Jump to content

Removal instructions for iLotto

Metallica
 Share

Recommended Posts

  • Staff
Metallica

Metallica

Posted
  • Staff
Posted
What is iLotto?

The Malwarebytes research team has determined that iLotto is adware. These adware applications display advertisements not originating from the sites you are browsing.

How do I know if my computer is affected by iLotto?

You may see this entry in your list of installed programs:

warning4.png

and these warnings during install:

main.png

warning1.png

warning2.png

and this icon on your desktop:

icons.png

How did iLotto get on my computer?

Adware applications use different methods for distributing themselves. This particular one is offered as a gambling utility.

How do I remove iLotto?

Our program Malwarebytes Anti-Malware can detect and remove this potentially unwanted program.
  • Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mbam-setup-version.exe and follow the prompts to install the program.
  • At the end, be sure a check-mark is placed next to the following:
    • Enable free trial of Malwarebytes Anti-Malware Premium
    • Launch Malwarebytes Anti-Malware
  • Then click Finish.
  • If an update is found, you will be prompted to download and install the latest version.
  • Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.
  • When the scan is complete , make sure that everything is set to "Quarantine", and click Apply Actions.
  • Reboot your computer if prompted.
Is there anything else I need to do to get rid of iLotto?
  • The shortcut called insert name on the desktop can be deleted if it belonged to the adware.
How would the full version of Malwarebytes Anti-Malware help protect me?

We hope our application and this guide have helped you eradicate this adware application.

As you can see below the full version of Malwarebytes Anti-Malware would have protected you against the iLotto adware. It would have warned you before the application could install itself, giving you a chance to stop it before it became too late.


 

protection1.png


Technical details for experts

You may see these signs in FRST logs:
  
 C:\Users\{username}\Desktop\iLotto.lnk
 C:\Users\{username}\AppData\Roaming\Microsoft\Windows\Start Menu\iLotto
 C:\ProgramData\iLotto

iLotto (HKLM-x32\...\iLotto) (Version: 3.0.90 - Cordial Data Systems)
Alterations made by the installer: 
File system details [View: All details] (Selection)
---------------------------------------------------
    Adds the folder C:\ProgramData\iLotto
       Adds the file iLotto.ico"="3/10/2016 8:33 AM, 85182 bytes, A
       Adds the file uninstall.exe"="3/10/2016 8:33 AM, 630824 bytes, A
       Adds the file uninstall.exe.config"="3/10/2016 8:33 AM, 168 bytes, A
    Adds the folder C:\Users\{username}\AppData\Roaming\Microsoft\Windows\Start Menu\iLotto
       Adds the file iLotto.lnk"="3/10/2016 8:33 AM, 1401 bytes, A
    In the existing folder C:\Users\{username}\Desktop
       Adds the file iLotto.lnk"="3/10/2016 8:33 AM, 1313 bytes, A

Registry details [View: All details] (Selection)
------------------------------------------------
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}]
       "id"="REG_SZ", "5788faaac4f042329967eddbc02ac2f7"
       "p"="REG_SZ", "265509"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{280767e2-a2cb-54bd-5177-79f07028bed2}]
       "id"="REG_SZ", "5788faaac4f042329967eddbc02ac2f7"
       "ip"="REG_SZ", "265509"
       "p"="REG_SZ", "265509"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}]
       "id"="REG_SZ", "5788faaac4f042329967eddbc02ac2f7"
       "p"="REG_SZ", "265509"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{280767e2-a2cb-54bd-5177-79f07028bed2}]
       "id"="REG_SZ", "5788faaac4f042329967eddbc02ac2f7"
       "ip"="REG_SZ", "265509"
       "p"="REG_SZ", "265509"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\iLotto]
       "DisplayIcon"="REG_SZ", "C:\ProgramData\iLotto\iLotto.ico"
       "DisplayName"="REG_SZ", "iLotto"
       "DisplayVersion"="REG_SZ", "3.0.90"
       "EstimatedSize"="REG_DWORD", 5000
       "HelpLink"="REG_SZ", "http://www.ilotto.com/"
       "InstallDate"="REG_SZ", "3/10/2016"
       "Publisher"="REG_SZ", "Cordial Data Systems"
       "UninstallString"="REG_SZ", ""C:\ProgramData\iLotto\uninstall.exe""
Malwarebytes Anti-Malware log: 
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 3/10/2016
Scan Time: 8:40 AM
Logfile: mbamILotto.txt
Administrator: Yes

Version: 2.2.0.1024
Malware Database: v2016.03.10.01
Rootkit Database: v2016.02.27.01
License: Premium
Malware Protection: Disabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: {username}

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 369394
Time Elapsed: 5 min, 7 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 5
PUP.Optional.WebSteroids, HKLM\SOFTWARE\CLASSES\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}, Quarantined, [e8318cfa445543f3a637e4d84cb61ee2], 
PUP.Optional.WebSteroids, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}, Quarantined, [e8318cfa445543f3a637e4d84cb61ee2], 
PUP.Optional.WebSteroids, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}, Quarantined, [e8318cfa445543f3a637e4d84cb61ee2], 
Adware.PullUpdate, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\iLotto, Quarantined, [9a7f21657821f73f5d002ecf03fe54ac], 
PUP.Optional.PullUpdate, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\iLotto, Quarantined, [37e287ffecad5fd723223ad49f64bd43], 

Registry Values: 1
PUP.Optional.PullUpdate, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\ILOTTO|Publisher, Cordial Data Systems, Quarantined, [d841dda969304fe7bb8c8d815ea5e31d]

Registry Data: 0
(No malicious items detected)

Folders: 1
PUP.Optional.PullUpdate, C:\ProgramData\iLotto, Quarantined, [37e287ffecad5fd723223ad49f64bd43], 

Files: 5
Adware.PullUpdate, C:\ProgramData\iLotto\uninstall.exe, Quarantined, [9a7f21657821f73f5d002ecf03fe54ac], 
PUP.Optional.PullUpdate, C:\Users\{username}\Desktop\ILotto.exe, Quarantined, [4acf9fe7eeab9d99221216ee16ec42be], 
PUP.Optional.PullUpdate, C:\ProgramData\iLotto\uninstall.exe.config, Quarantined, [37e287ffecad5fd723223ad49f64bd43], 
PUP.Optional.PullUpdate, C:\ProgramData\iLotto\iLotto.ico, Quarantined, [37e287ffecad5fd723223ad49f64bd43], 
PUP.Optional.PullUpdate, C:\ProgramData\iLotto\uninstall.exe, Quarantined, [37e287ffecad5fd723223ad49f64bd43], 

Physical Sectors: 0
(No malicious items detected)


(end)
As mentioned before the full version of Malwarebytes Anti-Malware could have protected your computer against this threat.
We use different ways of protecting your computer(s):
  • Dynamically Blocks Malware Sites & Servers
  • Malware Execution Prevention
Save yourself the hassle and get protected.
Link to post
Share on other sites
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.