Friday, January 3, 2014

GS.Enabler and other 3 malware

Today I found GS.Enabler listed in the Programs and Features, whereas I remembered it was like I never install this software. Then quickly find information using Google, on average, say it is ad-ware.


Screenshot 1: Programs and Features (Windows 7)



All four of the first software in the list are not installed by me.

I starting to remove all four of them. When you click on uninstall, the software is gone from the list without any message, but only  ss Supporter 1.80 issued a message saying "Sorry to see you leave."

I will keep an eye on this. If something weird happened, I will update this post.

Update on 8th Jan 2014

 If you noticed from the image of Screenshot 1 above, the forth item (GreatsauVer) has been removed from my computer through  uninstall button, but it is reappeared today in my Program Files folders. Maybe it did not completely remove during uninstallation process.

Traces of GreatsauVer:

  1. Program Files
  2. Registry
  3. Internet Explorer Add-Ons

1. Program Files File List 
  Volume in drive C has no label.  
  Volume Serial Number is 5623-2F16  
   
  Directory of C:\Program Files (x86)\GreatsauVer  
   
 08/01/2014 09:29 AM      <DIR>         .  
 08/01/2014 09:29 AM      <DIR>         ..  
 02/01/2013 05:42 PM             3,454 3fLk_PW1h.dat  
 02/01/2013 05:42 PM           427,008 3flk_pw1h.dll  
 02/01/2014 05:42 PM             3,832 3fLk_PW1h.tlb  
 02/01/2013 05:42 PM           476,160 3flk_pw1h.x64.dll  
               4 File(s)        910,454 bytes  
   
     Total Files Listed:  
               4 File(s)        910,454 bytes  
               2 Dir(s)  33,506,590,720 bytes free

2. Registry 
 REGEDIT4  
   
 ; Search results from 08/01/2014 08:44:51 AM  
 ; Search style: Simple substring search  
 ; Search for: GreatsauVer  
 ; Search for keys that are of any date.   
 ; Search focus: Keys, Values, Data  
 ; Data types: Strings, Numerics  
 ; Search range: HKEY_LOCAL_MACHINE  
   
 [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7539EA2A-2001-D289-B49C-1497758112A1}]  
 @="GreatsauVer"  
   
 [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7539EA2A-2001-D289-B49C-1497758112A1}]  
 @="GreatsauVer"  
   
 [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7539EA2A-2001-D289-B49C-1497758112A1}]  
 @="GreatsauVer"  
   
 [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7539EA2A-2001-D289-B49C-1497758112A1}]  
 @="GreatsauVer"  
   
 [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7539EA2A-2001-D289-B49C-1497758112A1}\InprocServer32]  
 @="C:\\Program Files (x86)\\GreatsauVer\\3fLk_PW1h.dll"  
   
 [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7539EA2A-2001-D289-B49C-1497758112A1}\InprocServer32]  
 @="C:\\Program Files (x86)\\GreatsauVer\\3fLk_PW1h.dll"  
   
 [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7539EA2A-2001-D289-B49C-1497758112A1}\InprocServer32]  
 @="C:\\Program Files (x86)\\GreatsauVer\\3fLk_PW1h.dll"  
   
 [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7539EA2A-2001-D289-B49C-1497758112A1}\InprocServer32]  
 @="C:\\Program Files (x86)\\GreatsauVer\\3fLk_PW1h.dll"  
   
 [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\greATsavEr.greATsavEr.2.7]  
 @="GreatsauVer"  
   
 [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\greATsavEr.greATsavEr.2.7]  
 @="GreatsauVer"  
   
 [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\greATsavEr.greATsavEr.2.7]  
 @="GreatsauVer"  
   
 [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\greATsavEr.greATsavEr.2.7]  
 @="GreatsauVer"  
   
 [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\greATsavEr.greATsavEr]  
 @="GreatsauVer"  
   
 [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\greATsavEr.greATsavEr]  
 @="GreatsauVer"  
   
 [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\greATsavEr.greATsavEr]  
 @="GreatsauVer"  
   
 [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\greATsavEr.greATsavEr]  
 @="GreatsauVer"  
   
 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{7539EA2A-2001-D289-B49C-1497758112A1}]  
 @="GreatsauVer"  
   
 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{7539EA2A-2001-D289-B49C-1497758112A1}]  
 @="GreatsauVer"
3. Internet Explorer Add-On
Screenshot 3: Internet Explorer Add-Ons


Antivirus Detection and Removal:

Screenshot 2: GreatsauVer in Program Files
Comodo Internet Security has detected this GreatsauVer as unwanted application and automatically move to quarantine.

Removing all traces:
  1. Use your anti-viral to remove any detected malware
  2. Totally remove the program folders
  3. Remove all registry traces (how? please wait for next post.)
  4. Use CCleaner to remove the IE Addons.



This post contains some form of enhancement from:
Posted by at

3 comments:

  1. UnknownJanuary 3, 2014 at 4:46 PM

    i had that folder and software installed too, i erased it completely i think, but i dont whats gonna happen next so yeah, please let us know what happens

    ReplyDelete
    Replies
    1. UnknownJanuary 8, 2014 at 11:13 AM

      after delete all the traces, please be careful when installing any freeware. some freeware contains malware, adware and so on.

      Delete
    2. UnknownJanuary 14, 2014 at 11:15 AM

      I think i've met a newer version of this, its name was "greatsaOver" in the registry. I killed it all.

      Delete

Put a nice comments.. or kabooommm.!

Subscribe to: Post Comments (Atom)
Google
 
Related Posts Plugin for WordPress, Blogger...
Note: English is not my first language.