Vonteera

Category: Adware and PUAs Protection available since:15 Sep 2013 15:49:16 (GMT)
Type: Adware Last Updated:15 Sep 2013 15:49:16 (GMT)

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of Vonteera include:

Example 1

File Information

Size
1.3M
SHA-1
53b177839ca6a6e4d0cd044ca030057aec53354b
MD5
eaad5a90ef7a4aa75ce2f07022739795
CRC-32
a578f5da
File type
Windows executable
First seen
2013-07-22

Other vendor detection

Avira
Adware/Vonteera.A.3

Runtime Analysis

Dropped Files
  • C:\Program Files\Volaro\Updater\uninstall.exe
  • C:\Program Files\Volaro\Updater\Win7\Tray.ico
  • c:\Documents and Settings\test user\Local Settings\Temp\alnaddy_config.dat
    Size
    2.9K
    SHA-1
    e7189ddbdb8e40d94ad275aba5aa89f13137b405
    MD5
    d3e84a75305a78e4da2af15817694f61
    CRC-32
    48ee128b
    File type
    Extensible Markup Language (XML)
    First seen
    2013-09-15
  • C:\Program Files\Volaro\Updater\Win7\Close.ico
  • C:\Program Files\Volaro\Updater\XP\Close.ico
  • C:\Program Files\Volaro\Updater\XP\theme.ini
  • c:\Documents and Settings\test user\Local Settings\Temp\aln2.tmp
    Size
    1.3M
    SHA-1
    be31cf66103b5aa839278fafce61640dc67c708e
    MD5
    ac2f661483f890e48fdaa0b49198ae6e
    CRC-32
    da31085d
    File type
    Windows executable
    First seen
    2013-07-17
  • C:\Program Files\Volaro\Updater\Updater.exe
  • C:\Program Files\Volaro\Updater\Win7\closeSel.ico
  • C:\Documents and Settings\All Users\Start Menu\Programs\Vonteera\Uninstall.lnk
    Size
    599
    SHA-1
    d41120e9e88a5a9918e99109c8bdbb73dd54f4d0
    MD5
    362df89dad8f41a9561ca47775ce760b
    CRC-32
    c3103825
    File type
    Windows Shortcut file (.LNK)
    First seen
    2013-09-15
  • C:\Program Files\VonteeraAddon\onload.js
  • C:\Program Files\VonteeraAddon\Vonteera.dll
  • c:\Documents and Settings\test user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfhbklndhffnahdploecdffbedhgjnce\1.0_0\main.js
  • C:\Program Files\Volaro\Updater\XP\closeSel.ico
  • C:\Program Files\VonteeraAddon\uninstall.exe
  • C:\Program Files\Volaro\Updater\XP\Tray.ico
  • C:\Program Files\Volaro\Updater\Win7\Msg.ico
  • C:\Program Files\Volaro\Updater\XP\Msg.ico
  • c:\Documents and Settings\test user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfhbklndhffnahdploecdffbedhgjnce\1.0_0\manifest.json
  • c:\Documents and Settings\test user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfhbklndhffnahdploecdffbedhgjnce\1.0_0\Vonteera-128-128.png
  • c:\Documents and Settings\test user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfhbklndhffnahdploecdffbedhgjnce\1.0_0\bg.html
