Monday, November 17, 2008

CDNHelper Adware

Click here to remove CDNHelper malware
CDNHelper description:
CDNHelper Category:Adware
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.

Detection CDNHelper :

CDNHelper Files:
[%PROFILE_TEMP%]\2\cnrbtn.html
[%PROFILE_TEMP%]\311\cnrbtn.html
[%PROFILE_TEMP%]\31\cnrbtn.html
[%PROFILE_TEMP%]\3B\cnrbtn.html
[%PROFILE_TEMP%]\3\cnrbtn.html
[%PROFILE_TEMP%]\C\cnrbtn.html
[%PROFILE_TEMP%]\setup\cdn.dll
[%PROFILE_TEMP%]\setup\CdnAux.dll
[%PROFILE_TEMP%]\setup\CdnIEHlp.dll
[%PROFILE_TEMP%]\setup\cdntran.dat
[%PROGRAM_FILES%]\OCINS\cnrbtn.html
[%SYSTEM%]\zunins.exe
[%DESKTOP%]\IdnMail.lnk
[%PROFILE_TEMP%]\1C\cdn.dll
[%PROFILE_TEMP%]\1C\cdnaux.dll
[%PROFILE_TEMP%]\1C\cdnforie.dll
[%PROFILE_TEMP%]\1C\cdnins.dll
[%PROFILE_TEMP%]\1C\cdnprh.dll
[%PROFILE_TEMP%]\1C\cdnprot.dat
[%PROFILE_TEMP%]\1C\cdnprot.sys
[%PROFILE_TEMP%]\1C\cdnunins.exe
[%PROFILE_TEMP%]\1C\cdnup.exe
[%PROFILE_TEMP%]\1C\cdnvers.dat
[%PROFILE_TEMP%]\1C\idnconvs.dll
[%PROFILE_TEMP%]\cdndisp.tmp
[%PROFILE_TEMP%]\setup\AHOOK9X.DAT
[%PROFILE_TEMP%]\setup\AHOOKNT.DAT
[%PROFILE_TEMP%]\setup\capp.exe
[%PROFILE_TEMP%]\setup\character.dat
[%PROFILE_TEMP%]\setup\clean.exe
[%PROFILE_TEMP%]\setup\CodeLib.dll
[%PROFILE_TEMP%]\setup\hookdll.dll
[%PROFILE_TEMP%]\setup\IdnMail.exe
[%PROFILE_TEMP%]\setup\idnoe.dll
[%PROFILE_TEMP%]\setup\idnol.dll
[%PROFILE_TEMP%]\setup\zconfig.dat
[%PROFILE_TEMP%]\setup\zunins.exe
[%PROFILE_TEMP%]\setup\zver.dat
[%SYSTEM%]\capp.exe
[%SYSTEM%]\cdn.dll
[%SYSTEM%]\CdnAux.dll
[%SYSTEM%]\CdnIEHlp.dll
[%SYSTEM%]\character.dat
[%SYSTEM%]\IdnMail.exe
[%SYSTEM%]\idnoe.dll
[%SYSTEM%]\idnol.dll
[%SYSTEM%]\ZUpdate\zver.dat
[%SYSTEM%]\ZW.exe
[%PROFILE_TEMP%]\2\cnrbtn.html
[%PROFILE_TEMP%]\311\cnrbtn.html
[%PROFILE_TEMP%]\31\cnrbtn.html
[%PROFILE_TEMP%]\3B\cnrbtn.html
[%PROFILE_TEMP%]\3\cnrbtn.html
[%PROFILE_TEMP%]\C\cnrbtn.html
[%PROFILE_TEMP%]\setup\cdn.dll
[%PROFILE_TEMP%]\setup\CdnAux.dll
[%PROFILE_TEMP%]\setup\CdnIEHlp.dll
[%PROFILE_TEMP%]\setup\cdntran.dat
[%PROGRAM_FILES%]\OCINS\cnrbtn.html
[%SYSTEM%]\zunins.exe
[%DESKTOP%]\IdnMail.lnk
[%PROFILE_TEMP%]\1C\cdn.dll
[%PROFILE_TEMP%]\1C\cdnaux.dll
[%PROFILE_TEMP%]\1C\cdnforie.dll
[%PROFILE_TEMP%]\1C\cdnins.dll
[%PROFILE_TEMP%]\1C\cdnprh.dll
[%PROFILE_TEMP%]\1C\cdnprot.dat
[%PROFILE_TEMP%]\1C\cdnprot.sys
[%PROFILE_TEMP%]\1C\cdnunins.exe
[%PROFILE_TEMP%]\1C\cdnup.exe
[%PROFILE_TEMP%]\1C\cdnvers.dat
[%PROFILE_TEMP%]\1C\idnconvs.dll
[%PROFILE_TEMP%]\cdndisp.tmp
[%PROFILE_TEMP%]\setup\AHOOK9X.DAT
[%PROFILE_TEMP%]\setup\AHOOKNT.DAT
[%PROFILE_TEMP%]\setup\capp.exe
[%PROFILE_TEMP%]\setup\character.dat
[%PROFILE_TEMP%]\setup\clean.exe
[%PROFILE_TEMP%]\setup\CodeLib.dll
[%PROFILE_TEMP%]\setup\hookdll.dll
[%PROFILE_TEMP%]\setup\IdnMail.exe
[%PROFILE_TEMP%]\setup\idnoe.dll
[%PROFILE_TEMP%]\setup\idnol.dll
[%PROFILE_TEMP%]\setup\zconfig.dat
[%PROFILE_TEMP%]\setup\zunins.exe
[%PROFILE_TEMP%]\setup\zver.dat
[%SYSTEM%]\capp.exe
[%SYSTEM%]\cdn.dll
[%SYSTEM%]\CdnAux.dll
[%SYSTEM%]\CdnIEHlp.dll
[%SYSTEM%]\character.dat
[%SYSTEM%]\IdnMail.exe
[%SYSTEM%]\idnoe.dll
[%SYSTEM%]\idnol.dll
[%SYSTEM%]\ZUpdate\zver.dat
[%SYSTEM%]\ZW.exe

