Adware.ActiveSearch!rem
Adware.ActiveSearch!rem is a malicious adware program that controls your online activities, such as your searches on the search engine, account passwords and email addresses. Adware.ActiveSearch!rem shows numerous pop-up alerts and advertisements on the affected PC. Adware.ActiveSearch!rem will delete your system files and change the browser settings. Adware.ActiveSearch!rem may reroute you to visit some infected websites. Adware.ActiveSearch!rem is a serious threat to your computer system security, and it has to be removed quickly from your machine otherwise it could harm your PC.
File System Modifications
- The following files were created in the system:
# File Name 1 %CommonAppData%\RoboForm\license.rfo 2 %System%\mi2.exe 3 %Temp% 4 %Temp%\_rf.log 5 %Temp%\nsv2.tmp\Internet.dll 6 %Temp%\nsv2.tmp\NSISdl.dll 7 %Temp%\RFSD84A.tmp\affid.txt 8 %Temp%\RFSD84A.tmp\ar-Arabic.rfi 9 %Temp%\RFSD84A.tmp\br-Brasilian.rfi 10 %Temp%\RFSD84A.tmp\cacert.pem 11 %Temp%\RFSD84A.tmp\Chrome\background.html 12 %Temp%\RFSD84A.tmp\Chrome\background.js %Temp%\RFSD84A.tmp\Chrome\common.js 13 %Temp%\RFSD84A.tmp\Chrome\content.js 14 %Temp%\RFSD84A.tmp\Chrome\filler.js 15 %Temp%\RFSD84A.tmp\Chrome\manifest.json 16 %Temp%\RFSD84A.tmp\Chrome\plugin\nprobo1.dll 17 %Temp%\RFSD84A.tmp\Chrome\plugin\rf-chrome-plugin.dll 18 %Temp%\RFSD84A.tmp\Chrome\rf_f1.js 19 %Temp%\RFSD84A.tmp\Chrome\robo128.png 20 %Temp%\RFSD84A.tmp\Chrome\robo16.png 21 %Temp%\RFSD84A.tmp\Chrome\robo32.png 22 %Temp%\RFSD84A.tmp\Chrome\robo48.png 23 %Temp%\RFSD84A.tmp\cn-Chinese.rfi 24 %Temp%\RFSD84A.tmp\cz-Czech.rfi 25 %Temp%\RFSD84A.tmp\dbghelp.dll 26 %Temp%\RFSD84A.tmp\de-German.rfi 27 %Temp%\RFSD84A.tmp\dk-Danish.rfi 28 %Temp%\RFSD84A.tmp\dndhandle.gif 29 %Temp%\RFSD84A.tmp\en-english.rfi 30 %Temp%\RFSD84A.tmp\es-Spanish.rfi 31 %Temp%\RFSD84A.tmp\fa-Persian.rfi 32 %Temp%\RFSD84A.tmp\fi-Finnish.rfi 33 %Temp%\RFSD84A.tmp\Firefox\chrome.manifest 34 %Temp%\RFSD84A.tmp\Firefox\chrome\roboform.jar 35 %Temp%\RFSD84A.tmp\Firefox\components\rfhelper32.js 36 %Temp%\RFSD84A.tmp\Firefox\components\rfproxy_31.dll 37 %Temp%\RFSD84A.tmp\Firefox\components\rfproxy_31.xpt 38 %Temp%\RFSD84A.tmp\Firefox\components\rfproxy_32.dll 39 %Temp%\RFSD84A.tmp\Firefox\components\rfproxy_32.xpt 40 %Temp%\RFSD84A.tmp\Firefox\install.rdf 41 %Temp%\RFSD84A.tmp\Firefox\rfhelper32.manifest%Temp%\RFSD84A.tmp\fr-French.rfi 42 %Temp%\RFSD84A.tmp\he-Hebrew.rfi 43 %Temp%\RFSD84A.tmp\hr-Croatian.rfi 44 %Temp%\RFSD84A.tmp\identities.exe 45 %Temp%\RFSD84A.tmp\install.bmp 46 %Temp%\RFSD84A.tmp\it-Italian.rfi 47 %Temp%\RFSD84A.tmp\jp-Japanese.rfi 48 %Temp%\RFSD84A.tmp\kr-Korean.rfi 49 %Temp%\RFSD84A.tmp\license-ar.txt 50 %Temp%\RFSD84A.tmp\license-br.txt 51 %Temp%\RFSD84A.tmp\license-cn.txt 52 %Temp%\RFSD84A.tmp\license-cz.txt 53 %Temp%\RFSD84A.tmp\license-de.txt 54 %Temp%\RFSD84A.tmp\license-dk.txt 55 %Temp%\RFSD84A.tmp\license-en.txt 56 %Temp%\RFSD84A.tmp\license-es.txt 57 %Temp%\RFSD84A.tmp\license-fi.txt 58 %Temp%\RFSD84A.tmp\license-fr.txt 59 %Temp%\RFSD84A.tmp\license-he.txt 60 %Temp%\RFSD84A.tmp\license-hr.txt 61 %Temp%\RFSD84A.tmp\license-it.txt 62 %Temp%\RFSD84A.tmp\license-jp.txt 63 %Temp%\RFSD84A.tmp\license-kr.txt 64 %Temp%\RFSD84A.tmp\license-lt.txt 65 %Temp%\RFSD84A.tmp\license-nl.txt 66 %Temp%\RFSD84A.tmp\license-pl.txt 67 %Temp%\RFSD84A.tmp\license-ru.txt 68 %Temp%\RFSD84A.tmp\license-sb.txt 69 %Temp%\RFSD84A.tmp\license-sc.txt 70 %Temp%\RFSD84A.tmp\license-se.txt 71 %Temp%\RFSD84A.tmp\license-tr.txt 72 %Temp%\RFSD84A.tmp\license-ua.txt 73 %Temp%\RFSD84A.tmp\license-zh.txt 74 %Temp%\RFSD84A.tmp\lt-Lithuanian.rfi 75 %Temp%\RFSD84A.tmp\nl-Dutch.rfi 76 %Temp%\RFSD84A.tmp\no-Norwegian.rfi 77 %Temp%\RFSD84A.tmp\Opera\config.xml 78 %Temp%\RFSD84A.tmp\Opera\includes\roboform.js 79 %Temp%\RFSD84A.tmp\Opera\index.html 80 %Temp%\RFSD84A.tmp\Opera\robo18.png 81 %Temp%\RFSD84A.tmp\Opera\robo48.png 82 %Temp%\RFSD84A.tmp\passwordgenerator.exe 83 %Temp%\RFSD84A.tmp\pl-Polish.rfi 84 %Temp%\RFSD84A.tmp\rfmozhlp.dll 85 %Temp%\RFSD84A.tmp\rfwipeout.exe 86 %Temp%\RFSD84A.tmp\roboform.dll 87 %Temp%\RFSD84A.tmp\robotaskbaricon.exe 88 %Temp%\RFSD84A.tmp\ru-Russian.rfi 89 %Temp%\RFSD84A.tmp\sb-Serbian.rfi 90 %Temp%\RFSD84A.tmp\sc-Serbian.rfi 91 %Temp%\RFSD84A.tmp\se-Swedish.rfi 92 %Temp%\RFSD84A.tmp\sk-Slovak.rfi 93 %Temp%\RFSD84A.tmp\tr-Turkish.rfi 94 %Temp%\RFSD84A.tmp\ua-Ukrainian.rfi 95 \RFSD84A.tmp\Firefox\chrome.manifest
Registry Modifications
- The following newly produced Registry Values are:
HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Classes\CLSID\{724d43a1-0d85-11d4-9908-00400523e39a}HKEY_CURRENT_USER\Software\Siber SystemsHKEY_CURRENT_USER\Software\Siber Systems\RoboFormHKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{724d43a1-0d85-11d4-9908-00400523e39a}HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{724d43a1-0d85-11d4-9908-00400523e39a}\Implemented CategoriesHKEY_LOCAL_MACHINE\SOFTWARE\Classes\Test.Class.1HKEY_LOCAL_MACHINE\SOFTWARE\Siber SystemsHKEY_LOCAL_MACHINE\SOFTWARE\Siber Systems\RoboFormHKEY..\..\..\..{RegistryKeys}\Implemented Categories
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.