  • c:\Documents and Settings\test user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfhbklndhffnahdploecdffbedhgjnce\1.0_0\Vonteera-16-16.png
  • c:\Documents and Settings\test user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfhbklndhffnahdploecdffbedhgjnce\1.0_0\Vonteera-48-48.png
  • C:\Program Files\Volaro\Updater\Win7\theme.ini
  • c:\Documents and Settings\test user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfhbklndhffnahdploecdffbedhgjnce\1.0_0\_locales\en\messages.json
  • c:\Documents and Settings\test user\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_jfhbklndhffnahdploecdffbedhgjnce_0.localstorage
Registry Keys Created
  • HKCR\CLSID\{437B9306-2FDE-4054-A3C9-6B49507C12D0}
    (Default)
    Vonteera Class
  • HKCR\Interface\{5CF787D4-66B4-4C7F-B78C-0AF62BA927AB}\ProxyStubClsid
    (Default)
    {00020424-0000-0000-C000-000000000046}
  • HKCR\AppID\Vonteera.DLL
    AppID
    {93D0B762-03DD-416f-AA26-B65F55B8914D}
  • HKCR\TypeLib\{F0CF2525-8FA4-4F38-A06B-F02183A4D51E}\1.0\HELPDIR
    (Default)
    C:\Program Files\VonteeraAddon
  • HKCR\CLSID\{437B9306-2FDE-4054-A3C9-6B49507C12D0}\VersionIndependentProgID
    (Default)
    Vonteera.Vonteera
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Volaro Updater
    NoRepair
    0x00000001
  • HKCU\Software\Microsoft\Internet Explorer\SearchScopes
    DefaultScope
    {756D1D40-E491-4E1D-9BC6-5B37CEDE646E}
  • HKCR\TypeLib\{F0CF2525-8FA4-4F38-A06B-F02183A4D51E}\1.0\FLAGS
    (Default)
  • HKCR\TypeLib\{F0CF2525-8FA4-4F38-A06B-F02183A4D51E}\1.0
    (Default)
    Vonteera 1.0 Type Library
  • HKCR\Interface\{5CF787D4-66B4-4C7F-B78C-0AF62BA927AB}\TypeLib
    Version
    1.0
  • HKCR\CLSID\{437B9306-2FDE-4054-A3C9-6B49507C12D0}\InprocServer32
    ThreadingModel
    Apartment
  • HKCR\Interface\{5CF787D4-66B4-4C7F-B78C-0AF62BA927AB}
    (Default)
    IVonteeraBHO
  • HKCR\TypeLib\{F0CF2525-8FA4-4F38-A06B-F02183A4D51E}\1.0\0\win32
    (Default)
    C:\Program Files\VonteeraAddon\Vonteera.dll
  • HKLM\SOFTWARE\Volaro Updater
    Path
    C:\Program Files\Volaro\Updater
  • HKCR\Vonteera.Vonteera
    (Default)
    Vonteera Class
  • HKCR\CLSID\{437B9306-2FDE-4054-A3C9-6B49507C12D0}\ProgID
    (Default)
    Vonteera.Vonteera.1
  • HKCU\Software\Vonteera
    LastStat
    0x52355ed1
  • HKCR\CLSID\{437B9306-2FDE-4054-A3C9-6B49507C12D0}\TypeLib
    (Default)
    {F0CF2525-8FA4-4f38-A06B-F02183A4D51E}
  • HKLM\SOFTWARE\Vonteera
    Path
    C:\Program Files\VonteeraAddon
  • HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{756D1D40-E491-4E1D-9BC6-5B37CEDE646E}
    URL
    http://www.arabyonline.com/search/?q={searchTerms}
  • HKCU\Software\Volaro
    Interval
    0x00015180
  • HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
    DefaultScope
    {756D1D40-E491-4E1D-9BC6-5B37CEDE646E}
  • HKLM\SOFTWARE\Vontera
    default
    1
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{437B9306-2FDE-4054-A3C9-6B49507C12D0}
    NoExplorer
    0x00000001
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    Volaro Update
    C:\Program Files\Volaro\Updater\Updater.exe
  • HKCR\Vonteera.Vonteera.1\CLSID
    (Default)
    {437B9306-2FDE-4054-A3C9-6B49507C12D0}
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Vonteera
    NoRepair
    0x00000001
  • HKCU\Software\Volaro\Data
    Path
    C:\Program Files\VonteeraAddon
  • HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{756D1D40-E491-4E1D-9BC6-5B37CEDE646E}
    URL
    http://www.arabyonline.com/search/?q={searchTerms}
  • HKCR\Interface\{5CF787D4-66B4-4C7F-B78C-0AF62BA927AB}\ProxyStubClsid32
    (Default)
    {00020424-0000-0000-C000-000000000046}
  • HKCR\Vonteera.Vonteera.1
    (Default)
    Vonteera Class
  • HKCR\AppID\{93D0B762-03DD-416f-AA26-B65F55B8914D}
    (Default)
    Vonteera
  • HKCR\Vonteera.Vonteera\CurVer
    (Default)
    Vonteera.Vonteera.1
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012013091520130916
    CacheRepair
    0x00000000
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{437B9306-2FDE-4054-A3C9-6B49507C12D0}
    NoExplorer
    0x00000001
  • HKCR\Vonteera.Vonteera\CLSID
    (Default)
    {437B9306-2FDE-4054-A3C9-6B49507C12D0}
Registry Keys Modified
  • HKCU\Software\Microsoft\Internet Explorer\Main
    Start Page
    http://www.arabyonline.com/?src=1000RTGTO1379229386
  • HKLM\SOFTWARE\Microsoft\Internet Explorer\Main
    Start Page
    http://www.arabyonline.com/?src=1000RTGTO1379229386
Processes Created
  • c:\docume~1\support\locals~1\temp\aln2.tmp
  • c:\docume~1\support\locals~1\temp\fixshortcuts.exe
  • c:\docume~1\support\locals~1\temp\nsx6.tmp\chinstall\chromereset.exe
  • c:\docume~1\support\locals~1\temp\searchinstaller.exe
  • c:\docume~1\support\locals~1\temp\vonteeraaddonsetup.exe
  • c:\program files\volaro\updater\volaroupdatersetup.exe
HTTP Requests
  • http://gogostats.info/t/von/new
  • http://srv1.adnetworkme.com/analytics.js
  • http://srv3.adnetworkme.com/updinst
  • http://www.acdcads.com/aff/thanks/updater-thanks.php
  • http://www.ftparaby.com/DATA/getdata.php
  • http://www.ftparaby.com/DATA/win.bmp
  • http://www.google-analytics.com/__utm.gif
  • http://www.google-analytics.com/analytics.js
  • http://www.google-analytics.com/collect
  • http://www.google-analytics.com/ga.js
DNS Requests
  • gogostats.info
  • s3-eu-west-1.amazonaws.com
  • srv1.adnetworkme.com
  • srv3.adnetworkme.com
  • www.acdcads.com
  • www.ftparaby.com
  • www.google-analytics.com

