Should I remove Run_Dregol?
What percent of users and experts removed it?
80% remove it20% keep it
What do people think about it?
(click star to rate)
How common is it?
Global Rank #9,423
United States Rank #7,808
Reach 0.0395%
Lifespan of installation (until removal)
< 7.67 days
226.28 days >
Average installed length: 118.89 days
Rankings
- #9,418 Canon MF4400 Series
- #9,419 Brother MFL-Pro Suite MFC-6490CW
- #9,420 Adobe Reader X (10.1.7) - Deutsch
- #9,421 Secunia PSI (3.0.0.9015)
- #9,422 ODF Add-in for Microsoft Office by OpenXML/ODF Translator Team
- #9,423 Run_Dregol
- #9,424 Zombie News by Time Lapse Solutions
- #9,425 Nikon RAW Codec
- #9,426 HP Officejet J4500 Series by Hewlett-Packard
- #9,427 ArtRage Studio Pro by Ambient Design
- #9,428 Microsoft Money 2006
Run_Dregol
What is Run_Dregol?
Identified as a version of the CMI/ConvertAd family of malware ad-injectors, this adware which is typically bundled with third-party applications in unwanted software bundles will hijack the user's browser (Internet Explorer, Chrome and Firefox) and display unwanted ads. When running, the process will monitor and capture internet traffic and insert advertisements over existing ads or by placing new ads in white space. In either case, these ads are low in quality and even dangerous in many cases as they might be infected with malware javascript (malvertising). In addition to displaying these unwanted ads, the software runs as startup in the local application data via a registry run key and sends commands to the controlling server to request new ads based on the context of what the user is doing. This action will also report back to the server what domains the user visits, what URLs they enter as well as in some cases might send back cookies. If the sites visited are not SSL encrypted passwords and usernames might be sent to the server compromising the privacy and security of the user.
Overview
Upon installation and setup, it defines an auto-start registry entry which makes this program run on each Windows boot for all user logins. It adds a background controller service that is set to automatically run. Delaying the start of this service is possible through the service manager. A scheduled task is added to Windows Task Scheduler in order to launch the program at various scheduled times (the schedule varies depending on the version). The software is designed to connect to the Internet and adds a Windows Firewall exception in order to do so without being interfered with. When installed, it will add a context menu handler to the Windows shell in order to provide quick access to the program. The main program executable is IVI_VISA_COM_CleanupUtility.exe. Typically most users end up uninstalling this just after a few days. The software installer includes 104 files and is usually about 1.01 MB (1,062,724 bytes). mcdatupdate.dll is the automatic update component of the software designed to download and apply new updates should new versions be released.
- Possible malware installed by this program
- Automatically starts with Windows
- Loads into the web browser
- Installs a Windows Service
- Injects advertisements unassociated with the underlying web page
- The experts agree, you should remove it!
Warning, multiple anti-virus scanners have detected possible malware in Run_Dregol.
cltmng.exe (8a8ac5f1f71a39074cad63eafadec744) has been flagged by the following 9 scanners: |
Anti-Virus software | Version | Detection |
avast! |
2014.9-150413 |
Win32:Conduit-C [PUP] |
AVware |
1.5.0.21 |
Conduit (fs) |
Baidu-International |
4.0.3.15413 |
PUA.Win32.Conduit.bSearchProtect |
ESET-NOD32 |
9.11244 |
a variant of Win32/Conduit.SearchProtect.I potentially unwanted |
K7 AntiVirus |
13.1915110 |
Trojan |
K7GW |
13.1915108 |
