Content
Proxy-OSS
- Type
- Program
- SubType
- -
- Discovery Date
- 10/30/2003
- Length
- Minimum DAT
- 4302 (11/05/2003)
- Updated DAT
- 5562 (03/23/2009)
- Minimum Engine
- 5.1.00
- Description Added
- 03/17/2004
- Description Modified
- 11/28/2006 12:22 PM (PT)
Tab Navigation
Characteristics
McAfee(R) AVERT™ recognizes that this program may have legitimate uses in contexts where an authorized administrator has knowingly installed this application. If you agreed to a license agreement for this, or another bundled application, you may have legal obligations with regard to removing this software, or using the host application without this software. Please contact the software vendor for further information.
See http://vil.nai.com/vil/DATReadme.asp for a list of Program detections added to the DATs.
See http://vil.nai.com/vil/pups/configuration.htm for information about how to enable, disable, and exclude detection of legitimately installed programs.
The 4451 DATs incorrectly identified one installshield file (116,688 bytes in length) as Proxy-OSS application. This has been fixed in the 4452 DATs.
Distribution
This software is not a virus or a trojan. It is detected as a "potentially unwanted program." Proxy-OSS is distributed as an Internet Accelerator program, created by Marketscore. As advertised, the program is designed "to enhance the speed of the Internet while tracking user trends". It is a data gathering mechanism which collects personal information and internet usage statistics. The LSP (Layered Service Provider) stack is modified such that internet traffic is routed through servers operated by Marketscore. More recent versions of the software employ a local proxy, routing traffic through a process running on the host system instead of to remote servers. This local process then makes periodic transmissions to remote servers, presumably when data of interest is identified.
This software is installed via an ActiveX control downloaded from www.marketscore.com. Several files are dropped using an InstallShield installation package and many registry entries are created. A license agreement and privacy policy are displayed on the Marketscore website and must be agreed to (via selection of a checkbox) in order for the setup executable to be downloaded.
Although not observed during testing, it is possible that consumer surveys may be delivered via popup windows, as mentioned in the privacy policy.
Privacy
The Privacy Policy established sweeping rights for Marketscore to monitor internet traffic, collect user data, and establish correlations with other, personally identifiable data (version dated Feb 14, 2005)
Full Privacy Statement: http://www.marketscore.com/privacy.aspx
Full Membership Agreement: http://www.marketscore.com/MembershipAgreement.aspx
System Changes
Files Added
Note: Although created during the installation, the following files and folders appear to be standard components of the InstallShield installation packaging software, and not related to the functionality of the Proxy-OSS software.
c:\WINDOWS\Downloaded Program Files\setup.exe
c:\Program Files\Common Files\InstallShield\Professional\RunTime\iKernel.rgs
c:\Program Files\Common Files\InstallShield\Professional\RunTime\IsProBE.tlb c:\Program Files\Common Files\InstallShield\Professional\RunTime\Objectps.dll c:\Program Files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\ctor.dll
