Hijacker . Clientman (Summary)
Software Name: Clientman
Company Name: Odysseusmarketing
Product Name: Clientman
Classification: Hijacker
Website: http://www.odysseusmarketing.com
Brief:
Downloads links for ads, contacts the server, hijacks different search engines, and displays popups.
IMPORTANT!
Some of the Hijacker.Clientman components
are listed below. The list is compiled as a reference. The list might
not be complete and it doesn't represent instructions for manual removal.
We DO NOT recommend manual removal. Incorrect removal
of certain software might make your computer unstable or even unusable.
Removal of adware component might affect the related ad-supported software.
If you suspect that you have an unwanted instance of Clientman
installed on your computer we recommend a free
audit of your system with INAC Anti Spyware.
Clientman might create following folders (and inject its files inside
the folders):
- %PROGRAM_FILES%\ClientMan
Clientman might create following files (some of the files might be
loaded in memory while the software is running):
- %SYSTEM%\mshfan.dll
- %SYSTEM%\msjfbl.dll
- %SYSTEM%\mskhhe.dll
- %SYSTEM%\msnkmi.dll
- %SYSTEM%\bap.exe
- %SYSTEM%\msfaol.dll
- %SYSTEM%\mseggo.gif
- %SYSTEM%\mskceo.dll
- %WINDOWS%\addata.lst
- %SYSTEM%\msglji.gif
- %SYSTEM%\msibkd.dll
Clientman is often accompanied by the following tracking cookies:
n/a
Clientman might create following registry keys (and inject subkeys
and values):
- HKEY_CLASSES_ROOT\CLSID\{CC905FF6-B553-496C-9DFA-CFF65ADCD0FC}
- HKEY_CLASSES_ROOT\searchrep.SearchRepPP
- HKEY_CLASSES_ROOT\searchrep.SearchRepPP.1
- HKEY_CLASSES_ROOT\TypeLib\{8DBD1CE8-2720-4774-8CC6-32737958AC4B}
- HKEY_CLASSES_ROOT\AppID\urlcli.DLL
- HKEY_CLASSES_ROOT\AppID\{026E4B83-1BF7-41CB-8233-4AF35341BC69}
- HKEY_CLASSES_ROOT\CLSID\{94927A13-4AAA-476A-989D-392456427688}
- HKEY_CLASSES_ROOT\Interface\{A7370377-E217-4467-8448-9845270CD4A3}
- HKEY_CLASSES_ROOT\TypeLib\{026E4B83-1BF7-41CB-8233-4AF35341BC69}
- HKEY_CLASSES_ROOT\urlcli.UrlCliObj
- HKEY_CLASSES_ROOT\urlcli.UrlCliObj.1
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{94927A13-4AAA-476A-989D-392456427688}
- HKEY_CLASSES_ROOT\CLSID\{0982868C-47F0-4EFB-A664-C7B0B1015808}
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0982868C-47F0-4EFB-A664-C7B0B1015808}
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCADDC14-BD46-408A-9842-CDBE1C6D37EB}
- HKEY_CLASSES_ROOT\CLSID\{00A0A40C-F432-4C59-BA11-B25D142C7AB7}
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A0A40C-F432-4C59-BA11-B25D142C7AB7}
- HKEY_CLASSES_ROOT\CLSID\{25F7FA20-3FC3-11D7-B487-00D05990014C}
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25F7FA20-3FC3-11D7-B487-00D05990014C}
- HKEY_CLASSES_ROOT\CLSID\{CC916B4B-BE44-4026-A19D-8C74BBD23361}
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC916B4B-BE44-4026-A19D-8C74BBD23361}
- HKEY_CLASSES_ROOT\CLSID\{447160CD-ECF5-4EA2-8A8A-1F70CA363F85}
- HKEY_CLASSES_ROOT\actsetup.actsetupobj
- HKEY_CLASSES_ROOT\actsetup.actsetupobj.1
- HKEY_CLASSES_ROOT\AppID\actsetup.DLL
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0BA1C6EB-D062-4E37-9DB5-B07743276324}
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{447160CD-ECF5-4EA2-8A8A-1F70CA363F85}
Clientman might create following registry values:
- HKEY_CLASSES_ROOT\AppID\actsetup.DLL|AppID
Clientman might create registry values with following data:
- HKEY_CLASSES_ROOT\PROTOCOLS\Filter\text/html|*|SearchRepPP*
- HKEY_CLASSES_ROOT\PROTOCOLS\Filter\text/html|CLSID|*CC905FF6-B553-496C-9DFA-CFF65ADCD0FC*
Clientman might insert following entries in the HOSTS file:
n/a
Click
here to scan your computer for Clientman free of charge
|
