Follow:

 

Adware:Win32/OKitSpace


Microsoft security software detects and removes this unwanted software.

This adware program shows ads as you browse the web using Internet Explorer, Firefox, or Chrome.

You can see examples of these ads on the Technical information tab.

It's usually downloaded and installed by Trojan:MSIL/Spacekito.

Find out more about how and why we identify unwanted software.



What to do now

This program poses a high threat to your PC.

You can use the following free tools to detect and remove this program and other unwanted software from your PC:

You can also visit the Microsoft virus and malware community for more help.

Remove browser add-ons

You might need to remove add-ons from your browser:

Threat behavior

Installation

Adware:Win32/OKitSpace is usually installed in the following folders:

In Internet Explorer, it's installed as a BHO with the name OKitSpace Object or BaseFlash Object:

It might create these registry entries when it's installed:

HKCR\OKitSpace
HKCR\OKitSpace.1
HKCR\CLSID\{3543619C-D563-43f7-95EA-4DA7E1CC396A}
HKLM\SOFTWARE\OKitSpace
HKLM\SOFTWARE\Classes\OKitSpace
HKLM\SOFTWARE\Classes\OKitSpace.1
HKLM\SOFTWARE\Classes\CLSID\{3543619C-D563-43f7-95EA-4DA7E1CC396A}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3543619C-D563-43f7-95EA-4DA7E1CC396A}

or

HKCR\BaseFlash
HKCR\BaseFlash.1
HKCR\CLSID\{C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53}
HKLM\SOFTWARE\BaseFlash
HKLM\SOFTWARE\Classes\BaseFlash
HKLM\SOFTWARE\Classes\BaseFlash.1
HKLM\SOFTWARE\Classes\CLSID\{C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53}

In Firefox, it's installed as a plugin with the name OKitSpace or BaseFlash:

In Chrome, it's installed as a plugin also with the name OKitSpace or BaseFlash:

Behavior

This adware might do the following when you browse the Internet using Internet Explorer, Firefox, or Chrome:

  • Contact its servers (okitspace.com, baseflash.com) to get what pop-up ads will be displayed on your PC
  • Show ads that have nothing to do with the websites you're visiting
  • Show links that have nothing to do with the websites that you're visiting

Some of the pop-up ads might look similar to these:

The websites hosted on its servers have identical text and layouts, with slight changes for each version:

Analysis by Ric Robielos


Symptoms

The following could indicate that you have this program on your PC:

  • You have one of these folders:
  • You see these keys in your registry:

    HKCR\OKitSpace
    HKCR\OKitSpace.1
    HKCR\CLSID\{3543619C-D563-43f7-95EA-4DA7E1CC396A}
    HKLM\SOFTWARE\OKitSpace
    HKLM\SOFTWARE\Classes\OKitSpace
    HKLM\SOFTWARE\Classes\OKitSpace.1
    HKLM\SOFTWARE\Classes\CLSID\{3543619C-D563-43f7-95EA-4DA7E1CC396A}
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3543619C-D563-43f7-95EA-4DA7E1CC396A}

    or

    HKCR\BaseFlash
    HKCR\BaseFlash.1
    HKCR\CLSID\{C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53}
    HKLM\SOFTWARE\BaseFlash
    HKLM\SOFTWARE\Classes\BaseFlash
    HKLM\SOFTWARE\Classes\BaseFlash.1
    HKLM\SOFTWARE\Classes\CLSID\{C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53}
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53}

  • You see these pop-up ads:


Prevention


Alert level: High
First detected by definition: 1.167.1009.0
Latest detected by definition: 1.177.1340.0 and higher
First detected on: Mar 03, 2014
This entry was first published on: Mar 11, 2014
This entry was updated on: Jul 09, 2014

This threat is also detected as:
No known aliases