Adware.Vonteera
Posted: August 28, 2013
Threat Metric
The Threat Meter is a malware assessment that SpywareRemove.com's research team is able to
give every identifiable malware threat. Our Threat Meter includes several criteria based off of
specific malware threats to value their severity, reach and volume. The Threat Meter is able to give
you a numerical breakdown of each threat's initial Threat Level, Detection Count, Volume Count,
Trend Path and Percentage Impact. The overall ranking of each threat in the Threat Meter is a basic
breakdown of how all threats are ranked within our own extensive malware database. The scoring for
each specific malware threat can be easily compared to other emerging threats to draw a contrast in
its particular severity. The Threat Meter is a useful tool in the endeavor of seeking a solution to
remove a threat or pursue additional analytical research for all types of computer users.
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Ranking: | 4,259 |
|---|---|
| Threat Level: | 2/10 |
| Infected PCs: | 239,201 |
| First Seen: | August 28, 2013 |
|---|---|
| Last Seen: | March 8, 2025 |
| OS(es) Affected: | Windows |
Adware:Win32/Vonteera is adware that injects advertisements into your browser promoting various products and services, such as free media players. Because the formats of advertisements favored by Adware:Win32/Vonteera make it unclear what content is delivered by Adware:Win32/Vonteera, and because these advertisements also may be used to deliver potentially unsafe content to your browser, SpywareRemove.com malware researchers recommend removing Adware:Win32/Vonteera as a general security risk that should be dealt with by good anti-malware programs. However, if you minimize any contact with Adware:Win32/Vonteera's advertisements and remove Adware:Win32/Vonteera as soon as possible, your PC is more likely than not to survive a temporary Adware:Win32/Vonteera infection unscathed.
The Advertisements Coming for Any Browser You Happen to Like
Adware:Win32/Vonteera uses a generous installation plan that supports compatibility with Internet Explorer, Chrome and Firefox – although SpywareRemove.com malware experts haven't seen any evidence of its having compatibility with any non-Windows Web browsers. After installing itself, Adware:Win32/Vonteera may display advertisements in any of these three browsers. Rather than delivering its advertisements as pop-ups, Adware:Win32/Vonteera injects its advertisements into unrelated sites, such as Facebook, Yahoo or Youtube. Adware:Win32/Vonteera's advertisements also are not clearly marked to let you distinguish them from any normal website content, which is a significant warning sign of its potential security issues.
Adware:Win32/Vonteera advertisements are varied but have been known to promote some types of software that are favorite disguises for low and high-level PC threats, such as rogue defragmenters and fake anti-virus scanners. SpywareRemove.com malware researchers would recommend that you avoid downloading software through Adware:Win32/Vonteera's advertisements – or, at a bare minimum, research any new program before you trust it enough to put it on your hard drive.
Trimming the Vonteera Invasion Back from Your Browsers
Since Adware:Win32/Vonteera modifies multiple browsers to support its advertisement delivery functions, SpywareRemove.com malware research team warns that any effort at removing Adware:Win32/Vonteera will have to take into account all affected browsers, instead of just a single browser – regardless of whether you use your alternative browsers or leave them to collect dust. Anti-malware programs with system-scanning functions provide the easiest ways of removing Adware:Win32/Vonteera, although you also should be careful to keep all affected browsers closed during any scans.
Infection methods favored by Adware:Win32/Vonteera and similar adware-based PC threats usually are non-consensual. Adware:Win32/Vonteera may be installed along with another program, installed through unreliable Web exploits or installed with the help from a Trojan. Besides the obvious recourse of using anti-malware tools to block all of these attacks, SpywareRemove.com malware researchers also find it wise to research a download before installing it, since a quick look into a site or program's history may help you find out whether or not Adware:Win32/Vonteera and other programs often are bundled with such links.
