FlashEnhancer Spyware Profile
Title: FlashEnhancer
Also Known as: Adware.FlashEnhancer
Severity scale:
FlashEnhancer is a spyware program that was designed to endure. Specifically, it is a Trojan Downloader program. It was first discovered in 2004, and was released by flashtrack.net.
FlashEnhancer monitors your browsing and delivers pop-up ads based on keywords it finds on the web pages you’re visiting. This activity saps a significant amount of your computer’s resources, such as memory and bandwidth.
The worst part about FlashEnhancer is that it is designed to avoid detection and removal. It creates and installs itself by a variety of names in a variety of directories. It is also set to restart when Internet Explorer is started.
If you are infected with FlashEnhancer, you probably got it by a Java based drive-by download. You should not try to remove it by manual methods, but instead you should use a trusted antispyware tool. SpyZooka can consistently remove FlashEnhancer.
Associated Files:
%CommonProgramFiles%Javaflnclean.exe, %CommonProgramFiles%Javaflncpy.exe,
%CommonProgramFiles%Javaftkclean.exe, %CommonProgramFiles%Javaftkcpy.cfg,
%CommonProgramFiles%Javaftkcpy.exe, %Windir%Tempft30s.exe, %ProgramFiles%Xml*.*,
%ProgramFiles%Fen*.*, %ProgramFiles%Fla*.*, %ProgramFiles%Flcp*.*,
%ProgramFiles%Flen*.*, %ProgramFiles%Fln*.*, %ProgramFiles%Flt*.*,
%ProgramFiles%Ftk*.*, %ProgramFiles%Reg2*.*, %ProgramFiles%Xmod*.*, •
HKEY_CLASSES_ROOTCLSID{5EDB03AF-0341-4e96-9E9B-3171522E4BAF}
HKEY_CLASSES_ROOTCLSID{63CF97E8-4133-438a-A831-CC9C6D47D673}
HKEY_CLASSES_ROOTCLSID{665ACD90-4541-4836-9FE4-062386BB8F05}
HKEY_CLASSES_ROOTCLSID{7371F073-AC0F-4b80-BB2F-96A488CEFB32}
HKEY_CLASSES_ROOTCLSID{7CD20E91-1F31-41da-8379-479EA31DF969}
HKEY_CLASSES_ROOTCLSID{A749B4BC-7621-4a80-9220-D0A283367DD5}
HKEY_CLASSES_ROOTCLSID{D7E588AB-A5D9-4422-B313-22A3470F9700}
HKEY_CLASSES_ROOTInterface{06542764-7BB2-412B-80D6-D103D1474C93}
HKEY_CLASSES_ROOTInterface{28168CCE-5310-4F12-AB58-9DA99A55AAEB}
HKEY_CLASSES_ROOTInterface{6E83AE1C-F69C-4AED-AF98-D23C24C6FA4B}
HKEY_CLASSES_ROOTInterface{890089B7-B385-442F-97B6-99060E8BD08F}
HKEY_CLASSES_ROOTInterface{BAEF4039-3C02-4C9E-A2F4-87B513AB0E87}
HKEY_CLASSES_ROOTTypeLib{1BD49631-AE36-42F4-A37B-CA7F53146821}
HKEY_CLASSES_ROOTTypeLib{48E832EC-B061-49E2-BBC1-AC818623B742}
HKEY_CLASSES_ROOTTypeLib{7955EA20-E0D6-4A77-88B6-120674D979EA}
HKEY_CLASSES_ROOTTypeLib{DB9F4C00-65E8-4FA1-917B-E4844DDF5909}
HKEY_CLASSES_ROOTTypeLib{E6C71E83-E02B-4BC4-958D-A9194916EC19}
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{0AD937E7-2F37-4873-A05E-548A67EF1D0E}
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{5EDB03AF-0341-4e96-9E9B-3171522E4BAF}
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{63CF97E8-4133-438a-A831-CC9C6D47D673}
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{665ACD90-4541-4836-9FE4-062386BB8F05}
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{7371F073-AC0F-4b80-BB2F-96A488CEFB32}
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{7CD20E91-1F31-41da-8379-479EA31DF969}
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{A749B4BC-7621-4a80-9220-D0A283367DD5}
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{D7E588AB-A5D9-4422-B313-22A3470F9700}
HKEY_CLASSES_ROOTBRedObj.BRedObj
HKEY_CLASSES_ROOTBRedObj.BRedObj.1
HKEY_CLASSES_ROOTUnawareObj.UnawareObj
HKEY_CLASSES_ROOTUnawareObj.UnawareObj.1
HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionUninstallReg2
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstallFla
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstallXmod
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstallftk
HKEY_LOCAL_MACHINESoftwareNetfilter
HKEY_LOCAL_MACHINESoftwareXmod
HKEY_LOCAL_MACHINESoftwareXML
HKEY_LOCAL_MACHINESoftwarePersistent Bytes
HKEY_LOCAL_MACHINESOFTWAREFEN
HKEY_LOCAL_MACHINESOFTWAREFlen
HKEY_LOCAL_MACHINESOFTWAREFlt
HKEY_LOCAL_MACHINESOFTWAREFln
HKEY_LOCAL_MACHINESOFTWAREFtk
HKEY_LOCAL_MACHINESOFTWAREFla
HKEY_LOCAL_MACHINESOFTWAREFlcp
HKEY_USERSS-1-5-21-1187800756-1387622775-1527857685-500SoftwareMicrosoft
WindowsCurrentVersionExtStats{63CF97E8-4133-438A-A831-CC9C6D47D673}
HKEY_USERSS-1-5-21-1187800756-1387622775-1527857685-500SoftwareMicrosoft
WindowsCurrentVersionExtStats{7371F073-AC0F-4B80-BB2F-96A488CEFB32}
Adds the values:
“FlnCPY” = “[PATH TO ORIGINAL FILE]”
“FlaCPY” = “[PATH TO ORIGINAL FILE]”
“Jreg” = “[PATH TO ORIGINAL FILE]”
“t” = “[PATH TO ORIGINAL FILE]”
“fecpy” = “[PATH TO ORIGINAL FILE]”
“flencpy” = “[PATH TO ORIGINAL FILE]”
“flnCPY” = “[PATH TO ORIGINAL FILE]”
“ftkCPY” = “[PATH TO ORIGINAL FILE]”
“Xcpy1″ = “[PATH TO ORIGINAL FILE]”
to the registry subkey:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun
so that the risk runs every time Windows starts.
Adds the values:
“fln” = “[PATH TO ORIGINAL FILE]”
“f” = “[PATH TO ORIGINAL FILE]”
“t” = “[PATH TO ORIGINAL FILE]”
“fla” = “[PATH TO ORIGINAL FILE]”
“fln” = “[PATH TO ORIGINAL FILE]”
“ftk” = “[PATH TO ORIGINAL FILE]”
to the registry subkey:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunOnce
so that the risk runs every time Windows starts.
