Filetonic Filetonic logo print version

To find an exe file, dll file or file extension visit the library »

 

How to Remove Clientman

Is your computer an Open Invitation for HACKERS? Download free version of Sparktrust Inspector to identify vulnerabilities and problems on your computer (and even your WEBSITES)!

What is Clientman and Clientman Removal?

ClientMan, a form of spyware sponsored by Odysseus Marketing, Inc., places your computer at a high risk for personal security.  It is a Browser Helper Object, or BHO, that has the functionality of adware coupled with the capability of a Backdoor Trojan.

ClientMan captures, stores, and sends confidential information including IP address, browser identification, and user logins to a remote server.  It usurps the Internet bandwidth on the infected computer, possibly creating sluggishness in its processing.

ClientMan has the ability to generate pop up advertisements based upon the user's Internet activity.  Additionally, it can redirect your Web searches and add links to Web pages for advertising purposes.

ClientMan infects computers with the following operating systems: Windows 95, Windows 98, Windows NT, Windows 2000, Windows XP, Windows Me, and Windows Server 2003.

It is best to remove ClientMan as soon as you discover it has infected your machine.  ClientMan can be removed with a current anti-spyware program.  Additionally, manual removal of ClientMan can be accomplished.  The registry editor will be used in a manual removal of this application.  Therefore, it is important to back up your computer files before attempting removal.  Using the registry editor may result in accidental deletion of important files.

The ClientMan registry values, registry keys, DLL files, processes, and files need to be completely removed from the infected computer.  To delete each file, process, and key manually, complete the following set of directions. 

  • Click Start.
  • Click Run.
  • Type 'regedit'.
  • Click ok to open the registry editor, referred to as regedit.
  • Click my computer at the top of the box.
  • Click edit.
  • Click find.
  • Type in the one of the keys or files in the following lists, and click find or find next.  Begin with the ones that do not start with HKEY, since these are more easily discovered and deleted.  Make sure that the box is checked in front of keys, values, and data, so that the regedit looks in the correct places.  Regedit should locate a key for you.  Right click on the key and delete it by clicking delete in the menu that appeared or on the keyboard.
  • You will do this one file at a time.  After you delete each one that you locate, hit the F3 key on your keyboard to reopen the find next box.  Continue the process and delete additional bad registry files.
  • Once regedit indicates that the search is finished, you should click on my computer in the regedit and redo the search to guarantee that you have deleted all possible bad files from this program.

ClientMan files:

addata.lst
app.dat
ause3.exe
ause3-decoded.exe
blank.gif
cachelut.dat
clickthru.log
client.cfg
cmupd.exe
elitejho32.exe
firstrun.log
fixtitle.exe
getall.php
getbuys.exe
infoctl.exe
ipend.log
msawindows.exe
msckin.dat
msckin.exe
mscman.dat
mscman.exe
msdioo.exe
msdm.exe
msgdmf.exe
msmm.exe
msnkmi.dll
msobfl.dll
msurlcli1.exe
msvc32.exe
mungedpage.html
popup.log
searchhijack.html
setup_jalapeno.exe
svc.exe 
uinfo4.exe
uinfo4-decoded.exe
uinfo5.exe
uinfo7.exe
uinfo7-decoded.exe
uninstall.uni
unpacked-svc.exe 
whois-om.html
words.lst

Detecting and deleting the ClientMan files or keys that begin with HKEY involve a more involved set of steps.  Use the following steps to manually delete the ClientMan values that start with HKEY.

  • Click Start.
  • Click Run.
  • Type 'regedit'.
  • Click ok to open the registry editor, referred to as regedit.
  • Click my computer at the top of the box.
  • Follow the path given in each value, clicking each folder open to locate the next item in the path until you have reached the last item.  Once you have gotten to the last item, you can delete it.  Each slash indicates a new folder.

ClientMan registry values:

HKEY_CLASSES_ROOT\AppID\urlcli.DLL

Is your computer an Open Invitation for HACKERS? Download free version of Sparktrust Inspector to identify vulnerabilities and problems on your computer (and even your WEBSITES)!