c:\Program Files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\DotNetInstaller.exe
c:\Program Files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iGdi.dll
c:\Program Files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iKernel.dll
c:\Program Files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iscript.dll
c:\Program Files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iuser.dll
c:\Program Files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\setup.dll
The remaining files appear specific to the Proxy-OSS software installation.
c:\WINDOWS\nsreg.dat
Size: 335 bytes
c:\WINDOWS\system32\mksc.exe
Size: 864,256 bytes
MD5: 09B44309B8CB641300D93458D9358ADF
c:\WINDOWS\system32\nsosscfg.exe
Size: 118,784 bytes
MD5: 46DC45B14503070FC8053CE75DBCCC0C
c:\WINDOWS\system32\okshook.dll
Size: 49,152 bytes
MD5: A8A11A2873C6A21AE8C0916DAD013F7C
c:\WINDOWS\system32\osmim.dll
Size: 303,104 bytes
MD5: F0BFFBA3F4C2EE36FA5229FF2C293657
c:\WINDOWS\system32\sporder.dll
Size: 8,464 bytes
MD5: 97F50C3E6EEB45CBE2413431F1BB52FB
Registry
Keys Added
HKEY_CURRENT_USER\Software\InstallShield
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_CURRENT_USER\Software\Netsetter
HKEY_CLASSES_ROOT\CLSID\{35B7E48B-9D81-4C6C-9578-5FD4F620D886}
HKEY_CLASSES_ROOT\CLSID\{F4817E4B-04B6-11D3-8862-00C04F72F303}
HKEY_CLASSES_ROOT\Interface\{00345390-4F77-11D3-A908-00105A088FAC}
HKEY_CLASSES_ROOT\Interface\{00A0DBE3-B12E-4DC3-8C27-4197CA4DF76B}
HKEY_CLASSES_ROOT\Interface\{084A0737-26B9-4433-8007-A9161333B5FC}
HKEY_CLASSES_ROOT\Interface\{0BA4BA22-2EF0-11D3-88C8-00C04F72F303}
HKEY_CLASSES_ROOT\Interface\{0C8D0880-1AC4-11D3-A8FF-00105A088FAC}
HKEY_CLASSES_ROOT\Interface\{0E67BBC9-18CB-4B22-BACD-687CDF6387B6}
HKEY_CLASSES_ROOT\Interface\{112EB4F0-5A48-11D3-A90A-00105A088FAC}
HKEY_CLASSES_ROOT\Interface\{1169A235-14D9-4488-8B56-58ECE9C57002}
HKEY_CLASSES_ROOT\Interface\{16344B6E-52E1-4BBC-AA79-E08B10B7BAB9}
HKEY_CLASSES_ROOT\Interface\{17773851-7FF4-44C1-B084-1E1EDB2BFD4D}
HKEY_CLASSES_ROOT\Interface\{1AE441C6-2C13-49CE-909A-57A81F74F38E}
HKEY_CLASSES_ROOT\Interface\{1B1B8830-C559-11D3-B289-00C04F59FBE9}
HKEY_CLASSES_ROOT\Interface\{1ED19966-1493-4539-B9F5-97A6556CE8F8}
HKEY_CLASSES_ROOT\Interface\{1F1ABEE7-FEDB-45AF-A01B-0B4DE6887573}
HKEY_CLASSES_ROOT\Interface\{1F9922A2-F026-11D2-8822-00C04F72F303}
HKEY_CLASSES_ROOT\Interface\{21D98482-146C-4EBF-AF1E-B04395110005}
HKEY_CLASSES_ROOT\Interface\{229A85A7-2F77-42A2-8CBD-01DD1C09BC88}
HKEY_CLASSES_ROOT\Interface\{230FFDDA-4771-42D0-9383-42547833224B}
HKEY_CLASSES_ROOT\Interface\{251753FA-FB3B-11D2-8842-00C04F72F303}
HKEY_CLASSES_ROOT\Interface\{2583251F-0A04-11D3-886B-00C04F72F303}
HKEY_CLASSES_ROOT\Interface\{348440B0-C79A-11D3-B28B-00C04F59FBE9}
HKEY_CLASSES_ROOT\Interface\{39040274-3D36-11D3-88EE-00C04F72F303}
HKEY_CLASSES_ROOT\Interface\{3D8B6331-D8B1-11D2-80C5-00104B1F6CEA}
HKEY_CLASSES_ROOT\Interface\{3D8B6332-D8B1-11D2-80C5-00104B1F6CEA}
HKEY_CLASSES_ROOT\Interface\{3DFE4F8F-A5A1-4ECA-9A50-E5CF9BA836E9}
HKEY_CLASSES_ROOT\Interface\{3EDC2C10-66FE-11D3-A90F-00105A088FAC}
HKEY_CLASSES_ROOT\Interface\{3EE77D8B-40C1-4A2A-9B77-421907F02058}
HKEY_CLASSES_ROOT\Interface\{3FB92AF0-B9EE-4C30-8D36-93495070CCA1}
HKEY_CLASSES_ROOT\Interface\{44D61997-B7D4-11D2-80BA-00104B1F6CEA}
HKEY_CLASSES_ROOT\Interface\{4C5C8B37-CCB7-11D5-ABEC-00B0D0238DF5}
