Adware/Hacker Tool/Ebates MoneyMaker

Alias: HackTool/Jkill.A, Ebates MoneyMaker

Description: Adware/Hacker Tool/Ebates MoneyMaker is bundled with P2P file sharing programs such as Grokster. A sign of infection is an error message at startup saying 'WJView ERROR: Could not execute Main: The system cannot find the file specified'.

Threat type:

Adware - Adware is a software application which displays advertisements on your computer. Advertisements can be displayed through pop-up / pop-under windows, additional bars or toolbars, underlined links or buttons that appear on a computer screen. Adware applications include additional code that delivers the ads. Adware authors earn money when users click on those ads. Occasionally, adware includes code that tracks user's site visits and passes it to third parties without the user's permission or knowledge.

Hacker Tool - A Hacker Tool is any software application that performs a wide range of hacking related tasks without user's permission. Activities include: disabling a user's anti-virus software or personal firewalls, gaining access to sensitive data, removing copy protection and modifying system settings.

Advice: Remove This is a very high risk threat and should be removed immediately as to prevent harm to your computer or your privacy.

Detection:
SpyNoMore detects Adware/Hacker Tool/Ebates MoneyMaker: Yes

Threat risk: Medium Risk

Potentially dangerous malware. May collect sensitive user information and broadcast data back to a server with "opt-out" permission. Category includes most adware programs.

Symptoms:

Adware/Hacker Tool/Ebates MoneyMaker displays commercial advertisements.

Adware/Hacker Tool/Ebates MoneyMaker hides from the user and stays resident in background.

Adware/Hacker Tool/Ebates MoneyMaker Signature Details: The following information includes some of the standard signatures associated with this spyware threat. Please do not attempt to manually remove these items from your computer; Removing these items incorrectly or partially can cause your computer to experience critical errors, prevent your computer from restarting or cause loss of Internet connectivity. Should you be infected with Adware/Hacker Tool/Ebates MoneyMaker, you can clean your computer by downloading SpyNoMore now.

Running Process Signatures:
N/A

File Signatures:
%WINDOWS%\dkry.exe
%DESKTOPDIRECTORY%\earn money.lnk
%PROFILE%\administrator\start menu\casino.url
%PROGRAM_FILES%\care2gtu\popup.exe
c:\my documents\55nn2.exe
%PROFILE%\local settings\temp\ebatesmoemoneymaker.exe
%PROGRAM_FILES%\couponsandoffers\couponsandoffers1.exe

Registered Dll (Dynamic Link Library) Signatures:
N/A

Folder Signatures:
%PROGRAM_FILES%\websearch
%PROGRAM_FILES%\webrebates
%PROGRAM_FILES%\ebatesmoemoneymaker
%PROGRAM_FILES%\ebates_moemoneymaker

Registry Signatures:
HKCU\software\microsoft\internet explorer\extensions\cmdmapping\{7f241c00-dab6-11d5-aaa8-0001028df1bc}
HKCU\software\microsoft\windows\currentversion\ext\stats\{6685509e-b47b-4f47-8e16-9a5f3a62f683}
HKCU\software\microsoft\internet explorer\extensions\{6685509e-b47b-4f47-8e16-9a5f3a62f683}
HKLM\software\microsoft\windows\currentversion\app management\arpcache\ebatesver2.xml
HKLM\software\microsoft\windows\currentversion\uninstall\ebatesver2.xml
HKCU\software\microsoft\internet explorer\menuext\ebates
HKCU\software\microsoft\internet explorer\extensions\{7f241c00-dab6-11d5-aaa8-0001028df1bc}
HKCU\software\microsoft\internet explorer\extensions\cmdmapping\{6685509e-b47b-4f47-8e16-9a5f3a62f683}

SpyNoMore Collected Residual File Signatures:
N/A

See Also:
Trojan/Drifting
Trojan/Rotating
Trojan/Swapper
Tracking Cookie/BrilliantDigital.com
Adware/FileFreedom
Tracking Cookie/ClickFinders
Tracking Cookie/Offshoreclicks
Tracking Cookie/PornTracker
P2P/Blubster
P2P/E-Mule