84,488,480 programs installed

Should I remove Run_Dregol?

What percent of users and experts removed it?
80% remove it20% keep it
Overall Sentiment
Bad
What do people think about it?
(click star to rate)
How common is it?
Global Rank #9,423
United States Rank #7,808
Reach 0.0395%
Lifespan of installation (until removal)
< 7.67 days
226.28 days >
Average installed length: 118.89 days

Run_Dregol

What is Run_Dregol?

Identified as a version of the CMI/ConvertAd family of malware ad-injectors, this adware which is typically bundled with third-party applications in unwanted software bundles will hijack the user's browser (Internet Explorer, Chrome and Firefox) and display unwanted ads. When running, the process will monitor and capture internet traffic and insert advertisements over existing ads or by placing new ads in white space. In either case, these ads are low in quality and even dangerous in many cases as they might be infected with malware javascript (malvertising). In addition to displaying these unwanted ads, the software runs as startup in the local application data via a registry run key and sends commands to the controlling server to request new ads based on the context of what the user is doing. This action will also report back to the server what domains the user visits, what URLs they enter as well as in some cases might send back cookies. If the sites visited are not SSL encrypted passwords and usernames might be sent to the server compromising the privacy and security of the user.

Overview

Upon installation and setup, it defines an auto-start registry entry which makes this program run on each Windows boot for all user logins. It adds a background controller service that is set to automatically run. Delaying the start of this service is possible through the service manager. A scheduled task is added to Windows Task Scheduler in order to launch the program at various scheduled times (the schedule varies depending on the version). The software is designed to connect to the Internet and adds a Windows Firewall exception in order to do so without being interfered with. When installed, it will add a context menu handler to the Windows shell in order to provide quick access to the program. The main program executable is IVI_VISA_COM_CleanupUtility.exe. Typically most users end up uninstalling this just after a few days. The software installer includes 104 files and is usually about 1.01 MB (1,062,724 bytes). mcdatupdate.dll is the automatic update component of the software designed to download and apply new updates should new versions be released.
  • Possible malware installed by this program
  • Automatically starts with Windows
  • Loads into the web browser
  • Installs a Windows Service
  • Injects advertisements unassociated with the underlying web page
  • The experts agree, you should remove it!
Warning, multiple anti-virus scanners have detected possible malware in Run_Dregol.
cltmng.exe (8a8ac5f1f71a39074cad63eafadec744) has been flagged by the following 9 scanners:
Anti-Virus softwareVersionDetection
avast! 2014.9-150413 Win32:Conduit-C [PUP]
AVware 1.5.0.21 Conduit (fs)
Baidu-International 4.0.3.15413 PUA.Win32.Conduit.bSearchProtect
ESET-NOD32 9.11244 a variant of Win32/Conduit.SearchProtect.I potentially unwanted
K7 AntiVirus 13.1915110 Trojan
K7GW 13.1915108 Trojan ( 004b5e3f1 )
McAfee 5600.6797 Artemis!8A8AC5F1F71A
McAfee-GW-Edition 7.6797 Artemis
VIPRE Antivirus 37966 Conduit (fs)

Program detailsProgram details

Installation folder: C:\Program Files\Run_Dregol
Uninstaller: "C:\Program Files2\RUN_DR~1\\uninstall.exe" /uninstaller
Estimated size: 1.01 MB