HKEY_CLASSES_ROOT\Interface\{4D08A70C-42E4-4238-AF79-7A7485C66EE2}
HKEY_CLASSES_ROOT\Interface\{4E26CAD5-1B59-4D1D-9063-2D91314C9E45}
HKEY_CLASSES_ROOT\Interface\{5331F72D-17F1-4D16-A17A-F190461343BF}
HKEY_CLASSES_ROOT\Interface\{5469EE67-1493-402F-8E2C-99936C9E4983}
HKEY_CLASSES_ROOT\Interface\{54DADAB2-28A6-11D3-88BA-00C04F72F303}
HKEY_CLASSES_ROOT\Interface\{54DADAB3-28A6-11D3-88BA-00C04F72F303}
HKEY_CLASSES_ROOT\Interface\{61892D50-28EF-11D3-A8FF-00105A088FAC}
HKEY_CLASSES_ROOT\Interface\{6494206F-23EA-11D3-88B0-00C04F72F303}
HKEY_CLASSES_ROOT\Interface\{65D37452-0EBB-11D3-887B-00C04F72F303}
HKEY_CLASSES_ROOT\Interface\{6B15A454-9067-4878-B10E-B9DFFE03049D}
HKEY_CLASSES_ROOT\Interface\{6D0A2C7B-875F-40E7-B7BE-2E909A3A9026}
HKEY_CLASSES_ROOT\Interface\{6FFDEFD7-3EC4-4E5A-9EFC-AD04E14A9934}
HKEY_CLASSES_ROOT\Interface\{761C8359-55AF-4E7B-9C83-C1A927E0F617}
HKEY_CLASSES_ROOT\Interface\{787D0980-F63F-462C-86BC-FC23847C70F4}
HKEY_CLASSES_ROOT\Interface\{78A47147-ACE5-46F8-BA85-BEAF37827CF4}
HKEY_CLASSES_ROOT\Interface\{7B288F47-79AB-43A8-8494-D9F4D5985B29}
HKEY_CLASSES_ROOT\Interface\{7BB118F1-6D5B-470E-82D0-AFB042724560}
HKEY_CLASSES_ROOT\Interface\{7D795704-435D-11D3-88FF-00C04F72F303}
HKEY_CLASSES_ROOT\Interface\{7FA3F3D3-7B9E-4F51-9448-3642B544CEBD}
HKEY_CLASSES_ROOT\Interface\{80FDE82A-2CAA-11D3-88C3-00C04F72F303}
HKEY_CLASSES_ROOT\Interface\{83755DD1-086B-11D3-8868-00C04F72F303}
HKEY_CLASSES_ROOT\Interface\{8415DDF9-1C1D-11D3-889D-00C04F72F303}
HKEY_CLASSES_ROOT\Interface\{8415DE38-1C1D-11D3-889D-00C04F72F303}
HKEY_CLASSES_ROOT\Interface\{8C3C1B10-E59D-11D2-B40B-00A024B9DDDD}
HKEY_CLASSES_ROOT\Interface\{8C3C1B11-E59D-11D2-B40B-00A024B9DDDD}
HKEY_CLASSES_ROOT\Interface\{8C3C1B12-E59D-11D2-B40B-00A024B9DDDD}
HKEY_CLASSES_ROOT\Interface\{8C3C1B13-E59D-11D2-B40B-00A024B9DDDD}
HKEY_CLASSES_ROOT\Interface\{8C3C1B14-E59D-11D2-B40B-00A024B9DDDD}
HKEY_CLASSES_ROOT\Interface\{8C3C1B15-E59D-11D2-B40B-00A024B9DDDD}
HKEY_CLASSES_ROOT\Interface\{8C3C1B16-E59D-11D2-B40B-00A024B9DDDD}
HKEY_CLASSES_ROOT\Interface\{8E156322-57D4-448B-BAB4-35DC0C7ADF53}
HKEY_CLASSES_ROOT\Interface\{91814EBF-B5F0-11D2-80B9-00104B1F6CEA}
HKEY_CLASSES_ROOT\Interface\{91814EC1-B5F0-11D2-80B9-00104B1F6CEA}
HKEY_CLASSES_ROOT\Interface\{91814EC3-B5F0-11D2-80B9-00104B1F6CEA}
HKEY_CLASSES_ROOT\Interface\{91814EC5-B5F0-11D2-80B9-00104B1F6CEA}
HKEY_CLASSES_ROOT\Interface\{91CD1F51-7199-46FA-9629-9C89D2F1AE22}
HKEY_CLASSES_ROOT\Interface\{94F4A332-A2AE-11D3-8378-00C04F59FBE9}
HKEY_CLASSES_ROOT\Interface\{9AEE3F7A-A79F-4B41-BC48-E7946FFEAB35}
HKEY_CLASSES_ROOT\Interface\{9B697780-DBBC-11D2-80C7-00104B1F6CEA}
HKEY_CLASSES_ROOT\Interface\{9BD0749C-12DC-4D2B-A4F6-9E52F0F38A6C}
HKEY_CLASSES_ROOT\Interface\{9CFCFE67-0BB8-43E0-8425-378D0A02ACE4}
HKEY_CLASSES_ROOT\Interface\{9D1BC05A-7056-458F-B605-A6298C8BD4B1}
HKEY_CLASSES_ROOT\Interface\{9E274DCA-9B35-4B99-904F-76F2C5B59F76}
HKEY_CLASSES_ROOT\Interface\{A36ECFBE-FAAA-417D-9D41-7FEF98FDE554}
HKEY_CLASSES_ROOT\Interface\{A74C06E4-12DF-4060-9AA7-83CFAA66D604}
HKEY_CLASSES_ROOT\Interface\{AA7E2060-CB55-11D2-8094-00104B1F9838}
HKEY_CLASSES_ROOT\Interface\{AA7E2061-CB55-11D2-8094-00104B1F9838}
HKEY_CLASSES_ROOT\Interface\{AA7E2062-CB55-11D2-8094-00104B1F9838}
HKEY_CLASSES_ROOT\Interface\{AA7E2064-CB55-11D2-8094-00104B1F9838}
HKEY_CLASSES_ROOT\Interface\{AA7E2065-CB55-11D2-8094-00104B1F9838}
