BlockChecker , ccapp.exe , ustart.exe , block-checker.exe , navshext1.dll

startseite Gastbuch Kontakt
BlockChecker , ccapp.exe
BlockChecker , ccapp.exe





Counterspy

Details: Adware.navshext lowers Internet security settings, adds itself to firewall exclusion policies and downloads a number of adware programs.

Infected files detected
c:\windows\system32\ustart.exe

Registry

HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\Startup
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\Startup DisplayName System Process
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\Startup UninstallString C:\WINDOWS\System32\ccapp.exe

SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BlockChecker

SYSTEM\CurrentControlSet\Services\SQFLKUEY\





Sends one of the following messages to the contacts of Microsoft Messenger, Yahoo Instant Messenger and AOL Instant Messenger:

* Find out who's blocking you on MSN, Download it free from [http://]www.block-checker[REMOVED].com
* Did you know you can find out who blocked you on MSN? Check it out, it's free [http://]www.block-checker[REMOVED].com

HKEY_CURRENT_USER\Software\VB and VBA Program Settings\IMAdvertiser\MSN
HKEY_CURRENT_USER\Software\VB and VBA Program Settings\IMAdvertiser\Yahoo
HKEY_CURRENT_USER\Software\VB and VBA Program Settings\IMAdvertiser\AOL

http://www.symantec.com/avcenter/venc/data/adware.blockchecker.html



HijackThis

O2 - BHO: System Process - {C2EEB4FA-B6D6-41b9-9CFA-ABA87F862BCB} - C:\WINDOWS\System32\navshext1.dll
O4 - HKLM\..\Run: [BlockChecker] C:\Program Files\Block Checker\block-checker.exe


MWAV

C:\WINDOWS\System32\ccapp.exe tagged as not-a-virus:AdWare.Win32.Chiem.a. No Action Taken.
C:\WINDOWS\System32\navshext.dll tagged as not-a-virus:AdWare.Win32.Chiem.a. No Action Taken.
C:\WINDOWS\System32\navshext1.dll tagged as not-a-virus:AdWare.Win32.Chiem.a. No Action Taken.
C:\Program Files\Block Checker\BLOCK-~1.EXE infected by "IM-Worm.Win32.Chiem.a"
c:\program files\block checker\block checker.exe (704 KB)
C:\Program Files\Block Checker\csrss.exe infected by "Trojan.Win32.Starter.e"


* %SystemDir%\ccapp.exe (16 KB)
* c:\program files\block checker\uninstall.exe (63 KB)
* c:\program files\block checker\setup_finish.exe (16 KB)
* c:\program files\block checker\setup.log (2 KB)
* c:\program files\block checker\csrss.exe (28 KB)
* c:\program files\block checker\block-checker.exe (48 KB)
* c:\program files\block checker\block checker.exe (704 KB)
* c:\documents and settings\all users\start menu\programs\block checker\block checker\block checker.lnk (1 KB)
* c:\documents and settings\administrator\ application data\microsoft\internet explorer\quick launch\block checker.lnk (1 KB)

Registry

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BlockChecker"=-

[-HKEY_CLASSES_ROOT\CLSID\{C2EEB4FA-B6D6-41b9-9CFA-ABA87F862BCB}]
[-HKEY_CLASSES_ROOT\CLSID\{C2EEB4FA-B6D6-41b9-9CFA-ABA87F862BCB}]
[-HKEY_CLASSES_ROOT\CLSID\{C2EEB4FA-B6D6-41b9-9CFA-ABA87F862BCB}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Block Checker]
[-HKEY_CURRENT_USER\Software\VB and VBA Program Settings\IMAdvertiser\MSN]
[-HKEY_CURRENT_USER\Software\VB and VBA Program Settings\IMAdvertiser\AOL]
[-HKEY_CURRENT_USER\Software\VB and VBA Program Settings\IMAdvertiser\Yahoo]

----------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\
C:\Program Files\Block Checker\block-checker.exe: 0x00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\System Process\ModId: "3"

HKEY_LOCAL_MACHINE\SOFTWARE\System Process\Started: 0x00000001

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\
Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\
c:\windows\system32\ccapp.exe

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\
Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\
c:\windows\system32\ccapp.exe

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\*.system-processes.com:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\
"Startup"
"UninstallString\
C:\WINDOWS\System32\ccapp.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\
"Startup"
DisplayName"="System Process"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\
"Block Checker"
"DisplayName"="Block Checker 1.0"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs
"C:\Program Files\Block Checker\block-checker.exe"="1"




Valid HTML 4.01 Ranking-Hits