NCase Browser Hijacker Definition - Browser Hijacker Spywares, Adwares, Viruses Reviews and Info

Main Menu

Categories

Adware
Adware Bundler
AOL Exploit
Backdoor
Browser Hijacker
Browser Plug-in
Commercial Key Logger
Commercial Remote Control
Cookie
Dialer
E-Mail Flooder
Hostile ActiveX Control
ICQ Exploit
Joke Program
Key Logger
Loader
Low Risk Adware
Misc
Nuker
P2P
Password Hijacker
Potential Privacy Risk
Potentially Dangerous Tools
RAT
Search Hijacker
Security Disabler
Spyware
Stealth Notifier
Surveillance
Toolbar
Trojan
Trojan Downloader
Trojan FTP
Trojan Telnet
Viruses
Worm

NCase Browser Hijacker Information

Name:	NCase
Category:	Browser Hijacker
Alias:	- Alias: Troj/Favadd-D
Advice:	Remove
Risk:	Elevated Risk Elevated threats are usually threats that fall into the range of adware in which data about a user's habits are tracked and sent back to a server for analysis without your consent or knowledge.
Description:	NCase is an adware application that looks for known URLs and keywords in URLs, and opens pop-up advertisements targeted at such sites. nCase also opens non-targeted pop-up adverts at arbitrary times when using Internet Explorer. Ncase is a Comparison Alternative Shopping Engine developed by 180Solutions. It consists of a process, msbb.exe, that runs constantly with Windows and shows advertising. It will cause pop-up advertisements, can add shortcut items to the Startup or Desktop, and update itself. NCase generates a log of your surfing activity, including the web pages you visit and in which order you visit them. The log is uploaded to the n-Case server and is used for marketing purpose and to open advertisements that fit you preferences. It appears to be installed via an ActiveX drive-by download or bundled with several file sharing programs and a few others. Bundled with a large range of applications, particularly file-sharing programs. nCase are known to send e-mail to software authors asking them to include the nCase bundle. It will cause pop-up advertisements, can add shortcut items to the Startup or Desktop, and update itself. Ncase is aware of the FlashTrack parasite and will disable it if it is running, to stop it showing competing adverts. Some versions also seem to connect to the Gator web servers occasionally, for unknown reasons. Ncase presents some rather serious privacy violations. When passing information back to its servers, the URL or keyword is passed with a unique identifier to nCase's controlling server bis.180solutions.com when a targeted advert is shown, allowing web usage to be tracked across sites. n-CASE includes an alert component, that will notify you with a pop-up window if parts of the n-CASE software has been uninstalled or disabled. The alert component runs at startup and uses random file names and registry keys which makes it harder to detect for anti-spyware software. The alert executable is located in %WinDir%. The alert pop-up will display the following: The system has detected that a third-party application has removed n-CASE, possibly without your consent. This may cause some programs not to run as expected. Please choose an option below -Re-install n-CASE so that your programs will run as expected. Requires internet connectivity. -Leave n-CASE un-installed, and clean up any n-CASE files or settings that remain. -Remind me later. Newer versions of the software also seem to try to read an e-mail address, real name and ZIP code to associate with the unique identifier, from applications' data in the registry: Outlook Express mail accounts Outlook user info AOL Instant Messenger accounts Windows location RealPlayer location Windows Fax headers eFax.com headers Acrobat user info Netscape user info MS Comic Chat registration GameSpy registration NetFerret registration
Signatures:	process: delmsbb.exe: MD5 Hash: 1b6d87b7f7c80c74845... process: elrubiovy.exe: MD5 Hash: b1a3d68c3f2652d4f8c... process: gm.exe: MD5 Hash: 5344b1ad0b80fe91d4e... process: ivdn.exe: MD5 Hash: 30a0320612af4948c46... process: msbb.exe: MD5 Hash: 92f998842e204bfd9e8... process: msbb.exe: MD5 Hash: a1c32a6a67c430ac2dd... process: msbb.exe: MD5 Hash: 6bb459e5a8de8708758... process: ncaseadsuninstaller.exe: MD5 Hash: a72716da8c5c2fc2178... process: ncaseuninstaller.exe: MD5 Hash: a96470d9f8d90c63cda... process: optimize.exe: MD5 Hash: 06e2fc879606851611d... process: rosoftlameencoderlimited.exe: MD5 Hash: 2a7189aee07ae125290... process: s4setp.exe: MD5 Hash: e1d3601670828dab4cf... process: webassist.exe: MD5 Hash: a79d7ff24e751936c6d... process: msbb[1].exe: MD5 Hash: ... process: hbinst.exe: MD5 Hash: ... process: hbsrv.exe: MD5 Hash: ... process: aknqux.exe: MD5 Hash: ... process: cjq.exe: MD5 Hash: ... process: fmtahovc.exe: MD5 Hash: ... process: ggbilw.exe: MD5 Hash: ... process: ghrxblvci.exe: MD5 Hash: ... process: neuobsiz.exe: MD5 Hash: ... process: qtw.exe: MD5 Hash: ... process: rym.exe: MD5 Hash: ... process: msbb.exe: MD5 Hash: ... process: KRY.exe: MD5 Hash: ... process: PWG.exe: MD5 Hash: ... process: msbb.exe: MD5 Hash: 7d1792f15d0a1f17010... process: ncasepackage.exe: MD5 Hash: c3d1c02455e35822fbb... process: saie1108.exe: MD5 Hash: 77321b2b08d05344f1d... process: rojot.exe: MD5 Hash: f8489ef5e9bdfc21ffd... process: saie.exe: MD5 Hash: 89ddb6f2c69a9940c9e... process: msbb.exe: MD5 Hash: f413a3dc9dba364193d... process: msbb.exe: MD5 Hash: bd44c41e257acba9a3e... process: 180sainstallersilsais1.exe: MD5 Hash: d9f4cfab6e1e3818f1a... process: 180sainstallersilsais1.exe: MD5 Hash: d9f4cfab6e1e3818f1a... process: sais.exe: MD5 Hash: 0e0f44ad296d5a28943..
Type:	Browser Hijacker - Spyware's primary purpose is to collect demographic and usage information from your computer, usually for advertising purposes. Spyware usually that 'sneaks' onto a system or performs other activities hidden to the user. Spyware programs are usually bundled as a hidden component and downloaded from the Internet. These modules are almost always installed on the system secretively and try to run secretively as well.

