Threat Explorer

The Threat Explorer is a comprehensive resource consumers can turn to for daily, accurate, up-to-date information on the latest threats, risks and vulnerabilities.

Adware.PStrip

Adware.PStrip

Updated:
February 13, 2007
Publisher:
PowerStrip Technologies, Inc.
Risk Impact:
Medium
File Names:
PowrStrp.dll,PSLauncher.exe,PSOCX.DLL,PSSETUP.EXE,LTDMgr.exe
Systems Affected:
Windows

Behavior


Adware.PStrip is an adware component, which installs an Internet Explorer toolbar with a search button and newsfeed.

Symptoms


The files are detected as Adware.PStrip.

Behavior


Adware.PStrip can be directly installed from the Web site, www.thepowerstrip.com, or other affiliate sites. There are also several known programs that have Adware.PStrip within them and that install it as the program itself is installed.

Antivirus Protection Dates

  • Initial Rapid Release version October 02, 2014 revision 022
  • Latest Rapid Release version March 23, 2017 revision 037
  • Initial Daily Certified version October 27, 2003
  • Latest Daily Certified version March 23, 2017 revision 041
  • Initial Weekly Certified release date October 29, 2003
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.

When the adware is installed, it does the following:
  1. Copies these files:

    PowrStrp.dll
    PSLauncher.exe
    PSSETUP.EXE

    into C:\Program Files\Power Strip.

  2. Copies the file, LTDMgr.exe, into C:\Program Files\Common Files\Presentia. This program is the automatic updater of this adware.

  3. Adds the following value:

    "LTDMgr"="C:\Program Files\Common Files\Presentia\LTDMgr.exe"

    to the registry key:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

    so that the Adware updater runs when you start Windows.

  4. Registers PowrStrp.dll as an Internet Explorer toolbar.


Note: There are different installation methods for this adware. All of the above will not apply in each case.



The following instructions pertain to all Symantec antivirus products that support Security Risk detection.


Note: Depending on how the adware is installed, there may be an entry in the Add/Remove Program applet. However, the automatic removal may not remove every component of this adware.

  1. Update the definitions.
  2. Delete the values that were added to the registry.
  3. Unregister the .dlls
  4. Restart the computer in Safe mode.
  5. Run a full system scan and delete all the files detected as Adware.PStrip.
  6. Manually delete leftover files.
For specific details on each of these steps, read the following instructions.

1. Updating the definitions
To obtain the most recent definitions, start your Symantec program and run LiveUpdate.


2. Deleting the values from the registry

WARNING: Symantec strongly recommends that you back up the registry before making any changes to it. Incorrect changes to the registry can result in permanent data loss or corrupted files. Modify the specified keys only. Read the document, "How to make a backup of the Windows registry ," for instructions.


Note: This is done to make sure that all the keys are removed. They may not be there if the uninstaller removed them.

  1. Click Start, and then click Run. (The Run dialog box appears.)
  2. Type regedit

    Then click OK. (The Registry Editor opens.)

  3. Navigate to the key:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

  4. In the right pane, delete these values if found:

    "LTDMgr"="C:\Program Files\Common Files\Presentia\LTDMgr.exe"

  5. Exit the Registry Editor.

3. Unregistering the .dlls
  1. Click Start, and then click Run.
  2. Type the following command and press Enter:

    regsvr32 /u "C:\Program Files\PowerStrip\PowrStrp.dll"
4. Restarting the computer in Safe mode or VGA mode

Shut down the computer and turn off the power. Wait for at least 30 seconds, and then restart the computer in Safe mode or VGA mode.
  • For Windows 95, 98, Me, 2000, or XP users, restart the computer in Safe mode. For instructions, read the document, "How to start the computer in Safe Mode."
  • For Windows NT 4 users, restart the computer in VGA mode.

5. Scanning for and deleting the files
  1. Start Norton AntiVirus and make sure that it is configured to scan all the files. For more information, read the document, "How to configure Norton AntiVirus to scan all files."
  2. Run a full system scan.
  3. If any files are detected as Adware.PStrip, click Delete.

6. Manually deleting leftover files
Using Windows Explorer, locate and delete any of the following folders:
  • C:\Program Files\PowerStrip
  • C:\Program Files\Common Files\Presentia