Program filesFiles installed by Run_Dregol

Program executable:IVI_VISA_COM_CleanupUtility.exe
Name:IVI VISA COM Standard Components Cleanup Utility
Path:C:\Program Files\VISA-COM\IVI_VISA_COM_CleanupUtility.exe
MD5:fdb009c5309688cf2015b6d614c4e849
Additional files:
  • uninstall.exe (by Setup ©) - Dregol (Setup)
  • mcoemres.dll (by McAfee) - McAfee SecurityCenter (McAfee Customization Override DLL)
  • Sqlite3.dll
  • mcmschlp.dll (by McAfee) - McAfee McMscHlp DLL
  • mcuihost.exe - McAfee UI Host
  • eulares.dll - McAfee Integrated Security Platform Installer (EULA Resource Library)
  • eulaTextres.dll - EULA Ini Resource Library
  • instprog.dll - McAfee Installation Progress Notification Library
  • mcagent.dll - McAfee Integrated Security Platform
  • McAPExe.exe - McAfee Access Protection
  • mccontextust.dll - Contextual Uninstall Shim
  • McCtxMenuFrmWrk.dll - McAfee ContextMenu Framework
  • mcdatupdate.dll - McAfee Update Manager Plugin
  • McDBMgr.dll - McAfee Log Database Manager
  • McGsShm.dll - McAfee General Settings Shim Layer
  • mcinfo.exe - McAfee SecurityCenter Instrumentation
  • mcinstru.dll - McAfee Instrumentation
  • McInstru.exe - McAfee OC Instrumentation
  • McIPTShm.dll - McAfee MSC IPT Shim
  • McLogShm.dll - Pearl History And Log Shim
  • mclwapi.dll - McAfee Lighweight API
  • mcmispps.dll - McAfee MISP Proxy Stub DLL
  • mcmscins.dll
  • McMscShm.dll - McAfee MSC Shim Layer
  • mcmscui.dll
  • mcmscver.dll - McMSCVer
  • mcprlres.dll - McAfee Localized Resource DLL
  • McPrsShm.dll - Pearl Personalization Shim
  • McPrtMgrPlugin.dll
  • mcsvrcnt.exe - McAfee Server Content
  • mcsync.exe - Synchronization Application
  • McTelemetryAPI.dll - Telemetry API Library
  • mcuinshm.dll - Pearl Uninstaller Shim
  • McUpdShm.dll - McAfee Update Shim Layer
  • mcupdui.dll - McAfee McUpdUI EXE
  • mcvsshld.dll
  • mispreg.exe - MispReg Application
  • Adobe AIR Updater.exe (by Adobe Systems) - Adobe AIR (Adobe AIR Installer)
  • AdobeCP15.dll (by Adobe Systems) - AdobeCP Dynamic Link Library
  • airappinstaller.exe - Adobe AIR Application Installer
  • McBootDelayStartSvc.dll - McAfee Zero Boot Impact (McAfee Boot Delay Start Service)
  • McPersPlugin.dll - MSC Personalization Installation Component
  • McSnIePl64.dll - McAfee MSC IE plugin DLL
  • MSCAlertPlugin.dll - MSC Alert Configuration Component
  • mscinres.dll - McAfee Installation Plugin Resource DLL
  • NPSWF32.dll - Shockwave Flash (Shockwave Flash 11.2 r202)
  • template.exe
  • WebKit.dll - WebKit DLL used by Adobe AIR (WebKit dynamic link library)
  • C2RICONS.EXE (by Microsoft) - Microsoft Office 2010 (Microsoft Office 2010 component)
  • CVH.EXE (by Microsoft) - Microsoft Office Client Virtualization Handler
  • CVHSHARED.DLL - Microsoft Office Client Virtualization Handler Shared Dll
  • CVHSVC.EXE - Microsoft Office Client Virtualization Service
  • MAPICLIENT.DLL - Microsoft Virtual Office Simple Mapi Proxy Client
  • MAPISERVER.EXE - Microsoft Virtual Office Simple Mapi Proxy Server
  • MSCCSPHandler.dll - McAfee MSC CSP Handler DLL
  • OFFICEVIRT.EXE
  • OWSSuppFactory.dll - Microsoft SharePoint Client Support for Virtual Office
  • ProtocolHandlerFactory.dll - Search MAPI Protocol Handler
  • VirtualOWSSuppHost.exe - Microsoft SharePoint Client Support Host
  • VirtualOWSSuppManager.exe - Microsoft SharePoint Client Support Manager

Program behaviorsBehaviors exhibited

Context Menu Handler
  • McCtxMenuFrmWrk.dll added to Windows Explorer under the name 'McCtxMenuFrmWrk' with a class of {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2}.
Mozilla Plugin
  • CVHBS.EXE is loaded into Mozilla Firefox under the product name 'Microsoft SharePoint Plug-in for Firefox' with a plugin key of '@microsoft.com/SharePoint,version=14.0' for all users of the PC.
9 Scheduled Tasks
  • CVH.EXE is scheduled as a task with the class '{A39DACC4-31DF-466F-A88B-716DF45C2724}' (runs on registration).
  • uninstall.exe is scheduled as a task named 'Run_Dregol' (runs daily at 15:06).
  • UNWISE.EXE is scheduled as a task with the class '{F71A9918-1861-4EFE-AE94-530BDDE46DD4}' (runs on registration).
  • Regpair.exe is scheduled as a task with the class '{00E89C0B-27F5-45C9-AFB9-D8DD27858199}' (runs on registration).
  • CVHBS.EXE is scheduled as a task named 'UpdaterEX' (runs daily at 3:07 PM).
  • C2RICONS.EXE is scheduled as a task with the class '{C9D0AF2A-4179-4A5C-A53B-BA0FF5C4894F}' (runs on registration).
  • Plus 3 more
7 Services
  • CVHSVC.EXE runs as a service named 'cvhsvc' (cvhsvc) "Client Virtualization Handler Service (unlocalized description)".
  • CVHBS.EXE runs as a service named 'McAfee Application Installer Cleanup (0201661432130199)' (0201661432130199mcinstcleanup).
  • McAPExe.exe runs as a service named 'McAfee AP Service' (McAPExe) "McAfee AP Service".
  • CltMngSvc.exe runs as a service named 'Lenovo Browser Guard Service' (CltMngSvc) "This service loads the Lenovo Browser Guard, which maintains your selected Search settings, and enables auto-updates.".
  • cltmng.exe runs as a service named 'McAfee Application Installer Cleanup (0108801416644337)' (0108801416644337mcinstcleanup).
  • UNWISE.EXE runs as a service named 'Browser System Enahncer' (671c50b0).
  • Plus 1 more
Startup File (User Run)
  • CVH.EXE is loaded in the current user (HKCU) registry as an auto-starting executable named 'Microsoft Office Client Virtualization Handler' and executes as C:\Program Files\Common Files\microsoft shared\Virtualization Handler\CVH.EXE.
Startup File (All Users Run)
  • CVHBS.EXE is loaded in the all users (HKLM) registry as a startup file name 'MapsGalaxy Search Scope Monitor' which loads as "C:\Program Files2\MAPSGA~2\bar\1.bin\39srchmn.exe" /m=2 /w /h.
3 Windows Firewall Allowed Programs
  • CVHSVC.EXE is added as a firewall exception for 'C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE'.
  • CVH.EXE is added as a firewall exception for 'C:\Program Files\Common Files\microsoft shared\virtualization handler\cvh.exe'.
  • UNWISE.EXE is added as a firewall exception for 'C:\Program Files1\Yahoo!\MESSEN~1\UNWISE.EXE'.

