[Nicholas Coolman]

The programme Pricora falls into the category of Advertising Software (Adware).

It can display ads in the form of coupons and banner ads in the form of popups.

These announcements are usually signed with the words “Powered by”, “Brought to you by” or even “Ads by”, followed by the adware name.

This program is classified in the category of advertising software (Adware), from the English "ADS" short for the English Advertissement (Promotional poster). Adware usually installs as a program or browser extension and is loaded every time the system starts. They can launch services, start scheduled tasks, and create shortcuts on your Desktop. All these operations are done with or without your consent according to the terms of its user contract. Once installed, adware can modify certain settings of your browsers such as search pages, the start page or even your "404" error page. Adware can collect your browsing habits and communicate them to a server using the tracking method because it is most often a marketing solution aimed at retaining customers.

While browsing, it generally displays ads in the form of coupons and advertising banners in the form of popups. These ads are generally signed with the words "Powered by", "Brought to you by" or "Ads by", followed by the name of the adware. But some adware exaggerates the size and frequency of displaying ads, which can harm the speed of Internet browsing and the visibility of the content of the pages consulted. Please also note that the advertising publisher may decline any responsibility for the content of the links targeted by its advertisements. Ultimately, the goal of these programs is to make money by driving web traffic to sponsored sites. Some adware is installed via packaged software and are not necessarily wanted by the user and antiviruses generally classify them as Potentially Unwanted Software (LPI/PUP).
[the_ad id = "33969"]


Spyware (spyware) and adware (adwares) unwanted files, just like malware, can use the writing flaws of legitimate software or those of operating systems. It is therefore essential to have official software and that it has automatic updating. Likewise, your Windows operating system must be programmed in automatic update mode and activated, so that you can have the latest updates for critical security vulnerabilities.

Main Actions:
– It installs as a process launched at system startup (RP),
- It installs an extension program for the Google Chrome (G2) browser,
- It installs an extension program for the Mozilla Firefox (M2) browser,
- It is installed as Browser Helper Object (BHO) of Internet Browser (O2),
- It is installed as a service to be launched each time the system starts (O23), (SS/SR),
- It starts a scheduled task automatically (O38),
- It installs as a program (O42)
- Adds additional folders (O43),
– It creates registry keys and values ​​(O88),

