PrivitizeVPN

Category:	Adware and PUAs	Protection available since:	14 Oct 2012 18:17:42 (GMT)
Type:	Adware	Last Updated:	04 Dec 2012 08:02:41 (GMT)

Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of PrivitizeVPN include:

Example 1

File Information

Size: 210K
SHA-1: 26049d7ba2758abbdc80b3d767b8c3af38652bc9
MD5: 037a844a3943629ec3d20ed7dceebf1b
CRC-32: c6a70ec8
File type: Windows executable
First seen: 2012-05-22

Example 2

File Information

Size: 1.2M
SHA-1: 525eb01389c7da0fded058bca3b0a73271e4a700
MD5: c63c9bc18de063b555f2b21c40f1de45
CRC-32: f7a40001
File type: Windows executable
First seen: 2012-07-13

Runtime Analysis

Dropped Files

c:\Documents and Settings\test user\Start Menu\Programs\PrivitizeVPN\Uninstall PrivitizeVPN.lnk
Size
801
SHA-1
db4cb45bded333e89fdd2bc9a1a16fa748d6e54d
MD5
1e5629805fc5586f21e8d70bcc9ca73b
CRC-32
7b904ca0
File type
Windows Shortcut file (.LNK)
First seen
2012-09-29
c:\Documents and Settings\test user\Local Settings\Temp\nsm3.tmp\Math.dll
c:\Documents and Settings\test user\Local Settings\Temp\nsm3.tmp\lzma.exe
Size
72K
SHA-1
9685190619088991a89ab6b96f8595453bb7f795
MD5
71dc11c495355f883498ff5e8702bb3d
CRC-32
a96f4485
File type
Windows executable
First seen
2012-06-28
c:\Documents and Settings\test user\Local Settings\Temp\nsm3.tmp\NSISdl.dll
Size
416K
SHA-1
266249c9f8f7cb80256ef12841ea390b1585ddb9
MD5
da80b9525b4be92405730d5529f6857c
CRC-32
7e9d0a4e
File type
Windows executable
First seen
2012-06-28
C:\Program Files\PrivitizeVPN\VPN.dll
Size
172K
SHA-1
2974c2c4158e589b06a639ce2da56f045138e95f
MD5
496ee5cf7a13b610d1ac063d556111c4
CRC-32
c18e8d5b
File type
Windows executable
First seen
2012-09-29
c:\Documents and Settings\test user\Start Menu\Programs\PrivitizeVPN\PrivitizeVPN.lnk
Size
816
SHA-1
1e6e2c3664b6335cbf4603ce693139c206257d8d
MD5
88167f3ddc44ad9997faa893ffb27229
CRC-32
be68d4e0
File type
Windows Shortcut file (.LNK)
First seen
2012-09-29
c:\Documents and Settings\test user\Local Settings\Temp\PromoEngineInstaller\chutil.dll
Size
210K
SHA-1
26049d7ba2758abbdc80b3d767b8c3af38652bc9
MD5
037a844a3943629ec3d20ed7dceebf1b
CRC-32
c6a70ec8
File type
Windows executable
First seen
2012-05-22
c:\Documents and Settings\test user\Local Settings\Temp\nsm3.tmp\NSISList.dll
Size
98K
SHA-1
1efba431c0fac46c6cb6f60dc08f65a0e23ccf3d
MD5
2e0785f18f8714393bc4bc1fe170eadf
CRC-32
caf2be03
File type
Windows executable
First seen
2012-02-29
c:\Documents and Settings\test user\Local Settings\Temp\nsm3.tmp\ThreadTimer.dll
Size
3.0K
SHA-1
b4a5e6567bed3c783af030df9418f91a7bac3040
MD5
c43953f463c22e048e45b402d190e77d
CRC-32
00e80794
File type
Windows executable
First seen
2012-05-22
c:\Documents and Settings\test user\Local Settings\Temp\installer.jpg
Size
21K
SHA-1
5aef5e7eae91634e383acefcb6d6a287bb4fc0e4
MD5
355a9586a3bc9605f481e22f185ef5cc
CRC-32
672fc8dc
File type
JPEG Interchange Format
First seen
2012-08-30
c:\Documents and Settings\test user\Local Settings\Temp\nsm3.tmp\RegisterWindowClass.dll
Size
3.0K
SHA-1
7ff97100e31c0fada5a089d4845426b7d3766242
MD5
b9730c8a73630c205fdef7b092942757
CRC-32
e0a1f9fd
File type
Windows executable
First seen
2012-05-22
c:\Documents and Settings\test user\Local Settings\Temp\~DFD4C4.tmp
Size
48K
SHA-1
2ce5ad15989dc61b2876d1070c701286c24ddc0d
MD5
5a087615842fc2c7f123d6d2db816fce
CRC-32
ab3a1bb7
File type
Microsoft OLE2 file format
First seen
2012-08-30
c:\Documents and Settings\test user\Local Settings\Temp\nsm3.tmp\xml.dll
c:\Documents and Settings\test user\Local Settings\Temp\PrivitizeVPNInstaller.exe
Size
490K
SHA-1
da70471082b9954e7e5287e1246bb1aa31996359
MD5
92411267c95a4e172cb53ef9f07b2ea6
CRC-32
fbd11f88
File type
Windows executable
First seen
2012-09-19
C:\Program Files\PrivitizeVPN\uninstall.exe
Size
50K
SHA-1
9b45944e48dfd6b6300d75e30b045e53ae7d4fca
MD5
79040fbceff378a84194ec0cfdab4a48
CRC-32
19201f04
File type
Windows executable
First seen
2012-08-30
c:\Documents and Settings\test user\Local Settings\Temp\gui.xml
Size
1.6K
SHA-1
1b76b3f748c24add035fca25483810495122455a
MD5
551383b0d503127b8b83bfc128505179
CRC-32
d41d45eb
File type
Extensible Markup Language (XML)
First seen
2012-09-26
c:\Documents and Settings\test user\Local Settings\Temp\nsm3.tmp\nsDialogs.dll
c:\Documents and Settings\test user\Local Settings\Temp\nsm3.tmp\ButtonEvent.dll
Size
4.5K
SHA-1
d64e05c1879a92d5a8f9ff2fd2f1a53e1a53ae96
MD5
55788069d3fa4e1daf80f3339fa86fe2
CRC-32
3886619a
File type
Windows executable
First seen
2012-01-20
C:\Program Files\PrivitizeVPN\PrivitizeVPN.exe
Size
193K
SHA-1
7c6198902e0bc567da6eced92ed461acf1f72688
MD5
430739f114507dd2ea78d180a34ff9f3
CRC-32
5027cd5d
File type
Windows executable
First seen
2012-02-01
c:\Documents and Settings\test user\Local Settings\Temp\PromoEngineInstaller\sqlite3.dll
c:\Documents and Settings\test user\Local Settings\Temp\nsm3.tmp\System.dll
c:\Documents and Settings\test user\Local Settings\Temp\nsm3.tmp\ioSpecial.ini
Size
287
SHA-1
ab40ebd519b1beaa5e5dbe84ed5fb2ac20d2d00e
MD5
d0c233f954a8face9132e79e08bad9a3
CRC-32
fac02b82
File type
Configuration Data File (generic)
First seen
2010-09-20
c:\Documents and Settings\test user\Local Settings\Temp\nsm3.tmp\modern-wizard.bmp