Program resource utilizationResource utilization averages

McAPExe.exe
Memory:3.9 MB
21.09 MB average
Total CPU:0.0005468765%
0.031193% average
Kernel CPU:0.00013895%
0.016088% average
User CPU:0.00040793%
0.015104% average
CPU cycles/sec:7,475
8,062,084 average
I/O reads/min:721 Bytes
435.61 KB average
CVH.EXE
Memory:5.86 MB
Total CPU:0.0001679723%
Kernel CPU:0.00011813%
User CPU:0.00004984%
CPU cycles/sec:19,902
I/O reads/min:83 Bytes
I/O writes/min:0 Bytes
CVHSVC.EXE
Memory:6.88 MB
Total CPU:0.0010585593%
Kernel CPU:0.00079093%
User CPU:0.00026763%
CPU cycles/sec:56,547
I/O reads/min:330 Bytes
I/O writes/min:3 Bytes

How do I remove Run_Dregol?

You can uninstall Run_Dregol from your computer by using the Add/Remove Program feature in the Window's Control Panel.
  1. On the Start menu (for Windows 8, right-click the screen's bottom-left corner), click Control Panel, and then, under Programs, do one of the following:
    • Windows Vista/7/8/10: Click Uninstall a Program.
    • Windows XP: Click Add or Remove Programs.
  2. When you find the program Run_Dregol, click it, and then do one of the following:
    • Windows Vista/7/8/10: Click Uninstall.
    • Windows XP: Click the Remove or Change/Remove tab (to the right of the program).
  3. Follow the prompts. A progress bar shows you how long it will take to remove Run_Dregol.
  4. If for some reason uninstallation fails, please install Microsoft's uninstall fixer utility which will help fix problems with programs that can't be uninstalled at support.microsoft.com.

How do I reset my web browser?

If your web browser homepage and search settings have been modfied by Run_Dregol you can restore them to their previous default settings.
Microsoft Internet Explorer
Mozilla Firefox
Google Chrome

OS VERSIONS
Win 10 48%
Win Vista 0%
 
HOW IT STARTS
Automatically starts? Yes
(Found in the run registry)
 
USER ACTIONS
Uninstall it 80%
Keep it 20%

Windows OS versionsWindows

Which Windows OS versions does it run on?
Windows 10 47.75%
Windows 7 44.42%
Windows Vista 4.75%
Windows XP 3.08%
Which OS releases does it run on?
Windows 7 Home Premium 26.32%
Windows 8.1 25.93%
Windows 7 Professional 8.09%
Windows 7 Ultimate 7.70%
Windows 10 Home 5.65%
Windows 8.1 Pro 4.11%

Distribution by countryGeography

54.34% of installs come from the United States
Which countries install it?
  United States 54.34%
  France 7.07%
  United Kingdom 6.26%
  Germany 5.96%
  Italy 4.34%
  Brazil 2.83%
  Canada 2.83%
  Netherlands 1.82%
  Spain 1.72%
  India 1.31%
  Indonesia 1.11%
  Sweden 1.11%
  Colombia 0.81%
  Philippines 0.81%

OEM distributionPC manufacturers

What PC manufacturers (OEMs) have it installed?
Hewlett-Packard 33.52%
Acer 18.91%
Dell 17.60%
ASUS 11.99%
Toshiba 7.68%
Lenovo 5.43%
Samsung 3.00%
GIGABYTE 1.87%
Common models
HP 15 Notebook PC 6.90%
HP Pavilion 15 Notebook P... 4.60%
Acer Aspire V3-531 3.45%
HP Pavilion g7 Notebook P... 3.45%
Dell Inspiron 3521 2.30%
HP Pavilion g6 Notebook P... 2.30%

commentsComments

user comment
No one has commented yet. Help others learn more about this software, share your comments.