CDNHelper Folders:
[%PROGRAMS%]\cdnClient

CDNHelper Registry Keys:
HKEY_CLASSES_ROOT\cdnforie.iehlprobj
HKEY_CLASSES_ROOT\cdnforie.iehlprobj.1
HKEY_CLASSES_ROOT\CLSID\{5C3853CF-C7E0-4946-B3FA-1ABDB6F48108}
HKEY_CLASSES_ROOT\clsid\{8cdcbba0-4be1-4199-8389-1b19ed41d3e8}
HKEY_CLASSES_ROOT\CLSID\{F5824EFB-728A-4726-A5A5-85A68B20EDC3}
HKEY_CLASSES_ROOT\interface\{5c3853cd-c7e0-4946-b3fa-1abdb6f48108}
HKEY_CLASSES_ROOT\interface\{9c991f1e-d6fe-4b74-b6ec-763ff528fae1}
HKEY_CLASSES_ROOT\interface\{f248ebab-d894-4682-80e3-f48aabf4b12d}
HKEY_CLASSES_ROOT\typelib\{5c3853ce-c7e0-4946-b3fa-1abdb6f48108}
HKEY_CLASSES_ROOT\typelib\{df571585-070d-4eb1-8b0e-99023f934fd4}
HKEY_CLASSES_ROOT\wmhlpr.wmevtsink
HKEY_CLASSES_ROOT\wmhlpr.wmevtsink.1
HKEY_CLASSES_ROOT\wmhlpr.wmhlprobj
HKEY_CLASSES_ROOT\wmhlpr.wmhlprobj.1
HKEY_LOCAL_MACHINE\software\cnnic
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Extensions\{5C3853CF-C7E0-4946-B3FA-1ABDB6F48108}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C3853CF-C7E0-4946-B3FA-1ABDB6F48108}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F5824EFB-728A-4726-A5A5-85A68B20EDC3}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\cdnclient
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\cdnprot
HKEY_CLASSES_ROOT\clsid\{35980f6e-a137-4e50-953d-813bb8556899}
HKEY_CLASSES_ROOT\clsid\{461a86f7-a29d-460a-80d5-52979aa6c46d}
HKEY_CLASSES_ROOT\clsid\{5c3853cf-c7e0-4946-b3fa-1abdb6f48108}
HKEY_CLASSES_ROOT\clsid\{9a578c98-3c2f-4630-890b-fc04196ef420}
HKEY_CLASSES_ROOT\clsid\{f5824efb-728a-4726-a5a5-85a68b20edc3}
HKEY_CLASSES_ROOT\cndniehelper.cndniehlprobj
HKEY_CLASSES_ROOT\interface\{475abcc3-d4cf-45d2-938a-a434fdc95b67}
HKEY_CLASSES_ROOT\interface\{951a869a-1003-4897-948f-d55e570871db}
HKEY_CLASSES_ROOT\interface\{bf0a2eb3-0704-45c6-90f4-9ebb1deb57fd}
HKEY_CLASSES_ROOT\mailparsersvr.inspectorhandler
HKEY_CLASSES_ROOT\mailparsersvr.mailparser
HKEY_CLASSES_ROOT\typelib\{01833110-7c51-4d41-a09f-69ef74606e5b}
HKEY_CLASSES_ROOT\typelib\{c24a5a5c-0874-4386-85c7-e669f90997a9}
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\extensions\{5c3853cf-c7e0-4946-b3fa-1abdb6f48108}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{35980f6e-a137-4e50-953d-813bb8556899}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{5c3853cf-c7e0-4946-b3fa-1abdb6f48108}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{f5824efb-728a-4726-a5a5-85a68b20edc3}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\cdn
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\cdntran

CDNHelper Registry Values:
HKEY_CURRENT_USER\software\microsoft\internet explorer\extensions\cmdmapping
HKEY_CURRENT_USER\software\microsoft\internet explorer\extensions\cmdmapping
HKEY_CURRENT_USER\software\microsoft\internet explorer\extensions\cmdmapping
HKEY_CURRENT_USER\software\microsoft\internet explorer\extensions\cmdmapping
HKEY_CURRENT_USER\software\microsoft\internet explorer\extensions\cmdmapping
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_CURRENT_USER\software\microsoft\internet explorer\extensions\cmdmapping
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce

Removing CDNHelper:

you can run trial version of ExterminateIt, or remove CDNHelper manually.

To completely manually remove CDNHelper malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with CDNHelper.

Also Be Aware of the Following Threats:
VB.hb Backdoor Symptoms
Remove Keyboard.Spectator.Pro Spyware
Trojan.Downloader.Win32.Zlob Trojan Cleaner
Removing Bancos.IMI Trojan
Remove Tatfo Trojan

posted by belviacalawayrageby at 12:02 PM

0 Comments:

Post a Comment

Subscribe to Post Comments [Atom]

<< Home