HKEY_CLASSES_ROOT\appid\{026e4b83-1bf7-41cb-8233-4af35341bc69}
HKEY_CLASSES_ROOT\clsid\{00a0a40c-f432-4c59-ba11-b25d142c7ab7}
HKEY_CLASSES_ROOT\clsid\{0982868c-47f0-4efb-a664-c7b0b1015808}
HKEY_CLASSES_ROOT\clsid\{0ba1c6eb-d062-4e37-9db5-b07743276324}
HKEY_CLASSES_ROOT\clsid\{166348f1-2c41-4c9f-86bb-eb2b8ade030c}
HKEY_CLASSES_ROOT\clsid\{25f7fa20-3fc3-11d7-b487-00d05990014c}
HKEY_CLASSES_ROOT\clsid\{447160cd-ecf5-4ea2-8a8a-1f70ca363f85}
HKEY_CLASSES_ROOT\clsid\{5ed50735-b0d9-47c6-9774-02dd8e6fe053}
HKEY_CLASSES_ROOT\clsid\{94927a13-4aaa-476a-989d-392456427688}
HKEY_CLASSES_ROOT\clsid\{96be1d9a-9e54-4344-a27a-37c088d64fb4}
HKEY_CLASSES_ROOT\clsid\{a097840a-61f8-4b89-8693-f68f641cc838}
HKEY_CLASSES_ROOT\clsid\{ba77911b-a393-4a2e-b5b5-5b8ed17d7b43}
HKEY_CLASSES_ROOT\clsid\{cc916b4b-be44-4026-a19d-8c74bbd23361}
HKEY_CLASSES_ROOT\clsid\{f76fda04-87fa-4717-91f6-4bb5be9fd2bb}
HKEY_CLASSES_ROOT\clsid\{fcaddc14-bd46-408a-9842-cdbe1c6d37eb}

HKEY_CLASSES_ROOT\Disable.DisableObj
HKEY_CLASSES_ROOT\Disable.DisableObj.1
HKEY_CLASSES_ROOT\dnsrep.dnsrepobj
HKEY_CLASSES_ROOT\dnsrep.dnsrepobj.1
HKEY_CLASSES_ROOT\interface\{a7370377-e217-4467-8448-9845270cd4a3}

HKEY_CLASSES_ROOT\Interface\{570F481A-1C3B-4DF6-9DBE-FAE17DD008F9}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{00a0a40c-f432-4c59-ba11-b25d142c7ab7}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{0982868c-47f0-4efb-a664-c7b0b1015808}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{0ba1c6eb-d062-4e37-9db5-b07743276324}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{166348f1-2c41-4c9f-86bb-eb2b8ade030c}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{25f7fa20-3fc3-11d7-b487-00d05990014c}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{447160cd-ecf5-4ea2-8a8a-1f70ca363f85}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{5ed50735-b0d9-47c6-9774-02dd8e6fe053}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{94927a13-4aaa-476a-989d-392456427688}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{96be1d9a-9e54-4344-a27a-37c088d64fb4}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{a097840a-61f8-4b89-8693-f68f641cc838}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{ba77911b-a393-4a2e-b5b5-5b8ed17d7b43}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{cc916b4b-be44-4026-a19d-8c74bbd23361}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{fcaddc14-bd46-408a-9842-cdbe1c6d37eb}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5ED50735-B0D9-47C6-9774-02DD8E6FE053}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{94927A13-4AAA-476A-989D-392456427688
HKEY_CLASSES_ROOT\typelib\{a1a986e7-7674-4d8b-8081-e422fdb8480b}

