Technical details:
Categories: Adware
[Kaspersky]AdWare.Win32.Dm.e;
[Other]Adware.Caishow CaiShow Folders:
[%PROGRAM_FILES%]\CaiShow Tech
CaiShow Files:
[%PROFILE_TEMP%]\caishow.exe
[%PROGRAM_FILES%]\Internet Explorer\PLUGINS\caishow.exe
[%SYSTEM%]\caishow.exe
[%PROFILE_TEMP%]\caishow.exe
[%PROGRAM_FILES%]\Internet Explorer\PLUGINS\caishow.exe
[%SYSTEM%]\caishow.exe
CaiShow Registry Keys:
HKEY_CLASSES_ROOT\appid\browerhelpermfc.dll
HKEY_CLASSES_ROOT\appid\my.dll
HKEY_CLASSES_ROOT\appid\ssoaddionalindical.dll
HKEY_CLASSES_ROOT\appid\{18e8c855-ff2e-4beb-b9d2-e7b25af92a48}
HKEY_CLASSES_ROOT\appid\{37bc804e-e26b-4d09-836f-ac15fc0c253e}
HKEY_CLASSES_ROOT\appid\{fbb4d7ba-ccd3-457d-beff-f3b1757bd6b1}
HKEY_CLASSES_ROOT\browerhelpermfc.caishowbh
HKEY_CLASSES_ROOT\browerhelpermfc.caishowbh.1
HKEY_CLASSES_ROOT\clsid\{dd6c4862-4bf9-48ce-bd27-9838e30d3dd5}
HKEY_CLASSES_ROOT\interface\{315420b2-e5c8-4e7b-b812-6676ba4f30ce}
HKEY_CLASSES_ROOT\interface\{6ca6de10-8705-4e1b-9117-bcfa5bece14b}
HKEY_CLASSES_ROOT\interface\{ce98ad53-16f1-48d3-9208-1203aa19f77e}
HKEY_CLASSES_ROOT\interface\{d32d8a55-a21a-4237-b8bb-5a5ebee6746d}
HKEY_CLASSES_ROOT\interface\{dbd14208-5f2f-40b8-8d97-6de44c1d2e3d}
HKEY_CLASSES_ROOT\interface\{dc616c5a-3bd6-4774-9823-f20802655811}
HKEY_CLASSES_ROOT\interface\{f6ce85c8-99e7-49f5-a1a2-03ffc4ff09a5}
HKEY_CLASSES_ROOT\my.netaccelerate
HKEY_CLASSES_ROOT\my.netaccelerate.1
HKEY_CLASSES_ROOT\ssoaddionalindical.identify
HKEY_CLASSES_ROOT\ssoaddionalindical.identify.1
HKEY_CLASSES_ROOT\typelib\{1f805a43-0e95-4245-8eaf-9271d520722a}
HKEY_CLASSES_ROOT\typelib\{73d53d7b-66df-419b-9b44-cf3f42adf5c9}
HKEY_CLASSES_ROOT\typelib\{864f198d-6568-4686-b4f5-4a970b85e58b}
HKEY_CLASSES_ROOT\typelib\{89a99589-82b0-4983-a882-e8d8db3da5c7}
HKEY_CLASSES_ROOT\typelib\{cebe027d-5423-41b8-af51-9f1c22557cc6}
HKEY_CLASSES_ROOT\typelib\{d0581d47-e3cb-402d-b8a6-5f8561b2a36c}
HKEY_CURRENT_USER\software\classes\download.download
HKEY_CURRENT_USER\software\classes\download.download.1
HKEY_CURRENT_USER\software\microsoft\installer\upgradecodes\51d767ec8af379d43b3e631a28e7def7
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\ext\stats\{3af40cb8-b3ba-4e2d-8968-4bf8db172997}
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\ext\stats\{5673a7c0-95cc-4646-bb07-3bd71234cef9}
HKEY_LOCAL_MACHINE\software\caishow
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\installer\upgradecodes\51d767ec8af379d43b3e631a28e7def7
HKEY_CLASSES_ROOT\clsid\{3af40cb8-b3ba-4e2d-8968-4bf8db172997}
HKEY_CLASSES_ROOT\clsid\{5673a7c0-95cc-4646-bb07-3bd71234cef9}
HKEY_CURRENT_USER\software\classes\appid\download.dll
HKEY_CURRENT_USER\software\classes\appid\mmsfactory.dll
HKEY_CURRENT_USER\software\classes\appid\mmssend.dll
HKEY_CURRENT_USER\software\classes\appid\{22a36e6e-07cb-4851-aa84-5fc1ca73a1de}
HKEY_CURRENT_USER\software\classes\appid\{88abd365-12ae-44e7-8450-da5c3653325b}
HKEY_CURRENT_USER\software\classes\appid\{f375f726-23d3-4179-9ca2-54fe6e490879}
