Downloader . Exploit (Summary)
home | requirements | help | contact | scan now  

OVER 8 MILLION PEOPLE WORLDWIDE USE NUKER TO PROTECT THEIR PC!
YOU CAN TRY ITS AUDIT TODAY ABSOLUTELY FREE!

FREE SCAN

Free Anti Spyware Audit

Click Here to scan your PC for
Exploit
free of charge
Downloader . Exploit (Summary)

Software Name: Exploit
Company Name: Avenue Media
Product Name: Exploit
Classification: Downloader
Website: http://www.pizdato.biz

Brief:
Contacts its controlling servers and downloads and executes applications on your computer.

 

IMPORTANT!
Some of the Downloader.Exploit components are listed below. The list is compiled as a reference. The list might not be complete and it doesn't represent instructions for manual removal. We DO NOT recommend manual removal. Incorrect removal of certain software might make your computer unstable or even unusable.
Removal of adware component might affect the related ad-supported software.

If you suspect that you have an unwanted instance of Exploit installed on your computer we recommend a free audit of your system with INAC Anti Spyware.

Exploit might create following folders (and inject its files inside the folders):

  • %SYSTEM%\services

Exploit might create following files (some of the files might be loaded in memory while the software is running):

  • %PROFILE%\Local Settings\Temp\aurl.dat

  • %PROFILE%\Local Settings\Temp\kyf.dat

  • %PROFILE%\Local Settings\Temp\log.bak.txt

  • %PROFILE%\Local Settings\Temp\ncmyb.dll

  • %WINDOWS%\anutypqf.exe

  • %PROFILE%\Local Settings\Temp\ss_cdt_setup.exe

  • %STARTMENU%\XXX MEMBERS ZONE.lnk

  • %WINDOWS%\preInsMt.exe

  • %WINDOWS%\udpmod.dll

  • %WINDOWS%\system1710.exe

  • %SYSTEM%\services.01.00.dll

  • %SYSTEM%\services\crontab.ini

  • %SYSTEM%\services\exploit.exe

  • %SYSTEM%\services\keywords.ini

  • %SYSTEM%\services\oops.exe

  • %SYSTEM%\services\sl.ini

  • %SYSTEM%\services\titles.ini

  • %STARTMENU%\XXX.lnk

  • %PROFILE%\Local Settings\Temp\Rem11.exe

  • %PROFILE%\Local Settings\Tempm

  • %PROFILE%\Local Settings\Tempm.dll

  • %SYSTEMDRIVE%\crash.txt

  • %SYSTEMDRIVE%\CSV5P072.exe

  • %SYSTEMDRIVE%\ezStub.exe

  • %PROFILE%\Local Settings\Tempm.exe

  • %PROFILE%\Local Settings\Temp\instnotify.exe

  • %PROFILE%\Local Settings\Temp\mw_4s_stub.exe

  • %SYSTEMDRIVE%\Temp\cdt_bbi8016.exe

  • %WINDOWS%\nem219.dll

  • %WINDOWS%\Downloaded Program Files\BridgeX.dll

  • %WINDOWS%\Downloaded Program Files\BridgeX.inf

  • %SYSTEM%\ebxpaf.exe

  • %SYSTEM%\hoz.dll

  • %SYSTEM%\imemebuf.exe

  • %SYSTEM%\inetmled.exe

  • %SYSTEM%\strtopen.exe

  • %SYSTEM%\swpnds.exe

  • %SYSTEM%\fmiext40.exe

  • %SYSTEM%\wstcrt20.exe

Exploit is often accompanied by the following tracking cookies:

  • ru4.com

  • rightmedia.com

Exploit might create following registry keys (and inject subkeys and values):

  • HKEY_CLASSES_ROOT\CLSID\{5321E378-FFAD-4999-8C62-03CA8155F0B3}

  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5321E378-FFAD-4999-8C62-03CA8155F0B3}