HKEY_CLASSES_ROOT\Interface\{AA7E2066-CB55-11D2-8094-00104B1F9838}
HKEY_CLASSES_ROOT\Interface\{AA7E2067-CB55-11D2-8094-00104B1F9838}
HKEY_CLASSES_ROOT\Interface\{AA7E2068-CB55-11D2-8094-00104B1F9838}
HKEY_CLASSES_ROOT\Interface\{AA7E2069-CB55-11D2-8094-00104B1F9838}
HKEY_CLASSES_ROOT\Interface\{AA7E2084-CB55-11D2-8094-00104B1F9838}
HKEY_CLASSES_ROOT\Interface\{ABF74802-8E5B-44EA-880E-8E128A06A113}
HKEY_CLASSES_ROOT\Interface\{AF57A6F0-4101-11D3-88F6-00C04F72F303}
HKEY_CLASSES_ROOT\Interface\{AF57A6F1-4101-11D3-88F6-00C04F72F303}
HKEY_CLASSES_ROOT\Interface\{AFED5DD0-0694-11D4-A934-00105A088FAC}
HKEY_CLASSES_ROOT\Interface\{B0D1DB92-DE05-4926-A5DC-01F3F9857587}
HKEY_CLASSES_ROOT\Interface\{B12A5014-0AA8-451A-B621-F717998B0B53}
HKEY_CLASSES_ROOT\Interface\{B310295D-E006-4E5A-9CBE-FA7C092F2FC3}
HKEY_CLASSES_ROOT\Interface\{B4D3EAE5-8A3A-4376-8B65-6A81293EDB1D}
HKEY_CLASSES_ROOT\Interface\{B964AF40-4AB7-11D3-A908-00105A088FAC}
HKEY_CLASSES_ROOT\Interface\{BA24E1DA-9E87-4502-9AF0-B5DDFA6D6B23}
HKEY_CLASSES_ROOT\Interface\{BD307C4E-6FC9-40FB-B15E-BEC6851EF52C}
HKEY_CLASSES_ROOT\Interface\{BE0B3F76-166A-4DA5-A97C-318595E3D15C}
HKEY_CLASSES_ROOT\Interface\{BE6115A1-7DE5-48DC-AD2A-25060E00FCE2}
HKEY_CLASSES_ROOT\Interface\{C4143914-2238-40F8-A74C-67C4B8ACB27A}
HKEY_CLASSES_ROOT\Interface\{C4AAC3B1-C547-11D3-B289-00C04F59FBE9}
HKEY_CLASSES_ROOT\Interface\{C8D5B971-D521-4113-82D6-869817B452DE}
HKEY_CLASSES_ROOT\Interface\{CC096170-E2CB-11D2-80C8-00104B1F6CEA}
HKEY_CLASSES_ROOT\Interface\{D2A3A842-FBA3-49D4-8806-7734716364A2}
HKEY_CLASSES_ROOT\Interface\{D4FF39B9-1A05-11D3-8896-00C04F72F303}
HKEY_CLASSES_ROOT\Interface\{D4FF39BB-1A05-11D3-8896-00C04F72F303}
HKEY_CLASSES_ROOT\Interface\{DAB9BF17-267D-11D3-88B6-00C04F72F303}
HKEY_CLASSES_ROOT\Interface\{DBBBE57D-A05D-43EC-8408-ED3EAA713963}
HKEY_CLASSES_ROOT\Interface\{DED5FEEC-225A-11D3-88AA-00C04F72F303}
HKEY_CLASSES_ROOT\Interface\{E1B9357F-24B9-11D3-88B2-00C04F72F303}
HKEY_CLASSES_ROOT\Interface\{E3CD7A86-04E4-4B47-88E8-3EE03A3DEE56}
HKEY_CLASSES_ROOT\Interface\{ECBE1E54-3649-4287-9888-D9FB133CAE0D}
HKEY_CLASSES_ROOT\Interface\{F4817E4B-04B6-11D3-8862-00C04F72F303}
HKEY_CLASSES_ROOT\Interface\{F8CB9A40-3665-4D33-B239-32CA4C7B8DEA}
HKEY_CLASSES_ROOT\Interface\{FEBEC920-1849-11D3-A8FE-00105A088FAC}
HKEY_CLASSES_ROOT\Setup.Player
HKEY_CLASSES_ROOT\Setup.Player.2K2
HKEY_CLASSES_ROOT\TypeLib\{94636247-BC39-4B8B-A728-2D1FBEBFA76A}
HKEY_CLASSES_ROOT\TypeLib\{BC44B51D-1A01-4B50-92F2-E7D736F75DA8}
HKEY_LOCAL_MACHINE\SOFTWARE\comScore Networks, Inc.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{35B7E48B-9D81-4C6C-9578-5FD4F620D886}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\
Certificates\A32C2B8361CA79FB7DCD14CBDA793D0DF855991C
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\
Certificates\F8D953700E84F3945390C81A1A3BF929C8A29EB7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
ModuleUsage\C:/WINDOWS/Downloaded Program Files/setup.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
Uninstall\{a71b1608-0de3-445d-afc1-16cc74422a9e}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RASMAN\0000\Control
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_TAPISRV\0000\Control
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\
LEGACY_RASMAN\0000\Control
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\
LEGACY_TAPISRV\0000\Control
Values Added
Over 600 registry entries were added.