Trojan ( 004b5e3f1 ) |
McAfee |
5600.6797 |
Artemis!8A8AC5F1F71A |
McAfee-GW-Edition |
7.6797 |
Artemis |
VIPRE Antivirus |
37966 |
Conduit (fs) |
Program details
Installation folder: C:\Program Files\Run_Dregol
Uninstaller: "C:\Program Files2\RUN_DR~1\\uninstall.exe" /uninstaller
Estimated size: 1.01 MB
Files installed by Run_Dregol
Program executable: | IVI_VISA_COM_CleanupUtility.exe |
Name: | IVI VISA COM Standard Components Cleanup Utility |
Path: | C:\Program Files\VISA-COM\IVI_VISA_COM_CleanupUtility.exe |
MD5: | fdb009c5309688cf2015b6d614c4e849 |
Additional files:
-
uninstall.exe (by Setup ©) - Dregol (Setup)
-
mcoemres.dll (by McAfee) - McAfee SecurityCenter (McAfee Customization Override DLL)
-
Sqlite3.dll
-
mcmschlp.dll (by McAfee) - McAfee McMscHlp DLL
-
mcuihost.exe - McAfee UI Host
-
eulares.dll - McAfee Integrated Security Platform Installer (EULA Resource Library)
-
eulaTextres.dll - EULA Ini Resource Library
-
instprog.dll - McAfee Installation Progress Notification Library
-
mcagent.dll - McAfee Integrated Security Platform
-
McAPExe.exe - McAfee Access Protection
-
mccontextust.dll - Contextual Uninstall Shim
-
McCtxMenuFrmWrk.dll - McAfee ContextMenu Framework
-
mcdatupdate.dll - McAfee Update Manager Plugin
-
McDBMgr.dll - McAfee Log Database Manager
-
McGsShm.dll - McAfee General Settings Shim Layer
-
mcinfo.exe - McAfee SecurityCenter Instrumentation
-
mcinstru.dll - McAfee Instrumentation
-
McInstru.exe - McAfee OC Instrumentation
-
McIPTShm.dll - McAfee MSC IPT Shim
-
McLogShm.dll - Pearl History And Log Shim
-
mclwapi.dll - McAfee Lighweight API
-
mcmispps.dll - McAfee MISP Proxy Stub DLL
-
mcmscins.dll
-
McMscShm.dll - McAfee MSC Shim Layer
-
mcmscui.dll
-
mcmscver.dll - McMSCVer
-
mcprlres.dll - McAfee Localized Resource DLL
-
McPrsShm.dll - Pearl Personalization Shim
-
McPrtMgrPlugin.dll
-
mcsvrcnt.exe - McAfee Server Content
-
mcsync.exe - Synchronization Application
-
McTelemetryAPI.dll - Telemetry API Library
-
mcuinshm.dll - Pearl Uninstaller Shim
-
McUpdShm.dll - McAfee Update Shim Layer
-
mcupdui.dll - McAfee McUpdUI EXE
-
mcvsshld.dll
-
mispreg.exe - MispReg Application
-
Adobe AIR Updater.exe (by Adobe Systems) - Adobe AIR (Adobe AIR Installer)
-
AdobeCP15.dll (by Adobe Systems) - AdobeCP Dynamic Link Library
-
airappinstaller.exe - Adobe AIR Application Installer
-
McBootDelayStartSvc.dll - McAfee Zero Boot Impact (McAfee Boot Delay Start Service)
-
McPersPlugin.dll - MSC Personalization Installation Component
-
McSnIePl64.dll - McAfee MSC IE plugin DLL
-
MSCAlertPlugin.dll - MSC Alert Configuration Component
-
mscinres.dll - McAfee Installation Plugin Resource DLL
-
NPSWF32.dll - Shockwave Flash (Shockwave Flash 11.2 r202)
-
template.exe
-
WebKit.dll - WebKit DLL used by Adobe AIR (WebKit dynamic link library)
-
C2RICONS.EXE (by Microsoft) - Microsoft Office 2010 (Microsoft Office 2010 component)
-
CVH.EXE (by Microsoft) - Microsoft Office Client Virtualization Handler
-
CVHSHARED.DLL - Microsoft Office Client Virtualization Handler Shared Dll
-
CVHSVC.EXE - Microsoft Office Client Virtualization Service
-
MAPICLIENT.DLL - Microsoft Virtual Office Simple Mapi Proxy Client
-
MAPISERVER.EXE - Microsoft Virtual Office Simple Mapi Proxy Server
-
MSCCSPHandler.dll - McAfee MSC CSP Handler DLL
-
OFFICEVIRT.EXE
-
OWSSuppFactory.dll - Microsoft SharePoint Client Support for Virtual Office
-
ProtocolHandlerFactory.dll - Search MAPI Protocol Handler
-
VirtualOWSSuppHost.exe - Microsoft SharePoint Client Support Host
-
VirtualOWSSuppManager.exe - Microsoft SharePoint Client Support Manager
Behaviors exhibited
Context Menu Handler
- McCtxMenuFrmWrk.dll added to Windows Explorer under the name 'McCtxMenuFrmWrk' with a class of {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2}.
