Groover is a software that usually installs without your knowledge with free software downloads. Identified the 08/23/2015.

Features:

– It belongs to a family of PUP (Potentially Unwanted Program).
– Vendor : PUP.Optional

Main actions :

– It is installed as a BHO (Browser Helper Object) of internet browser (O2),
– It installs as a process launched at startup of the system (RP),
– It settled in the Base of registers to be launched each time the system (O4).
– It installs as a service to be launched each time the system (O23),(SS/SR).
– It starts a task planned in automatic (O39),
– It installs as a program (O42),
– It creates to many registry keys ‘Software’
– It creates additional folders (O43),
– It moved to the Windows prefetcher folder (O45).
– It installs as a driver system (O58),
– It creates multiple files users (O61),

ZHPDiag report:

[MD5.803C2A31221A025D95070FA4B5236E6A] – (…) — C:\Program Files\groover180820151229\Suacraiv.exe [169472] [PID.1996] [MD5.A23ED37E81513A76446694018D3FBCDA] – (…) — C:\Program Files\groover180820151229\GuboaaVeulk.exe [171840] [PID.1384] [MD5.784514E06E2200BC1D7D73D04C379D0F] – (…) — C:\Program Files\groover180820151229\Elivit.exe [427520] [PID.2428] [MD5.65EA0DCC56296147F54C2250772D7C17] – (…) — C:\Program Files\groover180820151229\Voakawakpu.exe [2043712] [PID.3404] [MD5.DCC3C554432A3D11650F23607A6CC022] – (…) — C:\Program Files\groover180820151229\Peajtis.exe [279552] [PID.3376] [MD5.EEB7BAC898171620B62BC99D545710C4] – (…) — C:\Program Files\groover180820151229\csrcc.exe [1442816] [PID.3776] O2 – BHO: groover180820151229 Helper – {1280BB9C-D436-48FB-aD8C-7AFDDA2465C5} . (…) — C:\Program Files\groover180820151229\Joral.dll
O4 – HKLM\..\Run: [groover180820151229] . (…) — C:\Program Files\groover180820151229\Elivit.exe
O23 – Service: KoscuMehevi (KoscuMehevi) . (…) – C:\Program Files\groover180820151229\GuboaaVeulk.exe[MD5.B9C0FD1F2472F40B282613E2D1EA7CCD] [APT] [Caoprub] (…) — C:\Program Files\groover180820151229\Jefsyzu.bat [75] O42 – Logiciel: groover180820151229 2.0.0.473 – (.groover.) [HKLM] — {1280BB9C-D436-48FB-aD8C-7AFDDA2465C5}_is1
HKLM\SOFTWARE\groover180820151229
O43 – CFD: 2015/08/23 17:29:01 – [] D — C:\Program Files\groover180820151229
SR – Demand [2015/08/18 12:34:06] [ 279552] 158B113B-3D7D-42BB-8E38-C8BA91070C13 (158B113B-3D7D-42BB-8E38-C8BA91070C13) . (…) – C:\Program Files\groover180820151229\Peajtis.exe
SR – Demand [2015/08/18 12:34:30] [ 1442816] csrcc (csrcc) . (…) – C:\Program Files\groover180820151229\csrcc.exe
SR – Auto [2015/08/18 12:33:34] [ 169472] groover180820151229 Updater (groover180820151229 Updater) . (…) – C:\Program Files\groover180820151229\Suacraiv.exe
SR – Auto [2015/08/18 11:31:20] [ 171840] KoscuMehevi (KoscuMehevi) . (…) – C:\Program Files\groover180820151229\GuboaaVeulk.exe
SR – Demand [2015/08/18 11:31:18] [ 2043712] Voakawakpu (Voakawakpu) . (…) – C:\Program Files\groover180820151229\Voakawakpu.exe
C:\Program Files\groover180820151229
C:\Program Files\groover180820151229\Joral.dll

Alias:

PUP.Optional.Groover.A [ Malwarebytes Antimalware ] Adware.Shopper

Remove:

– Remove software in Windows Configuration Panel,
Remove with ZHPcleaner
ZHPCleaner_EN2
Diagnose with ZHPDiag
ZHPDiag_2-300x220

2016-12-30T07:34:23+00:00 Categories: Polluteware, PUP|Tags: , |Comments Off on PUP.Optional.Groover