317

Labeled: , , ,

You are reading 0 threads
  • Author
    Messages
    • 29 May 2020 9 in 16 h min #25500
      Nicholas Coolman
      Key Master

      The programme VShareRedir falls into the category of Potentially Unwanted Optional Software (LPI/PUP).

      LPIs, or PUPs, typically install as a program or browser extension and are loaded each time the operating system is started.


      Potentially Unwanted Software (PUP/LPI) can launch services, start scheduled tasks, and create shortcuts on your Desktop. All these operations are done with or without your consent according to the terms of its user contract. Once installed, an LPI can modify certain parameters of your browsers such as search pages, the start page or even your error page. It can collect your browsing habits and communicate them to a server using the tracking method. While browsing, it may display advertisements (coupons) and advertising banners (popups). The goal of this program is often to make money by generating web traffic to sponsored sites.


      Potentially unwanted software (LPI) or Potentialy Unwanted Programs (PUP) are the cause of many infections.
      The most common example is adware. InstallCore, Crossrider, Graftor ou Boxore which pollute the Registry and your data storage units. They are usually installed without your knowledge by downloading freeware. Indeed some sites use the repackaging method, an operation which consists of redoing the software installation module by adding download options. These options allow you to add other software such as browser toolbars, adware, potentially unwanted software, intrusive advertising software, or even browser hijackers.


      Spyware (spyware) and adware (adwares) unwanted files, just like malware, can use the writing flaws of legitimate software or those of operating systems. It is therefore essential to have official software and that it has automatic updating. Likewise, your Windows operating system must be programmed in automatic update mode and activated, so that you can have the latest updates for critical security vulnerabilities.

      Main actions:
      - It installs an extension program for the Mozilla Firefox (M2) browser,
      - It installs an extension program for the Google Chrome (G2) browser,
      - It is installed as Browser Helper Object (BHO) of Internet Browser (O2),
      - It is installed as a toolbar (Toolbar) of Internet Browser (O3),
      – He practices protocol hacking (O18),
      - It installs as a program (O42)
      – It creates “Software” Registry keys.
      - Adds additional folders (O43),
      - It modifies the Internet search provider (O69),
      – It creates multiple registry keys and values ​​(O88),
      – It creates multiple files and folders (O88),

      ZHPDiag overview:
      M2 – MFEP: prefs.js [Coolman – bdrsixd1.default\{dd05fd3d-18df-4ce4-ae53-e795339c5f01}] [] vshare Add-On v1.21 (.vshare.tv.)
      G2 – GCE: Preference [User Data\Default] [kpionmjnkbpcdpcflammlgllecmejgjj] vshare plugin v.1.3 (Enabled)
      O2 – BHO: IE5BarLauncherBHO Class – {78F3A323-798E-4AEA-9A57-88F4B05FD5DD} . (.VShare Inc. – This is a module that is required for the o.) — C:\Program Files\vShare.tv plugin\BarLcher.dll
      O2 – BHO: vShare Toolbar – {043C5167-00BB-4324-AF7E-62013FAEDACF}. (…) — C:\Program Files\vShare\vshare_toolbar.dll
      O3 – Toolbar: VShareToolBar – {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} . (.VShare Inc. – This is a module that is required for the o.) — C:\Program Files\vShare.tv plugin\BarLcher.dll
      O3 – Toolbar: vShare Toolbar – {043C5167-00BB-4324-AF7E-62013FAEDACF}. (…) — C:\Program Files\vShare\vshare_toolbar.dll
      O18 – Handler: vsharechrome – {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} . (…) — C:\Program Files\vShare\vshare_toolbar.dll
      O42 – Software: vShare Plugin – (…) [HKLM][64Bits] — vShare
      O42 – Software: vShare.tv plugin 1.3 – (.vShare.tv, Inc..) [HKLM] — vShare.tv plugin
      [HKCU\Software\vShare]
      [HKCU\Software\vShare.tv]
      O43 – CFD: 26/11/2011 – 19:31:16 – [0,566] —-D- C:\Program Files\vShare.tv plugin
      O43 – CFD: 9/03/2011 – 20:41:27 – [1,313] —-D C:\Program Files (x86)\vShare
      O69 – SBI: SearchScopes [HKCU] {043C5167-00BB-4324-AF7E-62013FAEDACF} – (Web Search…) – https://vshare.toolbarhome.com
      [HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar]:{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}
      [HKLM\Software\Google\Chrome\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj]
      [HKCR\CLSID\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}]
      [HKCR\TypeLib\{BB7256DD-EBA9-480B-8441-A00388C2BEC3}]
      [HKLM\Software\Classes\MyNewsBarLauncher.IE5BarLauncher]
      [HKLM\Software\Classes\MyNewsBarLauncher.IE5BarLauncher.1]
      [HKLM\Software\Classes\MyNewsBarLauncher.IE5BarLauncherBHO]
      [HKLM\Software\Classes\MyNewsBarLauncher.IE5BarLauncherBHO.1]
      [HKCR\MyNewsBarLauncher.IE5BarLauncherBHO.1]
      [HKCR\MyNewsBarLauncher.IE5BarLauncherBHO]
      [HKLM\Software\Classes\Interface\{3D782BB2-F2A5-11D3-BF4C-000000000000}]
      [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}]
      [HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}]
      [HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}]
      [HKLM\Software\Classes\CLSID\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}]
      [HKLM\Software\Classes\CLSID\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}]
      [HKLM\Software\Classes\TypeLib\{BB7256DD-EBA9-480B-8441-A00388C2BEC3}]
      [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}]
      [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}]
      [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}]
      [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}]
      [HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser|{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}]
      [HKCU\Software\vShare.tv]
      [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\vShare]
      [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\vShare.tv plugin]
      [HKCU\Software\vShare]
      C:\Program Files (x86)\vShare
      C:\Users\Coolman\AppData\LocalLow\vShare
      C:\Program Files\vShare.tv plugin
      C:\Program Files\vShare.tv plugin\BarLcher.dll
      C:\Program Files\vShare\vshare_toolbar.dll
      C:\Program Files (x86)\StartSearch plugin

      A.k.a :
      Parasite.Pugi
      Adware.StartSearch
      Adware.Searcher.1298 [DrWeb]
      PUP.VShareRedir [Malwarebytes]
      PUP.Optional.VShareRedir

      Diagnose with ZHPSuite...  Uninstall with Windows...  Delete with ZHPCleaner...  Remove with Malwarebytes...

      Free support forum
      Nicholas Coolman

  • Author
    Messages
You are reading 0 threads
  • You must be logged in to reply to this topic.
Back to top