Vonteera

Category: Adware and PUAs Protection available since:03 Dec 2015 04:32:16 (GMT)
Type: Adware Last Updated:03 Dec 2015 04:32:16 (GMT)

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of Vonteera include:

Example 1

File Information

Size
1.6M
SHA-1
003a75caa6db7a8f79e336f381353ea6f1f40d18
MD5
dc14ce61636c52bb70026a681f5d01fe
CRC-32
851c1843
File type
Windows executable
First seen
2015-12-02

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfhbklndhffnahdploecdffbedhgjnce\1.5.1_0\Vonteera-48-48.png
  • C:\Program Files\NoVooITAddon\uninstall.exe
  • c:\Documents and Settings\test user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfhbklndhffnahdploecdffbedhgjnce\1.5.1_0\Vonteera-16-16.png
  • c:\Documents and Settings\test user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfhbklndhffnahdploecdffbedhgjnce\1.5.1_0\bg.html
  • c:\Documents and Settings\test user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfhbklndhffnahdploecdffbedhgjnce\1.5.1_0\main.js
  • c:\Documents and Settings\test user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfhbklndhffnahdploecdffbedhgjnce\1.5.1_0\_locales\en\messages.json
  • C:\Program Files\NoVooIT\ARhome\uninstall.exe
  • c:\Documents and Settings\test user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfhbklndhffnahdploecdffbedhgjnce\1.5.1_0\Vonteera-128-128.png
  • c:\Documents and Settings\test user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfhbklndhffnahdploecdffbedhgjnce\1.5.1_0\manifest.json
  • C:\Program Files\NoVooITAddon\NoVooIT.dll
  • c:\Documents and Settings\test user\Application Data\2.exe
  • C:\Documents and Settings\All Users\Start Menu\Programs\Vonteera Safe ads\Uninstall.lnk
    Size
    595
    SHA-1
    07831dc455adf6cab50e16f0bc7617453c6ed289
    MD5
    00bffae5cc08d32b7e280d3975202446
    CRC-32
    90c955c2
    File type
    Windows Shortcut file (.LNK)
    First seen
    2015-12-03
  • C:\Program Files\NoVooIT\ARhome\Updater.exe
  • c:\Documents and Settings\test user\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_jfhbklndhffnahdploecdffbedhgjnce_0.localstorage
  • C:\Program Files\NoVooITAddon\onload.js
  • c:\Documents and Settings\test user\Local Settings\Temp\nsx4.tmp\data.dll
Registry Keys Created
  • HKCR\CLSID\{598AC71E-BE58-3981-B78A-5C138F423AD6}\ProgID
    (Default)
    NoVooIT.NoVooIT.1
  • HKCU\Software\NoVooIT
    LastStat
    0x565fa3bd
  • HKCU\Software\ARHome
    Interval
    0x00015180
  • HKCR\NoVooIT.NoVooIT.1\CLSID
    (Default)
    {598AC71E-BE58-3981-B78A-5C138F423AD6}
  • HKCU\Software\Microsoft\Internet Explorer\SearchScopes
    DefaultScope
    {756D1D40-E491-4E1D-9BC6-5B37CEDE646E}
  • HKCR\TypeLib\{3FC2D59A-5C76-1E97-30DC-1EC6784419E5}\1.0
    (Default)
    NoVooIT 1.0 Type Library
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID
    {437B9306-2FDE-4054-A3C9-6B49507C12D0}
    1
  • HKCR\TypeLib\{3FC2D59A-5C76-1E97-30DC-1EC6784419E5}\1.0\HELPDIR
    (Default)
    C:\Program Files\NoVooITAddon
  • HKCR\Interface\{63D2A451-3351-178C-7BC4-13C4D58A7652}\TypeLib
    Version
    1.0
  • HKCR\NoVooIT.NoVooIT\CLSID
    (Default)
    {598AC71E-BE58-3981-B78A-5C138F423AD6}
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{598AC71E-BE58-3981-B78A-5C138F423AD6}
    NoExplorer
    0x00000001
  • HKCR\TypeLib\{3FC2D59A-5C76-1E97-30DC-1EC6784419E5}\1.0\0\win32
    (Default)
    C:\Program Files\NoVooITAddon\NoVooIT.dll