HKEY_CLASSES_ROOT\TypeLib\{75FC904C-6E6B-4E9D-9FD3-7A447962DA9B}
HKEY_CLASSES_ROOT\TypeLib\{026E4B83-1BF7-41CB-8233-4AF35341BC69}
HKEY_CLASSES_ROOT\urlcli.urlcliobj
HKEY_CLASSES_ROOT\urlcli.urlcliobj.1
HKEY_CURRENT_USER\software\climan
HKEY_CURRENT_USER\software\ipend
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run clientman
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run msmc
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run clientman1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run clientman1
HKEY_LOCAL_MACHINE\software\classes\clsid\{00a0a40c-f432-4c59-ba11-b25d142c7ab7}
HKEY_LOCAL_MACHINE\software\classes\clsid\{0982868c-47f0-4efb-a664-c7b0b1015808}
HKEY_LOCAL_MACHINE\software\classes\clsid\{0ba1c6eb-d062-4e37-9db5-b07743276324}
HKEY_LOCAL_MACHINE\software\classes\clsid\{166348f1-2c41-4c9f-86bb-eb2b8ade030c}
HKEY_LOCAL_MACHINE\software\classes\clsid\{25f7fa20-3fc3-11d7-b487-00d05990014c}
HKEY_LOCAL_MACHINE\software\classes\clsid\{447160cd-ecf5-4ea2-8a8a-1f70ca363f85}
HKEY_LOCAL_MACHINE\software\classes\clsid\{5ed50735-b0d9-47c6-9774-02dd8e6fe053}
HKEY_LOCAL_MACHINE\software\classes\clsid\{94927a13-4aaa-476a-989d-392456427688}
HKEY_LOCAL_MACHINE\software\classes\clsid\{96be1d9a-9e54-4344-a27a-37c088d64fb4}
HKEY_LOCAL_MACHINE\software\classes\clsid\{a097840a-61f8-4b89-8693-f68f641cc838}
HKEY_LOCAL_MACHINE\software\classes\clsid\{ba77911b-a393-4a2e-b5b5-5b8ed17d7b43}
HKEY_LOCAL_MACHINE\software\classes\clsid\{cc916b4b-be44-4026-a19d-8c74bbd23361}
HKEY_LOCAL_MACHINE\software\classes\clsid\{fcaddc14-bd46-408a-9842-cdbe1c6d37eb}

HKEY_USERS\Software\Microsoft\Windows\CurrentVersion\Ext\Stats
\{0982868C-47F0-4EFB-A664-C7B0B1015808}

Use the uppermost set of directions to find and delete these ClientMan DLL files:

2in1fd04f73f.dll
browserhelper.dll
browserhelper2db3ad7a.dll
browserhelper-decoded.dll
browserhelpere90a5c6.dll
disable.dll
disable1.dll
dnsrep13f4a6e5.dll
dnsrepa9c22ca5.dll
gstylebhob76a4c84.dll
iestcrmfrood.dll
metahelp60741389.dll
mscdka.dll
msdaim.dll
msdpdm.dll
mseclk.dll
msedah.dll
mseffm.dll
mselhm.dll
msfaol.dll
msibkd.dll
msjfbl.dll
mskceo.dll
mskhhe.dll
mskpkc.dll
msnkmi.dll
msobfl.dll
msvrfy804449fd.dll
newads.dll
searchrep6706569a.dll
searchrep8181a0e2.dll
tagger.dll
taggerbhoe884facd.dll
trackurl5f9d991e.dll
trackurl79ad003c.dll
trackurl7f663945.dll
trackurl7f663945-decoded.dll
trackurld66084b4.dll
unpacked-browserhelper.dll
urlcli25e74486.dll
urlcli67806664.dll
urlclia30956de.dll

To manually detect and delete the ClientMan processes, complete the following set of instructions:

  • Click Start.
  • Click Search.
  • Click for files or folders.
  • Type in the name of the file, one at a time, from the following list of ClientMan processes.
  • Click search.
  • Delete the found files.

ClientMan processes:

ause3.exe
ause3-decoded.exe
cmupd.exe
elitejho32.exe
fixtitle.exe
getbuys.exe
infoctl.exe
msawindows.exe
msckin.exe
mscman.exe
msdioo.exe
msdm.exe
msgdmf.exe
msmm.exe
msurlcli1.exe
msvc32.exe
setup_jalapeno.exe
svc.exe
uinfo4.exe
uinfo4-decoded.exe
uinfo5.exe
uinfo7.exe
uinfo7-decoded.exe
unpacked-svc.exe

Related posts

Is your computer an Open Invitation for HACKERS? Download free version of Sparktrust Inspector to identify vulnerabilities and problems on your computer (and even your WEBSITES)!

constant-content.com | November 20th, 2009
Tags: , , ,
Categories: Spyware

You can leave a comment, or trackback from your own site.

Leave a Reply

  •  

Looking for Answers?

  • Frequently Asked Questions
  • Tutorials
  • Professional advice

Visit our Resources area »

Categories

Latest RSS



Popular File Extensions

File Extension unknown
File Extension wp
File Extension mime
File Extension dll
File Extension wps
File Extension doc
File Extension pdf
File Extension bin
File Extension wpd
File Extension xls
File Extension pps
File Extension dmg
File Extension 3g2
File Extension metadata
File Extension dat
File Extension flv
File Extension db
File Extension tv
File Extension rar
File Extension ppt





About Us | Disclaimer | Privacy Policy | File Extensions | Dll Files | Exe Files
Copyright © 2007-2010 Filetonic.com