Example 2

File Information

File type
Windows executable

Example 3

File Information

Size
1.3M
SHA-1
be31cf66103b5aa839278fafce61640dc67c708e
MD5
ac2f661483f890e48fdaa0b49198ae6e
CRC-32
da31085d
File type
Windows executable
First seen
2013-07-17

Runtime Analysis

Registry Keys Created
  • HKCR\TypeLib\{F0CF2525-8FA4-4F38-A06B-F02183A4D51E}\1.0\HELPDIR
    (Default)
    C:\Program Files\VonteeraAddon
  • HKCR\CLSID\{437B9306-2FDE-4054-A3C9-6B49507C12D0}\VersionIndependentProgID
    (Default)
    Vonteera.Vonteera
  • HKCR\CLSID\{437B9306-2FDE-4054-A3C9-6B49507C12D0}\ProgID
    (Default)
    Vonteera.Vonteera.1
  • HKCR\TypeLib\{F0CF2525-8FA4-4F38-A06B-F02183A4D51E}\1.0\FLAGS
    (Default)
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Volaro Updater
    NoRepair
    0x00000001
  • HKCR\AppID\Vonteera.DLL
    AppID
    {93D0B762-03DD-416f-AA26-B65F55B8914D}
  • HKCR\TypeLib\{F0CF2525-8FA4-4F38-A06B-F02183A4D51E}\1.0
    (Default)
    Vonteera 1.0 Type Library
  • HKCR\CLSID\{437B9306-2FDE-4054-A3C9-6B49507C12D0}\InprocServer32
    ThreadingModel
    Apartment
  • HKLM\SOFTWARE\Volaro Updater
    Path
    C:\Program Files\Volaro\Updater
  • HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
    DefaultScope
    {756D1D40-E491-4E1D-9BC6-5B37CEDE646E}
  • HKCR\Vonteera.Vonteera
    (Default)
    Vonteera Class
  • HKLM\SOFTWARE\Vonteera
    Path
    C:\Program Files\VonteeraAddon
  • HKCU\Software\Volaro
    Interval
    0x00015180
  • HKCR\CLSID\{437B9306-2FDE-4054-A3C9-6B49507C12D0}\TypeLib
    (Default)
    {F0CF2525-8FA4-4f38-A06B-F02183A4D51E}
  • HKCR\Interface\{5CF787D4-66B4-4C7F-B78C-0AF62BA927AB}
    (Default)
    IVonteeraBHO
  • HKLM\SOFTWARE\Vontera
    default
    1
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{437B9306-2FDE-4054-A3C9-6B49507C12D0}
    NoExplorer
    0x00000001
  • HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{756D1D40-E491-4E1D-9BC6-5B37CEDE646E}
    URL
    http://www.arabyonline.com/yahoo.php?q={searchTerms}
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    Volaro Update
    C:\Program Files\Volaro\Updater\Updater.exe
  • HKCR\Interface\{5CF787D4-66B4-4C7F-B78C-0AF62BA927AB}\ProxyStubClsid32
    (Default)
    {00020424-0000-0000-C000-000000000046}
  • HKCR\Vonteera.Vonteera.1
    (Default)
    Vonteera Class
  • HKCR\Vonteera.Vonteera\CurVer
    (Default)
    Vonteera.Vonteera.1
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{437B9306-2FDE-4054-A3C9-6B49507C12D0}
    NoExplorer
    0x00000001
  • HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{756D1D40-E491-4E1D-9BC6-5B37CEDE646E}
    URL
    http://www.arabyonline.com/yahoo.php?q={searchTerms}
  • HKCR\AppID\{93D0B762-03DD-416f-AA26-B65F55B8914D}
    (Default)
    Vonteera
  • HKCR\CLSID\{437B9306-2FDE-4054-A3C9-6B49507C12D0}
    (Default)
    Vonteera Class
  • HKCR\Vonteera.Vonteera.1\CLSID
    (Default)
    {437B9306-2FDE-4054-A3C9-6B49507C12D0}
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Vonteera
    NoRepair
    0x00000001
  • HKCU\Software\Volaro\Data
    Path
    C:\Program Files\VonteeraAddon
  • HKCR\TypeLib\{F0CF2525-8FA4-4F38-A06B-F02183A4D51E}\1.0\0\win32
    (Default)
    C:\Program Files\VonteeraAddon\Vonteera.dll
  • HKCR\Interface\{5CF787D4-66B4-4C7F-B78C-0AF62BA927AB}\TypeLib
    Version
    1.0
  • HKCU\Software\Microsoft\Internet Explorer\SearchScopes
    DefaultScope
    {756D1D40-E491-4E1D-9BC6-5B37CEDE646E}
  • HKCR\Interface\{5CF787D4-66B4-4C7F-B78C-0AF62BA927AB}\ProxyStubClsid
    (Default)
    {00020424-0000-0000-C000-000000000046}
  • HKCR\Vonteera.Vonteera\CLSID
    (Default)
    {437B9306-2FDE-4054-A3C9-6B49507C12D0}
Registry Keys Modified
  • HKLM\SOFTWARE\Microsoft\Internet Explorer\Main
    Start Page
    http://www.arabyonline.com/?src=105
  • HKCU\Software\Microsoft\Internet Explorer\Main
    Start Page
    http://www.arabyonline.com/?src=105
Processes Created
  • c:\docume~1\support\locals~1\temp\fixshortcuts.exe
  • c:\docume~1\support\locals~1\temp\nsm5.tmp\chinstall\chromereset.exe
  • c:\docume~1\support\locals~1\temp\searchinstaller.exe
  • c:\docume~1\support\locals~1\temp\vonteeraaddonsetup.exe
  • c:\program files\volaro\updater\volaroupdatersetup.exe
HTTP Requests
  • http://gogostats.info/t/von/new
  • http://srv3.adnetworkme.com/updinst
  • http://www.ftparaby.com/DATA/getdata.php
  • http://www.ftparaby.com/DATA/win.bmp
DNS Requests
  • gogostats.info
  • srv3.adnetworkme.com
  • www.ftparaby.com

download Try Sophos products for free
Download now