Adware.Cinmus is an adware program that uses a Browser Helper Object which produces pop-up advertisements at random intervals. Some of the characteristics of this infection:
- Creates the file acpidisk.sys in %Temp%
- Creates the file pnpmem.sys in %System%\drivers
- Creates the file dosss11.dll in %Temp%
The file sizes have been between 156K and 235K bytes in size. The files above have been known to do any of the following:
- Deleted as a process from disk
- Created as a new Background Service on the machine
- Created as a process on disk
- Executed as a Process
- Copied to multiple locations on the system
- Loaded and Executed as a System Driver File
This infection also creates multiple registry keys under HKEY LOCAL MACHINE:
HKEY_LOCAL_MACHINE\…IDSCNP
HKEY_LOCAL_MACHINE\…LEGACY_PNPMEM
HKEY_LOCAL_MACHINE\…LEGACY_PNPMEM000
HKEY_LOCAL_MACHINE\…LEGACY_PNPMEM000\Control
HKEY_LOCAL_MACHINE\…pnpmem
HKEY_LOCAL_MACHINE\…pnpmem\Security
HKEY_LOCAL_MACHINE\…pnpmem\Enum
HKEY_LOCAL_MACHINE\…LEGACY_PNPMEM
HKEY_LOCAL_MACHINE\…LEGACY_PNPMEM000
HKEY_LOCAL_MACHINE\…LEGACY_PNPMEM000\Control
HKEY_LOCAL_MACHINE\…pnpmem
To find these keys you will have to do a search using the edit->find menu item in the registry editor.
Since Adware Cinmus is a Browser Helper Object known to PC Tools, the spyware doctor download has the facility to remove this infection.
Here is more information on Spyware Doctor and the various offerings available beyond the antispyware download.
A word about adware…
When we think about adware, it is any program or software that automatically executes, downloads or displays advertisements on the infected computer. Adware can host adware. In other words, one adware program can be the host to install other adware programs on your computer. This adware is said to have “more adware” as its payload. Since Adware Cinmus is a Browser Helper Object, it starts its execution in your browser and expands from there.