Re: Program in Downloaded Program Files.

Discussion in 'other software & services' started by AWorriedPerson, Dec 16, 2006.

Thread Status:
Not open for further replies.
  1. AWorriedPerson

    AWorriedPerson Registered Member

    Joined:
    Dec 3, 2006
    Posts:
    30
    Trace.Registry.NetPumper

    I have a problem. For some time ago I downloaded a-squared Anti-Malware 2.1 trial version. It found malware and gave me link with explanation about this malware. Link is here.
    www.emsisoft.com/en/malware/?Trace.Registry.NetPumper

    So my problem is because of this
    Name: Trace.Registry.NetPumper
    Risklevel: High

    Characteristics:

    Shows popup ads
    Download scheduler compatible with Anti-Leech
    Server-driven bandwidth control
    It also associates with other Adwares.
    Installation: Installed through EXE

    Process: NetPumperIEProxy.exe


    First, what means this- Server-driven bandwidth control.
    Second what exactly this malware does. I have great fear that it has saved my passwords when I entered them in Internet and that this malware has collected other personal information too and downloaded some malicious programs. And have I really gotten rid of this thing or is there even more this in computer. Please help me, I am going crazy. I am afraid that this thing has been in computer for very long time.
     
  2. GlobalForce

    GlobalForce Regular Poster

    Joined:
    Jun 30, 2004
    Posts:
    3,581
    Location:
    Garden State, USA
  3. AWorriedPerson

    AWorriedPerson Registered Member

    Joined:
    Dec 3, 2006
    Posts:
    30
    Re: Trace.Registry.NetPumper

    Thank you for your help. Sorry for bothering you again but I already removed it with Anti-Malware 2.1 trial version. Do you advise me to use HJT although I removed it because that thing could still be there? Sorry for my bad English. But I need to be sure do I need HJT too or is it okay now if I have removed it already.
     
  4. GlobalForce

    GlobalForce Regular Poster

    Joined:
    Jun 30, 2004
    Posts:
    3,581
    Location:
    Garden State, USA
    Re: Trace.Registry.NetPumper

    If your running some sort of firewall keep an eye on connect's that don't belong there. You can check domain's by loading unknown addy's on site's such as samspade or all-nettools. As far as HJT is concerned it's hard for me to advise not knowing your awareness level or what investigation utilities your familiar with (again, refer to CC's wiki if you have any doubt's). It may be easier in your situation running Merijn's startuplist to cross reference file's listed on Kephyr's site above, then determine if further action is warranted.


    GF
     
  5. AWorriedPerson

    AWorriedPerson Registered Member

    Joined:
    Dec 3, 2006
    Posts:
    30
    Re: Trace.Registry.NetPumper

    Thank you for your help. You mentioned firewall. After founding NetPumper I checked out my firewal settings and found antileech plugin helper program and deleted it from firewall settings. Today eTrust Pestpatrol found Anti-Leech Plugin in hkey_local_machine\software\microsoft\windows\currentversion\uninstall\anti-leech alie

    It also gave me this address.

    http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453099584



    Are they connected? Is PestPatrol giving me falsepositive? I can't remove it because it is only trial version.
     
    Last edited: Dec 22, 2006
  6. snowbound

    snowbound Retired Moderator

    Joined:
    Feb 18, 2003
    Posts:
    8,723
    Location:
    The Big Smoke
    Re: Trace.Registry.NetPumper

    It might be best to take GF's suggestion and get HJT help.

    An excellent forum for this here,

    http://gladiator-antivirus.com/forum/index.php?showtopic=10517

    Just follow the instructions on that page and the experts at Gladiators will analyse your log and give u removal instructions on any possible malware found.



    snowbound
     
  7. DVD+R

    DVD+R Registered Member

    Joined:
    Aug 2, 2006
    Posts:
    1,979
    Location:
    The Antipodes
    My advice to you AWorriedPerson is to uninstall NetPumper,as it IS a spyware program,and secretly installs extra unwanted programs like toolbars and AdAware programs that invade your privacy in particular Cydoor and WhenUSearch which are 2 nasty little spyware programs that will continually popup on your desktop asking you to install certain software which is really below standard,such as spyware removers. If you install these bogus programs you risk being invaded by trojans and worse. I would delete all registry keys in regedit.. go to start/run and type in regedit look for HKEY_CURRENT_USER and click the + next to it and look for software folder, click the + next to that and look for anything named AntiLeach ,Cydoor,WhenUSearch, and right click on the folder and delete it. then go to the folder named HKEY_LOCAL_MACHINE and repeat the previous instructions. If you have a registry clean,such as Registry Mechanic 6.0 run that to make sure no existing trace of the program is left over, and reboot your computer. Then to be on the safe side, I would run (if you have it) Webroot SpySweeper and do a full system scan. You should now be safe :D
     
  8. AWorriedPerson

    AWorriedPerson Registered Member

    Joined:
    Dec 3, 2006
    Posts:
    30
    Thank you all for your help. Don't know what to do without you.
     
Loading...
Thread Status:
Not open for further replies.