Home Malware Programs Adware Adware:Win32/Kremiumad


Posted: March 27, 2013

Threat Metric

Ranking: 16,942
Threat Level: 1/10
Infected PCs: 145
First Seen: March 27, 2013
Last Seen: September 2, 2023
OS(es) Affected: Windows

Adware:Win32/Kremiumad is an adware program that displays offers linked to a victim's web browsing habits as the PC user browses the Internet and opens advertisements that are outside the context of the program, website, or other source the advertisements are advertising. Adware:Win32/Kremiumad can be downloaded from the website of the program. Adware:Win32/Kremiumad creates an installation entry in the Programs and Features section of the Control Panel, which the affected PC user can access. Running an uninstaller, the target computer user may remove some or all of the files associated with Adware:Win32/Kremiumad from the infected computer. If an uninstaller is not available, does not work properly, or the computer user does not want to use it, he/she can use scanning and removal software to detect and remove Adware:Win32/Kremiumad from the attacked computer system. Adware:Win32/Kremiumad drops malicious files and modifies the registry entries to assure that its copy runs automatically every time the PC user starts Windows.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:

[program name].exe File name: [program name].exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
uninstall_[name].exe File name: uninstall_[name].exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file

Registry Modifications

The following newly produced Registry Values are:

HKEY..\..\{Value}HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "[program name].exe" = "%ProgramFiles%\[program name]\[program name].exe"HKEY_LOCAL_MACHINE\Software\[name] "version" = "mz."

Additional Information

The following URL's were detected: