Spy Sweeper with AntiVirus

The most award-winning anti-spyware software

Spy Sweeper with Antivirus

Get serious about removing spyware with Spy Sweeper - the award-winning anti-spyware software trusted by millions of home computer users.

Add to Cart Button

$29.95

Spyware & Virus Directory

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z 

Adware.Keenval

Updated: February 8, 2006 04:24:14 PM ZW3
Type: Security Risk Removal Tool, Adware
Name: Keenvalue.exe
Version: 1.6
Publisher: eUniverse.com
Risk Impact: High
File Names: %CommonProgramFiles%KeenValueIESliderWin32.dll %CommonProgramFiles%KeenValueKeenvalue.exe %CommonProgramFiles%KeenValueKeenValueInstall_with_track_120.exe %CommonProgramFiles%KeenValueKillkeenvalue.exe %CommonProgramFiles%KeenValueKv???.dat %CommonProgramFiles%KeenValueKvlhookwin.dll %CommonProgramFiles%KeenValueKwm.exe %CommonProgramFiles%KeenValueSendUninstallInfo.exe %CommonProgramFiles%KeenValueSetup_incredifind_ultimatesaver_with_track.exe %CommonProgramFiles%KeenValueTipb.exe %CommonProgramFiles%KeenValueUninstall.exe %CommonProgramFiles%KeenValue Setup_powersearch_ultimateSaver_with_track.exe %CommonProgramFiles%updaterdelupdat.exe %CommonProgramFiles%updaterwupdater.exe %CommonProgramFiles%updatersui.exe %CommonProgramFiles%updaterdata1.dat %CommonProgramFiles%updaterdata2.dat C:updaterInstall_112.exe %System%setup_incred_9.exe %System%somatic.dll %ProgramFiles%PerfectNavBHOPerfectNav150c.dll %ProgramFiles%MSBBkeen_value_installer.exe
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP

SUMMARY


Behavior

Adware.Keenval is an adware program that redirects the browser to portal sites, which may download more adware.
Note: Detections dated March 7th, 2005 or earlier may detect this adware as Adware.Keenval.B.

Symptoms

One or more files are detected as Adware.Keenval.

Transmission

Can be downloaded from a compromised Web site and must be manually installed.

Protection

  • Virus Definitions (LiveUpdate™ Weekly) September 24, 2003
  • Virus Definitions (Intelligent Updater) September 22, 2003

TECHNICAL DETAILS


When KeenValue.exe is executed, it performs the following actions:
  1. May create some of the following files and folders:

    • %CommonProgramFiles%KeenValueIESliderWin32.dll
    • %CommonProgramFiles%KeenValueKeenvalue.exe
    • %CommonProgramFiles%KeenValueKeenValueInstall_with_track_120.exe
    • %CommonProgramFiles%KeenValueKillkeenvalue.exe
    • %CommonProgramFiles%KeenValueKv???.dat
    • %CommonProgramFiles%KeenValueKvlhookwin.dll
    • %CommonProgramFiles%KeenValueKwm.exe
    • %CommonProgramFiles%KeenValueSendUninstallInfo.exe
    • %CommonProgramFiles%KeenValueSetup_incredifind_ultimatesaver_with_track.exe
    • %CommonProgramFiles%KeenValueTipb.exe
    • %CommonProgramFiles%KeenValueUninstall.exe
    • %CommonProgramFiles%KeenValueSetup_powersearch_ultimateSaver_with_track.exe
    • %CommonProgramFiles%updmgr
    • %CommonProgramFiles%KeenValue
    • %CommonProgramFiles%updaterdelupdat.exe
    • %CommonProgramFiles%updaterwupdater.exe
    • %CommonProgramFiles%updatersui.exe
    • %CommonProgramFiles%updaterdata1.dat
    • %CommonProgramFiles%updaterdata2.dat
    • C:updaterInstall_112.exe
    • %System%setup_incred_9.exe
    • %System%unins000.dat
    • %System%unins000.exe
    • %System%somatic.dll
    • %ProgramFiles%PerfectNavBHOPerfectNav150c.dll
    • %ProgramFiles%MSBBkeen_value_installer.exe
    • %ProgramFiles%MyFreeCursors
    • %ProgramFiles%Dynamic ToolbarSOMATIC
    • C:Documents and SettingsAll UsersStart MenuProgramsStartupKeenValue.lnk

      Note:
    • %CommonProgramFiles% is a variable that refers to the Common Files folder. By default, this is C:Program FilesCommon Files.
    • %System% is a variable that refers to the System folder. By default this is C:WindowsSystem (Windows 95/98/Me), C:WinntSystem32 (Windows NT/2000), or C:WindowsSystem32 (Windows XP).
    • %ProgramFiles% is a variable that refers to the program files folder. By default, this is C:Program Files.

  2. Adds the values:

    "KeenValue" = "%CommonProgramFiles%KeenValueKeenValue.exe"
    "updater" = "%CommonProgramFiles%updaterwupdater.exe"
    "updmgr" = "%CommonProgramFiles%updmgrvupdmgr.exe"

    to the registry subkey:

    HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun

    so that the adware is executed every time Windows starts.

  3. Adds the value:

    "{4E7BD74F-2B8D-469E-D1F7-EB6DB99AA97D}" = ""

    to the registry subkeys:

    HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar
    HKEYCURRENT_USERSoftwareMicrosoftInternet ExplorerToolbarWebBrowser

  4. Adds the value:

    "{00D6A7E7-4A97-456f-848A-3B75BF7554D7}" = ""

    to the registry subkey:

    HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerURLSearchHooks

  5. Creates the following registry subkeys:

    HKEY_LOCAL_MACHINESoftwareKeenValue
    HKEY_LOCAL_MACHINESoftwareeUniverse
    HKEY_LOCAL_MACHINESoftwareupdater
    HKEY_LOCAL_MACHINESoftware    IncrediFind
    HKEY_LOCAL_MACHINESoftware    PerfectNav
    HKEY_CURRENT_USERSoftware    Dynamic ToolbarSOMATIC
    HKEY_LOCAL_MACHINESoftwareClassesBHO.PerfectNavBHO
    HKEY_LOCAL_MACHINESoftwareClassesBHO.PerfectNavBHO.1
    HKEY_LOCAL_MACHINESoftwareClassesCLSID{4E7BD74F-2B8D-469E-D1F7-EB6DB99AA97D}
    HKEY_LOCAL_MACHINESoftwareClasses    CLSID{00D6A7E7-4A97-456f-848A-3B75BF7554D7}
    HKEY_LOCAL_MACHINESoftwareClassesInterface{8B8F6968-2F24-41E3-B653-E9613226F14D}
    HKEY_LOCAL_MACHINESoftwareClassesTypeLib{DE289BFA-737B-4ABB-A4EC-F8753551B875}
    HKEY_LOCAL_MACHINESoftwareClassesTypelib{53F066F0-A4C0-4F46-83EB-2DFD03F938CF}
    HKEY_LOCAL_MACHINESoftwareClassessomatic.SOMATIC
    HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionUninstallKeenValue
    HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionUninstallSearch-O-Matic Toolbar_is1
    HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{5D60FF48-95BE-4956-B4C6-6BB168A70310}
    HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{4E7BD74F-2B8D-469E-D1F7-EB6DB99AA97D}
    HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{00D6A7E7-4A97-456f-848A-3B75BF7554D7}



REMOVAL


Removal using the Adware.Keenval Removal Tool
Symantec Security Response has developed a removal tool for Adware.Keenval. Use this removal tool first, as it is the easiest way to remove this risk.

The tool can be found here:
http://securityresponse.symantec.com/avcenter/FxKeenVl.exe

The current version of the tool will have a digital signature timestamp equivalent to 12/03/2004 12:38PM

Note: The date and time displayed will be adjusted to your time zone, if your computer is not set to the Pacific time zone.

Manual Removal
The following instructions pertain to all Symantec antivirus products that support Security Risk detection.

Note: Removing this adware component from the system will likely cause the program that installed it to not function as intended. The uninstaller generally identifies the programs that will not work after uninstallation.
  1. Update the definitions.
  2. Restart the computer in Safe mode.
  3. Uninstall KeenValue using the Add/Remove Programs utility.
  4. Run a full system scan and delete all the files detected as Adware.Keenval.
  5. Delete the value that was added to the registry.
  6. Delete files used by this Adware

For specific details on each of these steps, read the following instructions.

1. Updating the definitions
To obtain the most recent definitions, start your Symantec program and run LiveUpdate.


2. Restarting the computer in Safe mode
Shut down the computer and turn off the power. Wait for at least 30 seconds, and then restart the computer in Safe mode. For instructions, read the document, "How to start the computer in Safe Mode."

3. Uninstalling the Adware
  1. Do one of the following:
    • On the Windows 98 taskbar:
      1. Click Start > Settings > Control Panel.
      2. In the Control Panel window, double-click Add/Remove Programs.

    • On the Windows Me taskbar:
      1. Click Start > Settings > Control Panel.
      2. In the Control Panel window, double-click Add/Remove Programs.
        If you do not see the Add/Remove Programs icon, click "...view all Control Panel options."

    • On the Windows 2000 taskbar:
      By default, Windows 2000 is set up the same as Windows 98. In that case, follow the instructions for Windows 98. Otherwise, click Start, point to Settings, point to Control Panel, and then click Add/Remove Programs.

    • On the Windows XP taskbar:
      1. Click Start > Control Panel.
      2. In the Control Panel window, double-click Add or Remove Programs.

  2. Click KeenValue.

    Note: You may need to use the scroll bar to view the whole list.
  3. Click Add/Remove, Change/Remove, or Remove (this varies with the operating system). Follow the prompts.


4. Scanning for and deleting the files
  1. Start your Symantec antivirus program and run a full system scan.
  2. If any files are detected as Adware.Keenval, click Delete.
    Notes:
  • If your Symantec antivirus product reports that it cannot delete a detected file, write down the path and file name. Then use Windows Explorer to locate and delete the file.
  • If you ran the Add/Remove programs applet as described in the previous section, it is possible that all files were removed and therefore none will be detected.

