Labeled: Undesirable, LPI, Optional, PUP
- This topic contains 0 replies, 1 participant, and was last updated by Nicholas Coolman, 3 years and 7 months ago.
-
AuthorMessages
-
-
August 8 2020 to 14 46 h min #26808Nicholas CoolmanKey Master
The programme AdvanceElite falls into the category of Potentially Unwanted Optional Software (LPI/PUP).
LPIs, or PUPs, typically install as a program or browser extension and are loaded each time the operating system is started.
Potentially Unwanted Software (PUP/LPI) can launch services, start scheduled tasks, and create shortcuts on your Desktop. All these operations are done with or without your consent according to the terms of its user contract. Once installed, an LPI can modify certain parameters of your browsers such as search pages, the start page or even your error page. It can collect your browsing habits and communicate them to a server using the tracking method. While browsing, it may display advertisements (coupons) and advertising banners (popups). The goal of this program is often to make money by generating web traffic to sponsored sites.
Potentially unwanted software (LPI) or Potentialy Unwanted Programs (PUP) are the cause of many infections.
The most common example is adware. InstallCore, Crossrider, Graftor ou Boxore which pollute the Registry and your data storage units. They are usually installed without your knowledge by downloading freeware. Indeed some sites use the repackaging method, an operation which consists of redoing the software installation module by adding download options. These options allow you to add other software such as browser toolbars, adware, potentially unwanted software, intrusive advertising software, or even browser hijackers.
Spyware (spyware) and adware (adwares) unwanted files, just like malware, can use the writing flaws of legitimate software or those of operating systems. It is therefore essential to have official software and that it has automatic updating. Likewise, your Windows operating system must be programmed in automatic update mode and activated, so that you can have the latest updates for critical security vulnerabilities.AdvanceElite main actions:
– It installs as a process launched at system startup (RP),
– It modifies the start page of the Internet Explorer browser (R0),
– It modifies the search page of the Internet Explorer (R1) browser,
- It installs an extension program for the Mozilla Firefox (M2) browser,
– It installs a plugin for the Mozilla Firefox (M3) browser,
- It installs an extension program for the Google Chrome (G2) browser,
- It is installed as Browser Helper Object (BHO) of Internet Browser (O2),
- It is installed as a service to be launched each time the system starts (O23), (SS/SR),
- It installs as a program (O42)
– It creates multiple “Software” registry keys,
- Adds additional folders (O43),
- Registration in the Windows prefetcher folder (O45)
– It creates multiple user files (O61),
– It creates a Legacy key in the Registry pointing to a malware service (O64),
– It creates Tracing (O100) registry keys
– It creates CLSID registry keys (O101)ZHPDiag Overview:
[MD5.56C50689D22EEC7EB963665848BA6E1B] – (…) — C:\Program Files (x86)\AdvanceElite\updateAdvanceElite.exe [66336] [PID.3192]
[MD5.56C50689D22EEC7EB963665848BA6E1B] – (…) — C:\Program Files (x86)\AdvanceElite\bin\utilAdvanceElite.exe [66336] [PID.5532]
M2 – MFEP: Extension [Coolman – pq5vmmta.default] {be5bf058-a067-4076-8c2e-22b9345a0260}
O2 – BHO: AdvanceElite [64Bits] – {019c0f7b-8fca-4dba-a872-201fe26e2552} . (.AdvanceElite – AdvanceElite.) — C:\Program Files (x86)\AdvanceElite\AdvanceEliteBHO.dll
O23 – Service: Update AdvanceElite (Update AdvanceElite). (.AdvanceElite – AdvanceElite.) – C:\Program Files (x86)\AdvanceElite\updateAdvanceElite.exe
O23 – Service: Util AdvanceElite (Util AdvanceElite). (.AdvanceElite – AdvanceElite.) – C:\Program Files (x86)\AdvanceElite\bin\utilAdvanceElite.exe
