Summary
Summary
More Information
| How it spreads |
|
|---|---|
| Affected operating systems | Windows |
| Characteristics |
|
| Included in our products from | September 2008 (4.33) |
| Protection available since | 29 June 2008 16:23:07 (GMT) |
| Last updated | 1 August 2008 23:08:45 (GMT) |
| Detected by | Sophos Anti-Virus for Windows, versions 6 and 7 and PureMessage for Microsoft Exchange. |
More Information
- Summary
- More Information
NetPumper is an adware supported application from www.netpumper.com.
When NetPumper is installed the following folders and files are created:
<Start Menu\Programs>\NetPumper
<Start Menu\Programs>\NetPumper\NetPumper Help.lnk
<Start Menu\Programs>\NetPumper\NetPumper.lnk
<Start Menu\Programs>\NetPumper\Readme.lnk
<Start Menu\Programs>\NetPumper\Shutdown NetPumper.lnk
<Start Menu\Programs>\NetPumper\Uninstall NetPumper.lnk
<User>\Application Data\NetPumper
<User>\Cookies\<User>@netpumper[?].txt
<Program Files>\NetPumper
<Program Files>\NetPumper\AddUrl.htm
<Program Files>\NetPumper\NetPumper.exe
<Program Files>\NetPumper\NetPumperIEProxy.exe
<Program Files>\NetPumper\NetPumperNNProxy.dll
<Program Files>\NetPumper\NPNetPumper_Application.dll
<Program Files>\NetPumper\NPNetPumper_Audio.dll
<Program Files>\NetPumper\NPNetPumper_Video.dll
<Program Files>\NetPumper\README.txt
<Program Files>\NetPumper\rsqwww2.exe
<Program Files>\NetPumper\shutdown.exe
<Program Files>\NetPumper\TurnLog.exe
<Program Files>\NetPumper\unins000.dat
<Program Files>\NetPumper\unins000.exe
<Program Files>\NetPumper\x.bat
<Program Files>\NetPumper\help\
The following files will also be typically installed belonging to Troj/Swizzor-NX and Troj/Startp-BJ:
<Root>\cl.exe
<User>\Application Data\Web Okay Five 01\Media Flap.exe
<Program Files>\NetPumper\ZM\minime.exe
<User>\Application Data\forkmesswin\0
<User>\Application Data\forkmesswin\cdrom upload file.exe
<User>\Application Data\forkmesswin\joy download acid.exe
<User>\Application Data\forkmesswin\leapzbbq.exe
<Temp>\bis<number>.exe
<Program Files>\forkmesswin\
(for further information on these adware related Trojans please refer to the descriptions for Troj/Swizzor-NX and Troj/Startp-BJ).
The following registry entries are created to run Media Flap.exe and NetPumperIEProxy.exe on startup:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Five 01 else bias
<User>\Application Data\Web Okay Five 01\Media Flap.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
NetPumper
<Program Files>\NetPumper\NetPumperIEProxy.exe
The files NetPumper.exe and NetPumperNNProxy.dll are registered as COM objects, creating registry entries under:
HKCR\TypeLib\{F7258F6E-9F60-49C0-8C82-F0A0993D68E0}
HKCR\TypeLib\{1145A909-A836-44B8-B03A-48D858B0F43E}
HKCR\Interface\{E0ABBF96-17DC-44CA-96D0-6217064A97BA}
HKCR\Interface\{A9E33220-0B05-11D7-88D2-444553540000}
HKCR\Interface\{A8B0F390-E6BF-4027-A4D4-1E4363F5E27B}
HKCR\CLSID\{E19B133D-184E-4BBA-8A70-38489C9DD31B}
HKCR\CLSID\{1AA406AB-F581-42AB-B4D1-31D2E13819EF}
The following registry value is set:
HKCU\Software\Microsoft\Internet Explorer\Main
AutoSearch
0
Registry entries are created under:
HKLM\SOFTWARE\NetPumper
HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\onlinedartone
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NetPumper_is1
HKCR\MIME\Database\Content Type\application/x-netpumper-detector
NetPumper provides an uninstall option which can be accessed via the Add or Remove Programs dialog in the Windows Control Panel. The software is listed as "CiD Help" and "NetPumper 1.50".
|
