NetPumper

Category: Adware and PUAs Protection available since:29 Jun 2008 15:47:06 (GMT)
Type: Adware Last Updated:01 Aug 2008 19:25:18 (GMT)

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

NetPumper is an adware supported application from www.netpumper.com.

When NetPumper is installed the following folders and files are created:

<Start Menu\Programs>\NetPumper
<Start Menu\Programs>\NetPumper\NetPumper Help.lnk
<Start Menu\Programs>\NetPumper\NetPumper.lnk
<Start Menu\Programs>\NetPumper\Readme.lnk
<Start Menu\Programs>\NetPumper\Shutdown NetPumper.lnk
<Start Menu\Programs>\NetPumper\Uninstall NetPumper.lnk
<User>\Application Data\NetPumper
<User>\Cookies\<User>@netpumper[?].txt
<Program Files>\NetPumper
<Program Files>\NetPumper\AddUrl.htm
<Program Files>\NetPumper\NetPumper.exe
<Program Files>\NetPumper\NetPumperIEProxy.exe
<Program Files>\NetPumper\NetPumperNNProxy.dll
<Program Files>\NetPumper\NPNetPumper_Application.dll
<Program Files>\NetPumper\NPNetPumper_Audio.dll
<Program Files>\NetPumper\NPNetPumper_Video.dll
<Program Files>\NetPumper\README.txt
<Program Files>\NetPumper\rsqwww2.exe
<Program Files>\NetPumper\shutdown.exe
<Program Files>\NetPumper\TurnLog.exe
<Program Files>\NetPumper\unins000.dat
<Program Files>\NetPumper\unins000.exe
<Program Files>\NetPumper\x.bat
<Program Files>\NetPumper\help\

The following files will also be typically installed belonging to Troj/Swizzor-NX and Troj/Startp-BJ:

<Root>\cl.exe
<User>\Application Data\Web Okay Five 01\Media Flap.exe
<Program Files>\NetPumper\ZM\minime.exe
<User>\Application Data\forkmesswin\0
<User>\Application Data\forkmesswin\cdrom upload file.exe
<User>\Application Data\forkmesswin\joy download acid.exe
<User>\Application Data\forkmesswin\leapzbbq.exe
<Temp>\bis<number>.exe
<Program Files>\forkmesswin\

(for further information on these adware related Trojans please refer to the descriptions for Troj/Swizzor-NX and Troj/Startp-BJ).

The following registry entries are created to run Media Flap.exe and NetPumperIEProxy.exe on startup:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Five 01 else bias
<User>\Application Data\Web Okay Five 01\Media Flap.exe

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
NetPumper
<Program Files>\NetPumper\NetPumperIEProxy.exe

The files NetPumper.exe and NetPumperNNProxy.dll are registered as COM objects, creating registry entries under:

HKCR\TypeLib\{F7258F6E-9F60-49C0-8C82-F0A0993D68E0}
HKCR\TypeLib\{1145A909-A836-44B8-B03A-48D858B0F43E}
HKCR\Interface\{E0ABBF96-17DC-44CA-96D0-6217064A97BA}
HKCR\Interface\{A9E33220-0B05-11D7-88D2-444553540000}
HKCR\Interface\{A8B0F390-E6BF-4027-A4D4-1E4363F5E27B}
HKCR\CLSID\{E19B133D-184E-4BBA-8A70-38489C9DD31B}
HKCR\CLSID\{1AA406AB-F581-42AB-B4D1-31D2E13819EF}

The following registry value is set:

HKCU\Software\Microsoft\Internet Explorer\Main
AutoSearch
0

Registry entries are created under:

HKLM\SOFTWARE\NetPumper
HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\onlinedartone
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NetPumper_is1
HKCR\MIME\Database\Content Type\application/x-netpumper-detector

NetPumper provides an uninstall option which can be accessed via the Add or Remove Programs dialog in the Windows Control Panel. The software is listed as "CiD Help" and "NetPumper 1.50".

download Try Sophos products for free
Download now

© 1997 - 2012 Sophos Ltd. All rights reserved. Legal Privacy