Aliases
Crypt4.BUKX [AVG]Trojan.Crypt4 [Ikarus]Artemis!3040BD1410AC [McAfee]Artemis!Trojan [McAfee-GW-Edition]Win32:Dropper-gen [Drp] [Avast]Riskware/PUP [Fortinet]Win32.SuspectCrc [Ikarus]Trj/CI.A [Panda]PUP-FSI [McAfee]Adware/Win32.Vonteera [AhnLab-V3]BehavesLike.Win32.Trojan.mh [McAfee-GW-Edition]Adware.Volaro.1 [DrWeb]UnclassifiedMalware [Comodo]Win32:Adware-gen [Adw] [Avast]
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:C:\Users\<username>\AppData\Roaming\SPK\SPK.exe
File name: SPK.exeSize: 776.64 KB (776640 bytes)
MD5: 3a2bddba52a87c9ddaef3c8d341bea38
Detection count: 9,026
File type: Executable File
Mime Type: unknown/exe
Path: C:\Users\<username>\AppData\Roaming\SPK\SPK.exe
Group: Malware file
Last Updated: June 10, 2021
C:\Program Files\Office\Office.exe
File name: Office.exeSize: 187.46 KB (187464 bytes)
MD5: 70516b1af02e441076d114b513b248fb
Detection count: 7,214
File type: Executable File
Mime Type: unknown/exe
Path: C:\Program Files\Office\Office.exe
Group: Malware file
Last Updated: October 19, 2022
C:\Users\<username>\AppData\Roaming\uninstall.exe
File name: uninstall.exeSize: 1.43 MB (1434048 bytes)
MD5: 0e59d8ec928df78ee74e4a24b6d6ca2b
Detection count: 6,923
File type: Executable File
Mime Type: unknown/exe
Path: C:\Users\<username>\AppData\Roaming\uninstall.exe
Group: Malware file
Last Updated: June 10, 2021
C:\Users\<username>\AppData\Roaming\PDFConvert\SWUpdate.exe
File name: SWUpdate.exeSize: 156.24 KB (156240 bytes)
MD5: 2ca9478488ad609b7761ed95a5c5a93d
Detection count: 1,539
File type: Executable File
Mime Type: unknown/exe
Path: C:\Users\<username>\AppData\Roaming\PDFConvert\SWUpdate.exe
Group: Malware file
Last Updated: March 16, 2023
C:\Users\<username>\AppData\Roaming\Photoalbum\Updater.exe
File name: Updater.exeSize: 181.76 KB (181760 bytes)
MD5: 5203db517872abaaf2e12ea6e8de9f80
Detection count: 1,129
File type: Executable File
Mime Type: unknown/exe
Path: C:\Users\<username>\AppData\Roaming\Photoalbum\Updater.exe
Group: Malware file
Last Updated: August 20, 2022
C:\Users\<username>\AppData\Roaming\addonVontsf.exe
File name: addonVontsf.exeSize: 118.52 KB (118524 bytes)
MD5: 4fb06684d7593a6c1f3f1dd678cc4f86
Detection count: 1,110
File type: Executable File
Mime Type: unknown/exe
Path: C:\Users\<username>\AppData\Roaming\addonVontsf.exe
Group: Malware file
Last Updated: April 6, 2022
C:\Windows\System32\MRT\3AC662F4-BBD5-4771-B2A0-164912094D5D\FilesStash\4EA62A9E-2468-438F-A810-60C49FCD6509
File name: 4EA62A9E-2468-438F-A810-60C49FCD6509Size: 221.77 KB (221776 bytes)
MD5: 5e58511d29161b72b7d62f9526f2d066
Detection count: 974
Path: C:\Windows\System32\MRT\3AC662F4-BBD5-4771-B2A0-164912094D5D\FilesStash\4EA62A9E-2468-438F-A810-60C49FCD6509
Group: Malware file
Last Updated: June 1, 2022
%APPDATA%\scope_dir\scope.exe
File name: scope.exeSize: 82.51 KB (82512 bytes)
MD5: c6c58c413b72c2395b4e23fdc19d472b
Detection count: 440
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%\scope_dir
Group: Malware file
Last Updated: October 30, 2019
C:\Users\<username>\AppData\Local\Wixer\advapi.dll
File name: advapi.dllSize: 104.96 KB (104960 bytes)
MD5: c8785b045550e490ca6332f1f0c32a57
Detection count: 192
File type: Dynamic link library
Mime Type: unknown/dll
Path: C:\Users\<username>\AppData\Local\Wixer\advapi.dll
Group: Malware file
Last Updated: April 21, 2023
%USERPROFILE%\AppData\Roaming\VolIE\FoxPro_64.dll
