Network Security » Process » KeenValue.exe

KeenValue.exe

keenvalue.exe is part of gator, an advertising program. This process monitors your browsing habits and distributes the data back to the author’s servers for analyses. KeenValue.exe is located in "C: \ Program Files \ Common files \ KeenValue \ ".

It provides an adware / links and might redirect IE settings. When the install / setup file is being run manually by the user, no gui messageboxes appear, it runs silently, it puts multiple files in the \ Program Files \ Common Files \ KeenValue directory. Here are some of it files:

  • IESLIDERWIN32.DLL (94208 bytes)
  • KEENVALUE.EXE (167936)
  • KILLKEENVALUE.EXE (28672)
  • KV001.DAT (49)
  • KV002.DAT (2012)
  • KV099.DAT (72)
  • KVLHOOKWIN.DLL (24576)
  • KWM.EXE (32768)
  • SENDUNINSTALLINFO.EXE (90193)
  • UNINSTALL.EXE (33572)

Hijackthis Log: O4 - Global Startup: KeenValue.lnk = C:\Program Files\Common Files\KeenValue\keenvalue.exe

KeenValue PerfectNav Browser Hijacker

KeenValue PerfectNav is spyware that redirects your URL typing errors to PerfectNavs Web page.  High risk threats typically are remotely exploitable vulnerabilities, which can lead to system compromise. Successful exploitation does not normally require any interaction. May open up communication ports, use polymorphic tactics, stealth installations, and/or anti-spy counter measures. May us a security flaw in the operating system to gain access to your computer.

Infected files detected

  • c:\program files\perfectnav\BHO\PerfectNav150c.dll

Infected folders detected

  • c:\program files\perfectnav
    c:\program files\perfectnav\bho

Infected registry keys/values detected

HKEY_CLASSES_ROOT\bho.perfectnavbho.1
HKEY_CLASSES_ROOT\interface\{8b8f6968-2f24-41e3-b653-e9613226f14d}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{8b8f6968-2f24-41e3-b653-e9613226f14d}\TypeLib {DE289BFA-737B-4ABB-A4EC-F8753551B875}
HKEY_CLASSES_ROOT\interface\{8b8f6968-2f24-41e3-b653-e9613226f14d}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\interface\{8b8f6968-2f24-41e3-b653-e9613226f14d} IIncrediFindBHO
HKEY_CLASSES_ROOT\typelib\{de289bfa-737b-4abb-a4ec-f8753551b875}
HKEY_CLASSES_ROOT\typelib\{de289bfa-737b-4abb-a4ec-f8753551b875}\1.0\0\win32 D:\Program Files\NetGuide\BHO\NetGuideBHO170.dll
HKEY_CLASSES_ROOT\typelib\{de289bfa-737b-4abb-a4ec-f8753551b875}\1.0\FLAGS 0
HKEY_CLASSES_ROOT\typelib\{de289bfa-737b-4abb-a4ec-f8753551b875}\1.0\HELPDIR D:\Program Files\NetGuide\BHO\
HKEY_CLASSES_ROOT\typelib\{de289bfa-737b-4abb-a4ec-f8753551b875}\1.0 BHO 1.0 Type Library
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BHO.PerfectNavBHO.1
HKEY_CLASSES_ROOT\bho.perfectnavbho.1\CLSID {00D6A7E7-4A97-456f-848A-3B75BF7554D7}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BHO.PerfectNavBHO.1\CLSID {00D6A7E7-4A97-456f-848A-3B75BF7554D7}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BHO.PerfectNavBHO.1 PerfectNavBHO Class
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BHO.PerfectNavBHO
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BHO.PerfectNavBHO\CLSID {00D6A7E7-4A97-456f-848A-3B75BF7554D7}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BHO.PerfectNavBHO\CurVer BHO.PerfectNavBHO.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BHO.PerfectNavBHO PerfectNavBHO Class
HKEY_CLASSES_ROOT\bho.perfectnavbho.1 PerfectNavBHO Class
HKEY_CLASSES_ROOT\bho.perfectnavbho
HKEY_CLASSES_ROOT\bho.perfectnavbho\CLSID {00D6A7E7-4A97-456f-848A-3B75BF7554D7}
HKEY_CLASSES_ROOT\bho.perfectnavbho\CurVer BHO.PerfectNavBHO.1
HKEY_CLASSES_ROOT\bho.perfectnavbho PerfectNavBHO Class
HKEY_CLASSES_ROOT\interface\{8b8f6968-2f24-41e3-b653-e9613226f14d}
HKEY_CLASSES_ROOT\interface\{8b8f6968-2f24-41e3-b653-e9613226f14d}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}

Updated On: 15.02.13

Leave your message, comment or feedback:
Your Name (shown) & Your E-mail (hidden) is used only to alert you when someone reply your message.