Hijacker . CWS.Exploit (Summary)
home | requirements | help | contact | scan now  

OVER 8 MILLION PEOPLE WORLDWIDE USE NUKER TO PROTECT THEIR PC!
YOU CAN TRY ITS AUDIT TODAY ABSOLUTELY FREE!

FREE SCAN

Free Anti Spyware Audit

Click Here to scan your PC for
CWS.Exploit
free of charge
Hijacker . CWS.Exploit (Summary)

Software Name: CWS.Exploit
Company Name:
Product Name: CWS.Exploit
Classification: Hijacker
Website:

Brief:
Hijacks browsers homepage and search settings. Installs a toolbar and downloads other executables in the background. **You may need to run a Deep Scan while in Safe Mode.**

 

IMPORTANT!
Some of the Hijacker.CWS.Exploit components are listed below. The list is compiled as a reference. The list might not be complete and it doesn't represent instructions for manual removal. We DO NOT recommend manual removal. Incorrect removal of certain software might make your computer unstable or even unusable.
Removal of adware component might affect the related ad-supported software.

If you suspect that you have an unwanted instance of CWS.Exploit installed on your computer we recommend a free audit of your system with INAC Anti Spyware.

CWS.Exploit might create following folders (and inject its files inside the folders):

n/a

CWS.Exploit might create following files (some of the files might be loaded in memory while the software is running):

  • %FAVORITES%\Block Popups.url

  • %FAVORITES%\Free Online Dating.url

  • %FAVORITES%\Phentermine.url

  • %FAVORITES%\Play With Girls.url

  • %FAVORITES%\SPYWARE.url

  • %FAVORITES%\Viagra.url

  • %FAVORITES%\Work at Home.url

  • %FAVORITES%\Xanax Online.url

  • %FAVORITES%\XXX personal photos.url

  • %COMMON_FAVORITES%\Block Popups.url

  • %COMMON_FAVORITES%\Free Online Dating.url

  • %COMMON_FAVORITES%\Phentermine.url

  • %COMMON_FAVORITES%\Play With Girls.url

  • %COMMON_FAVORITES%\SPYWARE.url

  • %COMMON_FAVORITES%\Viagra.url

  • %COMMON_FAVORITES%\Work at Home.url

  • %COMMON_FAVORITES%\Xanax Online.url

  • %COMMON_FAVORITES%\XXX personal photos.url

  • %SYSTEM%\date.dat

  • %SYSTEM%\exploit.exe

  • %SYSTEM%\iesp1.dll

  • %SYSTEM%\menu.txt

  • %SYSTEM%\nbtrstat.exe

  • %SYSTEM%\netupd32.exe

  • %SYSTEM%\od.exe

  • %SYSTEM%\protect32.dll

  • %SYSTEM%\sethcd.exe

  • %SYSTEM%\smbdins.exe

  • %SYSTEM%\sprestrst.exe

  • %SYSTEM%\tsmsetup.exe

  • %SYSTEM%\upncont.exe

  • %SYSTEM%\wowdbe.exe

  • %SYSTEM%\rdspclips.exe

  • %SYSTEM%\run_dos.dll

  • %WINDOWS%\system\msthl.dll

  • %FAVORITES%\AdultGambling.url

  • %FAVORITES%\FUCK Real Girls.url

  • %FAVORITES%\Kill Annoying Popups.url

  • %FAVORITES%\Online Sex Poker Rooms.url

  • %FAVORITES%\Play Adult-Poker.url

  • %FAVORITES%\Remove Toolbars.url

  • %FAVORITES%\Spyware Uninstall.url

  • %COMMON_FAVORITES%\AdultGambling.url

  • %COMMON_FAVORITES%\FUCK Real Girls.url

  • %COMMON_FAVORITES%\Kill Annoying Popups.url

  • %COMMON_FAVORITES%\Online Sex Poker Rooms.url

  • %COMMON_FAVORITES%\Play Adult-Poker.url

  • %COMMON_FAVORITES%\Remove Toolbars.url

  • %COMMON_FAVORITES%\Spyware Uninstall.url

  • %system%\sysobj.exe

CWS.Exploit is often accompanied by the following tracking cookies:

n/a

CWS.Exploit might create following registry keys (and inject subkeys and values):

  • HKEY_CLASSES_ROOT\CLSID\{06ABAA2D-34AB-4902-A326-409BD9B9A7A5}

  • HKEY_CLASSES_ROOT\CLSID\{49909A9C-4D27-4465-A4C0-D85BE5572032}

  • HKEY_CLASSES_ROOT\CLSID\{776A61AE-0B96-441F-A153-89804931596C}

  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{776A61AE-0B96-441F-A153-89804931596C}

  • HKEY_USERS\*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains.219.181.7

  • HKEY_USERS\*\Software\Microsoft\Windows\CurrentVersion\nur

  • HKEY_CLASSES_ROOT\CLSID\{ACA7A27F-EDCF-45EC-A0E0-00B844B91289}

  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ACA7A27F-EDCF-45EC-A0E0-00B844B91289}

  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\hdjfv

CWS.Exploit might create following registry values:

  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion|emanger

  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion|emandislc

  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion|emanelif

  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion|emanexe

  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{06ABAA2D-34AB-4902-A326-409BD9B9A7A5}

  • HKEY_USERS\*\Software\Microsoft\Internet Explorer|emandislc

  • HKEY_USERS\*\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{06ABAA2D-34AB-4902-A326-409BD9B9A7A5}

  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|sysobj.exe

CWS.Exploit might create registry values with following data:

  • HKEY_CLASSES_ROOT\PROTOCOLS\Filter\text/html|*|{49909A9C-4D27-4465-A4C0-D85BE5572032}

  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main|*|res://%43%3a%5c%57%49%4e%44%4f%57%53%5c%53%79%73%74%65%6d%33%32%5c%70%72%6f%74%65%63%74%33%32%2e%64%6c%6c*

  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search|*|res://%43%3a%5c%57%49%4e%44%4f%57%53%5c%53%79%73%74%65%6d%33%32%5c%70%72%6f%74%65%63%74%33%32%2e%64%6c%6c*

  • HKEY_USERS\*\Software\Microsoft\Internet Explorer|(default)|http://clearsurfing.net*

  • HKEY_USERS\*\Software\Microsoft\Internet Explorer\Main|*|res://%43%3a%5c%57%49%4e%44%4f%57%53%5c%53%79%73%74%65%6d%33%32%5c%70%72%6f%74%65%63%74%33%32%2e%64%6c%6c*

  • HKEY_USERS\*\Software\Microsoft\Internet Explorer\Search|*|res://%43%3a%5c%57%49%4e%44%4f%57%53%5c%53%79%73%74%65%6d%33%32%5c%70%72%6f%74%65%63%74%33%32%2e%64%6c%6c*

  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{39741DD1-2AAF-4FE0-84AA-A52CF5A07DA0}|NameServer|69.50.184.84,195.225.176.37

  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{E19B8267-57DD-4C51-A3ED-555D71B863FA}|NameServer|69.50.184.84,195.225.176.37

  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{39741DD1-2AAF-4FE0-84AA-A52CF5A07DA0}|NameServer|69.50.184.84,195.225.176.37

  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{E19B8267-57DD-4C51-A3ED-555D71B863FA}|NameServer|69.50.184.84,195.225.176.37

CWS.Exploit might insert following entries in the HOSTS file:

n/a

 

Click here to scan your computer for CWS.Exploit free of charge

 Download | Order Now | Partners | Index | Hunter's Log | EULA | Privacy Policy   © 2002-2007 TrekBlue, Inc.