5. Deleting the value from the registry
WARNING: Symantec strongly recommends that you back up the registry before making any changes to it. Incorrect changes to the registry can result in permanent data loss or corrupted files. Modify the specified keys only. Read the document, "How to make a backup of the Windows registry," for instructions.

Note: This is done to make sure all the keys are removed. They may not be there if the uninstaller removed them.
  1. Click Start > Run
  2. Type regedit

    Then click OK

  3. Navigate to and delete the following subkeys:

    HKEY_LOCAL_MACHINESoftwareKeenValue
    HKEY_LOCAL_MACHINESoftwareeUniverse
    HKEY_LOCAL_MACHINESoftwareupdater
    HKEY_LOCAL_MACHINESoftwareIncrediFind
    HKEY_LOCAL_MACHINESoftwarePerfectNav
    HKEYCURRENT_USERSoftwareDynamic ToolbarSOMATIC
    HKEY_LOCAL_MACHINESoftwareClassesBHO.PerfectNavBHO
    HKEY_LOCAL_MACHINESoftwareClassesBHO.PerfectNavBHO.1
    HKEY_LOCAL_MACHINESoftwareClassesCLSID{4E7BD74F-2B8D-469E-D1F7-EB6DB99AA97D}
    HKEY_LOCAL_MACHINESoftwareClassesInterface{8B8F6968-2F24-41E3-B653-E9613226F14D}
    HKEY_LOCAL_MACHINESoftwareClassesTypeLib{DE289BFA-737B-4ABB-A4EC-F8753551B875}
    HKEY_LOCAL_MACHINESoftwareClassesTypelib{53F066F0-A4C0-4F46-83EB-2DFD03F938CF}
    HKEY_LOCAL_MACHINESoftwareClassessomatic.SOMATIC
    HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionUninstallKeenValue
    HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionUninstallSearch-O-Matic Toolbar_is1
    HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{5D60FF48-95BE-4956-B4C6-6BB168A70310}
    HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{4E7BD74F-2B8D-469E-D1F7-EB6DB99AA97D}
    HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{00D6A7E7-4A97-456f-848A-3B75BF7554D7}

  4. Navigate to the subkey:

    HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun
  5. In the right pane, delete the values:

    "KeenValue" = "%CommonProgramFiles%KeenValueKeenValue.exe"
    "updater" = "%CommonProgramFiles%updaterwupdater.exe"
    "updmgr"     = "%CommonProgramFiles%updmgrvupdmgr.exe"
  6. Navigate to the subkeys:

    HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar
    HKEYCURRENT_USERSoftwareMicrosoftInternet ExplorerToolbarWebBrowser
  7. In the right pane, delete the value if it exists:

    "{4E7BD74F-2B8D-469E-D1F7-EB6DB99AA97D}" = ""
  8. Navigate to the subkey:

    HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerURLSearchHooks
  9. In the right pane, delete the value:

    "{00D6A7E7-4A97-456f-848A-3B75BF7554D7}" = ""
  10. Exit the Registry Editor.

6. Deleting files used by the adware
  1. Open Windows Explorer
  2. Navigate to and delete the folowing files and folders
    • %CommonProgramFiles%KeenValue
    • %CommonProgramFiles%updater
    • %CommonProgramFiles%updmgr
    • %ProgramFiles%MyFreeCursors
    • %ProgramFiles%PerfectNavBHO
    • %ProgramFiles%Dynamic ToolbarSOMATIC
    • C:Documents and SettingsAll UsersStart MenuProgramsStartupKeenValue.lnk
    • %System%unins000.dat
    • %System%unins000.exe
  3. Exit Windows Explorer



Spy Sweeper 5.2 stops spyware in its tracks while offering home computer users the ability to configure the program to suit their specific needs, such as:

Choose a Quick, Full or Custom Sweep: With Spy Sweeper 5.2, you can easily choose to perform a quick, full or customized sweep. If you're looking for an immediate diagnosis, choose a quick sweep. For a pinpointed search, customize your sweep to have Spy Sweeper skip files by folder or file extension. For a deep cleaning, opt for a full sweep.

Exclude Files from a Sweep: Spy Sweeper allows you to save time during a sweep by skipping specific files or different sections of your PC. You can select specific file extension, such as .xls or .mpg to exclude.

Additional Highlights

As soon as it's installed, Spy Sweeper gives 360 degrees of protection against spyware, including:

Simple Sweeps: Detecting spyware and removing unwanted programs found on your computer in three effortless steps

Easy Management: Quickly and simply configure program, sweep and upgrade options

Fast Home: Use the home screen to access the most commonly used functions of Spy Sweeper

Shields Summary: A redesigned shields summary page makes it simple to see at a glance which shields are on or off

Action Alerts: Receive clear, easy-to-understand notifications when new spyware threats are detected

"Spy Sweeper remains a favorite for protection from spyware."



"This program's dominance is apparent as soon as you install it."