Network Impact
Possible performance impact due to delays relaying data through the Marketscore proxy network.
Symptoms
Method of Infection
Variants
Variants
N/A
All Information
Overview -
Characteristics
Characteristics -
McAfee(R) AVERT™ recognizes that this program may have legitimate uses in contexts where an authorized administrator has knowingly installed this application. If you agreed to a license agreement for this, or another bundled application, you may have legal obligations with regard to removing this software, or using the host application without this software. Please contact the software vendor for further information.
See http://vil.nai.com/vil/DATReadme.asp for a list of Program detections added to the DATs.
See http://vil.nai.com/vil/pups/configuration.htm for information about how to enable, disable, and exclude detection of legitimately installed programs.
The 4451 DATs incorrectly identified one installshield file (116,688 bytes in length) as Proxy-OSS application. This has been fixed in the 4452 DATs.
Distribution
This software is not a virus or a trojan. It is detected as a "potentially unwanted program." Proxy-OSS is distributed as an Internet Accelerator program, created by Marketscore. As advertised, the program is designed "to enhance the speed of the Internet while tracking user trends". It is a data gathering mechanism which collects personal information and internet usage statistics. The LSP (Layered Service Provider) stack is modified such that internet traffic is routed through servers operated by Marketscore. More recent versions of the software employ a local proxy, routing traffic through a process running on the host system instead of to remote servers. This local process then makes periodic transmissions to remote servers, presumably when data of interest is identified.
This software is installed via an ActiveX control downloaded from www.marketscore.com. Several files are dropped using an InstallShield installation package and many registry entries are created. A license agreement and privacy policy are displayed on the Marketscore website and must be agreed to (via selection of a checkbox) in order for the setup executable to be downloaded.
Although not observed during testing, it is possible that consumer surveys may be delivered via popup windows, as mentioned in the privacy policy.
Privacy
The Privacy Policy established sweeping rights for Marketscore to monitor internet traffic, collect user data, and establish correlations with other, personally identifiable data (version dated Feb 14, 2005)
Full Privacy Statement: http://www.marketscore.com/privacy.aspx
Full Membership Agreement: http://www.marketscore.com/MembershipAgreement.aspx
System Changes
Files Added
Note: Although created during the installation, the following files and folders appear to be standard components of the InstallShield installation packaging software, and not related to the functionality of the Proxy-OSS software.
c:\WINDOWS\Downloaded Program Files\setup.exe
c:\Program Files\Common Files\InstallShield\Professional\RunTime\iKernel.rgs
c:\Program Files\Common Files\InstallShield\Professional\RunTime\IsProBE.tlb c:\Program Files\Common Files\InstallShield\Professional\RunTime\Objectps.dll c:\Program Files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\ctor.dll
c:\Program Files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\DotNetInstaller.exe