File name: FoxPro_64.dllSize: 225.36 KB (225360 bytes)
MD5: e6b0b88d7db0cab40cca2cf5fbd19631
Detection count: 82
File type: Dynamic link library
Mime Type: unknown/dll
Path: %USERPROFILE%\AppData\Roaming\VolIE
Group: Malware file
Last Updated: October 9, 2020
%APPDATA%\miaul\RJFC.exe
File name: RJFC.exeSize: 82.5 KB (82504 bytes)
MD5: f43b436ddb1545de485716b00c22d373
Detection count: 36
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%\miaul
Group: Malware file
Last Updated: March 25, 2016
%APPDATA%\VolIE\IE\AdSafe_32.dll
File name: AdSafe_32.dllSize: 270.74 KB (270748 bytes)
MD5: 81799a3a9f625c51b0fc577c0bf82f83
Detection count: 34
File type: Dynamic link library
Mime Type: unknown/dll
Path: %APPDATA%\VolIE\IE
Group: Malware file
Last Updated: February 6, 2016
%APPDATA%\VolIE\IE\AdSafe_64.dll
File name: AdSafe_64.dllSize: 157.18 KB (157184 bytes)
MD5: 6acdcbde45eaf59e6275333aa805a643
Detection count: 32
File type: Dynamic link library
Mime Type: unknown/dll
Path: %APPDATA%\VolIE\IE
Group: Malware file
Last Updated: February 6, 2016
%PROGRAMFILES(x86)%\AppUpd\GUP.exe
File name: GUP.exeSize: 130.04 KB (130048 bytes)
MD5: 3040bd1410ac7cd009b60e14bdda7975
Detection count: 20
File type: Executable File
Mime Type: unknown/exe
Path: %PROGRAMFILES(x86)%\AppUpd
Group: Malware file
Last Updated: August 28, 2015
C:\WINDOWS\System32\MRT\3AC662F4-BBD5-4771-B2A0-164912094D5D\FilesStash\CAD56A99-E3CC-DD4A-D150-5D252B96F20A
File name: CAD56A99-E3CC-DD4A-D150-5D252B96F20ASize: 157.18 KB (157184 bytes)
MD5: d8fe00e37123e65466bcfaf7e530a72e
Detection count: 19
Path: C:\WINDOWS\System32\MRT\3AC662F4-BBD5-4771-B2A0-164912094D5D\FilesStash\CAD56A99-E3CC-DD4A-D150-5D252B96F20A
Group: Malware file
Last Updated: November 1, 2022
%APPDATA%\Flasher\c32s.exe
File name: c32s.exeSize: 152.57 KB (152576 bytes)
MD5: 51c02b5cf5d3722ab175f02315db8f44
Detection count: 16
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%\Flasher
Group: Malware file
Last Updated: March 25, 2016
%APPDATA%\Flasher\job.exe
File name: job.exeSize: 78.84 KB (78848 bytes)
MD5: cc40397ee1fa772fad8a1a1ae0f7eab5
Detection count: 14
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%\Flasher
Group: Malware file
Last Updated: March 25, 2016
%LOCALAPPDATA%\RemoveTool.exe
File name: RemoveTool.exeSize: 51.44 KB (51446 bytes)
MD5: a62df77c0605d7fc3f0b28930950a132
Detection count: 12
File type: Executable File
Mime Type: unknown/exe
Path: %LOCALAPPDATA%
Group: Malware file
Last Updated: March 24, 2016
%APPDATA%\VolIE\FoxPro_32.dll
File name: FoxPro_32.dllSize: 187.98 KB (187984 bytes)
MD5: 9f98dddcd09d51c4923f04ed2ea71590
Detection count: 9
File type: Dynamic link library
Mime Type: unknown/dll
Path: %APPDATA%\VolIE
Group: Malware file
Last Updated: February 6, 2016
%APPDATA%\Twr\Isto\hjmjt.exe
File name: hjmjt.exeSize: 11.9 MB (11908921 bytes)
MD5: 209af642985082a43e140b6ed279c44e
Detection count: 5
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%\Twr\Isto
Group: Malware file
Last Updated: October 9, 2020
%APPDATA%\VolIE\IE\Shopify_32.dll
File name: Shopify_32.dllSize: 138.75 KB (138752 bytes)
MD5: 204c4b28e7f059f2f005db7ef861697a
Detection count: 4
File type: Dynamic link library
Mime Type: unknown/dll
Path: %APPDATA%\VolIE\IE
Group: Malware file
Last Updated: February 6, 2016
More files
Registry Modifications
The following newly produced Registry Values are:
