Adware.GoGoTools

Printer Friendly Page

Updated: February 13, 2007 11:45:08 AM

Type: Adware

Publisher: SpecificMedia Inc,

Risk Impact: High

File Names: GoGoDisplay.exe GoGoLaunch.exe GoGoTools.exe HTMLEdit.dll TrackInst.exe LaunchAdware.exe GoG

Systems Affected: Windows 2000, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP

When Adware.GoGoTools is executed, it performs the following actions:

Creates the following files:
- %ProgramFiles%\GoGotools\GoGoware\GoGoDisplay.exe
- %ProgramFiles%\GoGotools\GoGoware\GoGoLaunch.exe
- %ProgramFiles%\GoGotools\GoGoware\GoGoTools.exe
- %ProgramFiles%\GoGotools\GoGoware\HTMLEdit.dll
- %ProgramFiles%\GoGotools\GoGoware\TrackInst.exe
- %ProgramFiles%\GoGotools\GoGoware\Config.txt
- %ProgramFiles%\GoGotools\unins000.exe
- %ProgramFiles%\GoGotools\unins000.dat
- %ProgramFiles%\GoGotools\unins001.exe
- %ProgramFiles%\GoGotools\unins001.dat
- %ProgramFiles%\GogoTools\Check.exe
- %ProgramFiles%\GogoTools\Gogo.ico
- %ProgramFiles%\GogoTools\GogoAddressBar\Address.dll
- %ProgramFiles%\GogoTools\GogoAddressBar\samp.dll
- %ProgramFiles%\GogoTools\Gogoware\Config.bin
- %ProgramFiles%\GogoTools\Gogoware\GogoAdDisplay.exe
- %ProgramFiles%\GogoTools\Gogoware\GogoTools.exe
- %ProgramFiles%\GogoTools\Gogoware\HTMLEdit.dll
- %ProgramFiles%\GogoTools\Gogoware\LaunchAdware.exe
- %ProgramFiles%\GogoTools\Gogoware\Registration.exe
- %ProgramFiles%\GogoTools\Gogoware\TrackInst.exe
- %ProgramFiles%\GogoTools\Gogoware\uninsc.dat
- %ProgramFiles%\GogoTools\Gogoware\uninsc.exe
- %ProgramFiles%\GogoTools\Installer.exe
- %ProgramFiles%\GogoTools\SearchGogo\AtlCustom.exe
- %ProgramFiles%\GogoTools\SearchGogo\FilePC Uploads\FilePCData.dat
- %ProgramFiles%\GogoTools\SearchGogo\GogoAddressBar.exe
- %ProgramFiles%\GogoTools\SearchGogo\GogoToolbar.exe
- %ProgramFiles%\GogoTools\SearchGogo\gogotools0.exe
- %ProgramFiles%\GogoTools\SearchGogo\Menu.exe
- %ProgramFiles%\GogoTools\SearchGogo\MFC42.dll
- %ProgramFiles%\GogoTools\SearchGogo\MSVCRT.DLL
- %ProgramFiles%\GogoTools\SearchGogo\PgTemplate.htm
- %ProgramFiles%s\GogoTools\SearchGogo\PictureShare.exe
- %ProgramFiles%\GogoTools\SearchGogo\Print.dll
- %ProgramFiles%\GogoTools\SearchGogo\ReadGenPara.dll
  
  The adware also creates the following files which may already be on the computer legitimately :
- %Windir%\system32\MFC42D.dll
- %Windir%\system32\MSVCRTD.DLL
  
  Note:
- %ProgramFiles% is a variable that refers to the program files folder. By default, this is C:\Program Files.
- %Windir% is a variable that refers to the Windows installation folder. By default, this is C:\Windows or C:\Winnt.
Adds the values:

"RUNGogoTools" = "%ProgramFiles%\GoGotools\GoGoware\GoGoLaunch.exe""RUNFilePC" = "%ProgramFiles%\GogoTools\SearchGogo\PictureShare.exe" "RUNGogoTools" = "%ProgramFiles%\GogoTools\Gogoware\LaunchAdware.exe"

to the registry subkey:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Runso that the risk runs every time Windows starts.
Creates the following registry entries:

HKEY_CLASSES_ROOT\Adware.IETrackerIFHKEY_CLASSES_ROOT\ Adware.IETrackerIF.1 HKEY_CLASSES_ROOT\AppID\Adware.EXE HKEY_CLASSES_ROOT\AppID\{5B134722-D775-431E-93DF-CC9A74EE6BCA} HKEY_CLASSES_ROOT\CLSID\{1E1B2879-88FF-11D2-8D96-D7ACAC95951F} HKEY_CLASSES_ROOT\CLSID\{3BEC9062-7625-4DE8-8ABE-B96AE461DC78} HKEY_CLASSES_ROOT\HTMLEdit.IETracker HKEY_CLASSES_ROOT\HTMLEdit.IETracker.1 HKEY_CLASSES_ROOT\Interface\{09964F9E-E1D4-47C3-9697-28258DBCBB77} HKEY_CLASSES_ROOT\Interface\{1E1B2878-88FF-11D2-8D96-D7ACAC95951F} HKEY_CLASSES_ROOT\TypeLib\{1E1B286C-88FF-11D2-8D96-D7ACAC95951F} HKEY_CLASSES_ROOT\TypeLib\{8EF07273-3C9F-4BA6-A748-FAD0E7FAF1FD}| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1E1B2879-88FF-11D2-8D96-D7ACAC95951F} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ Uninstall\GogoTools_is1 HKEY_LOCAL_MACHINE\SOFTWAREe\SpecificMEDIA\GoGoTools HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\ {0BB77965-73BB-41DE-9DDB-D09F0770E89E} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\ {8066D3A1-D93D-4A0E-978C-C192FBE7BCE7} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\ {AD6865DE-43AE-42C7-89A6-F6F834A5DCE2} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\ {0BBA2043-67C6-405F-B604-3015BC5F7F49} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\ {2D7531E4-7107-4908-B195-00D9F6407350} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\ {911F0CBD-BF63-4C8E-A8C7-10A7AB79D5AF} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\ {A0280066-DA42-4CA3-B31A-619846873BB5} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\ {0FB9FC52-DDD9-4C5F-AC57-23DA79D9274C} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\ {1BE40A9A-034E-4D22-BF7B-B9F7081FF2FB} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\ {70BAE76E-62CC-478F-B09B-8346AB49E951} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Adware.IETrackerIF HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Adware.IETrackerIF.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Print.StockBar HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Print.StockBar.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Samp.initsearchgogo HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Samp.initsearchgogo.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SpecificSearch.SpecificSearchBar HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SpecificSearch.SpecificSearchBar.1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ {0BB77965-73BB-41DE-9DDB-D09F0770E89E} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ {0BB77965-73BB-41DE-9DDB-D09F0770E89F} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ Browser Helper Objects\{8066D3A1-D93D-4A0E-978C-C192FBE7BCE7} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ GoGo Tools_is1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ Interactive Explorer Search Services_is1 HKEY_CURRENT_USER\Software\SpecificMEDIA HKEY_CURRENT_USER\Software\SpecificMEDIA\GoGoToolsHKEY_CLASSES_ROOT\DNSErr.DNSErrObj HKEY_CLASSES_ROOT\DNSErr.DNSErrObj.1
Connects to [http://]www.gogotools.com/[REMOVED] and displays advertisements.

Removal

Summary

Search Threats

Search by name

_{Example: W32.Beagle.AG@mm}