CommonName Spyware Profile

CommonName is a spyware program with two main components.  It has a Browser Hijacker and a Toolbar function.  It was first discovered in 2003 and was created by CommonName Ltd.
The Browser Hijacker and the toolbar work together.  When you enter a search term in the t or in a normal search, it redirects your browser to one of its affiliate sites.  The toolbar also generates pop-ups based on keywords on the pages you’re viewing.
CommonName is a very difficult program to get rid of.  Its files are hidden, so it should not be removed manually.  Use ZookaWare PC Cleaner for a guaranteed successful removal.

Also Known As:
CommonName/Agent, CommonName/Toolbar, BabeIE, BabeIE2, CNMib

Associated Files:

Winnet.exe Comwiz.exe Cnbabe.dll Winik.sys, HKEY_LOCAL_MACHINE\SOFTWARE\Classes
\CLSID\{046D6EA4-15E3-4b27-8010-45BD78A9219E}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes
\CLSID\{5A5F9339-F6A5-4464-95E3-A00BCA6206E3}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes
\CLSID\{746CEE9E-7A1D-417f-9A35-804A0217268B}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface
\{3C7624D1-C414-4D1B-8FE9-52FA0558FB62}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface
\{C8FFABC6-B706-4278-9399-169DF9FBF37E}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib
\{127ACE33-7EA8-45F0-8B55-EFE8B8068BEF}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\INetKW.Browser
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\INetKW.Browser.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\INetKW.Handler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\INetKW.Handler.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\INetKW.Helper
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\INetKW.Helper.1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
\Browser Helper Objects\{046D6EA4-15E3-4b27-8010-45BD78A9219E}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\inetmgr
HKEY_LOCAL_MACHINE\SOFTWARE\Internet Keyword
HKEY_LOCAL_MACHINE\SOFTWARE\[RANDOM NAME]\User
HKEY_LOCAL_MACHINE\SOFTWARE\[RANDOM NAME]\App
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\[NAME SERVICE IS REGISTERED AS]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\[NAME SERVICE IS REGISTERED AS]
HKEY_USERS\S-1-5-21-1960408961-507921405-725345543-500\Software\Internet Keyword
HKEY_USERS\S-1-5-21-1960408961-507921405-725345543-500\Software\[RANDOM NAME]\User
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall

Note: The [RANDOM NAME] variable in this and subsequent files refers to different random names, not the same randomly chosen name every time.
Adds the values:

“DisplayName” = “Internet Keyword”
“UninstallString” = “C:\Program Files\Internet Keyword\unins.exe”

to the registry subkey:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Keyword
Creates some of the following files and folders:
C:\Program Files\CommonName
C:\Program Files\Internet Keyword
C:\Program Files\[RANDOM NAME]\babe.dat
C:\Program Files\[RANDOM NAME]\cnml.exe
C:\Program Files\[RANDOM NAME]\dfs.dat
C:\Program Files\[RANDOM NAME]\exit.dat
C:\Program Files\[RANDOM NAME]\[RANDOM NAME].dll
C:\Program Files\[RANDOM NAME]\[RANDOM NAME].exe
C:\Program Files\[RANDOM NAME]\[RANDOM NAME].exe
C:\Program Files\[RANDOM NAME]\[RANDOM NAME].exe
C:\Program Files\[RANDOM NAME]\obj.dat
C:\Program Files\[RANDOM NAME]\profile.dat
C:\Program Files\[RANDOM NAME]\url1.dat
C:\Program Files\[RANDOM NAME]\url2.dat
C:\Program Files\[RANDOM NAME]\url8.dat
C:\Program Files\[RANDOM NAME]\url9.dat
C:\Program Files\[RANDOM NAME]\urlx.dat
C:\Program Files\[RANDOM NAME]\WINIK.SYS
C:\Program Files\[RANDOM NAME]\[RANDOM NAME].dll
C:\Program Files\[RANDOM NAME]\[RANDOM NAME].exe
C:\WINDOWS\system32\[RANDOM NAME].ini
C:\WINDOWS\system32\[RANDOM NAME].ini
C:\WINDOWS\system32\[RANDOM NAME].ini
May drop the following file, which is a rookit component that hides processes, registry subkeys, and files associated with this risk:

%System%\drivers\winik.sys

Download Free Scan
Cyberlab runs on Windows Vista, 7, 8 and 10. It has no ads, popups or bundled software and fully uninstalls by clicking Start > All Programs > select Cyberlab and click Uninstall.

2 Responses

  1. John Flores says:
    May 13, 2010 at 6:14 am

    “CommonName” came out of nowhere… I tried to remove it with Spybot – Search & Destroy, Twister Anti-TrojanVirus, avast! Antivirus, Spyware Nuker XT but nothing worked. Finally I tried Spyzooka and it remove it forever. I appreciate your help.

  2. Samuel J says:
    November 28, 2011 at 12:29 pm

    I was just testing your anti-spyware program and I must say that I’m impressed. Thanks to this program I discovered that my computer is infected with CommonName.

Leave a Reply

Your email address will not be published.

Products

Company

Info

Contact

css.php