Checkin

· Overview ·
· Origins ·
· Operation ·
· Detection and Removal ·
· Research ·

Overview
Summary:	Adware/downloader that downloads and activates executable files on users' computers. It also replaces the HOSTS file.
Alias:	TrojanDownloader.Win32.Checkin, TrojanDownloader.Win32.Checkin.b, TrojanDropper.Win32.Checkin
Category:	Adware: Software that displays popup/popunder ads when the primary user interface is not visible or which do not appear to be assocaited with the product. Downloader: A program designed to retrieve and install additional files, when run. Most will be configured to retrieve from a designated web or FTP site.
Variants:	Checkin.A Checkin.B
Similar Pests:	Adware · Downloader
Origins
Group:	OnWeb Media Advertising
By This Group:	Checkin.A ·
URL:	Checkin.A connects to tp.searchseekfind.com website and sends unique user's ID, connection type and its version there.
Date of Origin:	April, 2005
Operation
Detection and Removal
Automatic Removal:	PestPatrol detects this. PestPatrol removes this.
Manual Removal:	Follow these steps to remove Checkin from your machine. Begin by backing up your registry and your system, and/or setting a Restore Point, to prevent trouble if you make a mistake.
	Stop Running Processes: Kill these running processes with Task Manager: systemroot+\system\owmngr.exe systemroot+\system\ttps.exe systemroot+\system32\owmngr.exe systemroot+\system32\ttps.exe
	Remove AutoRun Reference: Go To the key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run. If you find the value HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\owmngr, delete it and reboot the machine immediately. If you find the value HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\sysreg, delete it and reboot the machine immediately. If you find the value HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce\owmngr, delete it and reboot the machine immediately. If you find the value HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce\sysreg, delete it and reboot the machine immediately.
	Clean Registry: Remove these registry items (if present) with RegEdit: HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\owmngr HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\sysreg HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce\owmngr HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce\sysreg
	Remove Files: Remove these files (if present) with Windows Explorer: systemroot+\system\owmngr.exe systemroot+\system\ttps.exe systemroot+\system32\owmngr.exe systemroot+\system32\ttps.exe
Research
More Info:	AllTheWeb, AltaVista, AOL Search, Ask Jeeves, Google, HotBot, Lycos, LookSmart, MSN, Yahoo!
Research By:	PestPatrol's Pest Research Center
Last Revised:	April 15, 2005

Checkin

· Overview · · Origins · · Operation · · Detection and Removal · · Research ·

Overview

Summary:

Alias:

Category:

Variants:

Similar Pests:

Origins

Group:

By This Group:

URL:

Date of Origin:

Operation

Detection and Removal

Automatic Removal:

Manual Removal:

Research

More Info:

Research By:

Last Revised:

· Overview ·
· Origins ·
· Operation ·
· Detection and Removal ·
· Research ·