HKEY_CURRENT_USER\software\classes\clsid\{0e6e0b51-0300-4ae2-b6c4-f4efe33a33b2}
HKEY_CURRENT_USER\software\classes\clsid\{32f64094-a155-4554-8753-e5e267a8c002}
HKEY_CURRENT_USER\software\classes\clsid\{6abb6c58-feb7-43ae-946a-af05d074f493}
HKEY_CURRENT_USER\software\classes\interface\{315420b2-e5c8-4e7b-b812-6676ba4f30ce}
HKEY_CURRENT_USER\software\classes\interface\{dbd14208-5f2f-40b8-8d97-6de44c1d2e3d}
HKEY_CURRENT_USER\software\classes\interface\{dc616c5a-3bd6-4774-9823-f20802655811}
HKEY_CURRENT_USER\software\classes\interface\{f6ce85c8-99e7-49f5-a1a2-03ffc4ff09a5}
HKEY_CURRENT_USER\software\classes\mmsfactory.send
HKEY_CURRENT_USER\software\classes\mmsfactory.send.1
HKEY_CURRENT_USER\software\classes\mmssend.send
HKEY_CURRENT_USER\software\classes\mmssend.send.1
HKEY_CURRENT_USER\software\microsoft\installer\features\8d15efaff3f76694e8331e3d97fe51d7
HKEY_CURRENT_USER\software\microsoft\installer\products\8d15efaff3f76694e8331e3d97fe51d7
HKEY_CURRENT_USER\software\microsoft\internet explorer\menuext\[chinese characters]
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{3af40cb8-b3ba-4e2d-8968-4bf8db172997}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{5673a7c0-95cc-4646-bb07-3bd71234cef9}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\14aa5729dada23d2f57c1c2297718ac2
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\installer\userdata\[user sid]\products\8d15efaff3f76694e8331e3d97fe51d7
CaiShow Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\installer\folders
HKEY_CLASSES_ROOT\appid\download.dll
HKEY_CLASSES_ROOT\appid\mmsfactory.dll
HKEY_CLASSES_ROOT\appid\mmssend.dll
HKEY_CURRENT_USER\appid\download.dll
HKEY_CURRENT_USER\appid\mmsfactory.dll
HKEY_CURRENT_USER\appid\mmssend.dll
HKEY_CURRENT_USER\clsid\{0e6e0b51-0300-4ae2-b6c4-f4efe33a33b2}\inprocserver32
HKEY_CURRENT_USER\clsid\{32f64094-a155-4554-8753-e5e267a8c002}\inprocserver32
HKEY_CURRENT_USER\clsid\{6abb6c58-feb7-43ae-946a-af05d074f493}\inprocserver32
HKEY_CURRENT_USER\interface\{315420b2-e5c8-4e7b-b812-6676ba4f30ce}\typelib
HKEY_CURRENT_USER\interface\{dbd14208-5f2f-40b8-8d97-6de44c1d2e3d}\typelib
HKEY_CURRENT_USER\interface\{dc616c5a-3bd6-4774-9823-f20802655811}\typelib
HKEY_CURRENT_USER\interface\{f6ce85c8-99e7-49f5-a1a2-03ffc4ff09a5}\typelib
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
CaiShow indications of infection
This symptoms of CaiShow detection are the files, registry, and network communication referenced in the technical details section.Method of Infection
Trojans do not self-replicate. They are spread manually, often under the premise that the executable is something beneficial.Distribution channels include IRC, peer-to-peer networks, newsgroup postings, e-mail, etc.
Buy Exterminate-It antivirus software and perform a full scan of the computer.
You can also Download Free Trial Version of ExterminateIt! to check your your computer just NOW.
Also Be Aware of the Following Threats:
Remove Middle Trojan
Agent.BSO Trojan Removal
Posts
No comments:
Post a Comment