Registry Keys Created

HKLM\SOFTWARE\PrivitizeVPN
Path
C:\Program Files\PrivitizeVPN
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PrivitizeVPN
NoRepair
0x00000001
HKLM\SOFTWARE\PrivitizeVPN\Components
Main
1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
PrivitizeVPN
C:\Program Files\PrivitizeVPN\PrivitizeVPN.exe /autorun
HKCU\Software\StartSearch\plug-in
uudata
3d5b5e0c-0a78-11e2-87eb-000c293f2db2

Processes Created

c:\docume~1\support\locals~1\temp\privitizevpninstaller.exe
c:\program files\privitizevpn\privitizevpn.exe

HTTP Requests

http://privitize.com/api/dev/install_config
http://privitize.com/static/img/installer.jpg
http://www.privitize.com/api/dev/access
http://www.privitize.com/api/dev/error
http://www.privitize.com/api/dev/update

IP Connections

46.246.31.251:1723

DNS Requests

privitize.com
www.privitize.com

Example 3

File Information

Size: 1.1M
SHA-1: efa23b536ca6a305cac5b79e7456f40a519f904d
MD5: fe2d1c42bdc73f35a5177f6171c57dc0
CRC-32: b166489f
File type: Windows executable
First seen: 2012-11-26

Runtime Analysis

Dropped Files

c:\Documents and Settings\test user\Local Settings\Temp\nsi6.tmp\InstallOptions.dll
c:\Documents and Settings\test user\Local Settings\Temp\nsi6.tmp\ButtonEvent.dll
Size
4.5K
SHA-1
d64e05c1879a92d5a8f9ff2fd2f1a53e1a53ae96
MD5
55788069d3fa4e1daf80f3339fa86fe2
CRC-32
3886619a
File type
Windows executable
First seen
2012-01-20
c:\Documents and Settings\test user\Local Settings\Temp\nsi3.tmp\nsExec.dll
c:\Documents and Settings\test user\Local Settings\Temp\nsi6.tmp\modern-wizard.bmp
c:\Documents and Settings\test user\Local Settings\Temp\nsi6.tmp\NSISdl.dll
Size
417K
SHA-1
78f8072c0f57153eac1c97f617888b3c51673ed0
MD5
00a011110ec8864f8d2f10885a856d4a
CRC-32
1ace0f33
File type
Windows executable
First seen
2012-11-04
c:\Documents and Settings\test user\Local Settings\Temp\PromoEngineInstaller\chutil.dll
Size
214K
SHA-1
abe48adb8f5cbbd38aac1164cb23657e5ff4e1c0
MD5
1fa297addf9efe85b06ebd53ba6575f7
CRC-32
2f1e1c96
File type
Windows executable
First seen
2012-11-04
c:\Documents and Settings\test user\Local Settings\Temp\nsi6.tmp\ThreadTimer.dll
Size
3.0K
SHA-1
b4a5e6567bed3c783af030df9418f91a7bac3040
MD5
c43953f463c22e048e45b402d190e77d
CRC-32
00e80794
File type
Windows executable
First seen
2012-05-22
c:\Documents and Settings\test user\Start Menu\Programs\PrivitizeVPN\Uninstall PrivitizeVPN.lnk
Size
801
SHA-1
d81d82027d5979f199796860e7b279d1d7c9e6f4
MD5
603854f8f9e2c82e0cc6b3b7fc968373
CRC-32
3f9e605f
File type
Windows Shortcut file (.LNK)
First seen
2012-11-27
c:\Documents and Settings\test user\Local Settings\Temp\gui.xml
Size
1.7K
SHA-1
3dd765cddb63d38f642eed106c2e4e48fcdda8e2
MD5
446d1aa8352eb97ef73d7c5e627a7572
CRC-32
548033a5
File type
Extensible Markup Language (XML)
First seen
2012-11-27
c:\Documents and Settings\test user\Local Settings\Temp\nsi6.tmp\NSISList.dll
Size
98K
SHA-1
1efba431c0fac46c6cb6f60dc08f65a0e23ccf3d
MD5
2e0785f18f8714393bc4bc1fe170eadf