c:\Program Files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iGdi.dll
c:\Program Files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iKernel.dll
c:\Program Files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iscript.dll
c:\Program Files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iuser.dll
c:\Program Files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\setup.dll
The remaining files appear specific to the Proxy-OSS software installation.
c:\WINDOWS\nsreg.dat
Size: 335 bytes
c:\WINDOWS\system32\mksc.exe
Size: 864,256 bytes
MD5: 09B44309B8CB641300D93458D9358ADF
c:\WINDOWS\system32\nsosscfg.exe
Size: 118,784 bytes
MD5: 46DC45B14503070FC8053CE75DBCCC0C
c:\WINDOWS\system32\okshook.dll
Size: 49,152 bytes
MD5: A8A11A2873C6A21AE8C0916DAD013F7C
c:\WINDOWS\system32\osmim.dll
Size: 303,104 bytes
MD5: F0BFFBA3F4C2EE36FA5229FF2C293657
c:\WINDOWS\system32\sporder.dll
Size: 8,464 bytes
MD5: 97F50C3E6EEB45CBE2413431F1BB52FB
Registry
Keys Added
HKEY_CURRENT_USER\Software\InstallShield
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_CURRENT_USER\Software\Netsetter
HKEY_CLASSES_ROOT\CLSID\{35B7E48B-9D81-4C6C-9578-5FD4F620D886}
HKEY_CLASSES_ROOT\CLSID\{F4817E4B-04B6-11D3-8862-00C04F72F303}
HKEY_CLASSES_ROOT\Interface\{00345390-4F77-11D3-A908-00105A088FAC}
HKEY_CLASSES_ROOT\Interface\{00A0DBE3-B12E-4DC3-8C27-4197CA4DF76B}
HKEY_CLASSES_ROOT\Interface\{084A0737-26B9-4433-8007-A9161333B5FC}
HKEY_CLASSES_ROOT\Interface\{0BA4BA22-2EF0-11D3-88C8-00C04F72F303}
HKEY_CLASSES_ROOT\Interface\{0C8D0880-1AC4-11D3-A8FF-00105A088FAC}
HKEY_CLASSES_ROOT\Interface\{0E67BBC9-18CB-4B22-BACD-687CDF6387B6}
HKEY_CLASSES_ROOT\Interface\{112EB4F0-5A48-11D3-A90A-00105A088FAC}
HKEY_CLASSES_ROOT\Interface\{1169A235-14D9-4488-8B56-58ECE9C57002}
HKEY_CLASSES_ROOT\Interface\{16344B6E-52E1-4BBC-AA79-E08B10B7BAB9}
HKEY_CLASSES_ROOT\Interface\{17773851-7FF4-44C1-B084-1E1EDB2BFD4D}
HKEY_CLASSES_ROOT\Interface\{1AE441C6-2C13-49CE-909A-57A81F74F38E}
HKEY_CLASSES_ROOT\Interface\{1B1B8830-C559-11D3-B289-00C04F59FBE9}
HKEY_CLASSES_ROOT\Interface\{1ED19966-1493-4539-B9F5-97A6556CE8F8}
HKEY_CLASSES_ROOT\Interface\{1F1ABEE7-FEDB-45AF-A01B-0B4DE6887573}
HKEY_CLASSES_ROOT\Interface\{1F9922A2-F026-11D2-8822-00C04F72F303}
HKEY_CLASSES_ROOT\Interface\{21D98482-146C-4EBF-AF1E-B04395110005}
HKEY_CLASSES_ROOT\Interface\{229A85A7-2F77-42A2-8CBD-01DD1C09BC88}
HKEY_CLASSES_ROOT\Interface\{230FFDDA-4771-42D0-9383-42547833224B}
HKEY_CLASSES_ROOT\Interface\{251753FA-FB3B-11D2-8842-00C04F72F303}
HKEY_CLASSES_ROOT\Interface\{2583251F-0A04-11D3-886B-00C04F72F303}
HKEY_CLASSES_ROOT\Interface\{348440B0-C79A-11D3-B28B-00C04F59FBE9}
HKEY_CLASSES_ROOT\Interface\{39040274-3D36-11D3-88EE-00C04F72F303}
HKEY_CLASSES_ROOT\Interface\{3D8B6331-D8B1-11D2-80C5-00104B1F6CEA}
HKEY_CLASSES_ROOT\Interface\{3D8B6332-D8B1-11D2-80C5-00104B1F6CEA}
HKEY_CLASSES_ROOT\Interface\{3DFE4F8F-A5A1-4ECA-9A50-E5CF9BA836E9}
HKEY_CLASSES_ROOT\Interface\{3EDC2C10-66FE-11D3-A90F-00105A088FAC}
HKEY_CLASSES_ROOT\Interface\{3EE77D8B-40C1-4A2A-9B77-421907F02058}
HKEY_CLASSES_ROOT\Interface\{3FB92AF0-B9EE-4C30-8D36-93495070CCA1}
HKEY_CLASSES_ROOT\Interface\{44D61997-B7D4-11D2-80BA-00104B1F6CEA}
HKEY_CLASSES_ROOT\Interface\{4C5C8B37-CCB7-11D5-ABEC-00B0D0238DF5}
HKEY_CLASSES_ROOT\Interface\{4D08A70C-42E4-4238-AF79-7A7485C66EE2}
HKEY_CLASSES_ROOT\Interface\{4E26CAD5-1B59-4D1D-9063-2D91314C9E45}
HKEY_CLASSES_ROOT\Interface\{5331F72D-17F1-4D16-A17A-F190461343BF}