  • HKCR\CLSID\{598AC71E-BE58-3981-B78A-5C138F423AD6}\InprocServer32
    ThreadingModel
    Apartment
  • HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{756D1D40-E491-4E1D-9BC6-5B37CEDE646E}
    URL
    http://www.arabyonline.com/search.php?src=122&q=
  • HKCR\NoVooIT.NoVooIT.1
    (Default)
    NoVooIT Class
  • HKLM\SOFTWARE\NoVooITSet
    default
    1
  • HKCR\Interface\{63D2A451-3351-178C-7BC4-13C4D58A7652}
    (Default)
    INoVooITBHO
  • HKCR\CLSID\{598AC71E-BE58-3981-B78A-5C138F423AD6}
    (Default)
    NoVooIT Class
  • HKCR\AppID\NoVooIT.DLL
    AppID
    {6DD1B906-45FA-4A57-9AC6-01108C25067F}
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ARhome
    NoRepair
    0x00000001
  • HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
    DefaultScope
    {756D1D40-E491-4E1D-9BC6-5B37CEDE646E}
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Vonteera Safe ads
    NoRepair
    0x00000001
  • HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID
    {437B9306-2FDE-4054-A3C9-6B49507C12D0}
    1
  • HKLM\SOFTWARE\Vonteera Safe ads
    Path
    C:\Program Files\NoVooITAddon
  • HKCU\Software\ARHome\Data
    Path
    C:\Program Files\NoVooITAddon
  • HKCR\Interface\{63D2A451-3351-178C-7BC4-13C4D58A7652}\ProxyStubClsid
    (Default)
    {00020424-0000-0000-C000-000000000046}
  • HKCR\CLSID\{598AC71E-BE58-3981-B78A-5C138F423AD6}\TypeLib
    (Default)
    {3FC2D59A-5C76-1E97-30DC-1EC6784419E5}
  • HKCU\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID
    {437B9306-2FDE-4054-A3C9-6B49507C12D0}
    1
  • HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{756D1D40-E491-4E1D-9BC6-5B37CEDE646E}
    URL
    http://www.arabyonline.com/search.php?src=122&q=
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    ARhome
    C:\Program Files\NoVooIT\ARhome\Updater.exe
  • HKCR\Interface\{63D2A451-3351-178C-7BC4-13C4D58A7652}\ProxyStubClsid32
    (Default)
    {00020424-0000-0000-C000-000000000046}
  • HKCR\AppID\{6DD1B906-45FA-4A57-9AC6-01108C25067F}
    (Default)
    NoVooIT
  • HKCR\CLSID\{598AC71E-BE58-3981-B78A-5C138F423AD6}\VersionIndependentProgID
    (Default)
    NoVooIT.NoVooIT
  • HKLM\SOFTWARE\ARhome
    Path
    C:\Program Files\NoVooIT\ARhome
  • HKCR\NoVooIT.NoVooIT\CurVer
    (Default)
    NoVooIT.NoVooIT.1
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID
    {437B9306-2FDE-4054-A3C9-6B49507C12D0}
    1
  • HKCR\TypeLib\{3FC2D59A-5C76-1E97-30DC-1EC6784419E5}\1.0\FLAGS
    (Default)
  • HKCR\NoVooIT.NoVooIT
    (Default)
    NoVooIT Class
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{598AC71E-BE58-3981-B78A-5C138F423AD6}
    NoExplorer
    0x00000001
Registry Keys Modified
  • HKCU\Software\Microsoft\Internet Explorer\Main
    Start Page
    http://www.arabyonline.com/?src=122REEYM1387469472
  • HKLM\SOFTWARE\Microsoft\Internet Explorer\Main
    Start Page
    http://www.arabyonline.com/?src=122REEYM1387469472
Processes Created
  • c:\Documents and Settings\test user\application data\2.exe
  • c:\docume~1\support\locals~1\temp\nsi6.tmp\chinstall\chromereset.exe
  • c:\docume~1\support\locals~1\temp\nsx4.tmp\novooitaddonssetup.exe
  • c:\program files\novooit\arhome\novooitupdatersetup.exe
HTTP Requests
  • http://srv1.adnetworkme.com/analytics.js
  • http://www.acdcads.com/aff/thanks/matomy-thanks.php
  • http://www.google-analytics.com/ga.js
DNS Requests
  • srv1.adnetworkme.com
  • www.acdcads.com
  • www.google-analytics.com

