Main Menu
Home
Bookmark
Contact Us



 
Unclassified.Spyware.Loader Spyware Information

Name: Unclassified.Spyware.Loader
Category: Spyware
Alias: - Alias: C2 Media, Lop, LopAdvert, MP3Search, MpAdvert, TrojanClicker.Win32.Rotarran
Advice: Remove
Risk: Elevated Risk Elevated threats are usually threats that fall into the range of adware in which data about a user's habits are tracked and sent back to a server for analysis without your consent or knowledge.
Description: Spyware.Loader is spyware that is set to automatically start when Windows loads up by hiding itself in a number of different startup locations.

Startup registry keys are a number of registry entries in the Window's registry that store paths to applications on your computer. Applications that are listed in any of these registry keys and are loaded automatically when Windows boots up. These keys generally apply to Windows 95, 98, ME, NT, 2000, XP, and 2003.

Registry Local Machine Run
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun
Any application path placed in this location will start when any user logs into Windows. These are the most common startup locations for programs to install auto start from. By default these keys are not executed in Safe mode. If you prefix the value of these keys with an asterisk, *, is will run in Safe Mode.

Registry Current User Run
HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun
Any application path placed in this location will start when the current user for this key logs into Windows. These are the most common startup locations for programs to install auto start from. By default these keys are not executed in Safe mode. If you prefix the value of these keys with an asterisk, *, is will run in Safe Mode.

Registry Local Machine RunOnce
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunOnce
Any application path placed in this location will start when any user logs into Windows. These keys are designed to be used primarily by Setup programs. Entries in these keys are started once and then are deleted from the key. If there a exclamation point preceding the value of the key, the entry will not be deleted until after the program completes, otherwise it will be deleted before the program runs. This is important, because if the exclamation point is not used, and the program referenced in this key fails to complete, it will not run again as it will have already been deleted. All entries in this key are started synchronously in an undefined order. Due to this, all programs in this key must be finished before any entries in HKEY_LOCAL_MACHINE...Run, HKEY_CURRENT_USER...Run, HKEY_CURRENT_USER...RunOnce, and Startup Folders can be loaded.

Registry Current User RunOnce
HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRunOnce
Any application path placed in this location will start when the current user for this key logs into Windows. These keys are designed to be used primarily by Setup programs. Entries in these keys are started once and then are deleted from the key. If there a exclamation point preceding the value of the key, the entry will not be deleted until after the program completes, otherwise it will be deleted before the program runs. This is important, because if the exclamation point is not used, and the program referenced in this key fails to complete, it will not run again as it will have already been deleted. All entries in this key are started synchronously in an undefined order. Due to this, all programs in this key must be finished before any entries in HKEY_LOCAL_MACHINE...Run, HKEY_CURRENT_USER...Run, HKEY_CURRENT_USER...RunOnce, and Startup Folders can be loaded.

Registry Local Machine RunOnceEx
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunOnceEx

Registry Current User RunOnceEx
HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRunOnceEx

Registry Local Machine RunServicesOnce
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunServicesOnce

Registry Local Machine RunServices
HKEY_LOCAL_MACHINESOFT

Signatures: process: sstb.exe: MD5 Hash: a80a1bd32724770b1ab... process: winxpdll32.exe: MD5 Hash: 4fe942461b2e118f9b5... process: winupdtl.exe: MD5 Hash: 82d1497868bc659e384... process: aaupdt.exe: MD5 Hash: 0d71a26f19ce5e36112... process: grwinsthlp.exe: MD5 Hash: b409f5ea90cbdaf38f4... process: infolog.exe: MD5 Hash: f72beca06f39362bae1..
Type: Spyware - Spyware's primary purpose is to collect demographic and usage information from your computer, usually for advertising purposes. Spyware usually that 'sneaks' onto a system or performs other activities hidden to the user. Spyware programs are usually bundled as a hidden component and downloaded from the Internet. These modules are almost always installed on the system secretively and try to run secretively as well.



Top Spyware Visited Pages:
IEPlugin - Alias: IMIServer IEPlugin, Webplugin, BHO3Lib, ExplWWW, IExpl, MimarSinan, Win Server, winobject, TrojanDow - 126 visits
Spyware.SearchAssistant - Alias: Troj/StartPa-EI - 96 visits
webHancer - Alias: Customer Companion, Webhancer Customer Companion, SpeedRank - 90 visits
PowerReg Scheduler - 90 visits
CWS.Cassandra - 84 visits
Conducent - Alias: Timesink - 79 visits
C2.Lop - Alias: C2 Media, Lop, LopAdvert, MP3Search, MpAdvert, TrojanClicker.Win32.Rotarran - 78 visits
007.msnnames - Alias: access.ocx, jokes.ocx, StopLiteCtrl, StopLite, 007installer - 77 visits
VX2.LocalNRD - Alias: LocalNRD - 77 visits
Aureate - Alias: Aureate Spy, Radiate - 76 visits

Random Spyware Pages:
Marketscore.JDCouncil
Foxxweb.HomepageProtector - Alias: Foxxweb
Startup.AutoLoader
WebDir
SearchForFree - Alias: icasServ
PowerStrip - Alias: Minstaller
MediaTickets CDT - Alias: Adware.CDT, CDT, MediaTickets
ReplaceSearch - Alias: Replace Search
Unclassified.Spyware.41
C2.Lop - Alias: C2 Media, Lop, LopAdvert, MP3Search, MpAdvert, TrojanClicker.Win32.Rotarran


 


2006-2008 spyware32.com - Privacy Policy