GamePlayLabs
GamePlayLabs is an adware program that imitates to help you in your web browsing, but actually just controls your activities, so it can send you advertisements. GamePlayLabs is created to install and initiate other malicious applications on the victim's PC without his/her permission or knowledge. GamePlayLabs can also open up a backdoor through which the criminal can get access to any information gathered on your computer, such as personal and financial information. GamePlayLabs can circulate via the network if the malicious drive is shared on the network and enable the criminal remotely access to the computer system. It is highly recommended to remove GamePlayLabs before it harms your PC system.
File System Modifications
- The following files were created in the system:
# File Name 1 %TEMP%\Cab42.tmp 2 %TEMP%\Cab44.tmp 3 %TEMP%\Cab46.tmp 4 %TEMP%\Cab48.tmp 5 %TEMP%\Cab4A.tmp 6 %TEMP%\Cab4C.tmp 7 %TEMP%\Cab4E.tmp 8 %TEMP%\Cab50.tmp 9 %TEMP%\Cab52.tmp 10 %TEMP%\nsd3F.tmp 11 %TEMP%\nsi40.tmp 12 %TEMP%\nst41.tmp 13 %TEMP%\nst41.tmp\inetc.dll 14 %TEMP%\nst41.tmp\install.xml 15 %TEMP%\nst41.tmp\md5dll.dll 16 %TEMP%\nst41.tmp\modern-wizard.bmp 17 %TEMP%\nst41.tmp\nsisos.dll 18 %TEMP%\nst41.tmp\nsisXML.dll 19 %TEMP%\nst41.tmp\System.dll 20 %TEMP%\nst41.tmp\tmp 21 %TEMP%\nst41.tmp\UAC.dll 22 %TEMP%\nst41.tmp\UserInfo.dll 23 %TEMP%\RarSFX0\__tmp_rar_sfx_access_check_2092171 24 %TEMP%\RarSFX0\GamePlayLabsInstaller.exe 25 %TEMP%\RarSFX0\Setup.ini 26 %TEMP%\Tar43.tmp 27 %TEMP%\Tar45.tmp 28 %TEMP%\Tar47.tmp 29 %TEMP%\Tar49.tmp 30 %TEMP%\Tar4B.tmp 31 %TEMP%\Tar4D.tmp 32 %TEMP%\Tar4F.tmp 33 %TEMP%\Tar51.tmp 34 %TEMP%\Tar53.tmp 35 %USERPROFILE%\Local Settings\Application Data\GamePlayLabs Plugin\BHO.dll 36 %USERPROFILE%\Local Settings\Application Data\GamePlayLabs Plugin\gplplugin.crx 37 %USERPROFILE%\Local Settings\Application Data\GamePlayLabs Plugin\setup.ini 38 %USERPROFILE%\Local Settings\Application Data\GamePlayLabs Plugin\Uninstall.exe
Registry Modifications
- The following newly produced Registry Values are:
HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\SOFTWARE\GAMEPLAYLABS\HKEY_CURRENT_USER\SOFTWARE\GAMEPLAYLABS\FR = 1271914896HKEY_CURRENT_USER\SOFTWARE\GAMEPLAYLABS\RULE_/ = 127191511HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\EXTENSIONS\CMDMAPPING\NEXTID = 8194HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\EXTENSIONS\CMDMAPPING\{92780B25-18CC-41C8-B9BE-3C9C571A8263} = 8193HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\WINDOW_PLACEMENT = [BINARY DATA]HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\LOCKED = 1HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\APPID\BHO.DLL\HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\APPID\BHO.DLL\APPID = {65C994A2-C65A-4A20-BA92-AADAFC0DCE49}HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\APPID\{65C994A2-C65A-4A20-BA92-AADAFC0DCE49}\HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\BHO.GAMEPLAYLABSBHO.1\HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\BHO.GAMEPLAYLABSBHO.1\CLSID\HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\BHO.GAMEPLAYLABSBHO\HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\BHO.GAMEPLAYLABSBHO\CLSID\HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\BHO.GAMEPLAYLABSBHO\CURVER\HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{984A9162-8891-4D19-8CFE-17648BB4E1EC}\HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{984A9162-8891-4D19-8CFE-17648BB4E1EC}\INPROCSERVER32\HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{984A9162-8891-4D19-8CFE-17648BB4E1EC}\INPROCSERVER32\THREADINGMODEL = ApartmentHKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{984A9162-8891-4D19-8CFE-17648BB4E1EC}\PROGID\HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{984A9162-8891-4D19-8CFE-17648BB4E1EC}\PROGRAMMABLE\HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{984A9162-8891-4D19-8CFE-17648BB4E1EC}\TYPELIB\HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{984A9162-8891-4D19-8CFE-17648BB4E1EC}\VERSIONINDEPENDENTPROGID\HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{8E7AD93B-3E87-423D-947F-A321FA7E31C4}\HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{8E7AD93B-3E87-423D-947F-A321FA7E31C4}\PROXYSTUBCLSID32\HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{8E7AD93B-3E87-423D-947F-A321FA7E31C4}\PROXYSTUBCLSID\HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{8E7AD93B-3E87-423D-947F-A321FA7E31C4}\TYPELIB\HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{8E7AD93B-3E87-423D-947F-A321FA7E31C4}\TYPELIB\VERSION = 1.0HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TYPELIB\{199C34A4-5436-403F-A250-219E16672570}\HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TYPELIB\{199C34A4-5436-403F-A250-219E16672570}\1.0\HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TYPELIB\{199C34A4-5436-403F-A250-219E16672570}\1.0\0\HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TYPELIB\{199C34A4-5436-403F-A250-219E16672570}\1.0\0\WIN32\HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TYPELIB\{199C34A4-5436-403F-A250-219E16672570}\1.0\FLAGS\HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TYPELIB\{199C34A4-5436-403F-A250-219E16672570}\1.0\HELPDIR\HKEY_LOCAL_MACHINE\SOFTWARE\GOOGLE\HKEY_LOCAL_MACHINE\SOFTWARE\GOOGLE\CHROME\HKEY_LOCAL_MACHINE\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\HKEY_LOCAL_MACHINE\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\OCPHOBFCFAFPCLIBOLPJDAFGAFFKAOCI\HKEY_LOCAL_MACHINE\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\OCPHOBFCFAFPCLIBOLPJDAFGAFFKAOCI\PATH = %USERPROFILE%\Local Settings\Application Data\GamePlayLabs Plugin\gplplugin.crxHKEY_LOCAL_MACHINE\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\OCPHOBFCFAFPCLIBOLPJDAFGAFFKAOCI\VERSION = 1.0HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\DIRECTDRAW\MOSTRECENTAPPLICATION\ID = [PRIVATE SUBNET]HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\DIRECTDRAW\MOSTRECENTAPPLICATION\NAME = iexplore.exeHKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{984A9162-8891-4D19-8CFE-17648BB4E1EC}\HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{984A9162-8891-4D19-8CFE-17648BB4E1EC}\NOEXPLORER = 1HKEY_LOCAL_MACHINE\Software\[APPLICATION]\Microsoft\Windows\CurrentVersion\Uninstall..{Uninstaller}GAMEPLAYLABS PLUGIN\GAMEPLAYLABS PLUGIN\DISPLAYNAME = GamePlayLabs PluginGAMEPLAYLABS PLUGIN\UNINSTALLSTRING = "%USERPROFILE%\Local Settings\Application Data\GamePlayLabs Plugin\Uninstall.exe"
Additional Information on GamePlayLabs
- The following domains were detected:
# Domain 1 174.129.215.***:80 2 208.187.212.***:80 3 69.171.224.**:80 4 174.129.245.**:80 5 216.137.35.***:443 6 hxxp://www.gameplaylabs.com/newuser/584cabc6b3f04d52b7e23ffbf17c3258/***** 7 hxxp://d.gameplaylabs.com/ce9237be57719933386c8a88b67bf7a5/*****
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.