CLSID{2ED35963-FCC9-4698-B619-787FE1C75079}{3FC2D59A-5C76-1E97-30DC-1EC6784419E5}{437B9306-2FDE-4054-A3C9-6B49507C12D0}{598AC71E-BE58-3981-B78A-5C138F423AD6}{5CF787D4-66B4-4C7F-B78C-0AF62BA927AB}{62CE079A-9E67-40B2-A4AB-FD75F6E88B8A}{63D2A451-3351-178C-7BC4-13C4D58A7652}{934B156A-3D17-3981-B78A-5C138F423AD6}{93D0B762-03DD-416f-AA26-B65F55B8914D}{ACEC5B69-F74E-445A-AC6C-CF621C680893}{F0CF2525-8FA4-4F38-A06B-F02183A4D51E}Regexp file mask%ALLUSERSPROFILE%\Convertor\Convertor.exe%ALLUSERSPROFILE%\Drv\Drv.exe%ALLUSERSPROFILE%\Kirin\Kirin.exe%AppData%\addonVont.zip%APPDATA%\Crown\SPK.exe%AppData%\htcon\Updater.exe%APPDATA%\SPK\SPK.exe%LOCALAPPDATA%\diag\Chomp.exe%PROGRAMFILES(x86)%\GeniusXXAddon%PROGRAMFILES(x86)%\onewebsearch%windir%\System32\Tasks\4CEFD9B73D6C-1CRMOI2%windir%\System32\Tasks\5FOFD9B73D6C-2CRMOI6%WINDIR%\System32\Tasks\Volaro UpdateHKEY..\..\..\..{RegistryKeys}active_permissions\{2ED35963-FCC9-4698-B619-787FE1C75079}active_permissions\{598AC71E-BE58-3981-B78A-5C138F423AD6}active_permissions\{934B156A-3D17-3981-B78A-5C138F423AD6}SOFTWARE\Classes\AdSafe.AdSafeSOFTWARE\Classes\AdSafe.AdSafe.1SOFTWARE\Classes\adTech.adTechSOFTWARE\Classes\adTech.adTech.1SOFTWARE\Classes\AppID\AdSafe.DLLSOFTWARE\Classes\AppID\adTech.DLLSOFTWARE\Classes\AppID\DigiAd.DLLSOFTWARE\Classes\AppID\NoVooIT.DLLSOFTWARE\Classes\AppID\Vonteera.DLLSOFTWARE\Classes\AppID\{6DD1B906-45FA-4A57-9AC6-01108C25067F}SOFTWARE\Classes\DigiAd.DigiAdSOFTWARE\Classes\DigiAd.DigiAd.1SOFTWARE\Classes\FoxPro.FoxProSOFTWARE\Classes\FoxPro.FoxPro.1SOFTWARE\Classes\NoVooIT.NoVooITSOFTWARE\Classes\NoVooIT.NoVooIT.1SOFTWARE\Classes\Vonteera.VonteeraSOFTWARE\Classes\Vonteera.Vonteera.1SOFTWARE\Classes\Wow6432Node\AppID\AdSafe.DLLSOFTWARE\Classes\Wow6432Node\AppID\adTech.DLLSOFTWARE\Classes\Wow6432Node\AppID\DigiAd.DLLSOFTWARE\Classes\Wow6432Node\AppID\NoVooIT.DLLSOFTWARE\Classes\Wow6432Node\AppID\Vonteera.DLLSOFTWARE\Classes\Wow6432Node\AppID\{6DD1B906-45FA-4A57-9AC6-01108C25067F}Software\Microsoft\Internet Explorer\Approved Extensions\{437B9306-2FDE-4054-A3C9-6B49507C12D0}Software\Microsoft\Internet Explorer\Approved Extensions\{598AC71E-BE58-3981-B78A-5C138F423AD6}Software\Microsoft\Internet Explorer\Approved Extensions\{934B156A-3D17-3981-B78A-5C138F423AD6}Software\Microsoft\Internet Explorer\SearchScopes\{756D1D40-E491-4E1D-9BC6-5B37CEDE646E}SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\4CEFD9B73D6C-1CRMOI2SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\5FOFD9B73D6C-2CRMOI6SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\9A5A8340-6B15SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Volaro UpdateSOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WinKitSOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Winsta UpdateSoftware\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{437B9306-2FDE-4054-A3C9-6B49507C12D0}Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{598AC71E-BE58-3981-B78A-5C138F423AD6}Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{62CE079A-9E67-40B2-A4AB-FD75F6E88B8A}Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{934B156A-3D17-3981-B78A-5C138F423AD6}Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{62CE079A-9E67-40B2-A4AB-FD75F6E88B8A}Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2ED35963-FCC9-4698-B619-787FE1C75079}Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{437B9306-2FDE-4054-A3C9-6B49507C12D0}Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{598AC71E-BE58-3981-B78A-5C138F423AD6}Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{62CE079A-9E67-40B2-A4AB-FD75F6E88B8A}Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{934B156A-3D17-3981-B78A-5C138F423AD6}Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2ED35963-FCC9-4698-B619-787FE1C75079}Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{437B9306-2FDE-4054-A3C9-6B49507C12D0}Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{598AC71E-BE58-3981-B78A-5C138F423AD6}Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{62CE079A-9E67-40B2-A4AB-FD75F6E88B8A}Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{934B156A-3D17-3981-B78A-5C138F423AD6}Software\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{2ED35963-FCC9-4698-B619-787FE1C75079}Software\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{437B9306-2FDE-4054-A3C9-6B49507C12D0}Software\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{598AC71E-BE58-3981-B78A-5C138F423AD6}Software\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{934B156A-3D17-3981-B78A-5C138F423AD6}Software\NoVooITSoftware\NoVooITSetSoftware\VolaroSOFTWARE\Volaro UpdaterSoftware\VonteeraSoftware\Vonteera Safe adsSOFTWARE\VonteraSOFTWARE\Wow6432Node\Classes\AppID\AdSafe.DLLSOFTWARE\Wow6432Node\Classes\AppID\adTech.DLLSOFTWARE\Wow6432Node\Classes\AppID\DigiAd.DLLSOFTWARE\Wow6432Node\Classes\AppID\NoVooIT.DLLSOFTWARE\Wow6432Node\Classes\AppID\Vonteera.DLLSOFTWARE\Wow6432Node\Classes\AppID\{6DD1B906-45FA-4A57-9AC6-01108C25067F}SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{756D1D40-E491-4E1D-9BC6-5B37CEDE646E}SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{437B9306-2FDE-4054-A3C9-6B49507C12D0}SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{598AC71E-BE58-3981-B78A-5C138F423AD6}SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{934B156A-3D17-3981-B78A-5C138F423AD6}SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{62CE079A-9E67-40B2-A4AB-FD75F6E88B8A}SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{2ED35963-FCC9-4698-B619-787FE1C75079}SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{437B9306-2FDE-4054-A3C9-6B49507C12D0}SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{598AC71E-BE58-3981-B78A-5C138F423AD6}SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{934B156A-3D17-3981-B78A-5C138F423AD6}SOFTWARE\Wow6432Node\NoVooITSOFTWARE\Wow6432Node\Volaro UpdaterSOFTWARE\Wow6432Node\VonteeraSOFTWARE\Wow6432Node\VonteraHKEY_LOCAL_MACHINE\Software\[APPLICATION]\Microsoft\Windows\CurrentVersion\Uninstall..{Uninstaller}ARHomeGeniusXXVolaro UpdaterVonteeraVonteera Safe ads
CLSID{2ED35963-FCC9-4698-B619-787FE1C75079}{3FC2D59A-5C76-1E97-30DC-1EC6784419E5}{437B9306-2FDE-4054-A3C9-6B49507C12D0}{598AC71E-BE58-3981-B78A-5C138F423AD6}{5CF787D4-66B4-4C7F-B78C-0AF62BA927AB}{62CE079A-9E67-40B2-A4AB-FD75F6E88B8A}{63D2A451-3351-178C-7BC4-13C4D58A7652}{934B156A-3D17-3981-B78A-5C138F423AD6}{93D0B762-03DD-416f-AA26-B65F55B8914D}{ACEC5B69-F74E-445A-AC6C-CF621C680893}{F0CF2525-8FA4-4F38-A06B-F02183A4D51E}Regexp file mask%ALLUSERSPROFILE%\Convertor\Convertor.exe%ALLUSERSPROFILE%\Drv\Drv.exe%ALLUSERSPROFILE%\Kirin\Kirin.exe%AppData%\addonVont.zip%APPDATA%\Crown\SPK.exe%AppData%\htcon\Updater.exe%APPDATA%\SPK\SPK.exe%LOCALAPPDATA%\diag\Chomp.exe%PROGRAMFILES(x86)%\GeniusXXAddon%PROGRAMFILES(x86)%\onewebsearch%windir%\System32\Tasks\4CEFD9B73D6C-1CRMOI2%windir%\System32\Tasks\5FOFD9B73D6C-2CRMOI6%WINDIR%\System32\Tasks\Volaro UpdateHKEY..