CRC-32
caf2be03
File type
Windows executable
First seen
2012-02-29
c:\Documents and Settings\test user\Local Settings\Temp\nsi6.tmp\xml.dll
c:\Documents and Settings\test user\Local Settings\Temp\nsi3.tmp\DcryptDll.dll
c:\Documents and Settings\test user\Local Settings\Temp\nsi6.tmp\nsDialogs.dll
C:\Program Files\PrivitizeVPN\VPN.dll
Size
172K
SHA-1
2974c2c4158e589b06a639ce2da56f045138e95f
MD5
496ee5cf7a13b610d1ac063d556111c4
CRC-32
c18e8d5b
File type
Windows executable
First seen
2012-09-29
c:\Documents and Settings\test user\Local Settings\Temp\nsi3.tmp\PrivitizeVPN_1.0.0.2_install_config.exe
Size
1.3M
SHA-1
cb1cdd201306cc3383469c8e368d2fdb395507b3
MD5
700e9249612be7cfb5dbf5a0ed29fee1
CRC-32
83738350
File type
Windows executable
First seen
2012-11-26
c:\Documents and Settings\test user\Local Settings\Temp\PromoEngineInstaller\sqlite3.dll
c:\Documents and Settings\test user\Local Settings\Temp\nsi6.tmp\Math.dll
c:\Documents and Settings\test user\Local Settings\Temp\PromoEngineInstaller\lzma.exe
Size
72K
SHA-1
9685190619088991a89ab6b96f8595453bb7f795
MD5
71dc11c495355f883498ff5e8702bb3d
CRC-32
a96f4485
File type
Windows executable
First seen
2012-06-28
C:\Program Files\PrivitizeVPN\PrivitizeVPN.exe
Size
193K
SHA-1
7c6198902e0bc567da6eced92ed461acf1f72688
MD5
430739f114507dd2ea78d180a34ff9f3
CRC-32
5027cd5d
File type
Windows executable
First seen
2012-02-01
c:\Documents and Settings\test user\Local Settings\Temp\nsi6.tmp\System.dll
c:\Documents and Settings\test user\Local Settings\Temp\nsi3.tmp\PrivitizeVPN_1.0.0.2_install_config.dat
Size
967K
SHA-1
d0fa656b67436bcecaf5ec2df8f8f5d577f27aa7
MD5
baa00d8e9edde19cb9e54bd39a48f486
CRC-32
9aaa8029
File type
Unspecified binary - probably data
First seen
2012-11-27
c:\Documents and Settings\test user\Local Settings\Temp\nsi3.tmp\lzma.exe
Size
72K
SHA-1
9685190619088991a89ab6b96f8595453bb7f795
MD5
71dc11c495355f883498ff5e8702bb3d
CRC-32
a96f4485
File type
Windows executable
First seen
2012-06-28
C:\Program Files\PrivitizeVPN\uninstall.exe
Size
50K
SHA-1
9b45944e48dfd6b6300d75e30b045e53ae7d4fca
MD5
79040fbceff378a84194ec0cfdab4a48
CRC-32
19201f04
File type
Windows executable
First seen
2012-08-30
c:\Documents and Settings\test user\Local Settings\Temp\nsi6.tmp\ioSpecial.ini
Size
540
SHA-1
f0966b9f3ea127273dab472db5841317f419df04
MD5
b360b5a7745363abab6367d31f1583f7
CRC-32
ee3686f6
File type
Configuration Data File (generic)
First seen
2012-11-27
c:\Documents and Settings\test user\Local Settings\Temp\nsi3.tmp\PrivitizeVPN_1.0.0.2_install_config.lza
Size
967K
SHA-1
135568d75014ec7ddfef97c2c0ada1e1f2aac1d8
MD5
afe0f4d0f8e074b35da8d6a7f2b3182b
CRC-32
761c3365
File type
Unspecified binary - probably data
First seen
2012-11-27
c:\Documents and Settings\test user\Start Menu\Programs\PrivitizeVPN\PrivitizeVPN.lnk
Size
816
SHA-1
a5043acf2d3366f7b9ee709e04dcf0ab0f6e91dd
MD5
a53cc0079f438ae7da801fef4d484b21
CRC-32
948e49ac
File type
Windows Shortcut file (.LNK)
First seen
2012-11-27

