 Description
RapidBlaster is a task run on Windows startup. When an internet
connection is present it periodically connects to its servers
to fetch advertising.
Variants
RapidBlaster/v1 is the original version. RapidBlaster/lp
is an update using a slightly different names. ('rb32 lptt01'.)
RapidBlaster/Rnd is an update which uses pseudo-random
filenames which it fetches from its controlling server www.rapidblaster.com.
If it fails to contact its server it will just use 'RapidBlaster\rb32.exe'
as with older variants. If you remove it, it will reinstall
itself using a new name. Filenames seen so far include:
| Adaware\adaware.exe |
Aimaol\aimaol.exe |
BelmontSoft\Bsoft.exe |
| DonkeySoft\dkware.exe |
efaxs\efaxs.exe |
Exe\exe.exe |
| explorer\explorer.exe |
foobin\foobin.exe |
general\general.exe |
| Icon\icon.exe |
Iexplorer\iexplorer.exe |
Kazaa\kazaa.exe |
| Mcf\mcf.exe |
Microfinder\mcf.exe |
Mslogon\mslogin.exe |
| msconfig\msconfig.exe |
mssurfer\surfer.exe |
Msyss\msys.exe |
| Newsgroup\newsgroup.exe |
Notepad\Notepad.exe |
NvidStar\nvd32.exe |
| RapidBlaster\rb32.exe |
RealPlay\realplay.exe |
32services\services.exe |
| spool\spool.exe |
Spybott\spybott.exe |
Spyguard\Spywareguard.exe |
| Surfer\surfer.exe |
Syscon\syscon.exe |
Syslog\syslog.exe |
| Taskmngr\taskmngr.exe |
win32_A\win32_a.exe |
win32_I\win32_i.exe |
| Winsyslog\winsyslog.exe |
Winwan\winwan.exe |
yahoo_toolbar\yahoo_toolbar.exe |
RapidBlaster/AInst is an ActiveX installer used
to load v1 or lp.
Also known as
rb32, after its original executable name.
Distribution
ActiveX drive-by download on affiliate pages, including misleading
download links (eg. 'megamovieblaster') and pop-ups.
Also installed by the ISTBar parasite; the script
at this site cannot detect RapidBlaster if installed this
way.
What it does
Advertising
Yes, typically pop-ups for porn sites.
Privacy violation
Suspected: the privacy policy at the RapidBlaster site states
cookies are used to profile the user's interests. I have observed
no such behaviour from the software at the time of writing.
Security issues
Yes. Can download and execute arbitrary unsigned code pointed
to by its controlling servers. Is known to install diallers
such as DialerOffline.
RapidBlaster/AInst, if not removed, can also allow any web
page to silently reinstall RapidBlaster.
Stability problems
None known.
Removal
Use the Control Panel's Add/Remove Programs entry for 'RapidBlaster'
(v1 variant) or 'rb32 lptt01' (lp variant). For the Rnd variant,
manual removal must be used.
To remove the AInst variant installer, go to the Downloaded
Program Files folder inside the Windows folder, right-click
the 'AInst' item and 'Remove' it.
After restarting, you can clear up by deleting the 'RapidBlaster'
folder inside Program Files, and deleting the key 'HKEY_LOCAL_MACHINE\Software\RapidBlaster'
from the registry (Start->Run->regedit).
Manual removal
First, open the Task Manager (press Ctrl+Alt+Delete). Find
the RapidBlaster program (rb32.exe, or, in the Rnd variant,
any one of the above filenames — some are quite similar to
normal Windows program names, so be careful). Click on this
process name to select it then click 'End process' and confirm.
Now open the registry (click 'Start', choose 'Run' and enter
'regedit'). Find the key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
and delete the 'Something lptt01' entry on the right. 'Something'
will be the same as the filename of the RapidBlaster program
- you can now delete the folder containing this.
|
