Home Malware Programs Potentially Unwanted Programs (PUPs) King Translate

King Translate

Posted: June 20, 2013

Threat Metric

Ranking: 3,210
Threat Level: 1/10
Infected PCs: 76,662
First Seen: June 20, 2013
Last Seen: October 17, 2023
OS(es) Affected: Windows

King Translate Screenshot 1King Translate is a potentially unwanted application or adware program, which is distributed to vulnerable PCs using deceptive methods. King Translate can penetrate into the victimized computer system without the PC user's permission asked. King Translate comes bundled together with other programs and, once installed, modifies the attacked computer's settings. Mostly, King Translate changes the default start page and default search engine to www1.search-results.com without the PC user's permission asked. King Translate is promoted through its official website as a software product, which is able to help PC users to translate words, documents and entire texts to a variety of languages. However, it has also been found that King Translate can invade the targeted computer system bundled with other programs or tricky pop-up ads. When King Translate is installed on the compromised PC, it makes changes in the settings of the default start page and default search engine in order to make the computer user use www1.search-results.com in his/her search sessions. www1.search-results.com keeps track of the affected PC user's browsing sessions and sends this information with third parties.

Technical Details

Registry Modifications

The following newly produced Registry Values are:

CLSID{064E314E-2382-46F2-A93A-239C7115579A}{1B730ACF-26A3-447B-9994-14AEE0EB72CC}{33A35426-74E0-4A40-B515-9BC0D5009F4C}{4B484CCE-9120-49B7-A5F2-B8B183BFD808}{54DE313F-2261-4B8E-A699-9AE1D69BC7C9}{6629A892-8148-4501-B9FA-30A1F3E6983C}{68D76969-99CA-4057-9C66-9D0C6F497528}{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}{8F267988-0CA4-418C-8F94-B4BC5862B390}{9544B959-24EC-477E-816E-DD1431416962}{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}{A9E4599C-B592-4635-BA63-DD9EE840FE40}{BB283CBF-EB78-4438-BC3A-7563ED7FEDBF}{BB314C86-A6C0-4B32-B715-88557445EA19}{C7E06D1D-4099-43D4-8C22-718E39713773}{C8C5926E-1113-4A03-B895-820FFAE4E77A}{C91076D6-8F23-4D34-B766-14C5CBE2F2C1}{CB8A46E2-6F08-4040-9A1A-ABA98622DFD9}{CC1AC828-BB47-4361-AFB5-96EEE259DD87}{CDBEF6D7-0FFB-4330-AA62-14B0C11DDA3E}File name without pathKingTranslate.lnkHKEY..\..\..\..{RegistryKeys}SOFTWARE\Classes\AppID\WCaptureX.DLLSOFTWARE\Classes\AppID\WCaptureX_x64.DLLSOFTWARE\Classes\AppID\WMonitorX.DLLSOFTWARE\Classes\AppID\WMonitorX_x64.DLLSOFTWARE\Classes\Applications\KingTranslateSetup-r133-n-bi.exeSOFTWARE\Classes\kingtraSOFTWARE\Classes\kingtracmdSOFTWARE\Classes\SearchQUIEHelper.DNSGuardSOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1SOFTWARE\Classes\WCaptureX.UIControlSOFTWARE\Classes\WCaptureX.UIControl.1SOFTWARE\Classes\WCaptureX.WCaptureXSOFTWARE\Classes\WCaptureX.WCaptureX.1SOFTWARE\Classes\WCaptureX.WHighlightInfoSOFTWARE\Classes\WCaptureX.WHighlightInfo.1SOFTWARE\Classes\WCaptureX.WInputSOFTWARE\Classes\WCaptureX.WInput.1SOFTWARE\Classes\WCaptureX.WResultSOFTWARE\Classes\WCaptureX.WResult.1SOFTWARE\Classes\WMonitorX.WMonitorXSOFTWARE\Classes\WMonitorX.WMonitorX.1Software\KingTranslateSoftware\kingtranslatetoolbarSoftware\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_SCRIPT\KingTranslate.exeSoftware\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2409}SOFTWARE\Microsoft\Internet Explorer\Toolbar\{629441bd-260e-41b6-8ea7-60bbbac86ec0}SOFTWARE\Microsoft\Tracing\KingTranslate_RASAPI32SOFTWARE\Microsoft\Tracing\KingTranslate_RASMANCSSOFTWARE\Microsoft\Tracing\KingTranslateMediaBar_RASAPI32SOFTWARE\Microsoft\Tracing\KingTranslateMediaBar_RASMANCSSoftware\Mozilla\Firefox\Extensions\wcapturex@deskperience.comSOFTWARE\Wow6432Node\Classes\AppID\WCaptureX.DLLSOFTWARE\Wow6432Node\Classes\AppID\WCaptureX_x64.DLLSOFTWARE\Wow6432Node\Classes\AppID\WMonitorX.DLLSOFTWARE\Wow6432Node\Classes\AppID\WMonitorX_x64.DLLSOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2409}SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2409}SOFTWARE\Wow6432Node\Microsoft\Tracing\KingTranslate_RASAPI32SOFTWARE\Wow6432Node\Microsoft\Tracing\KingTranslate_RASMANCSSOFTWARE\Wow6432Node\Microsoft\Tracing\KingTranslateMediaBar_RASAPI32SOFTWARE\Wow6432Node\Microsoft\Tracing\KingTranslateMediaBar_RASMANCSHKEY_LOCAL_MACHINE\Software\[APPLICATION]\Microsoft\Windows\CurrentVersion\Uninstall..{Uninstaller}{CE33F0F6-2DB1-4C70-95F8-314CD94D6A4E}

Additional Information

The following directories were created:
%ALLUSERSPROFILE%\Application Data\Datamngr%ALLUSERSPROFILE%\Datamngr%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\KingTranslate%APPDATA%\KingTranslate%PROGRAMFILES%\KingTranslate%PROGRAMFILES(x86)%\KingTranslate%USERPROFILE%\AppData\LocalLow\kingtranslatetoolbar

One Comment

Loading...