Example 2

File Information

Size
1.6M
SHA-1
00d836f4c4235783aef8d5af936ad1e7b3e0abc0
MD5
f86e64c97b749ecd8a02960a50898027
CRC-32
a2584b01
File type
Windows executable
First seen
2015-12-02

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Application Data\2.exe
  • C:\Program Files\NoVooITAddon\onload.js
  • C:\Program Files\NoVooIT\ARhome\uninstall.exe
  • c:\Documents and Settings\test user\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_jfhbklndhffnahdploecdffbedhgjnce_0.localstorage
  • c:\Documents and Settings\test user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfhbklndhffnahdploecdffbedhgjnce\1.5.1_0\manifest.json
  • c:\Documents and Settings\test user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfhbklndhffnahdploecdffbedhgjnce\1.5.1_0\_locales\en\messages.json
  • c:\Documents and Settings\test user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfhbklndhffnahdploecdffbedhgjnce\1.5.1_0\Vonteera-48-48.png
  • C:\Program Files\NoVooITAddon\uninstall.exe
  • C:\Program Files\NoVooIT\ARhome\Updater.exe
  • C:\Program Files\NoVooITAddon\NoVooIT.dll
  • c:\Documents and Settings\test user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfhbklndhffnahdploecdffbedhgjnce\1.5.1_0\Vonteera-16-16.png
  • c:\Documents and Settings\test user\Local Settings\Temp\nst4.tmp\data.dll
  • C:\Documents and Settings\All Users\Start Menu\Programs\Vonteera Safe ads\Uninstall.lnk
  • c:\Documents and Settings\test user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfhbklndhffnahdploecdffbedhgjnce\1.5.1_0\main.js
  • c:\Documents and Settings\test user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfhbklndhffnahdploecdffbedhgjnce\1.5.1_0\Vonteera-128-128.png
  • c:\Documents and Settings\test user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfhbklndhffnahdploecdffbedhgjnce\1.5.1_0\bg.html
Registry Keys Created
  • HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID
    {437B9306-2FDE-4054-A3C9-6B49507C12D0}
    1
  • HKCR\CLSID\{598AC71E-BE58-3981-B78A-5C138F423AD6}\TypeLib
    (Default)
    {3FC2D59A-5C76-1E97-30DC-1EC6784419E5}
  • HKLM\SOFTWARE\ARhome
    Path
    C:\Program Files\NoVooIT\ARhome
  • HKCR\NoVooIT.NoVooIT.1\CLSID
    (Default)
    {598AC71E-BE58-3981-B78A-5C138F423AD6}
  • HKCU\Software\ARHome
    Interval
    0x00015180
  • HKCU\Software\NoVooIT
    LastStat
    0x565f9f5d
  • HKCR\CLSID\{598AC71E-BE58-3981-B78A-5C138F423AD6}\ProgID
    (Default)
    NoVooIT.NoVooIT.1
  • HKCU\Software\Microsoft\Internet Explorer\SearchScopes
    DefaultScope
    {756D1D40-E491-4E1D-9BC6-5B37CEDE646E}
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID
    {437B9306-2FDE-4054-A3C9-6B49507C12D0}
    1
  • HKCR\TypeLib\{3FC2D59A-5C76-1E97-30DC-1EC6784419E5}\1.0
    (Default)
    NoVooIT 1.0 Type Library
  • HKCR\TypeLib\{3FC2D59A-5C76-1E97-30DC-1EC6784419E5}\1.0\HELPDIR
    (Default)
    C:\Program Files\NoVooITAddon
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{598AC71E-BE58-3981-B78A-5C138F423AD6}
    NoExplorer
    0x00000001
  • HKCR\NoVooIT.NoVooIT\CLSID
    (Default)
    {598AC71E-BE58-3981-B78A-5C138F423AD6}
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Vonteera Safe ads
    NoRepair
    0x00000001
  • HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{756D1D40-E491-4E1D-9BC6-5B37CEDE646E}
    URL
    http://www.arabyonline.com/search.php?src=122&q=
  • HKCR\Interface\{63D2A451-3351-178C-7BC4-13C4D58A7652}
    (Default)
    INoVooITBHO
  • HKCR\NoVooIT.NoVooIT.1
    (Default)
    NoVooIT Class
  • HKCR\AppID\NoVooIT.DLL
    AppID
    {6DD1B906-45FA-4A57-9AC6-01108C25067F}
  • HKCR\Interface\{63D2A451-3351-178C-7BC4-13C4D58A7652}\ProxyStubClsid
    (Default)
    {00020424-0000-0000-C000-000000000046}
  • HKCR\TypeLib\{3FC2D59A-5C76-1E97-30DC-1EC6784419E5}\1.0\0\win32
    (Default)
    C:\Program Files\NoVooITAddon\NoVooIT.dll
  • HKCR\CLSID\{598AC71E-BE58-3981-B78A-5C138F423AD6}
    (Default)
    NoVooIT Class
  • HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
    DefaultScope
    {756D1D40-E491-4E1D-9BC6-5B37CEDE646E}
  • HKCR\CLSID\{598AC71E-BE58-3981-B78A-5C138F423AD6}\InprocServer32
    ThreadingModel
    Apartment
  • HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{756D1D40-E491-4E1D-9BC6-5B37CEDE646E}
    URL
    http://www.arabyonline.com/search.php?src=122&q=
  • HKLM\SOFTWARE\Vonteera Safe ads
    Path
    C:\Program Files\NoVooITAddon
  • HKCR\Interface\{63D2A451-3351-178C-7BC4-13C4D58A7652}\TypeLib
    Version
    1.0
  • HKCR\TypeLib\{3FC2D59A-5C76-1E97-30DC-1EC6784419E5}\1.0\FLAGS
    (Default)
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    ARhome
    C:\Program Files\NoVooIT\ARhome\Updater.exe
  • HKCR\CLSID\{598AC71E-BE58-3981-B78A-5C138F423AD6}\VersionIndependentProgID
    (Default)
    NoVooIT.NoVooIT
  • HKCR\AppID\{6DD1B906-45FA-4A57-9AC6-01108C25067F}
    (Default)
    NoVooIT
  • HKLM\SOFTWARE\NoVooITSet
    default
    1
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID
    {437B9306-2FDE-4054-A3C9-6B49507C12D0}
    1
  • HKCR\Interface\{63D2A451-3351-178C-7BC4-13C4D58A7652}\ProxyStubClsid32
    (Default)
    {00020424-0000-0000-C000-000000000046}
  • HKCR\NoVooIT.NoVooIT
    (Default)
    NoVooIT Class
  • HKCU\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID
    {437B9306-2FDE-4054-A3C9-6B49507C12D0}
    1
  • HKCR\NoVooIT.NoVooIT\CurVer
    (Default)
    NoVooIT.NoVooIT.1
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{598AC71E-BE58-3981-B78A-5C138F423AD6}
    NoExplorer
    0x00000001
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ARhome
    NoRepair
    0x00000001
  • HKCU\Software\ARHome\Data
    Path
    C:\Program Files\NoVooITAddon
Registry Keys Modified
  • HKLM\SOFTWARE\Microsoft\Internet Explorer\Main
    Start Page
    http://www.arabyonline.com/?src=122RGPCD1387496837
  • HKCU\Software\Microsoft\Internet Explorer\Main
    Start Page
    http://www.arabyonline.com/?src=122RGPCD1387496837
Processes Created
  • c:\Documents and Settings\test user\application data\2.exe
  • c:\docume~1\support\locals~1\temp\nss6.tmp\chinstall\chromereset.exe
  • c:\docume~1\support\locals~1\temp\nst4.tmp\novooitaddonssetup.exe
  • c:\program files\novooit\arhome\novooitupdatersetup.exe
HTTP Requests
  • http://srv1.adnetworkme.com/analytics.js
  • http://www.acdcads.com/aff/thanks/matomy-thanks.php
  • http://www.google-analytics.com/ga.js
DNS Requests
  • srv1.adnetworkme.com
  • www.acdcads.com
  • www.google-analytics.com

Example 3

File Information

Size
1.5M
SHA-1
011676fce9dfea302940b3efbf3d018aa1d3b8ea
MD5
dd8995037a836d0b47996f0cf9980878
CRC-32
89d972a8
File type
Windows executable
First seen
2015-12-02

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfhbklndhffnahdploecdffbedhgjnce\1.5.1_0\Vonteera-16-16.png
  • c:\Documents and Settings\test user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfhbklndhffnahdploecdffbedhgjnce\1.5.1_0\Vonteera-48-48.png
  • c:\Documents and Settings\test user\Application Data\NoVooIT\ARhome\uninstall.exe
  • c:\Documents and Settings\test user\Application Data\2.exe
  • c:\Documents and Settings\test user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfhbklndhffnahdploecdffbedhgjnce\1.5.1_0\Vonteera-128-128.png
  • c:\Documents and Settings\test user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfhbklndhffnahdploecdffbedhgjnce\1.5.1_0\bg.html
  • c:\Documents and Settings\test user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfhbklndhffnahdploecdffbedhgjnce\1.5.1_0\_locales\en\messages.json
  • c:\Documents and Settings\test user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfhbklndhffnahdploecdffbedhgjnce\1.5.1_0\main.js
  • c:\Documents and Settings\test user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfhbklndhffnahdploecdffbedhgjnce\1.5.1_0\manifest.json
  • c:\Documents and Settings\test user\Local Settings\Temp\nso4.tmp\data.dll
  • c:\Documents and Settings\test user\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_jfhbklndhffnahdploecdffbedhgjnce_0.localstorage
  • c:\Documents and Settings\test user\Application Data\NoVooITAddon\uninstall.exe
  • c:\Documents and Settings\test user\Application Data\NoVooIT\ARhome\Updater.exe
  • C:\Documents and Settings\All Users\Start Menu\Programs\Vonteera Safe ads\Uninstall.lnk
Registry Keys Created
  • HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{756D1D40-E491-4E1D-9BC6-5B37CEDE646E}
    URL
    http://www.arabyonline.com/search.php?src=122&q=
  • HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
    DefaultScope
    {756D1D40-E491-4E1D-9BC6-5B37CEDE646E}
  • HKCU\Software\ARHome
    Path
    c:\Documents and Settings\test user\Application Data\NoVooIT\ARhome
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID
    {437B9306-2FDE-4054-A3C9-6B49507C12D0}
    1
  • HKCU\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID
    {437B9306-2FDE-4054-A3C9-6B49507C12D0}
    1
  • HKCU\Software\Vonteera Safe ads
    Path
    c:\Documents and Settings\test user\Application Data\NoVooITAddon
  • HKCU\Software\Microsoft\Internet Explorer\SearchScopes
    DefaultScope
    {756D1D40-E491-4E1D-9BC6-5B37CEDE646E}
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\ARhome
    NoRepair
    0x00000001
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    ARhome
    c:\Documents and Settings\test user\Application Data\NoVooIT\ARhome\Updater.exe
  • HKCU\Software\NoVooITSet
    default
    1
  • HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{756D1D40-E491-4E1D-9BC6-5B37CEDE646E}
    URL
    http://www.arabyonline.com/search.php?src=122&q=
  • HKCU\Software\ARHome\Data
    Path
    c:\Documents and Settings\test user\Application Data\NoVooITAddon
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Vonteera Safe ads
    NoRepair
    0x00000001
Registry Keys Modified
  • HKLM\SOFTWARE\Microsoft\Internet Explorer\Main
    Start Page
    http://www.arabyonline.com/?src=122RQRRF1387683103
  • HKCU\Software\Microsoft\Internet Explorer\Main
    Start Page
    http://www.arabyonline.com/?src=122RQRRF1387683103
Processes Created
  • c:\Documents and Settings\test user\application data\2.exe
  • c:\Documents and Settings\test user\application data\novooit\arhome\novooitupdatersetup.exe
  • c:\docume~1\support\locals~1\temp\nsa6.tmp\chinstall\chromereset.exe
  • c:\docume~1\support\locals~1\temp\nso4.tmp\novooitaddonssetup.exe
HTTP Requests
  • http://www.acdcads.com/aff/thanks/matomy-thanks.php
DNS Requests
  • www.acdcads.com

download Try Sophos products for free
Download now