8 00 00 00 C8 00 00 00 32 74 79 33 00 00 00 00 A8
0 = E0 5A 00 00 65 68 63 66 00 00 00 00 00 00 00 00 02 01 00 00 00 00 00 00 01 00 20 00 49 00 00 00 40 00 64 00 65 00 76 00 69 00 63 00 65 00 3A 00 64 00 6D 00 6F 00 3A 00 7B 00 32 00 45 00 45 00 42 00 34 00 41 00 44 00 46 00 2D 00 34 00 35 00 37 00 38 0
[HKEY_CURRENT_USER\Software\NATATA eBook\The Real Princess{F61B9126-7CC2-4BB1-B0BD-E7A872CACCE2}]
[HKEY_CURRENT_USER\Software\NATATA eBook]
(Default) = "[filename of the sample #1 without extension].eProtocol"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{82184935-B894-4AB2-8590-603BA7D74B71}]
(Default) = "{82184935-B894-4AB2-8590-603BA7D74B71}"
FriendlyName = "Default MidiOut Device"
MidiOutId = 0xFFFFFFFF
CLSID = "{79376820-07D0-11CF-A24D-0020AFD79767}"
[HKEY_CURRENT_USER\Software\Microsoft\Multimedia\ActiveMovie\Filter Cache]
eBook = ""
exe = "1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{82184935-B894-4AB2-8590-603BA7D74B71}\ProgID]
(Default) = "[file and pathname of the sample #1]"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\[filename of the sample #1 without extension].eProtocol\Clsid]
[HKEY_CURRENT_USER\Software\Microsoft\ActiveMovie\devenum\{4EFE2452-168A-11D1-BC76-00C04FB9453B}\Default MidiOut Device]
FilterData = 02 00 00 00 00 00 80 00 01 00 00 00 00 00 00 00 30 70 69 33 02 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 30 74 79 33 00 00 00 00 38 00 00 00 48 00 00 00 6D 69 64 73 00 00 10 00 80 00 00 AA 00 38 9B 71 00 00 00 00 00 00 00 00 00
FriendlyName = "Default DirectSound Device"
DSGuid = "{00000000-0000-0000-0000-000000000000}"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
exeal = "0"
The Real Princess{F61B9126-7CC2-4BB1-B0BD-E7A872CACCE2} = 00 00 00 00 80 B9 E3 40