  • HKEY_CLASSES_ROOT\CLSID\{0000607D-D204-42C7-8E46-216055BF9918}

  • HKEY_CLASSES_ROOT\CLSID\{4BCF322B-9621-4e90-9678-F1424EB7584E}

  • HKEY_CLASSES_ROOT\Interface\{D47BD4DE-B880-4610-8A8B-C173DEC4272F}

  • HKEY_CLASSES_ROOT\Replace.HBO

  • HKEY_CLASSES_ROOT\Replace.HBO.1

  • HKEY_CLASSES_ROOT\TypeLib\{85A886B2-29BB-4189-8046-A66733B242E9}

  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0000607D-D204-42C7-8E46-216055BF9918}

  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4BCF322B-9621-4e90-9678-F1424EB7584E}

  • HKEY_CLASSES_ROOT\BridgeX.Installer

  • HKEY_CLASSES_ROOT\CLSID\{00000010-6F7D-442C-93E3-4A4827C2E4C8}

  • HKEY_CLASSES_ROOT\CLSID\{11AC167E-9142-2B96-D75A-615505A07E47}

  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\SOFTWARE

  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\SOFTWARE\Microsoft

  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\SOFTWARE\Microsoft\Windows

  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\SOFTWARE\Microsoft\Windows\CurrentVersion

  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer

  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects

  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00000010-6F7D-442C-93E3-4A4827C2E4C8}

  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11AC167E-9142-2B96-D75A-615505A07E47}

  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\*/BridgeX.dll*

  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\*/WildApp.dll*

  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ContextSidebar

  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MirrorUnder

  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RonSidebar

  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpiderSidebar

  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UrlSidebar

  • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Avenue Media

  • HKEY_USERS\*\Software\Arcu

  • HKEY_USERS\*\Software\Policies\Avenue Media

Exploit might create following registry values:

  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|xpsystem

  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|anutypqf

  • HKEY_USERS\*\Software\Microsoft\Windows\CurrentVersion\Run|xpsystem

  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|lxijuocplbm

  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|46m

  • HKEY_USERS\*\Software\Microsoft\Internet Explorer\Titles|sex

  • HKEY_USERS\*\Software\Microsoft\Internet Explorer\Titles|ass

  • HKEY_USERS\*\Software\Microsoft\Internet Explorer\Titles|anal

  • HKEY_USERS\*\Software\Microsoft\Internet Explorer\Titles|fuck

  • HKEY_USERS\*\Software\Microsoft\Internet Explorer\Titles|porn

  • HKEY_USERS\*\Software\Microsoft\Internet Explorer\Titles|incest

  • HKEY_USERS\*\Software\Microsoft\Internet Explorer\Titles|pissing

  • HKEY_USERS\*\Software\Microsoft\Internet Explorer\Titles|porno

  • HKEY_USERS\*\Software\Microsoft\Internet Explorer\Titles|tgp

  • HKEY_USERS\*\Software\Microsoft\Internet Explorer\Titles|thumb

  • HKEY_USERS\*\Software\Microsoft\Internet Explorer\Titles|hardcore

  • HKEY_USERS\*\Software\Microsoft\Internet Explorer\Titles|amateur

  • HKEY_USERS\*\Software\Microsoft\Internet Explorer\Titles|lolita

  • HKEY_USERS\*\Software\Microsoft\Internet Explorer\Titles|underage

  • HKEY_USERS\*\Software\Microsoft\Internet Explorer\Titles|{not_found}

  • HKEY_USERS\*\Software\Microsoft\Internet Explorer\URLSearchHooks|_{CFBFAE00-17A6-11D0-99CB-00C04FD64497}

  • HKEY_USERS\*\Software\Microsoft\Windows\CurrentVersion\Explorer|explorerstateacc10

  • HKEY_USERS\*\Software\Microsoft\Windows\CurrentVersion\Explorer|explorerstate2acc10

  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Service Host

Exploit might create registry values with following data:

  • HKEY_USERS\*\Software\Microsoft\Internet Explorer\Main|Start Page|http://www.coolsearch.biz*

  • HKEY_USERS\*\Software\Microsoft\Windows NT\CurrentVersion\Windows|run|*\exploit.exe

  • HKEY_USERS\*\Software\Microsoft\Internet Explorer\Main|Start Page|*clicksearchclick*

Exploit might insert following entries in the HOSTS file:

n/a

 

Click here to scan your computer for Exploit free of charge

 Download | Order Now | Partners | Index | Hunter's Log | EULA | Privacy Policy   © 2002-2007 TrekBlue, Inc.