Mozilla Plugin
- CVHBS.EXE is loaded into Mozilla Firefox under the product name 'Microsoft SharePoint Plug-in for Firefox' with a plugin key of '@microsoft.com/SharePoint,version=14.0' for all users of the PC.
9 Scheduled Tasks
- CVH.EXE is scheduled as a task with the class '{A39DACC4-31DF-466F-A88B-716DF45C2724}' (runs on registration).
- uninstall.exe is scheduled as a task named 'Run_Dregol' (runs daily at 15:06).
- UNWISE.EXE is scheduled as a task with the class '{F71A9918-1861-4EFE-AE94-530BDDE46DD4}' (runs on registration).
- Regpair.exe is scheduled as a task with the class '{00E89C0B-27F5-45C9-AFB9-D8DD27858199}' (runs on registration).
- CVHBS.EXE is scheduled as a task named 'UpdaterEX' (runs daily at 3:07 PM).
- C2RICONS.EXE is scheduled as a task with the class '{C9D0AF2A-4179-4A5C-A53B-BA0FF5C4894F}' (runs on registration).
Plus 3 more
7 Services
- CVHSVC.EXE runs as a service named 'cvhsvc' (cvhsvc) "Client Virtualization Handler Service (unlocalized description)".
- CVHBS.EXE runs as a service named 'McAfee Application Installer Cleanup (0201661432130199)' (0201661432130199mcinstcleanup).
- McAPExe.exe runs as a service named 'McAfee AP Service' (McAPExe) "McAfee AP Service".
- CltMngSvc.exe runs as a service named 'Lenovo Browser Guard Service' (CltMngSvc) "This service loads the Lenovo Browser Guard, which maintains your selected Search settings, and enables auto-updates.".
- cltmng.exe runs as a service named 'McAfee Application Installer Cleanup (0108801416644337)' (0108801416644337mcinstcleanup).
- UNWISE.EXE runs as a service named 'Browser System Enahncer' (671c50b0).
Plus 1 more
Startup File (User Run)
- CVH.EXE is loaded in the current user (HKCU) registry as an auto-starting executable named 'Microsoft Office Client Virtualization Handler' and executes as C:\Program Files\Common Files\microsoft shared\Virtualization Handler\CVH.EXE.
Startup File (All Users Run)
- CVHBS.EXE is loaded in the all users (HKLM) registry as a startup file name 'MapsGalaxy Search Scope Monitor' which loads as "C:\Program Files2\MAPSGA~2\bar\1.bin\39srchmn.exe" /m=2 /w /h.
3 Windows Firewall Allowed Programs
- CVHSVC.EXE is added as a firewall exception for 'C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE'.
- CVH.EXE is added as a firewall exception for 'C:\Program Files\Common Files\microsoft shared\virtualization handler\cvh.exe'.
- UNWISE.EXE is added as a firewall exception for 'C:\Program Files1\Yahoo!\MESSEN~1\UNWISE.EXE'.
Resource utilization averages
Show technical details
McAPExe.exe |
Memory: | 3.9 MB | |
Total CPU: | 0.0005468765% | |
Kernel CPU: | 0.00013895% | |
User CPU: | 0.00040793% | |
CPU cycles/sec: | 7,475 | |
I/O reads/min: | 721 Bytes | |
CVH.EXE |
Memory: | 5.86 MB | |
Total CPU: | 0.0001679723% | |
Kernel CPU: | 0.00011813% | |
User CPU: | 0.00004984% | |
CPU cycles/sec: | 19,902 | |
I/O reads/min: | 83 Bytes | |
I/O writes/min: | 0 Bytes | |
CVHSVC.EXE |
Memory: | 6.88 MB | |
Total CPU: | 0.0010585593% | |
Kernel CPU: | 0.00079093% | |
User CPU: | 0.00026763% | |
CPU cycles/sec: | 56,547 | |
I/O reads/min: | 330 Bytes | |
I/O writes/min: | 3 Bytes | |
How do I remove Run_Dregol?