ZHPDiag Overview
G2 – GCE: Preference [User Data\Default] [algmakeomkafjglfhpomolfhjppoojff] Pricora v.1.23.11, (Enabled)
G2 – GCE: Preference [User Data\Default] [gfnkhcooecjmgnbcigmnhealjobfoapd] Clear Local Storage
M2 – MFEP: prefs.js [Coolman – 2fd2hr1v.default-1362945194828\94ae0976-89df-4347-9771-5371c6e203bf@3796dc63-d06d-4575-a997-9b5c935fe915.com] [] Pricora v (..)
M2 – MFEP: prefs.js [Coolman – 2m7xccy3.default-1382127386665\1344f467-62e2-49ae-9a5c-c34de51c0d14@9dc80408-e47d-4a28-9177-756634bedb87.com] [] Pricora 1.4 v (..)
O2 – BHO: CrossriderApp0035329 [64Bits] – {11111111-1111-1111-1111-110311531129} . (.Corporate Inc – Pricora BHO.) — C:\Program Files (x86)\Pricora\Pricora-bho.dll
O2 – BHO: CrossriderApp0058173 – {11111111-1111-1111-1111-110511811173}. (.Corporate Inc – Pricora 12.0 BHO.) — C:\Program Files\Pricora 12.0\Pricora 12.0-bho.dll
O38 – APT:Automatic Scheduled Task – C:\WINDOWS\Tasks\Pricora-chromeinstaller.job [1848]
O38 – APT:Automatic Scheduled Task – C:\WINDOWS\Tasks\Pricora-codedownloader.job [1162]
O38 – APT:Automatic Scheduled Task – C:\WINDOWS\Tasks\Pricora-enabler.job [1062]
O38 – APT:Automatic Scheduled Task – C:\WINDOWS\Tasks\Pricora-firefoxinstaller.job [1774]
O38 – APT:Automatic Scheduled Task – C:\WINDOWS\Tasks\Pricora-updater.job [1158]
[MD5.59BE5C8AD4758A4405E13BCE1D3BE665] [APT] [Pricora-chromeinstaller] (.Corporate Inc.) — C:\Program Files (x86)\Pricora\Pricora-chromeinstaller.exe [460800]
[MD5.DAA7EAAEEB67125192A16FCCE7EEDD9D] [APT] [Pricora-codedownloader] (.Corporate Inc.) — C:\Program Files (x86)\Pricora\Pricora-codedownloader.exe [476672]
[MD5.1696645FDB0519682C3D79DACA321A71] [APT] [Pricora-enabler] (.Corporate Inc.) — C:\Program Files (x86)\Pricora\Pricora-enabler.exe [342528]
[MD5.D724F163E9FE2848318E0807B3CE563D] [APT] [Pricora-firefoxinstaller] (.Corporate Inc.) — C:\Program Files (x86)\Pricora\Pricora-firefoxinstaller.exe [722432]
[MD5.38D5A3A91582699F43193E3D754DECE9] [APT] [Pricora-updater] (.Corporate Inc.) — C:\Program Files (x86)\Pricora\Pricora-updater.exe [362496]
O42 – Software: Pricora – (.Corporate Inc.) [HKLM] — Pricora
O42 – Software: Services-x87 – (.Corporate Inc.) [HKLM][64Bits] — Services-x87
[HKCU\Software\Pricora]
[HKCU\Software\AppDataLow\Software\Pricora]
[HKCU\Software\AppDataLow\Software\Services-x87]
O43 – CFD: 22/06/2013 – 13:30:15 PM – [6,637] —-DC:\Program Files (x86)\Pricora
O43 – CFD: 01/07/2013 – 09:12:38 – [4,012] —-DC:\Program Files (x86)\Services-x87
O43 – CFD: 15/10/2013 – 15:48:19 – [6,242] —-DC:\Program Files (x86)\Pricora 1.4
[MD5.50AC1576693B7026D54B2D73E2C51E76] [SPRF][25/07/2013] (. – Pricora.) — C:\Users\Coolman\AppData\Local\Temp\silent_pricora_deltaArgs_FR.exe [5658552]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311531129}]
[HKLM\Software\Classes\CLSID\{11111111-1111-1111-1111-110311531129}]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110311531129}]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110311531129}]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pricora]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Services-x87]
[HKLM\Software\Google\Chrome\Extensions\algmakeomkafjglfhpomolfhjppoojff]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pricora]
[HKCU\Software\Pricora]
[HKCU\Software\AppDataLow\Software\Pricora]
C:\Users\Coolman\AppData\Local\Google\Chrome\User Data\Default\Extensions\algmakeomkafjglfhpomolfhjppoojff
C:\Users\Coolman\AppData\Local\Temp\silent_pricora_deltaArgs_FR.exe
C:\Program Files (x86)\Pricora

Alias:
Adware/Coupons.B [Antivir]
AdInstaller.T [AVG]
AdWare.Coupons [Ikarus]
Trojan.Win32.Crossrider.cukecz
AVG AdInstaller.T 20141226
Avira (no cloud) Adware/Coupons.B 20141226
Baidu-International Adware.Win32.AdInstaller.BB 20141226
CMC Trojan.Win32.Generic!O 20141218
Comodo ApplicUnwnt 20141226
DrWeb Trojan.Crossrider.9 20141226
ESET-NOD32 Win32/Adware.AdInstaller.B 20141226
Fortinet Riskware/AdInstaller 20141226
Ikarus AdWare.Coupons 20141226
Kaspersky not-a-virus:AdWare.Win32.Agent.alrs 20141226
Malwarebytes PUP.Optional.Pricora.A 20141226
McAfee Artemis!9A35A044A3D9 20141226
McAfee-GW-Edition Artemis!PUP 20141226
NANO-Antivirus Trojan.Win32.Crossrider.cukecz 20141226
Qihoo-360 Win32/Virus.Adware.997 20141226
Rising PE:Trojan.Win32.Spiejy.a!1075356057 20141225
Sophos Generic PUA EF 20141226
SUP.Optional.Pricora

Diagnose with ZHPSuite...  Uninstall with Windows...  Delete with ZHPCleaner...  Remove with Malwarebytes...

Free support forum
Nicholas Coolman

[Author]

Messages