\..\..\..{RegistryKeys}active_permissions\{2ED35963-FCC9-4698-B619-787FE1C75079}active_permissions\{598AC71E-BE58-3981-B78A-5C138F423AD6}active_permissions\{934B156A-3D17-3981-B78A-5C138F423AD6}SOFTWARE\Classes\AdSafe.AdSafeSOFTWARE\Classes\AdSafe.AdSafe.1SOFTWARE\Classes\adTech.adTechSOFTWARE\Classes\adTech.adTech.1SOFTWARE\Classes\AppID\AdSafe.DLLSOFTWARE\Classes\AppID\adTech.DLLSOFTWARE\Classes\AppID\DigiAd.DLLSOFTWARE\Classes\AppID\NoVooIT.DLLSOFTWARE\Classes\AppID\Vonteera.DLLSOFTWARE\Classes\AppID\{6DD1B906-45FA-4A57-9AC6-01108C25067F}SOFTWARE\Classes\DigiAd.DigiAdSOFTWARE\Classes\DigiAd.DigiAd.1SOFTWARE\Classes\FoxPro.FoxProSOFTWARE\Classes\FoxPro.FoxPro.1SOFTWARE\Classes\NoVooIT.NoVooITSOFTWARE\Classes\NoVooIT.NoVooIT.1SOFTWARE\Classes\Vonteera.VonteeraSOFTWARE\Classes\Vonteera.Vonteera.1SOFTWARE\Classes\Wow6432Node\AppID\AdSafe.DLLSOFTWARE\Classes\Wow6432Node\AppID\adTech.DLLSOFTWARE\Classes\Wow6432Node\AppID\DigiAd.DLLSOFTWARE\Classes\Wow6432Node\AppID\NoVooIT.DLLSOFTWARE\Classes\Wow6432Node\AppID\Vonteera.DLLSOFTWARE\Classes\Wow6432Node\AppID\{6DD1B906-45FA-4A57-9AC6-01108C25067F}Software\Microsoft\Internet Explorer\Approved Extensions\{437B9306-2FDE-4054-A3C9-6B49507C12D0}Software\Microsoft\Internet Explorer\Approved Extensions\{598AC71E-BE58-3981-B78A-5C138F423AD6}Software\Microsoft\Internet Explorer\Approved Extensions\{934B156A-3D17-3981-B78A-5C138F423AD6}Software\Microsoft\Internet Explorer\SearchScopes\{756D1D40-E491-4E1D-9BC6-5B37CEDE646E}SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\4CEFD9B73D6C-1CRMOI2SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\5FOFD9B73D6C-2CRMOI6SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\9A5A8340-6B15SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Volaro UpdateSOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WinKitSOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Winsta UpdateSoftware\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{437B9306-2FDE-4054-A3C9-6B49507C12D0}Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{598AC71E-BE58-3981-B78A-5C138F423AD6}Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{62CE079A-9E67-40B2-A4AB-FD75F6E88B8A}Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{934B156A-3D17-3981-B78A-5C138F423AD6}Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{62CE079A-9E67-40B2-A4AB-FD75F6E88B8A}Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2ED35963-FCC9-4698-B619-787FE1C75079}Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{437B9306-2FDE-4054-A3C9-6B49507C12D0}Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{598AC71E-BE58-3981-B78A-5C138F423AD6}Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{62CE079A-9E67-40B2-A4AB-FD75F6E88B8A}Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{934B156A-3D17-3981-B78A-5C138F423AD6}Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2ED35963-FCC9-4698-B619-787FE1C75079}Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{437B9306-2FDE-4054-A3C9-6B49507C12D0}Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{598AC71E-BE58-3981-B78A-5C138F423AD6}Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{62CE079A-9E67-40B2-A4AB-FD75F6E88B8A}Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{934B156A-3D17-3981-B78A-5C138F423AD6}Software\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{2ED35963-FCC9-4698-B619-787FE1C75079}Software\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{437B9306-2FDE-4054-A3C9-6B49507C12D0}Software\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{598AC71E-BE58-3981-B78A-5C138F423AD6}Software\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{934B156A-3D17-3981-B78A-5C138F423AD6}Software\NoVooITSoftware\NoVooITSetSoftware\VolaroSOFTWARE\Volaro