O42 – Software: AdvanceElite – (.AdvanceElite.) [HKLM] — AdvanceElite
[HKCU\Software\AdvanceElite]
[HKLM\Software\Wow6432Node\AdvanceElite]
O43 – CFD: 01/10/2014 – 19:47:07 – [0] —-DC:\Program Files\AdvanceElite
O64 – Services: CurCS – 26/08/2014 – C:\Program Files\AdvanceElite\updateAdvanceElite.exe (Update AdvanceElite).(…) – LEGACY_UPDATE_AdvanceElite
O64 – Services: CurCS – 26/08/2014 – C:\Program Files\AdvanceElite\bin\utilAdvanceElite.exe (Util AdvanceElite).(…) – LEGACY_UTIL_AdvanceElite
SS – | Auto 01/10/2014 0 | (AdvanceElite Update). (…) – C:\Program Files\AdvanceElite\updateAdvanceElite.exe
SS – | Auto 01/10/2014 0 | (User AdvanceElite). (…) – C:\Program Files\AdvanceElite\bin\utilAdvanceElite.exe
HKLM\SOFTWARE\Microsoft\Tracing\AdvanceElite_RASAPI32
HKLM\SOFTWARE\Microsoft\Tracing\AdvanceElite_RASMANCS
HKLM\SOFTWARE\Microsoft\Tracing\updateAdvanceElite_RASAPI32
HKLM\SOFTWARE\Microsoft\Tracing\updateAdvanceElite_RASMANCS
HKLM\SOFTWARE\Microsoft\Tracing\utilAdvanceElite_RASAPI32
HKLM\SOFTWARE\Microsoft\Tracing\utilAdvanceElite_RASMANCS
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\AdvanceElite]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{019c0f7b-8fca-4dba-a872-201fe26e2552}]
[HKLM\Software\Classes\CLSID\{019c0f7b-8fca-4dba-a872-201fe26e2552}]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{019c0f7b-8fca-4dba-a872-201fe26e2552}]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{019c0f7b-8fca-4dba-a872-201fe26e2552}]
[HKLM\SYSTEM\CurrentControlSet\Services\Update AdvanceElite]
[HKLM\SYSTEM\CurrentControlSet\Services\Util AdvanceElite]
[HKCU\Software\AdvanceElite]
[HKLM\Software\Wow6432Node\AdvanceElite]
C:\Program Files\AdvanceElite
C:\Program Files (x86)\AdvanceElite
C:\Program Files (x86)\AdvanceElite\updateAdvanceElite.exe
C:\Program Files (x86)\AdvanceElite\bin\utilAdvanceElite.exe
C:\Program Files (x86)\AdvanceElite\AdvanceEliteBHO.dllZHPCleaner Overview:
FOUND data: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\\AutoConfigUrl [Bad: file://C:\Program Files (x86)\AdvanceElite\bin\Pac9064.js]
FOUND data: [X64] HKLM\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters\Internet\ManualProxies\\Default [Bad: 0file://C:\Program Files (x86)\AdvanceElite\bin\Pac9064.js]
FOUND key: [X64]HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\AdvanceElite_RASAPI32[]
FOUND key: [X64]HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\AdvanceElite_RASMANCS[]
FOUND key: [X64]HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateAdvanceElite_RASAPI32[]
FOUND key: [X64]HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateAdvanceElite_RASMANCS[]
FOUND key: [X64]HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilAdvanceElite_RASAPI32[]
FOUND key: [X64]HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilAdvanceElite_RASMANCS[]
TROUVÉ valeur: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules\\{A7DE62CF-6F88-4C79-A334-B5F45A420657} [C:\Program Files (x86)\AdvanceElite\bin\AdvanceElite.BRT.Helper.exe]
FOUND value: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules\\{8A48972F-1CDE-4F81-91D9-B280DB3129ED} [C:\Program Files (x86)\AdvanceElite\bin\AdvanceElite.BRT.Helper .exe]
FOUND value: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules\\{6BFF7926-051C-45CB-90C5-48960003B0DA} [C:\Program Files (x86)\AdvanceElite\bin\AdvanceElite.BRT.Helper .exe]
TROUVÉ valeur: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules\\{8D01C563-81B2-4A0F-AAA0-AD411818A55B} [C:\Program Files (x86)\AdvanceElite\bin\AdvanceElite.BRT.Helper.exe]Aliases AdvanceElite:
PUP.Optional.AdvanceElite.A [Malwarebytes]
PUP.Optional.Sambreel (Malwarebytes)
Adware.AdvanceElite [Malwarebytes]
Adware.SuperWeb [Malwarebytes]
Adware.SambreelDiagnose with ZHPSuite... Uninstall with Windows... Delete with ZHPCleaner... Remove with Malwarebytes...
Free support forum
Nicholas Coolman
-
-
AuthorMessages
- You must be logged in to reply to this topic.