Top Browser Hijacker Visited Pages:

SuperSpider - Alias: Network Security Guard, Melcosoft - 325 visits
Spyass.com - 67 visits
Tubby - Alias: MakeMeSearch, CoolWebSearch.Tubby, Spyware.Arau, Trojan.Win32.StartPage.ih, Trojan.StartPage-FJ - 55 visits
CrackSpider - Alias: Troj/Favadd-D - 51 visits
CoolWebSearch - Alias: CWS, Cool Web Serach, CoolWwwSearch - 50 visits
SecurityToolbar.DesktopScam - 46 visits
Paytime - 41 visits
Trojan.StartPage - Alias: SearchCentral - 37 visits
Search3 Hijacker - 31 visits
SBSoft - 31 visits

Random Browser Hijacker Pages:

Jeired BHO
Network Essentials - Alias: NetworkEssentials, SCBar
Tro.FeelMedia.windows.dat
Adw.SearchFast.Toolbar
HungryHands - Alias: Hungry Hands porn hijacker
2nd-thought
Tubby.MakeMeSearch
coolwebsearch.dompeek
CoolWebSearch.MsxMidi - Alias: CWS variant, CWS.xpsystem
CrackSpider - Alias: Troj/Favadd-D

� 2006-2008 spyware32.com - Privacy Policy