allentech.net

Home > Browser Parasites > Parasite Database > PowerStrip

About Us

Online Stores

TQ Support

Web Services

Database Help

Tech Links

Projects

Online Manual

Browser Parasites

Privacy Policy

Contact us

Send Page

Limited Time!
Totally FREE Web Design!
Click here!

Blue Host

Parasite: PowerStrip

This record last updated Tue Sep 20 2005 00:34:15

PLEASE NOTE: Due to the overwhelming extent of this problem and the unbelievable volume of email we have received, we regret that we cannot respond to questions about browser parasites at this time. If you have attempted to contact us about this parasite please accept our apology for not responding. "Thank you's" are always appreciated ;-)

Description

PowerStrip is an IE toolbar with a search field and link buttons controlled by Integrated Ventures (integrated-ventures.com), who also control the Hyperlinker parasite. When you use a targeted merchant site, PowerStrip silently sets the afffiliate ID, so as to steal commission fees from your web shopping.

Note: this is unconnected to the video output tweaking utility also called PowerStrip.

Variants

PowerStrip/PSSetup and PowerStrip/PSOCX are two different versions of the ActiveX installer control used to install the toolbar and commission hijacker.

Distribution

Installed by ActiveX drive-by downloads in pop-up advertisements, and as branded toolbars from coolgreeksoftware.com.

What it does

Advertising

No.

Privacy violation

No.

Security issues

Yes. Can download and install arbitrary unsigned code, as an update mechanism. Connects to its controlling server at verschk.com to ask for software and target list updates.

Stability problems

None known.

Removal

There is a ‘PowerStrip’ entry in Add/Remove Programs, but it requires an Internet conection and ActiveX to work, and only removes the toolbar itself, not the updates checker, commission hijacker or the installer control (which can be used on any web page to reinstall PowerString).

Manual removal

Open the registry (click ‘Start’, choose ‘Run’, enter ‘regedit’), and find the key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run. Delete the ‘LSvr’ and ‘LTDMgr’ entries on the right. Now find the key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run and delete the ‘PowerStrip’ entry.

Next, open a DOS command prompt window (from Start->Programs->Accessories) and enter the following commands:

cd "%WinDir%\System"
regsvr32 /u "\Program Files\PowerStrip\PowrStrp.dll"

Restart the computer and you should be able to delete the ‘PowerStrip’ folder in Program Files, and the ‘Presentia’ folder inside Common Files (in Program Files). You can also open the Downloaded Program Files folder (inside the Windows folder), right-click the ‘PowerStrip Setup’ (PSOCX variant) or ‘PSSetup Class’ (PSSetup variant) entry and choose ‘Remove’.

If you like, you can also delete the registry keys HKEY_CURRENT_USER\Software\PowerStrip and HKEY_CLASSES_ROOT\LSvr.Application to clean up.

* Parasite information and detection script by Andrew Clover - www.doxdesk.com, used with permission.

For more information about Scumware, Spyware and Parasites, their sources and their cure, visit our About Parasites page and related Tech Links.

Visit our new services portal at Allen One for a completely new parasite database format, comming November 2005!

webmaster@allentech.net
Tech Bench
Web Analytics by My-OLAP!

Top