You can uninstall Run_Dregol from your computer by using the Add/Remove Program feature in the Window's Control Panel.
- On the Start menu (for Windows 8, right-click the screen's bottom-left corner), click Control Panel, and then, under Programs, do one of the following:
- Windows Vista/7/8/10: Click Uninstall a Program.
- Windows XP: Click Add or Remove Programs.
- When you find the program Run_Dregol, click it, and then do one of the following:
- Windows Vista/7/8/10: Click Uninstall.
- Windows XP: Click the Remove or Change/Remove tab (to the right of the program).
- Follow the prompts. A progress bar shows you how long it will take to remove Run_Dregol.
- If for some reason uninstallation fails, please install Microsoft's uninstall fixer utility which will help fix problems with programs that can't be uninstalled at support.microsoft.com.
How do I reset my web browser?
If your web browser homepage and search settings have been modfied by Run_Dregol you can restore them to their previous default settings.
Microsoft Internet Explorer
- Open Internet Explorer and click the Tools button, and then click Internet options.
- Click the Advanced tab, and then click Reset. Select the Delete personal settings check box if you would also like to remove search providers, Accelerators and home pages. When Internet Explorer finishes applying default settings, click Close, and then click OK.
- The changes will take effect the next time you open IE.
Mozilla Firefox
- At the top of the Firefox window, click the Firefox button, go over to the Help sub-menu and select Troubleshooting Information.
- To continue, click Reset Firefox in the confirmation window that opens. It will close and be reset.
- When it's done, a window will list the information that was imported. Click Finish and Firefox will open.
Google Chrome
- Open Chrome and click the Chrome menu on the browser toolbar.
- Select Settings. In the "Search" section, click Manage search engine. Check if (Default) is displayed next to your preferred search engine. If not, mouse over it and click Make default. Mouse over any other suspicious search engine entries that are not familiar and click X to remove them.
- When the "Show Home button" checkbox is selected, a web address appears below it. If you want the Homepage button to open up a different webpage, click Change to enter a link.
- Restart Google Chrome.
OS VERSIONS
Win 10 48%
Win Vista 0%
|
|
HOW IT STARTS
Automatically starts? Yes
(Found in the run registry)
|
|
USER ACTIONS
|
Uninstall it 80%
Keep it 20%
|
|
Windows
Which Windows OS versions does it run on?
Windows 10 |
47.75% |
|
Windows 7 |
44.42% |
|
Windows Vista |
4.75% |
|
Windows XP |
3.08% |
|
Which OS releases does it run on? |
Windows 7 Home Premium |
26.32% |
|
Windows 8.1 |
25.93% |
|
Windows 7 Professional |
8.09% |
|
Windows 7 Ultimate |
7.70% |
|
Windows 10 Home |
5.65% |
|
Windows 8.1 Pro |
4.11% |
|
Geography
54.34% of installs come from the United States
Which countries install it?
United States |
54.34% |
France |
7.07% |
United Kingdom |
6.26% |
Germany |
5.96% |
Italy |
4.34% |
Brazil |
2.83% |
Canada |
2.83% |
Netherlands |
1.82% |
Spain |
1.72% |
India |
1.31% |
Indonesia |
1.11% |
Sweden |
1.11% |
Colombia |
0.81% |
Philippines |
0.81% |
PC manufacturers
What PC manufacturers (OEMs) have it installed?
Hewlett-Packard |
33.52% |
|
Acer |
18.91% |
|
Dell |
17.60% |
|
ASUS |
11.99% |
|
Toshiba |
7.68% |
|
Lenovo |
5.43% |
|
Samsung |
3.00% |
|
GIGABYTE |
1.87% |
|
Common models |
HP 15 Notebook PC |
6.90% |
|
HP Pavilion 15 Notebook P... |
4.60% |
|
Acer Aspire V3-531 |
3.45% |
|
HP Pavilion g7 Notebook P... |
3.45% |
|
Dell Inspiron 3521 |
2.30% |
|
HP Pavilion g6 Notebook P... |
2.30% |
|