Support Forum Articles File Help Startup DB Tips Service DB Hijack This! Analyzer

 

Gain / Gator / Claria Removal

Overview: By far the widest spread form of adware. Claria is known by a number of names such as GAIN and Gator. Claria is the latest name change for a company that is very widely hated (all adware, spyware and malware companies are hated). Tons of "Free programs" install some variant of this ad serving software on your system to make that developer money. This approach to offering free software is NOT something that I currently or ever will approve of.

Class: Adware

Removal Instructions:

This ones really a pain to remove manually so I highly suggest either using ad aware or spybot search and destroy for this one.

Destroy Autorun:
Delete this key and then reboot
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\cmesys

Also make sure you click start --> Run and type in msconfig. Then select the startup tab. Any references to:
gmt.exe
fsg_4104.exe
cmesys.exe
gatorstubsetup.exe

End these Processes:
gator.exe
guninstaller.exe
fsg_4104.exe
gmt.exe
cmesys.exe
gatorstubsetup.exe
NOTE: you may have to replace C: with whatever drive letter your OS is on.

Unregister These DLLs:
Tip: this is only a list of known files/locations. You will want to do a search by the name of the file to see if they're on your system.
A while back I wrote a guide to Register/remove DLL or AX files which you will need if you don't know how to unregister these files.

c:\program files\common files\cmeii\cmeiiapi.dll
c:\program files\common files\cmeii\gappmgr.dll
c:\program files\common files\cmeii\gcontroller.dll
c:\program files\common files\cmeii\gdwldeng.dll
c:\program files\common files\cmeii\gmtproxy.dll
c:\program files\common files\cmeii\gobjs.dll
c:\program files\common files\cmeii\gstore.dll
c:\program files\common files\cmeii\gstoreserver.dll
c:\program files\common files\cmeii\gtools.dll
c:\program files\common files\gmt\eggcengine.dll
c:\program files\common files\gmt\egieengine.dll
c:\program files\common files\gmt\egnsengine.dll
c:\program files\common files\gmt\gatorres.dll
giocl.dll
gioclclient.dll

Common Registry items to remove:

Under HKEY_CLASSES_ROOT\
clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c}
getandrun.dfrun
getandrun.dfrun.1
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\menuorder\start menu\programs\gain
Under HKEY_LOCAL_MACHINE\software\
classes\getandrun.dfrun
classes\getandrun.dfrun.1
gator.com
gatortest
Under HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\
moduleusage\c:/windows/downloaded program files/conflict.1/hdplugin1014.dll
moduleusage\c:/windows/downloaded program files/hdplugin1014.dll
run\cmesys
shareddlls\c:\windows\downloaded program files\conflict.1\hdplugin1014.dll
shareddlls\systemroot+\downloaded program files\hdplugin1014.dll
stashedgef
stashedgmg
uninstall\date manager
uninstall\precisiontime
HKEY_USERS\.default\software\microsoft\systemcertificates\trustedpublisher\crls

Common Files to Remove:

c:\documents and settings\all users\start menu\programs\gain\gain website.url
c:\documents and settings\all users\start menu\programs\startup\gstartup.lnk
c:\documents and settings\all users.windows\start menu\programs\gator ewallet\gator ewallet.lnk
c:\documents and settings\all users.windows\start menu\programs\gator ewallet\gator website.url
c:\documents and settings\all users.windows\start menu\programs\startup\gator ewallet.lnk
c:\documents and settings\all users.windows\start menu\programs\startup\gstartup.lnk
c:\program files\common files\gmt\eggcengine.dll
c:\program files\common files\gmt\egieengine.dll
c:\program files\common files\gmt\egnsengine.dll
c:\program files\common files\gmt\gatorres.dll
c:\program files\common files\gmt\gatorstubsetup.exe
c:\program files\common files\gmt\gmt.exe
c:\program files\common files\cmeii\cmeiiapi.dll
c:\program files\common files\cmeii\cmesys.exe
c:\program files\common files\cmeii\gappmgr.dll
c:\program files\common files\cmeii\gcontroller.dll
c:\program files\common files\cmeii\gdwldeng.dll
c:\program files\common files\cmeii\gmtproxy.dll
c:\program files\common files\cmeii\gobjs.dll
c:\program files\common files\cmeii\gstore.dll
c:\program files\common files\cmeii\gstoreserver.dll
c:\program files\common files\cmeii\gtools.dll
gator.exe
giocl.dll
gioclclient.dll
guninstaller.exe
C:\Windows\downloaded program files\iegator4128.inf
C:\Windows\start menu\programs\gain\about gain.lnk
C:\Windows\start menu\programs\gain\gain website.url
C:\Windows\start menu\programs\startup\gstartup.lnk
C:\Windows\system32\fsg_4104.exe

Remove These Directories:

c:\documents and settings\all users.windows\start menu\programs\gator ewallet
%userprofilepath%\local settings\temp\fsg_tmp
c:\program files\date manager
c:\program files\gator.com
c:\program files\common files\cmeii
%systemroot%\start menu\programs\gain
%systemroot%\temp\fsg_tmp

That's It

If you've decided to remove this pest manually you should still scan using ad aware and/or spybot to make sure that every last piece has been taken care. Also if you have this one then you quite possibly could have more that those spyware applications would be able to find.

Written By: Martin Krohn
Date: 8-15-04
Printer Friendly

Article Index:
Talk About it! -->
Copyright 2003-2013 iamnotageek &/or Martin Krohn.