HKEY_CLASSES_ROOT\Interface\{5469EE67-1493-402F-8E2C-99936C9E4983}
HKEY_CLASSES_ROOT\Interface\{54DADAB2-28A6-11D3-88BA-00C04F72F303}
HKEY_CLASSES_ROOT\Interface\{54DADAB3-28A6-11D3-88BA-00C04F72F303}
HKEY_CLASSES_ROOT\Interface\{61892D50-28EF-11D3-A8FF-00105A088FAC}
HKEY_CLASSES_ROOT\Interface\{6494206F-23EA-11D3-88B0-00C04F72F303}
HKEY_CLASSES_ROOT\Interface\{65D37452-0EBB-11D3-887B-00C04F72F303}
HKEY_CLASSES_ROOT\Interface\{6B15A454-9067-4878-B10E-B9DFFE03049D}
HKEY_CLASSES_ROOT\Interface\{6D0A2C7B-875F-40E7-B7BE-2E909A3A9026}
HKEY_CLASSES_ROOT\Interface\{6FFDEFD7-3EC4-4E5A-9EFC-AD04E14A9934}
HKEY_CLASSES_ROOT\Interface\{761C8359-55AF-4E7B-9C83-C1A927E0F617}
HKEY_CLASSES_ROOT\Interface\{787D0980-F63F-462C-86BC-FC23847C70F4}
HKEY_CLASSES_ROOT\Interface\{78A47147-ACE5-46F8-BA85-BEAF37827CF4}
HKEY_CLASSES_ROOT\Interface\{7B288F47-79AB-43A8-8494-D9F4D5985B29}
HKEY_CLASSES_ROOT\Interface\{7BB118F1-6D5B-470E-82D0-AFB042724560}
HKEY_CLASSES_ROOT\Interface\{7D795704-435D-11D3-88FF-00C04F72F303}
HKEY_CLASSES_ROOT\Interface\{7FA3F3D3-7B9E-4F51-9448-3642B544CEBD}
HKEY_CLASSES_ROOT\Interface\{80FDE82A-2CAA-11D3-88C3-00C04F72F303}
HKEY_CLASSES_ROOT\Interface\{83755DD1-086B-11D3-8868-00C04F72F303}
HKEY_CLASSES_ROOT\Interface\{8415DDF9-1C1D-11D3-889D-00C04F72F303}
HKEY_CLASSES_ROOT\Interface\{8415DE38-1C1D-11D3-889D-00C04F72F303}
HKEY_CLASSES_ROOT\Interface\{8C3C1B10-E59D-11D2-B40B-00A024B9DDDD}
HKEY_CLASSES_ROOT\Interface\{8C3C1B11-E59D-11D2-B40B-00A024B9DDDD}
HKEY_CLASSES_ROOT\Interface\{8C3C1B12-E59D-11D2-B40B-00A024B9DDDD}
HKEY_CLASSES_ROOT\Interface\{8C3C1B13-E59D-11D2-B40B-00A024B9DDDD}
HKEY_CLASSES_ROOT\Interface\{8C3C1B14-E59D-11D2-B40B-00A024B9DDDD}
HKEY_CLASSES_ROOT\Interface\{8C3C1B15-E59D-11D2-B40B-00A024B9DDDD}
HKEY_CLASSES_ROOT\Interface\{8C3C1B16-E59D-11D2-B40B-00A024B9DDDD}
HKEY_CLASSES_ROOT\Interface\{8E156322-57D4-448B-BAB4-35DC0C7ADF53}
HKEY_CLASSES_ROOT\Interface\{91814EBF-B5F0-11D2-80B9-00104B1F6CEA}
HKEY_CLASSES_ROOT\Interface\{91814EC1-B5F0-11D2-80B9-00104B1F6CEA}
HKEY_CLASSES_ROOT\Interface\{91814EC3-B5F0-11D2-80B9-00104B1F6CEA}
HKEY_CLASSES_ROOT\Interface\{91814EC5-B5F0-11D2-80B9-00104B1F6CEA}
HKEY_CLASSES_ROOT\Interface\{91CD1F51-7199-46FA-9629-9C89D2F1AE22}
HKEY_CLASSES_ROOT\Interface\{94F4A332-A2AE-11D3-8378-00C04F59FBE9}
HKEY_CLASSES_ROOT\Interface\{9AEE3F7A-A79F-4B41-BC48-E7946FFEAB35}
HKEY_CLASSES_ROOT\Interface\{9B697780-DBBC-11D2-80C7-00104B1F6CEA}
HKEY_CLASSES_ROOT\Interface\{9BD0749C-12DC-4D2B-A4F6-9E52F0F38A6C}
HKEY_CLASSES_ROOT\Interface\{9CFCFE67-0BB8-43E0-8425-378D0A02ACE4}
HKEY_CLASSES_ROOT\Interface\{9D1BC05A-7056-458F-B605-A6298C8BD4B1}
HKEY_CLASSES_ROOT\Interface\{9E274DCA-9B35-4B99-904F-76F2C5B59F76}
HKEY_CLASSES_ROOT\Interface\{A36ECFBE-FAAA-417D-9D41-7FEF98FDE554}
HKEY_CLASSES_ROOT\Interface\{A74C06E4-12DF-4060-9AA7-83CFAA66D604}
HKEY_CLASSES_ROOT\Interface\{AA7E2060-CB55-11D2-8094-00104B1F9838}
HKEY_CLASSES_ROOT\Interface\{AA7E2061-CB55-11D2-8094-00104B1F9838}
HKEY_CLASSES_ROOT\Interface\{AA7E2062-CB55-11D2-8094-00104B1F9838}
HKEY_CLASSES_ROOT\Interface\{AA7E2064-CB55-11D2-8094-00104B1F9838}
HKEY_CLASSES_ROOT\Interface\{AA7E2065-CB55-11D2-8094-00104B1F9838}
HKEY_CLASSES_ROOT\Interface\{AA7E2066-CB55-11D2-8094-00104B1F9838}
HKEY_CLASSES_ROOT\Interface\{AA7E2067-CB55-11D2-8094-00104B1F9838}
HKEY_CLASSES_ROOT\Interface\{AA7E2068-CB55-11D2-8094-00104B1F9838}
HKEY_CLASSES_ROOT\Interface\{AA7E2069-CB55-11D2-8094-00104B1F9838}
