Adware.Webmoner

Adware.Webmoner Description

Type: Trojan

Adware.Webmoner is a non-malicious but annoying joke program. Adware.Webmoner will secretly infiltrate a system and display advertisements for downloadsgospel.com.br and jesusvoltara.com.br. Adware.Webmoner is not used to swindle victims and can be removed with a computer security application.

Technical Information

File System Details

Adware.Webmoner creates the following file(s):
# File Name MD5 Detection Count
1 %Temp%\dat1.tmp N/A
2 CLADD ec37d748b61130617d4665e061872a58 0
More files

Registry Details

Adware.Webmoner creates the following registry entry or registry entries:
RegistryKey
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{82184935-B894-4AB2-8590-603BA7D74B71}\LocalServer32]
(Default) = "eProtocol"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\[filename of the sample #1 without extension].eProtocol]
CLSID = "{07B65360-C445-11CE-AFDE-00AA006C14F4}"
[HKEY_CURRENT_USER\Software\Microsoft\ActiveMovie\devenum\{E0F158E1-CB04-11D0-BD4E-00A0C911CE86}\Default DirectSound Device]
FilterData = 02 00 00 00 00 00 80 00 01 00 00 00 00 00 00 00 30 70 69 33 02 00 00 00 00 00 00 00 08 00 00 00 00 00 00 00 00 00 00 00 30 74 79 33 00 00 00 00 A8 00 00 00 B8 00 00 00 31 74 79 33 00 00 00 00 A8 00 00 00 C8 00 00 00 32 74 79 33 00 00 00 00 A8
0 = E0 5A 00 00 65 68 63 66 00 00 00 00 00 00 00 00 02 01 00 00 00 00 00 00 01 00 20 00 49 00 00 00 40 00 64 00 65 00 76 00 69 00 63 00 65 00 3A 00 64 00 6D 00 6F 00 3A 00 7B 00 32 00 45 00 45 00 42 00 34 00 41 00 44 00 46 00 2D 00 34 00 35 00 37 00 38 0
[HKEY_CURRENT_USER\Software\NATATA eBook\The Real Princess{F61B9126-7CC2-4BB1-B0BD-E7A872CACCE2}]
[HKEY_CURRENT_USER\Software\NATATA eBook]
(Default) = "[filename of the sample #1 without extension].eProtocol"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{82184935-B894-4AB2-8590-603BA7D74B71}]
(Default) = "{82184935-B894-4AB2-8590-603BA7D74B71}"
FriendlyName = "Default MidiOut Device"
MidiOutId = 0xFFFFFFFF
CLSID = "{79376820-07D0-11CF-A24D-0020AFD79767}"
[HKEY_CURRENT_USER\Software\Microsoft\Multimedia\ActiveMovie\Filter Cache]
eBook = ""
exe = "1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{82184935-B894-4AB2-8590-603BA7D74B71}\ProgID]
(Default) = "[file and pathname of the sample #1]"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\[filename of the sample #1 without extension].eProtocol\Clsid]
[HKEY_CURRENT_USER\Software\Microsoft\ActiveMovie\devenum\{4EFE2452-168A-11D1-BC76-00C04FB9453B}\Default MidiOut Device]
FilterData = 02 00 00 00 00 00 80 00 01 00 00 00 00 00 00 00 30 70 69 33 02 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 30 74 79 33 00 00 00 00 38 00 00 00 48 00 00 00 6D 69 64 73 00 00 10 00 80 00 00 AA 00 38 9B 71 00 00 00 00 00 00 00 00 00
FriendlyName = "Default DirectSound Device"
DSGuid = "{00000000-0000-0000-0000-000000000000}"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
exeal = "0"
The Real Princess{F61B9126-7CC2-4BB1-B0BD-E7A872CACCE2} = 00 00 00 00 80 B9 E3 40

Site Disclaimer

Enigmasoftware.com is not associated, affiliated, sponsored or owned by the malware creators or distributors mentioned on this article. This article should NOT be mistaken or confused in being associated in any way with the promotion or endorsement of malware. Our intent is to provide information that will educate computer users on how to detect, and ultimately remove, malware from their computer with the help of SpyHunter and/or manual removal instructions provided on this article.

This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.