home

InstallMonitor.dll

rkverify

TMRG, Inc.

The component is part of the TMRG platform which will track various behaviors of web browsing habits including tracking sites and domains visited as well as ads clicked. The file InstallMonitor.dll by TMRG has been detected as adware by 18 anti-malware scanners. Part of RelevantKnowledge, a program typically installed via a software bundle (with the user's knowledge should they read the EULA) and will run in the background collecting and monitoring information about the user's behavior in order to build an extensive profile.
Publisher:
TMRG, Inc.  (signed and verified)

Product:
rkverify

Description:
installmonitor

Version:
0, 2, 3, 15

MD5:
5ac09190daf249c3e93c3ac961067024

SHA-1:
bad9c0d552d54310f669d66b549dcada90583812

SHA-256:
f4934185f75518a13ef5425959f47516cc8467f513e838a82e749ffb782d7e23

Scanner detections:
18 / 68

Status:
Adware

Analysis date:
4/27/2024 12:55:44 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Spyware.Relevantknowledge.A
801

avast!
Win32:PUP-gen [PUP]
2014.9-141126

AVG
RelevantKnowledge
2015.0.3279

Bitdefender
Spyware.Relevantknowledge.A
1.0.20.1650

Bkav FE
W32.Cloda7e.Trojan
1.3.0.4959

Emsisoft Anti-Malware
Spyware.Relevantknowledge
8.14.11.26.04

ESET NOD32
Win32/Adware.Mongoose
8.9734

F-Prot
W32/MalwareF.BRZY
v6.4.7.1.166

F-Secure
Spyware.Relevantknowledge.A
11.2014-26-11_4

G Data
Spyware.Relevantknowledge
14.11.24

K7 AntiVirus
Unwanted-Program
13.176.11913

Malwarebytes
PUP.Optional.RelevantKnowledge
v2014.11.26.04

MicroWorld eScan
Spyware.Relevantknowledge.A
15.0.0.990

nProtect
Spyware.Relevantknowledge.A
14.04.28.01

Reason Heuristics
PUP.TMRG.K
14.11.26.4

Sophos
RelevantKnowledge
4.98

Vba32 AntiVirus
Adware.Mongoose
3.12.26.0

VIPRE Antivirus
Adware.Win32.RelevantKnowledge.a
28674

File size:
160.6 KB (164,480 bytes)

Product version:
0, 2, 3, 15

Copyright:
Copyright (C) 2007-2010

Original file name:
InstallMonitor.dll

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\csme7ad.tmp

Digital Signature
Signed by:
TMRG, Inc.

Authority:
Thawte Consulting (Pty) Ltd.

Valid from:
9/2/2009 2:00:00 AM

Valid to:
9/28/2011 1:59:59 AM

Subject:
CN="TMRG, Inc.", OU=SECURE APPLICATION DEVELOPMENT, O="TMRG, Inc.", L=Reston, S=Virginia, C=US

Issuer:
CN=Thawte Code Signing CA, O=Thawte Consulting (Pty) Ltd., C=ZA

Serial number:
0C22D897C820001A2C4C01D3AEBB98E8

File PE Metadata
Compilation timestamp:
1/27/2010 3:44:56 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
7.10

CTPH (ssdeep):
3072:lIQbXSQZhOjLPRlM6oX3aaT75cU2K3JusMak8JRZACMKLJRlZbDCNYaCwp:l7eQHE66oaaT7aU9ZusMak8RA2b6rCwp

Entry address:
0xCDDF

Entry point:
6A, 0C, 68, E0, C9, 01, 10, E8, 75, 01, 00, 00, 33, C0, 40, 89, 45, E4, 8B, 75, 0C, 33, FF, 3B, F7, 75, 0C, 39, 3D, D4, 24, 02, 10, 0F, 84, B3, 00, 00, 00, 89, 7D, FC, 3B, F0, 74, 05, 83, FE, 02, 75, 31, A1, 68, 3D, 02, 10, 3B, C7, 74, 0C, FF, 75, 10, 56, FF, 75, 08, FF, D0, 89, 45, E4, 39, 7D, E4, 0F, 84, 85, 00, 00, 00, FF, 75, 10, 56, FF, 75, 08, E8, 22, FE, FF, FF, 89, 45, E4, 3B, C7, 74, 72, 8B, 5D, 10, 53, 56, FF, 75, 08, E8, 30, A6, FF, FF, 89, 45, E4, 83, FE, 01, 75, 0E, 3B, C7, 75, 0A, 53, 57, FF...
 
[+]

Developed / compiled with:
Microsoft Visual C++ v7.1

Code size:
100 KB (102,400 bytes)

Remove InstallMonitor.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.