HKEY_CLASSES_ROOT\Interface\{AA7E2084-CB55-11D2-8094-00104B1F9838}
HKEY_CLASSES_ROOT\Interface\{ABF74802-8E5B-44EA-880E-8E128A06A113}
HKEY_CLASSES_ROOT\Interface\{AF57A6F0-4101-11D3-88F6-00C04F72F303}
HKEY_CLASSES_ROOT\Interface\{AF57A6F1-4101-11D3-88F6-00C04F72F303}
HKEY_CLASSES_ROOT\Interface\{AFED5DD0-0694-11D4-A934-00105A088FAC}
HKEY_CLASSES_ROOT\Interface\{B0D1DB92-DE05-4926-A5DC-01F3F9857587}
HKEY_CLASSES_ROOT\Interface\{B12A5014-0AA8-451A-B621-F717998B0B53}
HKEY_CLASSES_ROOT\Interface\{B310295D-E006-4E5A-9CBE-FA7C092F2FC3}
HKEY_CLASSES_ROOT\Interface\{B4D3EAE5-8A3A-4376-8B65-6A81293EDB1D}
HKEY_CLASSES_ROOT\Interface\{B964AF40-4AB7-11D3-A908-00105A088FAC}
HKEY_CLASSES_ROOT\Interface\{BA24E1DA-9E87-4502-9AF0-B5DDFA6D6B23}
HKEY_CLASSES_ROOT\Interface\{BD307C4E-6FC9-40FB-B15E-BEC6851EF52C}
HKEY_CLASSES_ROOT\Interface\{BE0B3F76-166A-4DA5-A97C-318595E3D15C}
HKEY_CLASSES_ROOT\Interface\{BE6115A1-7DE5-48DC-AD2A-25060E00FCE2}
HKEY_CLASSES_ROOT\Interface\{C4143914-2238-40F8-A74C-67C4B8ACB27A}
HKEY_CLASSES_ROOT\Interface\{C4AAC3B1-C547-11D3-B289-00C04F59FBE9}
HKEY_CLASSES_ROOT\Interface\{C8D5B971-D521-4113-82D6-869817B452DE}
HKEY_CLASSES_ROOT\Interface\{CC096170-E2CB-11D2-80C8-00104B1F6CEA}
HKEY_CLASSES_ROOT\Interface\{D2A3A842-FBA3-49D4-8806-7734716364A2}
HKEY_CLASSES_ROOT\Interface\{D4FF39B9-1A05-11D3-8896-00C04F72F303}
HKEY_CLASSES_ROOT\Interface\{D4FF39BB-1A05-11D3-8896-00C04F72F303}
HKEY_CLASSES_ROOT\Interface\{DAB9BF17-267D-11D3-88B6-00C04F72F303}
HKEY_CLASSES_ROOT\Interface\{DBBBE57D-A05D-43EC-8408-ED3EAA713963}
HKEY_CLASSES_ROOT\Interface\{DED5FEEC-225A-11D3-88AA-00C04F72F303}
HKEY_CLASSES_ROOT\Interface\{E1B9357F-24B9-11D3-88B2-00C04F72F303}
HKEY_CLASSES_ROOT\Interface\{E3CD7A86-04E4-4B47-88E8-3EE03A3DEE56}
HKEY_CLASSES_ROOT\Interface\{ECBE1E54-3649-4287-9888-D9FB133CAE0D}
HKEY_CLASSES_ROOT\Interface\{F4817E4B-04B6-11D3-8862-00C04F72F303}
HKEY_CLASSES_ROOT\Interface\{F8CB9A40-3665-4D33-B239-32CA4C7B8DEA}
HKEY_CLASSES_ROOT\Interface\{FEBEC920-1849-11D3-A8FE-00105A088FAC}
HKEY_CLASSES_ROOT\Setup.Player
HKEY_CLASSES_ROOT\Setup.Player.2K2
HKEY_CLASSES_ROOT\TypeLib\{94636247-BC39-4B8B-A728-2D1FBEBFA76A}
HKEY_CLASSES_ROOT\TypeLib\{BC44B51D-1A01-4B50-92F2-E7D736F75DA8}
HKEY_LOCAL_MACHINE\SOFTWARE\comScore Networks, Inc.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{35B7E48B-9D81-4C6C-9578-5FD4F620D886}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\
Certificates\A32C2B8361CA79FB7DCD14CBDA793D0DF855991C
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\
Certificates\F8D953700E84F3945390C81A1A3BF929C8A29EB7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
ModuleUsage\C:/WINDOWS/Downloaded Program Files/setup.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
Uninstall\{a71b1608-0de3-445d-afc1-16cc74422a9e}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RASMAN\0000\Control
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_TAPISRV\0000\Control
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\
LEGACY_RASMAN\0000\Control
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\
LEGACY_TAPISRV\0000\Control
Values Added
Over 600 registry entries were added.
Network Impact
Possible performance impact due to delays relaying data through the Marketscore proxy network.
Symptoms
Symptoms -
Method of Infection
Method of Infection -
Removal -
Removal -
Instructions on Enabling/Disabling Detection and Removal of Potentially Unwanted Programs
Variants
Variants -
N/A