UpdaterSoftware\VonteeraSoftware\Vonteera Safe adsSOFTWARE\VonteraSOFTWARE\Wow6432Node\Classes\AppID\AdSafe.DLLSOFTWARE\Wow6432Node\Classes\AppID\adTech.DLLSOFTWARE\Wow6432Node\Classes\AppID\DigiAd.DLLSOFTWARE\Wow6432Node\Classes\AppID\NoVooIT.DLLSOFTWARE\Wow6432Node\Classes\AppID\Vonteera.DLLSOFTWARE\Wow6432Node\Classes\AppID\{6DD1B906-45FA-4A57-9AC6-01108C25067F}SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{756D1D40-E491-4E1D-9BC6-5B37CEDE646E}SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{437B9306-2FDE-4054-A3C9-6B49507C12D0}SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{598AC71E-BE58-3981-B78A-5C138F423AD6}SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{934B156A-3D17-3981-B78A-5C138F423AD6}SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{62CE079A-9E67-40B2-A4AB-FD75F6E88B8A}SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{2ED35963-FCC9-4698-B619-787FE1C75079}SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{437B9306-2FDE-4054-A3C9-6B49507C12D0}SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{598AC71E-BE58-3981-B78A-5C138F423AD6}SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{934B156A-3D17-3981-B78A-5C138F423AD6}SOFTWARE\Wow6432Node\NoVooITSOFTWARE\Wow6432Node\Volaro UpdaterSOFTWARE\Wow6432Node\VonteeraSOFTWARE\Wow6432Node\VonteraHKEY_LOCAL_MACHINE\Software\[APPLICATION]\Microsoft\Windows\CurrentVersion\Uninstall..{Uninstaller}ARHomeGeniusXXVolaro UpdaterVonteeraVonteera Safe ads
Additional Information
The following directories were created:
%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\NoVooITSet%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Vonteera%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Vonteera Safe ads%APPDATA%\Convertor%APPDATA%\Fixs%APPDATA%\Flasher%APPDATA%\NewNotepad%APPDATA%\NoVooIT%APPDATA%\NoVooITAddon%APPDATA%\Notepader%APPDATA%\PlusN%APPDATA%\SoftAd%APPDATA%\VolIE%APPDATA%\WinKit%APPDATA%\Winsta%APPDATA%\denc%APPDATA%\homerj%APPDATA%\jellylam%APPDATA%\miaul%APPDATA%\myNotepad%APPDATA%\npp%APPDATA%\twr%AppData%\Microsoft\Windows\Start Menu\Programs\GeniusXX%LOCALAPPDATA%\Hoffer%LOCALAPPDATA%\Wixer%LOCALAPPDATA%\recoveredfiles%PROGRAMFILES%\AdsFree%PROGRAMFILES%\GeniusXXAddon%PROGRAMFILES%\Mozilla Firefox\distribution\bundles\addon@Vonteera.com%PROGRAMFILES%\Mozilla Firefox\distribution\bundles\addonFF@AdvanT.com%PROGRAMFILES%\Mozilla Firefox\distribution\bundles\jason@schober.net%PROGRAMFILES%\NoVooIT%PROGRAMFILES%\NoVooITAddon%PROGRAMFILES%\Volaro%PROGRAMFILES%\VonteeraAddon%PROGRAMFILES%\VonteeraSafeAds%PROGRAMFILES%\Winsta%PROGRAMFILES(x86)%\AdsFree%PROGRAMFILES(x86)%\AppUpd%PROGRAMFILES(x86)%\GeniusXXAddon%PROGRAMFILES(x86)%\Mozilla Firefox\distribution\bundles\addon@Vonteera.com%PROGRAMFILES(x86)%\Mozilla Firefox\distribution\bundles\addonFF@AdvanT.com%PROGRAMFILES(x86)%\Volaro%PROGRAMFILES(x86)%\VonteeraAddon%PROGRAMFILES(x86)%\VonteeraSafeAds%PROGRAMFILES(x86)%\Winsta%appdata%\orlando%appdata%\pdfie
The following URL's were detected:
Vonteeraexclusivetechnews.comnewsouts.com
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.