Registry Keys Created

HKLM\SOFTWARE\PrivitizeVPN
Path
C:\Program Files\PrivitizeVPN
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PrivitizeVPN
NoRepair
0x00000001
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
PrivitizeVPN
C:\Program Files\PrivitizeVPN\PrivitizeVPN.exe /autorun
HKCU\Software\StartSearch\plug-in
uudata
81539400-387a-11e2-87ed-000c29a3eb37
HKLM\SOFTWARE\PrivitizeVPN\Components
Main
1
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012012112720121128
CacheRepair
0x00000000

Registry Keys Modified

HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication
Name
iexplore.exe

Processes Created

c:\docume~1\support\locals~1\temp\nsi3.tmp\lzma.exe
c:\docume~1\support\locals~1\temp\nsi3.tmp\ns4.tmp
c:\docume~1\support\locals~1\temp\nsi3.tmp\privitizevpn_1.0.0.2_install_config.exe
c:\docume~1\support\locals~1\temp\nsi6.tmp\privitizevpninstaller.exe
c:\program files\privitizevpn\privitizevpn.exe

HTTP Requests

http://html5shim.googlecode.com/svn/trunk/html5.js
http://privitize.com/api/dev/install
http://privitize.com/api/dev/install_config
http://privitize.com/postinstall
http://privitize.com/static/css/bootstrap-responsive.css
http://privitize.com/static/css/bootstrap.css
http://privitize.com/static/js/bootstrap-dropdown.js
http://privitize.com/static/js/bootstrap-modal.js
http://privitize.com/static/js/jquery-1.7.2.min.js
http://www.privitize.com/api/dev/update

DNS Requests

html5shim.googlecode.com
privitize.com
www.privitize.com

Try Sophos products for free
Download now

Security Goals

INDUSTRIES & SECTORS

COMPANY SIZE

PRODUCT FEATURES

CASE STUDIES

Company Overview

Our People

INNOVATIVE TECHNOLOGY

ALERT SERVICES

Product Features

Product Families

Complete Security

PRODUCTS BY NAME

Free Tools

Next Steps

RESOURCES

FIND AN ANSWER

Support by Product

Maintain your Product

Hire an Expert

WHAT'S POPULAR

THREAT ANALYSIS

THREAT STATISTICS

WHAT'S POPULAR

Threat Definitions

THREAT MONITORING

SECURITY HUBS

LIBRARY

Whats Popular

WHAT'S NEW

Community

IT SECURITY TRAINING

ANATOMY OF AN ATTACK

RESELLER PARTNERS

Managed Service Providers

SYSTEM INTEGRATORS

OEM and Technology

WHAT'S POPULAR

PrivitizeVPN

Example 1

File Information

Example 2

File Information

Runtime Analysis

Dropped Files

Registry Keys Created

Processes Created

HTTP Requests

IP Connections

DNS Requests

Example 3

File Information

Runtime Analysis

Dropped Files

Registry Keys Created

Registry Keys Modified

Processes Created

HTTP Requests

DNS Requests

Free Mac Anti-Virus

Popular topics