1. /
  2. Security Response/
  3. Adware.Keenval

Adware.Keenval - Removal

Updated:
February 13, 2007 11:34:06 AM
Type:
Adware
Version:
1.6
Publisher:
eUniverse.com
Risk Impact:
High
File Names:
%CommonProgramFiles%\KeenValue\IESliderWin32.dll %CommonProgramFiles%\KeenValue\Keenvalue.exe %C
Systems Affected:
Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP

Removal using the Adware.Keenval Removal Tool
Symantec Security Response has developed a removal tool for Adware.Keenval. Use this removal tool first, as it is the easiest way to remove this risk.

The tool can be found here:
http://securityresponse.symantec.com/avcenter/FxKeenVl.exe

The current version of the tool will have a digital signature timestamp equivalent to 12/03/2004 12:38PM

Note: The date and time displayed will be adjusted to your time zone, if your computer is not set to the Pacific time zone.

Manual Removal
The following instructions pertain to all Symantec antivirus products that support Security Risk detection.

Note: Removing this adware component from the system will likely cause the program that installed it to not function as intended. The uninstaller generally identifies the programs that will not work after uninstallation.
  1. Update the definitions.
  2. Restart the computer in Safe mode.
  3. Uninstall KeenValue using the Add/Remove Programs utility.
  4. Run a full system scan and delete all the files detected as Adware.Keenval.
  5. Delete the value that was added to the registry.
  6. Delete files used by this Adware

For specific details on each of these steps, read the following instructions.

1. Updating the definitions
To obtain the most recent definitions, start your Symantec program and run LiveUpdate.


2. Restarting the computer in Safe mode
Shut down the computer and turn off the power. Wait for at least 30 seconds, and then restart the computer in Safe mode. For instructions, read the document, "How to start the computer in Safe Mode."

3. Uninstalling the Adware
  1. Do one of the following:
    • On the Windows 98 taskbar:
      1. Click Start > Settings > Control Panel.
      2. In the Control Panel window, double-click Add/Remove Programs.

    • On the Windows Me taskbar:
      1. Click Start > Settings > Control Panel.
      2. In the Control Panel window, double-click Add/Remove Programs.
        If you do not see the Add/Remove Programs icon, click "...view all Control Panel options."

    • On the Windows 2000 taskbar:
      By default, Windows 2000 is set up the same as Windows 98. In that case, follow the instructions for Windows 98. Otherwise, click Start, point to Settings, point to Control Panel, and then click Add/Remove Programs.

    • On the Windows XP taskbar:
      1. Click Start > Control Panel.
      2. In the Control Panel window, double-click Add or Remove Programs.

  2. Click KeenValue.

    Note: You may need to use the scroll bar to view the whole list.
  3. Click Add/Remove, Change/Remove, or Remove (this varies with the operating system). Follow the prompts.


4. Scanning for and deleting the files
  1. Start your Symantec antivirus program and run a full system scan.
  2. If any files are detected as Adware.Keenval, click Delete.
    Notes:
  • If your Symantec antivirus product reports that it cannot delete a detected file, write down the path and file name. Then use Windows Explorer to locate and delete the file.
  • If you ran the Add/Remove programs applet as described in the previous section, it is possible that all files were removed and therefore none will be detected.

5. Deleting the value from the registry
WARNING: Symantec strongly recommends that you back up the registry before making any changes to it. Incorrect changes to the registry can result in permanent data loss or corrupted files. Modify the specified keys only. Read the document, "How to make a backup of the Windows registry," for instructions.

Note:
This is done to make sure all the keys are removed. They may not be there if the uninstaller removed them.
  1. Click Start > Run
  2. Type regedit

    Then click OK

  3. Navigate to and delete the following subkeys:

    HKEY_LOCAL_MACHINE\Software\KeenValue
    HKEY_LOCAL_MACHINE\Software\eUniverse
    HKEY_LOCAL_MACHINE\Software\updater
    HKEY_LOCAL_MACHINE\Software\IncrediFind
    HKEY_LOCAL_MACHINE\Software\PerfectNav
    HKEY\CURRENT_USER\Software\Dynamic Toolbar\SOMATIC
    HKEY_LOCAL_MACHINE\Software\Classes\BHO.PerfectNavBHO
    HKEY_LOCAL_MACHINE\Software\Classes\BHO.PerfectNavBHO.1
    HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{4E7BD74F-2B8D-469E-D1F7-EB6DB99AA97D}
    HKEY_LOCAL_MACHINE\Software\Classes\Interface\{8B8F6968-2F24-41E3-B653-E9613226F14D}
    HKEY_LOCAL_MACHINE\Software\Classes\TypeLib\{DE289BFA-737B-4ABB-A4EC-F8753551B875}
    HKEY_LOCAL_MACHINE\Software\Classes\Typelib\{53F066F0-A4C0-4F46-83EB-2DFD03F938CF}
    HKEY_LOCAL_MACHINE\Software\Classes\somatic.SOMATIC
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\KeenValue
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Search-O-Matic Toolbar_is1
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5D60FF48-95BE-4956-B4C6-6BB168A70310}
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4E7BD74F-2B8D-469E-D1F7-EB6DB99AA97D}
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00D6A7E7-4A97-456f-848A-3B75BF7554D7}


  4. Navigate to the subkey:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

  5. In the right pane, delete the values:

    "KeenValue" = "%CommonProgramFiles%\KeenValue\KeenValue.exe"
    "updater" = "%CommonProgramFiles%\updater\wupdater.exe"
    "updmgr"
    = "%CommonProgramFiles%\updmgr\rvupdmgr.exe"
  6. Navigate to the subkeys:

    HKEY_LOCAL_MACHINESOFTWARE\Microsoft\Internet Explorer\Toolbar
    HKEY\CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser

  7. In the right pane, delete the value if it exists:

    "{4E7BD74F-2B8D-469E-D1F7-EB6DB99AA97D}" = ""
  8. Navigate to the subkey:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks
  9. In the right pane, delete the value:

    "{00D6A7E7-4A97-456f-848A-3B75BF7554D7}" = ""
  10. Exit the Registry Editor.

6. Deleting files used by the adware
  1. Open Windows Explorer
  2. Navigate to and delete the folowing files and folders
    • %CommonProgramFiles%\KeenValue
    • %CommonProgramFiles%\updater
    • %CommonProgramFiles%\updmgr
    • %ProgramFiles%\MyFreeCursors
    • %ProgramFiles%\PerfectNav\BHO
    • %ProgramFiles%\Dynamic Toolbar\SOMATIC
    • C:\Documents and Settings\All Users\Start Menu\Programs\Startup\KeenValue.lnk
    • %System%\unins000.dat
    • %System%\unins000.exe
  3. Exit Windows Explorer


Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report
Symantec DeepSight Screensaver